Professional Documents
Culture Documents
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000102-00
Introduction to VMware vSphere
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Glossary 29
Index 45
VMware, Inc. 3
Introduction to VMware vSphere
4 VMware, Inc.
About This Book
®
Introduction to VMware vSphere provides information about the features and functionality of VMware vSphere.
Intended Audience
This information is intended for anyone who needs to familiarize themselves with the components and
capabilities of VMware vSphere. This information is for experienced Windows or Linux system administrators
who are familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to:
docfeedback@vmware.com
Table 1. Abbreviations
Abbreviation Description
tmplt Template
VC vCenter Server
VMware, Inc. 5
Introduction to VMware vSphere
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings Find out how VMware support offerings can help meet your business needs.
Go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
VMware vSphere Introduction
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud
computing infrastructures and enables IT organizations to deliver flexible and reliable IT services. VMware
vSphere virtualizes and aggregates the underlying physical hardware resources across multiple systems and
provides pools of virtual resources to the datacenter.
As a cloud operating system, VMware vSphere manages large collections of infrastructure (such as CPUs,
storage, and networking) as a seamless and dynamic operating environment, and also manages the complexity
of a datacenter. The following component layers make up VMware vSphere:
Infrastructure Services Infrastructure Services are the set of services provided to abstract, aggregate,
and allocate hardware or infrastructure resources. Infrastructure Services can
be categorized into:
n VMware vCompute—the VMware capabilities that abstract away from
underlying disparate server resources. vCompute services aggregate these
resources across many discrete servers and assign them to applications.
n VMware vStorage—the set of technologies that enables the most efficient
use and management of storage in virtual environments.
n VMware vNetwork—the set of technologies that simplify and enhance
networking in virtual environments.
Application Services Application Services are the set of services provided to ensure availability,
security, and scalability for applications. Examples include HA and Fault
Tolerance.
VMware vCenter Server VMware vCenter Server provides a single point of control of the datacenter. It
provides essential datacenter services such as access control, performance
monitoring, and configuration.
Clients Users can access the VMware vSphere datacenter through clients such as the
vSphere Client or Web Access through a Web browser.
Figure 1 shows the relationships between the component layers of VMware vSphere.
VMware, Inc. 7
Introduction to VMware vSphere
vCenter Server
enterprise
servers
enterprise
network
enterprise
storage
8 VMware, Inc.
VMware vSphere Introduction
®
VMware Virtual A high performance cluster file system for ESX/ESXi virtual machines.
Machine File System
(VMFS)
®
VMware Virtual SMP Feature that enables a single virtual machine to use multiple physical
processors simultaneously.
®
VMware VMotion and VMware VMotion enables the live migration of running virtual machines from
Storage VMotion one physical server to another with zero down time, continuous service
availability, and complete transaction integrity. Storage VMotion enables the
migration of virtual machine files from one datastore to another without service
interruption. You can choose to place the virtual machine and all its disks in a
single location, or select separate locations for the virtual machine
configuration file and each virtual disk. The virtual machine remains on the
same host during Storage VMotion.
Migration with VMotion - Moving a powered-on virtual machine to a new host.
Migration with VMotion allows you to move a virtual machine to a new host
without any interruption in the availability of the virtual machine. Migration
with VMotion cannot be used to move virtual machines from one datacenter
to another.
Migration with Storage VMotion - Moving the virtual disks or configuration
file of a powered-on virtual machine to a new datastore. Migration with Storage
VMotion allows you to move a virtual machine's storage without any
interruption in the availability of the virtual machine.
®
VMware High Feature that provides high availability for applications running in virtual
Availability (HA) machines. If a server fails, affected virtual machines are restarted on other
production servers that have spare capacity.
®
VMware Distributed Feature that allocates and balances computing capacity dynamically across
Resource Scheduler collections of hardware resources for virtual machines. This feature includes
(DRS) distributed power management (DPM) capabilities that enable a datacenter to
significantly reduce its power consumption.
®
VMware Consolidated Feature that provides a centralized facility for agent-free backup of virtual
Backup (Consolidated machines. It simplifies backup administration and reduces the impact of
Backup) backups on ESX/ESXi performance.
®
VMware vSphere SDK Feature that provides a standard interface for VMware and third-party
solutions to access the VMware vSphere.
®
VMware Fault When Fault Tolerance is enabled for a virtual machine, a secondary copy of the
Tolerance original (or primary) virtual machine is created. All actions completed on the
primary virtual machine are also applied to the secondary virtual machine. If
the primary virtual machine becomes unavailable, the secondary machine
becomes active, providing continual availability.
vNetwork Distributed Feature that includes a distributed virtual switch (DVS), which spans many
Switch (DVS) ESX/ESXi hosts enabling significant reduction of on-going network
maintenance activities and increasing network capacity. This allows virtual
machines to maintain consistent network configuration as they migrate across
multiple hosts.
VMware, Inc. 9
Introduction to VMware vSphere
Host Profiles Feature that simplifies host configuration management through user-defined
configuration policies. The host profile policies capture the blueprint of a
known, validated host configuration and use this to configure networking,
storage, security, and other settings across multiple hosts. The host profile
policies also monitor compliance to standard host configuration settings across
the datacenter. Host profiles reduce manual steps involved in configuring a
host and can help maintain consistency and correctness across the datacenter.
Pluggable Storage Array A storage partner plug-in framework that enables greater array certification
(PSA) flexibility and improved array-optimized performance. PSA is a multipath I/O
framework allowing storage partners to enable their array asynchronously to
ESX release schedules. VMware partners can deliver performance-enhancing
multipath load-balancing behaviors that are optimized for each array.
virtual machines
VM VM VM
10 VMware, Inc.
VMware vSphere Introduction
Computing servers Industry standard x86 servers that run ESX/ESXi on the bare metal. ESX/ESXi
software provides resources for and runs the virtual machines. Each computing
server is referred to as a standalone host in the virtual environment. You can
group a number of similarly configured x86 servers with connections to the
same network and storage subsystems to provide an aggregate set of resources
in the virtual environment, called a cluster.
Storage networks and Fibre Channel SAN arrays, iSCSI SAN arrays, and NAS arrays are widely used
arrays storage technologies supported by VMware vSphere to meet different
datacenter storage needs. The storage arrays are connected to and shared
between groups of servers through storage area networks. This arrangement
allows aggregation of the storage resources and provides more flexibility in
provisioning them to virtual machines.
IP networks Each computing server can have multiple Ethernet network interface cards
(NICs) to provide high bandwidth and reliable networking to the entire
VMware vSphere datacenter.
vCenter Server vCenter Server provides a single point of control to the datacenter. It provides
essential datacenter services such as access control, performance monitoring,
and configuration. It unifies the resources from the individual computing
servers to be shared among virtual machines in the entire datacenter. It does
this by managing the assignment of virtual machines to the computing servers
and the assignment of resources to the virtual machines within a given
computing server based on the policies that the system administrator sets.
Computing servers continue to function even in the unlikely event that vCenter
Server becomes unreachable (for example, if the network is severed). They can
be managed separately and continue to run the virtual machines assigned to
them based on the resource assignment that was last set. After connection to
vCenter Server is restored, it can manage the datacenter as a whole again.
Management clients VMware vSphere provides several interfaces for datacenter management and
virtual machine access. These interfaces include VMware vSphere Client
(vSphere Client), web access through a web browser, vSphere Command-Line
Interface (vSphere CLI), or vSphere Management Assistant (vMA).
VMware vSphere aggregates these resources and presents a uniform set of elements in the virtual environment.
With VMware vSphere, you can manage IT resources like a shared utility and dynamically provision resources
to different business units and projects.
VMware, Inc. 11
Introduction to VMware vSphere
RP2 host1
VM VM
RP1 RP3
VM VM
VM VM
datastores
VM
network A
network B
You can use vSphere to view, configure, and manage these key elements. These elements include:
n Computing and memory resources called hosts, clusters, and resource pools
n Storage resources called datastores
n Networking resources called networks
n Virtual machines
A host is the virtual representation of the computing and memory resources of a physical machine running
ESX/ESXi. When one or more physical machines are grouped together to work and be managed as a whole,
the aggregate computing and memory resources form a cluster. Machines can be dynamically added or
removed from a cluster. Computing and memory resources from hosts and clusters can be finely partitioned
into a hierarchy of resource pools.
Datastores are virtual representations of combinations of underlying physical storage resources in the
datacenter. These physical storage resources can come from the following:
n Local SCSI, SAS, or SATA disks of the server
n Fibre Channel SAN disk arrays
n iSCSI SAN disk arrays
n Network Attached Storage (NAS) arrays
Networks in the virtual environment connect virtual machines to one another and to the physical network
outside of the virtual datacenter.
Virtual machines are designated to a particular host, cluster or resource pool, and a datastore when they are
created. After they are powered-on, virtual machines consume resources dynamically as the workload
increases or give back resources dynamically as the workload decreases.
Provisioning of virtual machines is much faster and easier than physical machines. New virtual machines can
be created in seconds. When a virtual machine is provisioned, the appropriate operating system and
applications can be installed unaltered on the virtual machine to handle a particular workload just as though
they were being installed on a physical machine. A virtual machine can even be provisioned with the operating
system and applications already installed and configured.
12 VMware, Inc.
VMware vSphere Introduction
Resources get provisioned to virtual machines based on the policies set by the system administrator who owns
the resources. The policies can reserve a set of resources for a particular virtual machine to guarantee its
performance. The policies can also prioritize and set a variable portion of the total resources to each virtual
machine. A virtual machine is prevented from being powered-on and consuming resources if doing so violates
the resource allocation policies. For more information on resource and power management, see the Resource
Management Guide.
A host represents the aggregate computing and memory resources of a physical x86 server. For example, if the
physical x86 server has four dual-core CPUs running at 4GHz each and 32GB of system memory, the host has
32GHz of computing power and 32GB of memory available for running virtual machines that are assigned to
it.
A cluster acts and can be managed as a single entity. It represents the aggregate computing and memory
resources of a group of physical x86 servers sharing the same network and storage arrays. For example, if the
group contains eight servers with four dual-core CPUs each running at 4GHz and 32GB of memory. The cluster
then has and aggregate 256GHz of computing power and 256GB of memory available for running virtual
machines.
Resource pools are partitions of computing and memory resources from a single host or a cluster. Resource
pools can be hierarchical and nested. You can partition any resource pool into smaller resource pools to further
divide and assign resources to different groups or for different purposes.
Figure 4 illustrates the use of resource pools. Three x86 servers with 4GHz computing power and 16GB of
memory each are aggregated to form a cluster of 12GHz computing power and 48GB of memory. The Finance
Department resource pool reserves 8GHz of computing power and 32GB of memory from the cluster, leaving
4GHz computing power and 16GB of memory reserved for the other virtual machine. From the Finance
Department resource pool, the smaller Accounting resource pool reserves 4GHz computing power and 16GB
of memory for the virtual machines from the accounting department. That leaves 4GHz of computing power
and 16GB of memory for the virtual machine called Payroll.
VMware, Inc. 13
Introduction to VMware vSphere
Finance Department
Accounting
VM VM VM VM VM
Other Payroll 4 GHz
16 GB RAM
8 GHz
32 GB RAM
Cluster
12 GHz
48 GB RAM
virtual
physical
You can dynamically change resource allocation policies. For example, at year end, the workload on
Accounting increases, and which requires an increase in the Accounting resource pool reserve of 4GHz of
power to 6GHz. You can make the change to the resource pool dynamically without shutting down the
associated virtual machines.
When reserved resources are not being used by resource pool or virtual machine, they can be shared. In the
example, if the 4GHz of resources reserved for the Accounting department are not being used, the Payroll
virtual machine can use those gigahertz during its peak time. When Accounting resource demands increase,
Payroll dynamically returns them. Even though resources are reserved for different resource pools, they are
not wasted their owner does not use them. This capability helps to maximize resource utilization while also
ensuring that reservations are met and resource policies enforced.
As demonstrated by the example, resource pools can be nested, organized hierarchically, and dynamically
reconfigured so that the IT environment matches the company organization. Individual business units can
receive dedicated resources while still exploiting from the efficiency of resource pooling.
Virtual machines run on and consume resources from ESX/ESXi. VMotion enables the migration of running
virtual machines from one physical server to another without service interruption, as shown in Figure 5. The
effect is a more efficient assignment of resources. With VMotion, resources can be dynamically reallocated to
virtual machines across physical servers.
14 VMware, Inc.
VMware vSphere Introduction
VMotion technology
Storage VMotion enables the migration of virtual machines from one datastore to another datastore without
service interruption. This allows administrators, for example, to off-load virtual machines from one storage
array to another to perform maintenance, reconfigure LUNs, resolve out-of-space issues, and upgrade VMFS
volumes. Administrators can also use Storage VMotion to optimize the storage environment for improved
performance by seamlessly migrating virtual machine disks.
VMware DRS helps you manage a cluster of physical hosts as a single compute resource. You can assign a
virtual machine to a cluster and DRS finds an appropriate host on which to run the virtual machine. DRS places
virtual machines in such a way as to ensure that load across the cluster is balanced, and cluster-wide resource
allocation policies (for example, reservations, priorities, and limits) are enforced. When a virtual machine is
powered on, DRS performs an initial placement of the virtual machine on a host. As cluster conditions change
(for example, load and available resources), DRS migrates (using VMotion) virtual machines to other hosts as
necessary.
VM
VM VM VM VM VM VM VM VM
cluster
When a new physical server is added to a cluster, DRS enables virtual machines to immediately and
automatically take advantage of the new resources because it distributes the running virtual machines.
When DPM is enabled, the system compares cluster-level and host-level capacity to the demands of virtual
machines running in the cluster. If the resource demands of the running virtual machines can be met by a
subset of hosts in the cluster, DPM migrates the virtual machines to this subset and powers down the hosts
that are not needed. Once resource demands increase, DPM powers these hosts back on and migrates the virtual
machines to them. This dynamic cluster right-sizing that DPM performs reduces the power consumption of
the cluster without sacrificing virtual machine performance or availability.
You can configure DRS to automatically execute virtual machine placement, virtual machine migration, and
host power actions, or to provide recommendations which the datacenter administrator can assess and
manually act upon.
VMware, Inc. 15
Introduction to VMware vSphere
VMware HA enables quick restart of virtual machines on a different physical server within a cluster
automatically if a host fails. All applications within the virtual machines have the high availability benefit,
through application clustering.
HA monitors all physical hosts in a cluster and detects host failures. An agent placed on each physical host
maintains a heartbeat with the other hosts in the resource pool. Loss of a heartbeat initiates the process of
restarting all affected virtual machines on other hosts. See Figure 7 for an example of VMware HA. HA ensures
that sufficient resources are available in the cluster at all times to restart virtual machines on different physical
hosts in the event of host failure.
Figure 7. VMware HA
VM VM VM
VM VM VM VM VM VM
cluster
HA also provides a Virtual Machine Monitoring feature that monitors the status of virtual machines in an HA
cluster. If a virtual machine does not generate heartbeats within a specified time, Virtual Machine Monitoring
identifies it as having failed and automatically restarts it. If restarts occur, policies can control the number of
restarts.
With HA, vCenter Server is not a single point of failure. HA is configured centrally via vCenter Server; however,
once configured, it operates continuously and in a distributed manner on every ESX host. vCenter Server is
no longer involved. Even if vCenter Server fails, HA failovers still occur successfully.
Using VMware vLockstep technology, VMware Fault Tolerance (FT) on the ESX/ESXi host platform provides
continuous availability by protecting a virtual machine (the Primary VM) with a shadow copy (Secondary VM)
that runs in virtual lockstep on a separate host. Inputs and events performed on the Primary VM are recorded
and replayed on the Secondary VM, ensuring that the two remain in an identical state. For example, mouse-
clicks and keystrokes are recorded on the Primary VM and replayed on the Secondary VM. Because the VM
is in virtual lockstep with the Primary VM, it can take over execution at any point without interruption or loss
of data.
16 VMware, Inc.
VMware vSphere Introduction
Network Architecture
VMware vSphere has a set of virtual networking elements that lets you network the virtual machines in the
data center like a physical environment.
VM VM VM VM VM
Network
C
A B C D E port A B C D E
groups
vSwitch vSwitch
physical network
Figure 8 shows the relationship between the networks inside and outside the virtual environment for
vSwitches. The virtual environment provides networking elements similar to the physical world. They are
virtual network interface cards (vNIC), vNetwork Standard Switches (vSwitch), vNetwork Distributed
Switches (dvSwitch), and port groups. dvSwitch networking is shown in Figure 9.
Like a physical machine, each virtual machine has one or more vNICs. The guest operating system and
application programs communicate with a vNIC through either a commonly available device driver or a
VMware device driver optimized for the virtual environment. In either case, communication in the guest
operating system occurs just as it would with a physical device. Outside the virtual machine, the vNIC has its
own MAC address and one or more IP addresses, and responds to the standard Ethernet protocol as would a
physical NIC. An outside agent does not detect that it is communicating with a virtual machine.
A virtual switch works like a layer 2 physical switch. Each server has its own virtual switches. On one side of
the virtual switch are port groups that connect to virtual machines. On the other side are uplink connections
to physical Ethernet adapters on the server where the virtual switch resides. Virtual machines connect to the
outside world through the physical Ethernet adapters that are connected to the virtual switch uplinks.
A virtual switch can connect its uplinks to more than one physical Ethernet adapter to enable NIC teaming.
With NIC teaming, two or more physical adapters can be used to share the traffic load or provide passive
failover in the event of a physical adapter hardware failure or a network outage. For information on NIC
teaming, see the ESX Configuration Guide or ESXi Configuration Guide.
A vNetwork Distributed Switch (dvSwitch) functions as a single virtual switch across all associated hosts. This
allows virtual machines to maintain consistent network configuration as they migrate across multiple hosts.
Like a vSwitch, each dvSwitch is a network hub that virtual machines can use. A vSwitch can route traffic
internally between virtual machines or link to an external network by connecting to physical Ethernet adapters.
Each vSwitch can also have one or more dvPort groups assigned to it. dvPort groups aggregate multiple ports
under a common configuration and provide a stable anchor point for virtual machines connecting to labeled
networks.
VMware, Inc. 17
Introduction to VMware vSphere
VM VM VM VM VM
Network
C
dvPort groups
A B C D E F G H I J
physical
network adapters
physical network
Port group is a unique concept in the virtual environment. A port group is a mechanism for setting policies
that govern the network connected to it. A vSwitch can have multiple port groups. Instead of connecting to a
particular port on the vSwitch, a virtual machine connects its vNIC to a port group. All virtual machines that
connect to the same port group belong to the same network inside the virtual environment even if they are on
different physical servers.
You can configure port groups to enforce policies that provide enhanced networking security, network
segmentation, better performance, high availability, and traffic management.
Layer 2 security options Enforces what vNICs attached to a port group in a virtual machine can do by
controlling capabilities for a promiscuous mode, MAC address changes, or
forged transmissions.
Private VLAN Allows use of VLAN IDs within a private network without having to worry
about duplicating VLAN IDs across a wider network.
Traffic shaping Defines QOS policies for average and peak bandwidth, and traffic burst size.
You set policies to improve traffic management.
NIC teaming Sets the NIC teaming policies for an individual port group or network to share
traffic load or provide failover in case of hardware failure.
Storage Architecture
The VMware vSphere storage architecture consists of layers of abstraction that hide and manage the complexity
and differences among physical storage subsystems.
18 VMware, Inc.
VMware vSphere Introduction
host1 host2
datastore1 datastore2
IP network
To the applications and guest operating systems inside each virtual machine, the storage subsystem appears
as a virtual SCSI controller connected to one or more virtual SCSI disks as shown in Figure 10. These controllers
are the only types of SCSI controllers that a virtual machine can see and access, and include BusLogic Parallel,
LSI Logic Parallel, LSI Logic SAS, and VMware Paravirtual.
The virtual SCSI disks are provisioned from datastore elements in the datacenter. A datastore is like a storage
appliance that delivers storage space for virtual machines across multiple physical hosts.
The datastore abstraction is a model that assigns storage space to virtual machines while insulating the guest
from the complexity of the underlying physical storage technology. The guest virtual machine is not exposed
to Fibre Channel SAN, iSCSI SAN, direct attached storage, and NAS.
Each virtual machine is stored as a set of files in a directory in the datastore. The disk storage associated with
each virtual guest is a set of files within the guest's directory. You can operate on the guest disk storage as an
ordinary file. It can be copies, moved, or backed up. New virtual disks can be added to a virtual machine
without powering it down. In that case, a virtual disk file (.vmdk) is created in VMFS to provide new storage
for the added virtual disk or an existing virtual disk file is associated with a virtual machine.
Each datastore is a physical VMFS volume on a storage device. NAS datastores are an NFS volume with VMFS
characteristics. Datastores can span multiple physical storage subsystems. As shown in Figure 10, a single
VMFS volume can contain one or more LUNs from a local SCSI disk array on a physical host, a Fibre Channel
SAN disk farm, or iSCSI SAN disk farm. New LUNs added to any of the physical storage subsystems are
detected and made available to all existing or new datastores. Storage capacity on a previously created
VMware, Inc. 19
Introduction to VMware vSphere
datastore can be extended without powering down physical hosts or storage subsystems. If any of the LUNs
within a VMFS volume fails or becomes unavailable, only virtual machines that touch that LUN are affected.
An exception is the LUN that has the first extent of the spanned volume. All other virtual machines with virtual
disks residing in other LUNs continue to function as normal.
VMFS is a clustered file system that leverages shared storage to allow multiple physical hosts to read and write
to the same storage simultaneously. VMFS provides on-disk locking to ensure that the same virtual machine
is not powered on by multiple servers at the same time. If a physical host fails, the on-disk lock for each virtual
machine is released so that virtual machines can be restarted on other physical hosts.
VMFS also features failure consistency and recovery mechanisms, such as distributed journaling, a failure-
consistent virtual machine I/O path, and machine state snapshots. These mechanisms can aid quick
identification of the cause and recovery from virtual machine, physical host, and storage subsystem failures.
VMFS also supports raw device mapping (RDM). RDM provides a mechanism for a virtual machine to have
direct access to a LUN on the physical storage subsystem (Fibre Channel or iSCSI only). RDM is useful for
supporting two typical types of applications:
n SAN snapshot or other layered applications that run in the virtual machines. RDM better enables scalable
backup offloading systems using features inherent to the SAN.
n Microsoft Clustering Services (MSCS) spanning physical hosts and using virtual-to-virtual clusters as well
as physical-to-virtual clusters. Cluster data and quorum disks must be configured as RDMs rather than
files on a shared VMFS.
host
VM
read/write open
datastore
virtual
mapping file
physical
VMFS volume
LUN
FC SAN
or iSCSI SAN
20 VMware, Inc.
VMware vSphere Introduction
An RDM is a symbolic link from a VMFS volume to a raw LUN. The mapping makes LUNs appear as files in
a VMFS volume. The mapping file, not the raw LUN, is referenced in the virtual machine configuration.
When a LUN is opened for access, the mapping file is read to obtain the reference to the raw LUN. Thereafter,
reads and writes go directly to the raw LUN rather than going through the mapping file.
As shown in Figure 12, Consolidated Backup works in conjunction with a third-party backup agent residing
on a separate backup proxy server (not on the server running ESX/ESXi) but does not require an agent inside
the virtual machines.
When the third-party backup agent initiates a backup of virtual machine storage, Consolidated Backup runs
a set of scripts. The pre-backup scripts quiesce the virtual disks and generate snapshots. Once completed, the
post-backup scripts restore the virtual machine back to normal operation. At the same time, it mounts the disk
snapshot to the backup proxy server. Finally, the third-party backup agent backs up the files on the mounted
snapshot to its backup targets. By taking snapshots of the virtual disks and backing them up through a separate
backup proxy server, Consolidated Backup provides a simple and low-overhead backup solution for the virtual
environment, and is less intrusive than running backups inside each guest virtual machine.
snapshot
ESX/ESXi snapshot
snapshot
SAN storage
MOUNT
physical server
backup
disk backup
centralized proxy
data mover server
vCenter Server aggregates physical resources from multiple ESX/ESXi hosts and presents a central collection
of simple and flexible resources for the system administrator to provision to virtual machines in the virtual
environment.
vCenter Server components are user access control, core services, distributed services, plug-ins, and various
interfaces.
VMware, Inc. 21
Introduction to VMware vSphere
VMotion
vCenter
Server HA
DRS
active
directory
distributed interface
services
host and VM
core services configuration
VM provisioning
database interface
vCenter
Server HA
Agent
vSphere API
Host Agent
vCenter Server
database
VM VM
Host
The User Access Control component allows the system administrator to create and manage different levels of
access to vCenter Server for different classes of users.
For example, a user class might manage and configure the physical virtualization server hardware in the
datacenter. Another user class might only manage virtual resources within a particular resource pool in the
virtual machine cluster.
22 VMware, Inc.
VMware vSphere Introduction
Virtual machine Guides and automates the provisioning of virtual machines and their
provisioning resources.
Resources and virtual Organizes virtual machines and resources in the virtual environment and
machine inventory facilitates their management.
management
Statistics and logging Logs and reports on the performance and resource use statistics of datacenter
elements, such as virtual machines, hosts, and clusters.
Alarms and event Tracks and warns users on potential resource overuse or event conditions.
management Alarms can be set to trigger on events and notify when critical error conditions
occur. In addition, alarms are triggered only when they satisfy certain time
conditions to minimize the number of false triggers.
Consolidation Analyzes the capacity and use of a datacenter’s physical resources. Provides
recommendations for improving use by discovering physical systems that can
be converted to virtual machines and consolidated onto ESX/ESXi. Automates
the consolidation process, but also provides the user flexibility in adjusting
consolidation parameters.
vApp A vApp has the same basic operation as a virtual machine, but can contain
multiple virtual machines or appliances. With vApps, you can perform
operations on multi-tier applications as separate entities (for example, clone,
power on and off, and monitor). vApps package and manage those
applications.
Distributed Services are solutions that extend VMware vSphere capabilities beyond a single physical server.
These include: VMware DRS, VMware HA, and VMware VMotion. Distributed Services allow the
configuration and management of these solutions centrally from vCenter Server.
Multiple vCenter Server hosts can be joined into a single connected group. When a vCenter Server host is part
of a connected group, you can view and manage the inventories of all vCenter Server hosts in that group.
VMware, Inc. 23
Introduction to VMware vSphere
VMware vCenter Enables users to convert physical machines, and virtual machines in a variety
Converter of formats, to ESX/ESXi virtual machines. Converted systems can be imported
into any location in the vCenter Server inventory.
VMware Update Manager Enables security administrators to enforce security standards across ESX/ESXi
hosts and managed virtual machines. This plug-in provides the ability to create
user-defined security baselines that represent a set of security standards.
Security administrators can compare hosts and virtual machines against these
baselines to identify and remediate virtual machines that are not in compliance.
ESX management Interfaces with the vCenter Server agent to manage each physical server in the
datacenter.
VMware vSphere API Interfaces with VMware management clients and third-party solutions.
Database interface Connects to Oracle, Microsoft SQL Server, or IBM DB2 to store information,
such as virtual machine configurations, host configurations, resources and
virtual machine inventory, performance statistics, events, alarms, user
permissions, and roles.
Active Directory Connects to Active Directory to obtain user access control information.
interface
24 VMware, Inc.
VMware vSphere Introduction
vCenter Server
vCenter
Server HA
Agent
vSphere API
Host Agent
VM VM Terminal
Services
Host
The vCenter Server agent acts as a mini-vCenter Server to perform the following functions:
n Relays and enforces resource allocation decisions made in vCenter Server, including those that the DRS
engine sends.
n Passes virtual machine provisioning and configuration change commands to the host agent.
n Passes host configuration change commands to the host agent.
n Collects performance statistics, alarms, and error conditions from the host agent and sends them to the
vCenter Server.
n Allows management of ESX/ESXi hosts at different release versions.
Only physical host administrators in special circumstances should access hosts. All relevant functions that can
be done on the host can also be done in vCenter Server.
VMware, Inc. 25
Introduction to VMware vSphere
Web browser
interface Web Access config. &
vSphere
control
user access
API
core services access
control • vm console
access
ESX/ESXi management
• vCenter Server
access
vSphere Client
• host &vm
config. &
control
access
vCenter
Server HA
• vm console
Agent
access
vSphere API
Host Agent
Windows
VM VM Terminal Services/
Host • vm console Xterm
access
The vSphere Client accesses vCenter Server through the VMware API. After the user is authenticated, a session
starts in vCenter Server, and the user sees the resources and virtual machines that are assigned to the user. For
virtual machine console access, the vSphere Client first obtains the virtual machine location from vCenter
Server through the VMware API. It then connects to the appropriate host and provides access to the virtual
machine console.
NOTE vSphere Web Access cannot be used to access a host running ESXi 4.0.
Web Access
Users can also access vCenter Server through the Web browser by first pointing the browser to an Apache
Tomcat Server set up by vCenter Server. The Apache Tomcat Server mediates the communication between the
browser and vCenter Server through the VMware API.
To access the virtual machine consoles through the Web browser, users can use the bookmark that vCenter
Server creates. The bookmark first points to the vSphere Web Access.
vSphere Web Access resolves the physical location of the virtual machine and redirects the Web browser to
ESX/ESXi where the virtual machine resides.
26 VMware, Inc.
VMware vSphere Introduction
If the virtual machine is running and the user knows the IP address of the virtual machine, the user can also
access the virtual machine console by using standard tools, such as Windows Terminal Services.
Additional Resources
Additional tasks are required to set up a virtual infrastructure. References to the documentation are provided
that contains details about those tasks.
Table 2 lists the tasks and references documentation for setting up VMware vSphere. Documentation also exists
for the following topics:
n Documentation road map and quick start
n Virtual machine mobility planning
n VMware SDK and API developer resources
n Configuration maximums and release notes
Table 2. Documentation
Tasks Documents
Install vCenter Server and the vSphere Client ESX and vCenter Server Installation Guide
ESXi Installable and vCenter Server Setup Guide
Obtain and install licenses ESX and vCenter Server Installation Guide
ESXi Installable and vCenter Server Setup Guide
VMware, Inc. 27
Introduction to VMware vSphere
28 VMware, Inc.
Glossary
administrative lockout
A global setting that provides password protection for Windows hosts. Administrative lockout restricts
users from creating new virtual machines, editing virtual machine configurations, and changing network
settings.
alarm
An entity that monitors one or more properties of a virtual machine, such as CPU load. Alarms send
notifications as directed by the configurable alarm definition.
allocated disk
A type of virtual disk in which all disk space for the virtual machine is allocated at the time the disk is
created. This is the default type of virtual disk created by vCenter Server.
append mode
In ESX Server 2.x, a disk mode in which software running in the virtual machine appears to write changes
to the disk. Changes are stored in a temporary .REDO file. If a system administrator deletes the redo-log
file, the virtual machine returns to the state it was in the last time it was used in persistent mode. See also
disk mode.
authorization role
A set of privileges grouped for convenient identification under names such as Administrator.
child
A managed entity grouped by a folder object or another managed entity. See also folder.
clone
(n.) A duplicate of a virtual machine. (v.) To make a copy of a virtual machine. When a clone is created,
vCenter Server provides an option for customizing the guest operating system of that virtual machine.
Hosted products distinguish between full clones and linked clones. See also full clone, linked clone.
cluster
A server group in the virtual environment. Clusters enable a high-availability solution.
compute resource
A managed object that represents either a single host or a cluster of hosts available for backing virtual
machines. See also cluster compute resource.
configuration
See virtual machine configuration.
VMware, Inc. 29
Introduction to VMware vSphere
console
See service console, VMware virtual machine console.
customization
The process of applying new characteristic values to a virtual machine as it is being deployed from a
template or cloned from another existing virtual machine. Customization options include changing the
new virtual machine identification and network information.
custom networking
In hosted products, any type of network connection between virtual machines and the host that does not
use the default bridged, host-only, or network address translation (NAT) configurations. For instance,
different virtual machines can be connected to the host by separate networks or connected to each other
and not to the host. Any network topology is possible.
daemon
A UNIX background program that runs unattended, performing services at a specified time or when some
condition occurs. Analogous to a service in Windows.
datacenter
A required structure under which hosts and their associated virtual machines are added to the vCenter
Server. vCenter Server supports multiple datacenters. A host can be managed under only one datacenter.
datacenter folder
An optional inventory grouping structure contained within the datacenter structure. A vCenter Server
supports multiple datacenter folders. Datacenter folders can contain only datacenters and other datacenter
folders.
datastore
Virtual representations of combinations of underlying physical storage resources in the datacenter. A
datastore is the storage location (for example, a physical disk, a RAID, or a SAN) for virtual machine files.
disabled
A state in which actions and features are deactivated. The feature is turned off by a choice the user makes.
disk arrays
Groups of multiple disk devices that are the typical SAN disk storage device. These arrays vary in design,
capacity, performance, and other features.
disk mode
A property of a virtual disk that defines its external behavior (how the virtualization layer treats its data.
It is invisible to the guest operating system. Available modes vary by product. See also persistent mode,
nonpersistent mode and append mode.
30 VMware, Inc.
Glossary
DVS
See vNetwork Distributed Switch (DVS)
enable
A state in which actions and features are active. The feature is turned on by a choice the user makes.
enumeration
The act of discovering resources available in a virtual machine environment. In particular, discovering all
resources of a given type or a list of resources discovered by enumeration.
Ethernet switch
A physical switch that manages network traffic between machines. A switch has multiple ports, each of
which can be connected to a machine or to another switch on the network. See also virtual switch.
event
An action that is of interest to vCenter Server. Each event triggers an event message. Event messages are
archived in the vCenter Server database. Messages appear in two locations in the user interface: the Events
option in the navigation bar and the Events tab for objects under the Inventory button.
event declaration
Type of event (alert, error, info, warning, or user) and its name, arguments, and message format.
existing partition
A partition on a physical disk. See also physical disk.
fabric
A Fibre Channel network topology in which devices pass data to each other through interconnecting
switches. A fabric is used in many SANs. Fabrics are typically divided into zones. Also called switched
fabric or Fibre Channel fabric. See also FC (Fibre Channel).
fault
A data object containing information about an exception condition encountered by an operation.
FC (Fibre Channel)
An ANSI-standard, gigabit-speed network technology used to build storage area networks and transmit
data. Fibre Channel components include HBAs, switches, and cabling.
file
A container for raw data, such as text or an image.
folder
A managed entity used to group other managed entities. Folder types are determined by the types of child
entities they contain. See also child.
VMware, Inc. 31
Introduction to VMware vSphere
full clone
A complete copy of the original virtual machine, including all associated virtual disks. See also linked
clone.
Go to snapshot
To restore a snapshot of the active virtual machine. See also revert to snapshot.
group
A set of users assigned a common set of privileges. A group may contain other groups. See also service
console.
growable disk
A type of virtual disk in which the disk space is not preallocated to its full size. The disk files begin small
and grow as data is written to the disk.
guest user
An unauthenticated user who can log in to a system with a temporary user name and password. A guest
user has restricted access to files and folders and has a set of restricted permissions
handle
A temporary token used by a Web service client to invoke Web service operations that require a reference
to an object. Like a file handle, an object handle is a temporary handle that always refers to the same object.
headless
Describes a program that runs in the background without any interface connected to it. A running virtual
machine that has no console connections is running headless.
heartbeat
A signal emitted at regular intervals by software to demonstrate that it is still active. The signal emitted
by a Level 2 Ethernet transceiver at the end of every packet to show that the collision-detection circuit is
still connected.
host
A computer that uses virtualization software to run virtual machines. Also called the host machine or host
computer. The physical computer on which the virtualization (or other) software is installed.
host agent
Software that performs actions on behalf of a remote client when installed on a virtual machine host.
32 VMware, Inc.
Glossary
host-based licensing
In ESX server software, one of two modes for licensing VMware software. License files reside on the host.
Feature availability is tied strictly to the host in which the file resides. See also server-based licensing.
hosted products
VMware products (including Workstation, VMware Player, VMware Server, VMware ACE, and Lab
Manager) that run as applications on physical machines with operating systems such as Microsoft
Windows or Linux. See also hypervisor.
host-only networking
In hosted products, a type of network connection between a virtual machine and the host. With host-only
networking, a virtual machine is connected to the host on a private network, which normally is not visible
outside the host. Multiple virtual machines configured with host-only networking on the same host are
on the same network. See also NAT (network address translation).
hot fix
An installable file that resets a user’s password, renews an expired virtual machine, or enables a copy-
protected virtual machine to run from a new location.
hyperthreading
A technology that allows a single physical processor to behave like two logical processors. The processor
can run two independent applications at the same time.
hypervisor
A platform that allows multiple operating systems to run on a host computer at the same time.
inactive
A feature is not currently functioning because of a constraint other than user choice. Can also be used
when the feature is turned off by indirect user choice. For example, a feature can be “disabled” by direct
user choice or made “inactive” by indirect user choice.
incremental backup
A process that backs up only those files that have changed since the last backup, whether it is a full or
incremental backup.
independent disk
A type of virtual disk that is not affected by snapshots. You can configure independent disks in persistent
and nonpersistent modes. See also nonpersistent mode, persistent mode.
inventory
A hierarchical structure used by the vCenter Server or the host agent to organize managed entities. This
hierarchy is a list of all the monitored objects in vCenter Server.
inventory mapping
Mapping between resource pools, networks, and virtual machine folders on the protection site and their
destination counterparts on the recovery site.
VMware, Inc. 33
Introduction to VMware vSphere
IP storage
Any form of storage that uses TCP/IP network communication as its foundation. Both Network File System
(NFS) and iSCSI storage can be used as virtual machine datastores. NFS can also be used for direct
mounting of .ISO files for presentation to virtual machines as CD-ROM discs.
LAN segment
A private virtual network that is available only to virtual machines within the same team. See also team,
virtual network.
license file
A text file determining the license mode and entitlement to licensed features.
license key
An encrypted block of text within a license file, determining entitlement to one specific licensed feature.
license mode
The method used for licensing VMware software. A license file can be located on an ESX server host or
on a license server. vCenter Server uses server-based licensing. ESX server licensing can be server-based
or host-based at the option of the system administrator. See also host-based licensing, server-based
licensing.
link
A hyperlink that contains a path to another object. As on the Web, links can be relative to the current object
path, relative to the current server’s object root, or on a specific server, as interpreted by the current client’s
host name resolver.
linked clone
A copy of the original virtual machine. The copy must have access to the parent virtual machine’s virtual
disks. The linked clone stores changes to the virtual disks in a separate set of files. See also full clone.
LMHOSTS (LAN Manager HOSTS) file
A text file in a Windows network that maps NetBIOS host names to IP addresses.
lockout
See administrative lockout.
LUN Masking
A process that is used for permission management to make a LUN available to some hosts and not to other
hosts. Also referred to as Selective Storage Presentation, Access Control, and Partitioning, depending on
the vendor.
managed entity
A managed object that is present in the inventory. See also inventory, managed object.
managed object
An object that resides on a server and is passed between the client and the Web service only by reference.
A managed object has operations associated with it but might not have properties. See also.
34 VMware, Inc.
Glossary
message
A data element that is used by an operation to carry data. It lists the data types exchanged between the
Web service and the client.
migration
The process of moving a virtual machine between hosts. Unless VMotion or Storage VMotion is used, the
virtual machine must be powered off when you migrate it. See also migration with VMotion.
name
A path (such as a URL) that refers to an object or the name of an item of information in the server.
nbtstat command
A diagnostic command that helps determine how a system name or IP address is resolved. Because it can
display current connections using NetBIOS over TCP/IP, nbtstat is useful for determining whether
Windows systems are online from a NetBIOS view. See also NetBIOS (network basic input/output
system).
Network access
Policies that give you detailed and flexible control over the network access you can provide to users of
your ACE instances. Using a packet filtering firewall, the network access feature lets you specify exactly
which machines or subnets an ACE instance or its host system may access.
network quarantine
A set of controls, governed by policies, that ensure only up-to-date virtual machines have access to
specified resources on an organization’s network. These controls enable administrators to specify which
machines or subnets a virtual machine may access.
VMware, Inc. 35
Introduction to VMware vSphere
NIC teaming
The association of multiple NIC adapters with a single virtual switch to form a team. Such teams can
provide passive failover and share traffic loads between members of physical and virtual networks.
nonpersistent mode
A disk mode in which all disk writes issued by software running inside a virtual machine appear to be
written to the independent disk. In fact, they are discarded after the virtual machine is powered off. As a
result, a virtual disk or physical disk in independent-nonpersistent mode is not modified by activity in
the virtual machine. See also disk mode, persistent mode.
not-shared storage
Amount of storage that is used only by a virtual machine and is not shared with other virtual machines.
(This terms was formerly called unshared storage.) Also, the amount of guaranteed storage which can be
reclaimed if a virtual machine is migrated out of a datastore or is deleted.
package
An installable bundle for distribution to end users. The package might include one or more virtual
machines and an application used to run virtual machines.
page file
A component of an operating system that provides virtual memory for the system. Recently used pages
of memory are swapped out to this area on the disk to make room in physical memory (RAM) for newer
memory pages. Also called a “swap file.” See also virtual memory.
paravirtual device
A device designed with specific awareness that it is running in a virtualized environment.
36 VMware, Inc.
Glossary
paravirtual appliance
Free virtual machines that are intended to demonstrate the Virtual Machine Interface (VMI) for virtual
machine hypervisors. See also hypervisor.
parent
(1) The source virtual machine from which you take a snapshot or make a clone. If you delete the parent
virtual machine, any snapshot becomes permanently disabled. (2) In a VMware vSphere inventory, the
managed entity that immediately encloses a given entity (considered the child entity). See also full clone,
linked clone, snapshot, template.
Perfmon
A tool that enables user-level applications to collect and access performance statistics. Some form of
performance monitoring is available on all Windows, Linux, and UNIX platforms, although the specific
information collected and made available varies.
permission
A data object consisting of an authorization role, a user or group name, and a managed entity reference.
A permission allows a specified user to access the entity (such as a virtual machine) with any of the
privileges pertaining to the role.
persistent mode
A disk mode in which all disk writes issued by software running inside a virtual machine are immediately
and permanently written to a virtual disk that is configured as an independent disk. As a result, a virtual
disk or physical disk in independent-persistent mode behaves like a conventional disk drive on a physical
computer. See also disk mode, nonpersistent mode.
physical CPU
A single physical CPU in a physical machine.
physical disk
In hosted products, a hard disk in a virtual machine that is mapped to a physical disk drive or partition
on the host machine. A virtual machine’s disk can be stored as a file on the host file system or on a local
hard disk. When a virtual machine is configured to use a physical disk, vCenter Server directly accesses
the local disk or partition as a raw device (not as a file on a file system). See also virtual disk.
physical Ethernet
Manages network traffic between machines on the physical network. A switch has multiple ports, each of
which can be connected to a single other machine or another switch on the network.
physical network
A network of physical machines (plus cabling, switches, routers, and so on) that are connected so that they
can send data to and receive data from each other. See also virtual network.
policy
A set of system enforced rules that automatically execute or inhibit actions upon entities such as virtual
machines, processes, and users. Policies are set in the policy editor.
port group
A construct for configuring virtual network options such as bandwidth limitations and VLAN tagging
policies for each member port. Virtual networks that are connected to the same port group, share network
policy configuration. See also virtual network, VLAN (virtual local area network).
privilege
Authorization to perform a specific action or set of actions on a managed object or group of managed
objects.
property
An attribute of an object. In the VMware vSphere SDK, a property can be a nested data object, a managed
object reference, or other data such as an integer or string.
VMware, Inc. 37
Introduction to VMware vSphere
property collector
A managed object used to control the reporting of managed object properties and the primary means of
monitoring status on host machines.
provisioning
The process of creating a functioning virtual machine by assigning resources such as CPU, memory, and
virtual hardware and then deploying a system image.
raw disk
See physical disk.
read-only user
A role in which the user is allowed to view the inventory but not allowed to perform any tasks.
redo-log file
The file that stores changes made to a disk in all modes except the persistent and independent-persistent
modes. For a disk in nonpersistent mode, the redo-log file is deleted when you power off or reset the
virtual machine without writing any changes to the disk. You can permanently apply the changes saved
in the redo-log file to a disk in undoable mode so that they become part of the main disk files. See also
disk mode.
remote console
An interface that provides nonexclusive access to a virtual machine from the server on which the virtual
machine is running and from workstations connected to that server.
resource pool
A division of computing resources used to manage allocations between virtual machines.
resume
To return a virtual machine to operation from its suspended state. When you resume a suspended virtual
machine, all applications are in the same state as when the virtual machine was suspended. See also
suspend.
revert to snapshot
To restore the status of the active virtual machine to its immediate parent snapshot. This parent is
represented in the Snapshot manager by the snapshot appearing to the left of the You are here icon. See also
Go to snapshot, Snapshot Manager, You are here icon.
role
A defined set of privileges that can be assigned to users and groups to control access to VMware vSphere
objects.
root user
The superuser who has full administrative privileges to log in to an ESX Server host. The root user can
manipulate permissions, create users and groups, and work with events.
38 VMware, Inc.
Glossary
scheduled task
A vCenter Server activity that is configured to occur at designated times. In VMware Converter, scheduled
tasks consist of migrations and configurations of virtual machines.
server
(1) A system capable of managing and running virtual machines. (2) A process capable of accepting and
executing instructions from another process.
server-based licensing
A mode of licensing VMware software in which all license keys are administered by a license server, which
manages a central license pool. Feature entitlement is checked out and returned on demand. See also host-
based licensing.
service console
The command-line interface for an ESX server system that enables administrators to configure the system.
The service console is installed as the first component and used to bootstrap the ESX server installation
and configuration. The service console also boots the system and initiates execution of the virtualization
layer and resource manager. You can open the service console directly on an ESX server system. If the ESX
server system’s configuration allows Telnet or SSH connections, you can also connect remotely to the
service console.
service host
The host on which a Web service executes.
service instance
In the VMware vSphere SDK, the managed entity that provides access to all other managed entities. Clients
must access the service instance to begin a session.
shared folder
A folder on a host computer—or on a network drive accessible from the host computer—that can be used
by both the host computer and one or more virtual machines. It provides a simple way of sharing files
between host and guest or among virtual machines. In a Windows virtual machine, shared folders appear
in My Network Places (Network Neighborhood in a Windows NT virtual machine) under VMware
Shared Folders. In a Linux virtual machine, shared folders appear under a specified mount point.
shrink
To reclaim unused space in a virtual disk. If a disk has empty space, shrinking reduces the amount of
space the virtual disk occupies on the host drive. Shrinking virtual disks is a way to update an older virtual
disk to the format supported by the current version of vCenter Server. You cannot shrink preallocated
virtual disks or physical disks.
slot
A unit of CPU and memory that can accommodate the CPU and memory reservation requirements of the
largest virtual machine in your cluster. Spare capacity for failover is maintained on hosts in the cluster in
slot sizes, so that any virtual machine in the cluster can fit in the slot size and be able to be failed over.
Represents potential computing capacity on a node. A virtual machine can run in an empty slot in the
event of failover.
Technical definition: A unit of CPU and memory that can accommodate the CPU and memory reservation
requirements of the largest virtual machine in the cluster. Spare capacity for failover is maintained on
hosts in the cluster in slot sizes, so that any virtual machine in the cluster can fit in the slot size and be able
to be failed over.
VMware, Inc. 39
Introduction to VMware vSphere
snapshot
A reproduction of the virtual machine just as it was when you took the snapshot, including the state of
the data on all the virtual machine’s disks and the virtual machine’s power state (on, off, or suspended).
You can take a snapshot when a virtual machine is powered on, powered off, or suspended. See also
independent disk.
Snapshot Manager
A control that enables you to take actions on any of the snapshots associated with the selected virtual
machine. See also snapshot.
storage array
A storage system that contains multiple disk drives.
suspend
A state in which settings are preserved and actions are no longer performed. To turn off a virtual machine
while preserving the current state of a running virtual machine. See also resume.
target
The object that corresponds to a request URL.
task
A managed object representing the state of a long-running operation.
team
A group of virtual machines configured to operate as one object. You can power on, power off, and suspend
a team with one command. You can configure a team to communicate independently of any other virtual
or real network by setting up a LAN segment. See also LAN segment, NIC teaming, virtual network.
template
A master image of a virtual machine. The template typically includes a specified operating system and a
configuration that provides virtual counterparts to hardware components. Optionally, a template can
include an installed guest operating system and a set of applications. Templates are used by vCenter Server
to create new virtual machines. See also linked clone, parent, snapshot.
templates list
A list of virtual machines that provides a means to import and store virtual machines as templates. You
can deploy the templates at a later time to create new virtual machines.
40 VMware, Inc.
Glossary
view
(1) An XML document that contains information about objects, particularly virtual machines and hosts.
Use a view to access virtual machines and other top-level objects through the Web service. (2) In the Perl
Toolkit, an object stored in the client that encapsulates the properties of a managed object with methods
to access the properties and act on the managed object.
view definition
An XML document that specifies the elements that appear in a view. View definitions typically specify
the items of interest in the view but might include additional elements for presentation or computation
related to those items.
virtual appliance
A software solution that is composed of one or more virtual machines. A virtual appliance is packaged as
a unit by an appliance vendor and is deployed, managed, and maintained as a unit. Converting virtual
appliances allows you to add preconfigured virtual machines to your Virtual Center, ESX Server,
Workstation, or Player inventory.
virtual disk
A file or set of files that appears as a physical disk drive to a guest operating system. These files can be on
the host machine or on a remote file system. See also growable disk, physical disk.
virtual hardware
The devices that make up a virtual machine. The virtual hardware includes the virtual disk, removable
devices such as the DVD-ROM/CD-ROM and floppy drives, and the virtual Ethernet adapter. See also
virtual machine settings editor.
virtual machine
A virtual machine is a software computer that, like a physical computer, runs an operating system and
applications. Multiple virtual machines can operate on the same host system concurrently.
See the guidelines for using the acronym VM in place of virtual machine.
VMware, Inc. 41
Introduction to VMware vSphere
virtual memory
An extension of a system’s physical memory, enabled by the declaration of a page file. See also page
file .
virtual network
A network connecting virtual machines that does not depend on physical hardware connections. For
example, you can create a virtual network between a virtual machine and a host that has no external
network connections. You can also create a LAN segment for communication between virtual machines
on a team. See also LAN segment, team.
virtual switch
A virtualized network switch used by ESX server to manage traffic between virtual machines, the service
console, and the physical network adapters on the ESX server machine.
VMkernel
In ESX server, a high-performance operating system that occupies the virtualization layer and manages
most of the physical resources on the hardware, including memory, physical processors, storage, and
networking controllers.
42 VMware, Inc.
Glossary
VNIC
A virtual network interface card that is configured on top of a system's physical Network adapter. See also
NIC (network interface card).
vSwitch
See virtual switch.
VMware, Inc. 43
Introduction to VMware vSphere
44 VMware, Inc.
Index
A F
Active Directory interface 24 fault tolerance 8
alarms 23
APIs, database interface 24 H
HA 8, 14
C high availability 14
clusters 13 host and VM configuration 23
components host profiles 8
fault tolerance 8 hosts 13
host profiles 8
pluggable storage array 8 L
VMware Consolidated Backup 8 logging 23
VMware Distributed Resource Scheduler 8
VMware ESX 8 N
VMware ESXi 8 network architecture 17
VMware High Availability 8
VMware SDK 8 P
physical topology
VMware Storage VMotion 8
computing servers 10
VMware vCenter Server 8
desktop clients 10
VMware Virtual Machine File System 8
IP networks 10
VMware VMotion 8
storage networks and arrays 10
VMware vSphere client 8
vCenter Server 10
VMware vSphere web access 8 pluggable storage array, PSA 8
vNetwork Distributed Switch 8 port group 17
Consolidated Backup 8
consolidation 23 R
resource pools 13
D resources, documentation 27
database interface 24
distributed services S
VMware DRS 14 SDK 8
VMware HA 14 statistics 23
VMware Storage VMotion 14 storage architecture 18
VMware VMotion 14 Storage VMotion 8, 14
DRS 8, 14
DVS 8 T
task scheduler 23
E
ESX V
communication with vCenter Server 24
vApp 23
management 24
vCenter Server
ESX management 24 communication with ESX 24
ESXi 8 core services 23
event management 23 interfaces 24
plug-ins 24
VMware, Inc. 45
Introduction to VMware vSphere
46 VMware, Inc.
Getting Started with ESX
ESX 4.0
vCenter Server 4.0
EN-000118-00
Getting Started with ESX
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
VMware, Inc. 3
Getting Started with ESX
4 VMware, Inc.
Getting Started with ESX
Get started with ESX quickly with this information about installation and initial setup. Follow the procedures
included here to install and setup a basic inventory for a single-host virtualization environment. After your
host is set up with a working virtual machine, you can install vCenter Server and explore a multiple-host
virtualization environment.
This information is for experienced Windows or Linux system administrators who will be installing VMware
ESX to deploy virtualization for the first time. Specifically, it is for users who meet the following requirements:
n Do not yet have the ESX software installed
n Do not yet have the vSphere Client or VMware vCenter Server installed.
Completing the getting started tasks sets up the single-host management system for virtualization as shown in
Figure 1.
After the initial setup of ESX, you can deploy vSphere 4.0 with vCenter Server to manage multiple hosts.
VMware, Inc. 5
Getting Started with ESX
ESX Installation
Install ESX to get started with running virtual machines. The machine running ESX virtualization software
will act as a host in your virtual infrastructure.
Hosts provide CPU and memory resources, access to storage, and network connectivity for virtual machines
that reside on them.
64-Bit Processor
n VMware ESX 4.0 will only install and run on servers with 64-bit x86 CPUs.
n Known 64-bit processors:
n All AMD Opterons support 64 bit.
n All Intel Xeon 3000/3200, 3100/3300, 5100/5300, 5200/5400, 7100/7300, and 7200/7400 support 64 bit.
n All Intel Nehalem (no Xeon brand number assigned yet) support 64 bit.
RAM
2GB RAM minimum
Network Adapters
One or more network adapters. Supported network adapters include:
n Broadcom NetXtreme 570x gigabit controllers
n Intel PRO 1000 adapters
6 VMware, Inc.
Getting Started with ESX
ATA and IDE disk drives – ESX supports installing and booting on either an ATA drive or ATA RAID is
supported, but ensure that your specific drive controller is included in the supported hardware. IDE drives
are supported for ESX installation and VMFS creation.
Prerequisites
VMware, Inc. 7
Getting Started with ESX
Procedure
1 Use the BIOS to set the server to boot from the DVD.
b Press the key required to enter your machine’s BIOS setup or boot menu.
A series of installation messages scroll past until the Welcome page appears.
4 Select I accept the terms of the license agreement and click Next.
You cannot install this product unless you accept the license agreement.
NOTE If the alignment of the license agreement screen is skewed to the left, you might need to auto-adjust
your host monitor.
5 Select your keyboard type from the list and click Next.
You might need custom drivers if your system is not listed in the Hardware Compatibility Guide and has a
network or storage device that was not originally compatible with ESX 4.0.
n Select Yes and click Add to install custom drivers. The installer prompts you to insert the media
containing the custom drivers. After you add the custom drivers to the list, the installer prompts you
to reinsert the ESX installation DVD and continue with the installation. Click Next to continue.
n Select No if you do not need to install custom drivers. You can install custom drivers after the ESX
installation is complete, using other command-line and GUI tools available to you, such as the vSphere
CLI and vCenter Update Manager. Click Next to continue.
Virtual machine network traffic shares this network adapter until you configure a virtual switch for
another network adapter. You can configure other network adapters at a later time from the vSphere
Client.
10 If the adapter is connected to a VLAN, select This adapter requires a VLAN ID, enter a VLAN ID number
between 0 and 4095, and click Next.
VMware recommends that you use a static IP address to simplify client access. If you want to use static
settings but you do not have the required information, you can use DHCP for the installation and configure
static settings after you consult with your network administrator.
For the host name, type the complete host name including the domain. This option is available only if you
use a static IP address.
8 VMware, Inc.
Getting Started with ESX
Option Description
Standard Setup The installer configures the default partitions on a single hard drive or LUN
where you install ESX. The default partitions are sized based on the capacity
of the hard drive or LUN.
Advanced Setup Allows you to specify esxconsole.vmdk partition settings, kernel options,
and a bootloader location and password. If you leave the Configure boot
loader automatically option selected, the installer places the boot loader in
the master boot record (MBR).
CAUTION The installer erases all content on the selected storage device.
19 Click Next and then click Finish to exit the installer and reboot the host.
20 During reboot, press the key required to enter your machine’s BIOS setup or boot menu
21 Set the first boot device to be the drive on which you installed ESX.
What to do next
After you complete the installation, use the vSphere Client to connect to the ESX host.
After you finish initial setup of the host, download and install the vSphere Client. Connect to the host and add
your first virtual machine by importing a virtual appliance.
VMware, Inc. 9
Getting Started with ESX
You must also have 400MB free on the drive that has your %temp% directory.
If all of the prerequisites are already installed, 300MB of free space is required on the drive that has your
%temp% directory, and 450MB is required for the vSphere Client 4.0.
The vSphere Client requires the Microsoft .NET 3.0 SP1 Framework. If your system does not have it installed,
the vSphere Client installer installs it.
For a list of supported operating systems, see the Compatibility Matrixes on the VMware vSphere documentation
Web site.
Prerequisites
You must have the URL of the host. This is the IP address or host name.
Procedure
What to do next
The vSphere Client must be installed on a Windows machine that has network access to the ESX host and
Internet access.
10 VMware, Inc.
Getting Started with ESX
Procedure
4 Select I agree to the terms in the license agreement and click Next.
5 Type your user name and company name and click Next.
6 Select Install VMware vSphere Host Update Utility to manage host patches, updates, and upgrades from
this machine and click Next.
7 Accept the default installation location and click Next, or click Change to select a different location and
click Next.
8 Click Install to begin the installation.
What to do next
VMware, Inc. 11
Getting Started with ESX
Procedure
Double-click a shortcut or select Start > Programs > VMware > VMware vSphere Client.
If you did not set the password using the direct console, leave the Password field empty.
3 Click Login.
This security warning message occurs because the vSphere Client detected a certificate that the ESX host
signed (default setting). For highly secure environments, VMware recommends certificates that a trusted
third party generates. You can set up third-party certificates later.
What to do next
After you connect to the host with the vSphere Client, use the Getting Started tabs to import a virtual appliance.
To add virtual machines to hosts, you can build a new virtual machine or import a virtual appliance from the
VMware Web site. A virtual appliance is a prebuilt virtual machine with an operating system and applications
already installed. The vSphere Client Getting Started tab provides steps to guide you through both options.
If this is your first virtual machine, VMware recommends that you import a virtual appliance.
12 VMware, Inc.
Getting Started with ESX
Procedure
VMware, Inc. 13
Getting Started with ESX
3 Select a virtual appliance from the list and click Download now.
For the shortest download time, VMware recommends that you chose a small virtual appliance.
4 Click Next and follow the on-screen instructions to import the virtual appliance.
After you import the virtual appliance, you can use the Console tab in the vSphere Client to power it on and
view it. To release the pointer from the Console, press Ctrl+Alt. To view the Console in full screen mode, from
the Inventory, right-click the virtual machine and select Open Console.
What to do next
You have completed setup for a single-host management system in which ESX is used to run virtual machines.
Explore the advantages of managing multiple hosts with vCenter Server.
Using vCenter Server to manage multiple hosts allows you to experiment with advanced management options,
such as resource sharing, and all of the other options available within the vSphere environment.
Deploying vCenter Server provides many advantages over deploying a single, standalone ESX host. Table 1
illustrates some of the advantages and compares multiple-host management with vCenter Server as opposed
to single-host management.
Instant server provisioning Available with templates and cloning Not available
14 VMware, Inc.
Getting Started with ESX
vSphere includes the following components in addition to the ESX host and vSphere Client you have already
setup:
VMware vCenter Server vCenter Server unifies resources from individual hosts so that those resources
can be shared among virtual machines in the entire datacenter. It accomplishes
this by managing the assignment of virtual machines to the hosts and the
assignment of resources to the virtual machines within a given host based on
the policies that the system administrator sets.
vCenter Server allows the use of advanced vSphere features such as VMware
Distributed Resource Scheduler (DRS), VMware High Availability (HA), and
VMware VMotion.
Datacenter A datacenter is a structure under which you add hosts and their associated
virtual machines to the inventory.
Virtual Machine A virtual machine is a software computer that, like a physical computer, runs
an operating system and applications. Multiple virtual machines can run on
the same host at the same time. Virtual machines that vCenter Server manages
can also run on a cluster of hosts.
Figure 3 shows the relationships among the basic components of vSphere and how vCenter Server can be used
to manage hosts and run virtual machines.
To get started with vCenter Server quickly and manage the host you set up, you can installed vCenter Server
on a desktop or laptop. You must install vCenter Server on a Windows machine that has network access to the
ESX host. For production use, VMware recommends that you install vCenter Server on a dedicated server
system.
VMware, Inc. 15
Getting Started with ESX
Before you install vCenter Server, make sure your system meets the minimum hardware and software
requirements. vCenter Server requires a database. vCenter Server uses Microsoft SQL Server 2005 Express for
small deployments with up to 5 hosts and 50 virtual machines. For larger deployments, VMware supports
several Oracle and Microsoft SQL Server databases. Refer to the vSphere Compatibility Matrixes for the list of
supported databases.
vCenter Server includes a service called VMware VirtualCenter Management Webservices. This service
requires 128MB to 1.5GB of additional memory. The VirtualCenter Management Webservices process
allocates the required memory at startup.
n Disk storage – 2GB. Disk requirements might be higher if the database runs on the same machine.
n Microsoft SQL Server 2005 Express disk requirements – Up to 2GB free disk space to decompress the
installation archive. Approximately 1.5GB of these files are deleted after the installation is complete.
n Networking – Gigabit connection recommended.
See your database documentation for the hardware requirements of your database. The database requirements
are in addition to the vCenter Server requirements if the database and vCenter Server run on the same machine.
See the Compatibility Matrixes on the VMware vSphere documentation Web site.
IMPORTANT If you want to keep your existing VirtualCenter configuration, see the Upgrade Guide.
n There must be no Network Address Translation (NAT) between the vCenter Server system and the hosts
it will manage.
n For the installation of vCenter Server, VMware recommends installing the bundled SQL Server 2005
Express database on one of the supported operating systems. If SQL Native Client is already installed,
uninstall SQL Native Client before you begin the vCenter Server installation.
16 VMware, Inc.
Getting Started with ESX
n The system that you use for your vCenter Server installation must belong to a domain rather than a
workgroup. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and
systems available on the network when using such features as vCenter Guided Consolidation Service. To
determine whether the system belongs to a workgroup or a domain, right-click My Computer and click
Properties and the Computer Name tab. The Computer Name tab displays either a Workgroup label or
a Domain label.
n During the installation, the connection between the machine and the domain controller must be working.
n The computer name cannot be more than 15 characters.
n The DNS name of the machine must match the actual computer name.
n Make sure the system on which you are installing vCenter Server is not an Active Directory domain
controller.
n On each system that is running vCenter Server, make sure that the domain user account has the following
permissions:
n Member of the Administrators group
n Act as part of the operating system
n Log on as a service
n Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration that resolves properly
from all managed ESX hosts.
n If you install vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must have
the NTFS format, not the FAT32 format.
n vCenter Server, like any other network server, should be installed on a machine with a fixed IP address
and well-known DNS name, so that clients can reliably access the service. If you use DHCP instead of a
static IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the
domain name service (DNS). One way to test this is by pinging the computer name. For example, if the
computer name is host-1.company.com, run the following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Prerequisites
VMware, Inc. 17
Getting Started with ESX
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<installer location>\.
5 Select I agree to the terms in the license agreement and click Next.
6 Type your user name, organization, and vCenter Server license key, and click Next.
If you omit the license key, vCenter Server will be in evaluation mode, which allows you to use the full
feature set. After installation, you can convert vCenter Server to licensed mode by entering the license key
using the vSphere Client.
7 Click Install SQL Server 2005 Express instance (for small-scale deployments).
This database is suitable for small deployments of up to 5 hosts and 50 virtual machines.
8 Enter the administrator name and password that you use when you log in to the system on which you are
installing vCenter Server and click Next.
You need the user name and password entered here to log in to vCenter Server after you have installed
it.
18 VMware, Inc.
Getting Started with ESX
11 Select Create a standalone VMware vCenter Server instance and click Next.
12 For each component that you install, accept the default port numbers and click Next.
If another service is already using the defaults, specify alternative port and proxy information.
13 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
14 Click Finish.
What to do next
After you complete the installation, use the vSphere Client to connect to vCenter Server.
VMware, Inc. 19
Getting Started with ESX
Setting up a basic inventory with the Getting Started tabs after you install vCenter Server involves the
following tasks:
n Creating a datacenter
n Adding the host to the datacenter
n Creating a virtual machine
You must have an empty vCenter Server inventory to view the Getting Started tabs wizard. After you have
set up the basic inventory, the Getting Started tabs continue to provide information about inventory objects
but no longer provide inventory setup wizard help.
20 VMware, Inc.
Getting Started with ESX
Procedure
Double-click the shortcut or select Start > Programs > VMware > VMware vSphere Client.
3 Click Login.
What to do next
After you connect to vCenter Server with the vSphere Client, use the Getting Started tabs to create a datacenter.
Create a Datacenter
The first step in setting up your vSphere environment is to create a datacenter.
If you are logging in for the first time, you should have no inventory items in the Inventory panel.
VMware, Inc. 21
Getting Started with ESX
Figure 5. vCenter Server with No Inventory Objects and the First Step in the Getting Started Tab Wizard
Procedure
1 On the Getting Started tab in the Information panel, follow the on-screen instructions and click Create a
datacenter.
What to do next
22 VMware, Inc.
Getting Started with ESX
Add a Host
When you add your host to a datacenter, vCenter Server manages it.
Procedure
1 In the Inventory panel, select the datacenter you created if it is not selected.
2 On the Getting Started tab, follow the on-screen instructions and click Add a host.
a Type the IP address or name of the ESX host in the Host name field.
b Enter the Username and Password for a user account that has administrative privileges on the selected
managed host.
3 Click Next.
6 (Optional) Select Enable Lockdown Mode to disable remote access for the administrator account after
vCenter Server takes control of this host.
Select this check box to ensure that the host is managed only through vCenter Server with root privileges.
7 Click Next.
8 Select a location from the list of inventory objects and click Next.
The vSphere Client displays a progress bar in the Recent Tasks pane while the host is added. Adding a
new host can take a few minutes and the Status percentage might appear to pause at different increments
during the process.
VMware, Inc. 23
Getting Started with ESX
When a new host is added, the host might appear as disconnected until vCenter Server completes the task.
After the host is added, the status changes to connected, indicating that the host connection is complete.
The host you installed and setup earlier and the virtual appliance you imported are added to the inventory
managed by vCenter Server.
What to do next
You already have a virtual machine in the inventory because you added the host with the virtual appliance to
vCenter Server. Try to create a new virtual machine.
Prerequisites
Make sure that you have an ISO image and a license for the operating system to install on the virtual machine.
Procedure
5 Select a datastore in which to store the virtual machine files and click Next.
The datastore must be large enough to hold the virtual machine and all of its virtual disk files.
24 VMware, Inc.
Getting Started with ESX
6 Under Guest Operating System, select the operating system family (Microsoft Windows, Linux, Novell
NetWare, Solaris, or other) and select the version from the drop-down list.
This is the operating system for your virtual machine. Base your choice on your planned use of the virtual
machine.
NOTE The wizard does not install the guest operating system. The New Virtual Machine wizard uses this
information to select appropriate default values, such as the amount of memory needed.
Enter the disk size in megabytes (MB) or gigabytes (GB). The default is 8GB. The virtual disk must be large
enough to hold the guest operating system and all of the software that you intend to install, with room
for data and growth.
8 On the Ready to Complete New Virtual Machine page, review your selections and click Finish to create
the new virtual machine.
After you create the virtual machine, install a guest operating system and VMware Tools on it. You can find
instructions for how to install a guest operating system and VMware Tools in the vSphere Tutorial accessible
from the vSphere Client. Select the virtual machine and follow the links on the Getting Started tab to learn
how to install an operating system.
Where to Go Next
You have set up your vSphere environment. From here, you can do the following:
n Expand your capacity by adding more hosts and storage.
n Expand your virtual datacenter by creating and importing new virtual machines.
n Perform a consolidation of your physical servers using the Consolidation wizard.
For more information about how to evaluate the features and benefits of vSphere, go to
http://www.vmware.com/go/vi_evalresources.
You can access the tutorial through the Explore Further links on the Getting Started tabs in the vSphere Client
when you want learn more about the object selected in the inventory.
You can also access the tutorial from the Help menu in the vSphere Client.
vSphere Documentation
Refer to the VMware vSphere 4.0 documentation to information on advanced host and vCenter Server
configuration, setup for larger deployments for production environments, as well as information on advanced
vSphere features.
The vSphere documentation consists of the combined vCenter Server and ESX documentation set. To access
the current versions of this manual and other books, go to the vSphere 4.0 Documentation page on the VMware
Web site.
VMware, Inc. 25
Getting Started with ESX
26 VMware, Inc.
ESX and vCenter Server Installation
Guide
ESX 4.0
vCenter Server 4.0
EN-000104-01
ESX and vCenter Server Installation Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 7
2 System Requirements 13
ESX Hardware Requirements 13
vCenter Server and the vSphere Client Hardware Requirements 16
vCenter Server Software Requirements 17
vSphere Client Software Requirements 18
Support for 64-Bit Guest Operating Systems 18
Requirements for Creating Virtual Machines 18
Required Ports 18
Supported Remote Management Firmware Versions 19
7 ESX Partitioning 61
Required Partitions 61
Optional Partitions 62
VMware, Inc. 3
ESX and vCenter Server Installation Guide
4 VMware, Inc.
Contents
Index 119
VMware, Inc. 5
ESX and vCenter Server Installation Guide
6 VMware, Inc.
Updated Information
This ESX and vCenter Server Installation Guide is updated with each release of the product or when necessary.
This table provides the update history of the ESX and vCenter Server Installation Guide.
Revision Description
EN-000104-01 n “Required Partitions,” on page 61 now reflects that the only required VMFS3
partition is for the esxconsole.vmdk.
n Minor revisions.
VMware, Inc. 7
ESX and vCenter Server Installation Guide
8 VMware, Inc.
About This Book
®
The Installation Guide describes how to install new configurations of VMware vCenter Server and ESX. This
installation information covers ESX and vCenter Server only. It does not include setup or installation
information for ESXi.
Intended Audience
This book is intended for anyone who needs to install vCenter Server and install ESX 4.0.
The information in this book is written for experienced Windows or Linux system administrators who are
familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
VMware, Inc. 9
ESX and vCenter Server Installation Guide
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
10 VMware, Inc.
Introduction to VMware vSphere 1
These topics describe VMware vSphere.
The following figure illustrates the basic components of VMware vSphere.
databases
vCenter Server
ESX hosts and
additional modules
Each vCenter Server system manages multiple ESX hosts. You can run the vSphere Client and vSphere Web
Access on multiple workstations.
VMware ESX Provides a virtualization layer that abstracts the processor, memory, storage,
and networking resources of the physical host into multiple virtual machines.
VMware ESXi Embedded Provides a virtualization layer that abstracts the processor, memory, storage,
and networking resources of the physical host into multiple virtual machines.
You do not need to install ESXi Embedded because it is embedded as firmware
on hardware that you purchase from a vendor.
VMware ESXi Installable Provides a virtualization layer that abstracts the processor, memory, storage,
and networking resources of the physical host into multiple virtual machines.
You can install ESXi Installable on any hard drive on your server.
VMware, Inc. 11
ESX and vCenter Server Installation Guide
vCenter Server A service that acts as a central administrator for ESX/ESXi hosts connected on
a network. This service directs actions on the virtual machines and the hosts.
The vCenter Server is the working core of vCenter. You can have multiple
vCenter Server systems joined to a Linked Mode group. This allows you to log
in to any single instance of vCenter Server and view and manage the
inventories of all the vCenter Server systems in the group.
vCenter Server Provide additional capabilities and features to vCenter Server. Generally,
additional modules additional modules (sometimes called plug-ins) are released separately, install
on top of vCenter Server, and can be upgraded independently. You can install
additional modules on the same computer as the vCenter Server system or on
a separate one. After the additional module is installed, you can activate the
module’s client component, which enhances the vSphere Client with user
interface (UI) options. Additional modules include vCenter Update Manager,
vCenter Converter, and vCenter Guided Consolidation Service.
vSphere Client Installs on a Windows machine and is the primary method of interaction with
VMware vSphere. The vSphere Client acts as a console to operate virtual
machines and as an administration interface into the vCenter Server systems
and ESX hosts.
The vSphere Client is downloadable from the vCenter Server system and ESX
hosts. The vSphere Client includes documentation for administrators and
console users.
VMware vSphere Web A browser-based interface for system administrators who need to access virtual
Access machines remotely or without a vSphere Client. vSphere Web Access is also
for people who use virtual machines as remote desktops.
Databases Organize all the configuration data for the VMware vSphere environment. For
small deployments, the bundled Microsoft SQL Server 2005 Express database
lets you set up to 5 hosts and 50 virtual machines. vCenter Server supports
other database products for larger deployments. vCenter Update Manager also
requires a database. VMware recommends that you use separate databases for
vCenter Server and vCenter Update Manager.
12 VMware, Inc.
System Requirements 2
Hosts running vCenter Server and ESX must meet specific hardware and operating system requirements.
This chapter includes the following topics:
n “ESX Hardware Requirements,” on page 13
n “vCenter Server and the vSphere Client Hardware Requirements,” on page 16
n “vCenter Server Software Requirements,” on page 17
n “vSphere Client Software Requirements,” on page 18
n “Support for 64-Bit Guest Operating Systems,” on page 18
n “Requirements for Creating Virtual Machines,” on page 18
n “Required Ports,” on page 18
n “Supported Remote Management Firmware Versions,” on page 19
64-Bit Processor
n VMware ESX 4.0 will only install and run on servers with 64-bit x86 CPUs.
n Known 64-bit processors:
n All AMD Opterons support 64 bit.
n All Intel Xeon 3000/3200, 3100/3300, 5100/5300, 5200/5400, 7100/7300, and 7200/7400 support 64 bit.
n All Intel Nehalem (no Xeon brand number assigned yet) support 64 bit.
RAM
2GB RAM minimum
Network Adapters
One or more network adapters. Supported network adapters include:
n Broadcom NetXtreme 570x gigabit controllers
n Intel PRO 1000 adapters
VMware, Inc. 13
ESX and vCenter Server Installation Guide
ATA and IDE disk drives – ESX supports installing and booting on either an ATA drive or ATA RAID is
supported, but ensure that your specific drive controller is included in the supported hardware. IDE drives
are supported for ESX installation and VMFS creation.
14 VMware, Inc.
Chapter 2 System Requirements
VMware has tested these combinations, however, other combinations might work as well.
Table 2-1 lists the tested combinations for burning the ESX installation ISO image onto DVD media.
Phillips + RW DVD8801 Roxio Creator Classic version: 6.1.1.48 SONY DVD +RW 120min / 4.7 GB
Philips PLDS DVD + RW DH-16A6S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips PLDS DVD + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips BenQ PBDS + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Memorex DVD-R
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Office Depot DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Ativa DVD-RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 TDK DVD+R
Verbatim DVD+R
SONY DVD-R
Maxell DVD+R
Table 2-2 lists the tested combinations for burning the ESX installation ISO image onto USB media.
VMware, Inc. 15
ESX and vCenter Server Installation Guide
vCenter Server includes a service called VMware VirtualCenter Management Webservices. This service
requires 128MB to 1.5GB of additional memory. The VirtualCenter Management Webservices process
allocates the required memory at startup.
n Disk storage – 2GB. Disk requirements might be higher if the database runs on the same machine.
n Microsoft SQL Server 2005 Express disk requirements – Up to 2GB free disk space to decompress the
installation archive. Approximately 1.5GB of these files are deleted after the installation is complete.
n Networking – Gigabit connection recommended.
See your database documentation for the hardware requirements of your database. The database requirements
are in addition to the vCenter Server requirements if the database and vCenter Server run on the same machine.
You must also have 400MB free on the drive that has your %temp% directory.
If all of the prerequisites are already installed, 300MB of free space is required on the drive that has your
%temp% directory, and 450MB is required for the vSphere Client 4.0.
16 VMware, Inc.
Chapter 2 System Requirements
IMPORTANT The recommended disk sizes assume default log levels. If you configure more granular log levels,
more disk space is required.
vCenter Server must be hosted on a 64-bit Windows operating system for this configuration.
See the Compatibility Matrixes on the VMware vSphere documentation Web site.
VMware, Inc. 17
ESX and vCenter Server Installation Guide
The vSphere Client requires the Microsoft .NET 3.0 SP1 Framework. If your system does not have it installed,
the vSphere Client installer installs it.
For a list of supported operating systems, see the Compatibility Matrixes on the VMware vSphere documentation
Web site.
See the Guest Operating System Installation Guide for a complete list.
To determine whether your server has 64-bit VMware support, you can download the CPU Identification
Utility at the VMware downloads page: http://www.vmware.com/download/shared_utilities.html.
Virtual chip set Intel 440BX-based motherboard with NS338 SIO chip
Required Ports
vCenter Server requires certain ports to send and receive data.
The vCenter Server system must be able to send data to every managed host and receive data from every
vSphere Client. To enable migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
18 VMware, Inc.
Chapter 2 System Requirements
VMware uses designated ports for communication. Additionally, the managed hosts are listening for data from
the vCenter Server system on designated ports. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
Table 2-7 lists the default ports that are required for communication between components.
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This is useful if you accidentally use http://server instead of https://server.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to different
port. If needed, you can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the
firewall.
The vCenter Server system also uses port 443 to listen for data transfer from the vSphere Web Access
Client and other SDK clients.
If you use another port number for HTTPS, you must use <ip-address>:<port> when you log in to the
vCenter Server system.
636 For vCenter Linked Mode, this is the SSL port of the local instance. If another service is running on this
port, it might be preferable to remove it or change its port to different port. If needed, you can run the
SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts, or between hosts.
902/903 Ports 902 and 903 must not be blocked between the vSphere Client and the hosts. These ports are used
by the vSphere Client to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Webservices.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Webservices.
If you want the vCenter Server system to use a different port to receive vSphere Client data, see Basic System
Administration.
To tunnel the vSphere Client data through the firewall to the receiving port on the vCenter Server system, see
Basic System Administration. VMware does not recommended this method because it disables the vCenter Server
console function.
Table 2-8 lists the remote management firmware versions that are supported for installing ESX 4.0 remotely.
VMware, Inc. 19
ESX and vCenter Server Installation Guide
Table 2-8. Supported Remote Management Server Models and Firmware Versions
Remote Controller
Make and Model Firmware Version Java ActiveX
20 VMware, Inc.
Introduction to Installing ESX 3
These topics discuss the prerequisites and options for installing ESX.
The ESX installation includes the following components:
n ESX
n vSphere Web Access
VMware, Inc. 21
ESX and vCenter Server Installation Guide
In ESX 4.0, the service console's partitions are stored in a .vmdk file. These partitions include /, swap, /var/
log, and all the optional partitions. The name of this file is esxconsole-<system-uuid>/esxconsole.vmdk.
All .vmdk files, including the esxconsole.vmdk, are stored in VMFS volumes.
IMPORTANT The service console must be installed on a VMFS datastore that is resident on a host's local disk or
on a SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
Options for Accessing the Installation Media, Booting the Installer, and
Running the Installer
When you install ESX, you have several options that allow you to customize the process to meet the needs of
your environment.
These options include how to store and access the installation media, how to boot the installer, and which
mode to use when you run the installer.
By default, when you boot the ESX installer from a DVD, the DVD uses the interactive graphical mode and
uses itself as the source of the installation media. You can modify the default installation process in the
following ways:
n Storing and accessing the ESX installation media:
n DVD (default)
n FTP
n HTTP/HTTPS (HTTPS with a proxy server is not supported.)
n NFS
n USB flash drive
n Booting the installer:
n DVD (default)
n PXE
n Running the installer:
n Interactive graphical (default)
n Interactive text
n Scripted
n For scripted installation, storing and accessing the installation script:
n Default installation script
n FTP
n HTTP/HTTPS
n NFS
n USB flash drive
n Local disk
22 VMware, Inc.
Chapter 3 Introduction to Installing ESX
The evaluation period is 60 days and begins as soon as you power on the ESX machine, even if you start in
license mode initially. To make full use of the evaluation period, make an early decision on whether to use
evaluation mode.
If you do not enter a vSphere license key during installation, ESX is installed in evaluation mode.
The following methods are available for installing VMware ESX software:
n Graphical mode – This is the recommended method for interactive installations.
n Text mode – Use this method if your video controller does not function properly using graphical mode.
n Scripted – An efficient way to deploy multiple hosts. See “Installing ESX Using Scripted Mode,” on
page 45.
NOTE The installer for ESX 4.0 is quite different from the installer for ESX 3.x, particularly in the text and
scripted installations.
Table 3-1 lists the information that you are prompted for during the installation. For future use, note the values
entered. Notes are useful if you ever need to reinstall ESX and reenter the values that you originally chose.
vSphere license key Optional None If you do not enter a vSphere license key, ESX is
installed in evaluation mode.
Network adapter for Required A network adapter that is Virtual machine network traffic shares this
the service console available and connected network adapter until you configure a virtual
switch for another network adapter.
IP address Optional DHCP You can allow DHCP to configure the network
during installation. After installation, you can
Subnet mask Optional Calculated based on the IP change the network settings.
address
VMware, Inc. 23
ESX and vCenter Server Installation Guide
Host name Required for None vSphere Clients can use either the host name or
static IP the IP address to access the ESX host.
settings
Install location Required None Must be at least 10GB if you install the
components on a single disk.
Datastore Required in In the basic setup, the installer A datastore is a partition that ESX uses to store
advanced creates the /vmfs partition for virtual machines. This datastore is used for the
setup the datastore. service console (esxconsole.vmdk). The service
console must be installed on a VMFS datastore
that is resident on a host's local disk or on a SAN
disk that is masked and zoned to that particular
host only. The datastore cannot be shared
between hosts.
Root password Required None The root password must be between 6 and 64
characters.
Virtual disk Required in The installer creates three In the advanced setup, you can edit the location
partitions advanced basic partitions: /boot, of the boot loader, edit the / (root), swap, and /
setup vmkcore, and VMFS. var/log default partition sizes, and create
The service console VMDK file additional partitions.
resides on the VMFS partition. The disk that you install the /boot partition onto
The service console VMDK file must be the disk that the BIOS chooses to boot
contains /, swap, and /var/ from.
log, by default, and any other
partitions that you specify.
Bootloader kernel Optional None In the advanced setup, you can specify kernel
options arguments to be written to the grub.conf file
and passed to the kernel every time ESX boots.
24 VMware, Inc.
Location of the ESX Installation Media 4
Before you install ESX, you must select a location for the installation media.
The following locations are supported:
n Local DVD
n Local USB
n USB DVD drive. This is useful if you cannot burn a DVD image or the host does not have a DVD drive.
n Remote media (See “Using Remote Management Applications,” on page 37).
n Remote location (media depot), accessible via HTTP/HTTPS, FTP, or NFS
Download the ESX ISO Image and Burn the Installation DVD
If you do not have an ESX installation DVD, you can create one.
Procedure
1 If you are not already logged into VMware Communities, log on using your VMware store account.
2 Download the ISO image for ESX from the VMware download page at
http://www.vmware.com/download/.
If you are performing a scripted installation, you must point to the media depot in the script by including the
install command with the nfs or url option.
The following code snippet from an ESX installation script demonstrates how to format the pointer to the media
depot if you are using NFS:
install nfs --server=example.com --dir=/nfs3/VMware/ESX/40
If you are performing an interactive installation instead of a scripted installation, include the askmedia boot
option, which causes the installer to prompt you for the location of the media.
VMware, Inc. 25
ESX and vCenter Server Installation Guide
You can type the askmedia option at the end of the boot options list. For example:
Boot Options initrd=initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
The boot options list appears when you boot the installer and press F2.
26 VMware, Inc.
Booting the ESX Installer 5
You can boot the installer from the DVD using the local DVD-ROM drive, or you can PXE boot the installer.
This chapter includes the following topics:
n “Bootstrap Commands,” on page 27
n “Boot the ESX Installer from the Installation DVD,” on page 28
n “PXE Booting the ESX Installer,” on page 29
Bootstrap Commands
Before the ESX installer Welcome screen appears, the installer displays a boot prompt where you can enter
bootstrap commands to pass arguments to the installer.
When the mode selection screen appears, quickly type F2 to stop the timeout counter. If the mode selection
screen times out, the default graphical mode is launched.
The supported bootstrap commands and subcommands are listed in Table 5-1.
VMware, Inc. 27
ESX and vCenter Server Installation Guide
Prerequisites
You must have an ESX installation DVD. See “Download the ESX ISO Image and Burn the Installation DVD,”
on page 25.
Procedure
2 Use the BIOS to set the host to boot from the CD-ROM drive:
b Press a function key or Delete to enter the BIOS setup or boot menu for your machine.
3 (Optional) When the mode selection page appears, press F2 to enter boot options.
28 VMware, Inc.
Chapter 5 Booting the ESX Installer
What to do next
Continue with the installation. If you are performing a scripted installation, allow the script to run.
PXE uses DHCP and Trivial File Transfer Protocol (TFTP) to bootstrap an operating system (OS) over a network.
Network booting with PXE is quite similar to booting with a DVD, but requires some network infrastructure
and a machine with a PXE-capable network adapter. Most machines that are capable of running ESX have
network adapters that are able to PXE boot. Once the ESX installer is booted, it works like a DVD-based
installation, except that the location of the ESX installation media (the contents of the ESX DVD) must be
specified.
A host first makes a DHCP request to configure its network adapter and then downloads and executes a kernel
and support files. PXE booting the installer provides only the first step to installing ESX. To complete the
installation, you must provide the contents of the ESX DVD either locally or on a networked server through
HTTP/HTTPS, FTP, or NFS. (See Chapter 4, “Location of the ESX Installation Media,” on page 25.)
Most Linux distributions come with a copy of the tftp-hpa server. You can alternatively obtain one at
http://www.kernel.org/pub/software/network/tftp/.
If your TFTP server is going to run on a Microsoft Windows host, you can use tftpd32 version 2.11 or later. See
http://tftpd32.jounin.net/. Previous versions of tftpd32 were incompatible with PXELINUX and gPXE.
The PXELINUX and gPXE environments allow your target machine to boot the ESX Installer. PXELINUX is
part of the SYSLINUX package which can be found at http://www.kernel.org/pub/linux/utils/boot/syslinux/,
although many Linux distributions include it. Many versions of PXELINUX also include gPXE. Some
distributions, such as Red Hat Enterprise Linux version 5.3, include older versions of PXELINUX that do not
include gPXE.
If you do not use gPXE, you might experience issues while booting the ESX installer on a heavily loaded
network. This is because TFTP is not a robust protocol and is sometimes unreliable for transferring large
amounts of data. If you use gPXE, only the gpxelinux.0 binary and configuration file are transferred via TFTP.
gPXE enables you to use a Web server for transferring the kernel and ramdisk required to boot the ESX installer.
If you use PXELINUX without gPXE, the pxelinux.0 binary, the configuration file, and the kernel and ramdisk
are transferred via TFTP.
NOTE VMware tests PXE booting with PXELINUX version 3.63. This is not a statement of limited support.
The network infrastructure for PXE booting the installer includes the following services.
n DHCP server
n TFTP server
n PXELINUX/gPXE (SYSLINUX)
n Network Server (NFS, HTTP or FTP)
VMware, Inc. 29
ESX and vCenter Server Installation Guide
Figure 5-1 shows the flow of the interaction between the components if you are using PXELINUX with gPXE.
The scripts depot and the media depot are optional. You do not need them if you are performing an interactive
installation with installation media that is stored locally on a DVD or USB.
Figure 5-1. Overview for PXE Booting the ESX Installer Using PXELINUX with gPXE
UDP Give me an IP
DHCP server
IP & TFTP
Give me the
UDP network boot loader
TFTP server
gpxelinux.0
Give me kernel
TCP and ramdisk
Web server
kernel and ramdisk
Installer
TCP Give me a script starts
ESX host
Figure 5-2 shows the flow of the interaction between the components if you are using PXELINUX without
gPXE. The scripts depot and the media depot are optional. You do not need them if you are performing an
interactive installation with installation media that is stored locally on a DVD or USB.
30 VMware, Inc.
Chapter 5 Booting the ESX Installer
Figure 5-2. Overview for PXE Booting the ESX Installer Using PXELINUX without gPXE
UDP Give me an IP
DHCP server
IP & TFTP
Give me the
UDP network boot loader
TFTP server
pxelinux.0
Give me kernel
UDP and ramdisk
TFTP server
kernel and ramdisk
Installer
TCP Give me a script starts
ESX host
3 The DHCP server responds with the IP information and provides information about the location of a TFTP
server.
4 When the client receives the information, it contacts the TFTP server asking for the file the DHCP server
told it to ask for (in this case, the boot menu).
5 The TFTP server sends the boot menu, and the client executes it.
6 PXELINUX or gPXE searches for a configuration file on the TFTP server, and boots a kernel according to
that configuration file. In our case, the configuration file instructs PXE to load the kernel (vmlinuz) and a
ramdisk (initrd.img).
VMware, Inc. 31
ESX and vCenter Server Installation Guide
7 The client downloads the files it needs and then loads them.
9 The installer runs interactively or scripted, as directed by the PXE configuration file.
10 The installer uses the installation media, either from a media depot stored on the network, or locally via
DVD or USB.
11 ESX is installed.
Prerequisites
Procedure
1 On a Linux machine, install TFTP server software that supports PXE booting.
If your environment does not have a TFTP server, you can use one of the packaged appliances on the
VMware Marketplace. If you do this, note that certain functions, such as correct operation of the text menu
system, are operating system dependent.
PXELINUX is included in the SYSLINUX package. Extract the files, locate the file pxelinux.0 or gpxelinux.
0, and copy it to the /tftpboot directory on your TFTP server.
The DHCP server must send the following information to your client hosts:
n The name or IP address of your TFTP server.
n The name of your initial boot file. This is pxelinux.0 gpxelinux.0.
For more information and an example, see “Sample DHCP Configuration,” on page 33.
32 VMware, Inc.
Chapter 5 Booting the ESX Installer
5 Create the kernel image and ramdisk directory by copying the vmlinuz and initrd.img files from the /
isolinux directory on the ESX installation DVD to a supported location.
For more information and an example, see “Kernel Image and Ramdisk Directory,” on page 37.
This file defines how the host boots when no operating system is present.
The PXE configuration file references the location of the vmlinuz and initrd.img files in the kernel image
and ramdisk directory.
For more information and an example, see “Creating a PXE Configuration File,” on page 34.
8 Save the PXE configuration file in /tftpboot/pxelinux.cfg on the TFTP server.
You now have an environment that you can using for PXE booting the ESX installer.
The DHCP server is used by the target machine to obtain an IP address. The DHCP server needs to know if
the target machine is allowed to boot and the location is of PXELINUX binary (which usually resides on a TFTP
server). When the target machine first boots, it broadcasts a packet across the network requesting this
information to boot itself, and the DHCP server responds.
CAUTION Setting up a new DHCP server is not recommended if your network already has one. If multiple
DHCP servers respond to DHCP requests, machines can obtain incorrect or conflicting IP addresses, or can
fail to receive the proper boot information. Seek the guidance of a network administrator in your organization
before setting up a DHCP server.
Many DHCP servers are capable of PXE booting hosts. The following samples are for ISC DHCP version 3.0,
which is included with many Linux distributions. If you are using a version of DHCP for Microsoft Windows,
refer to the DHCP server documentation to determine how to pass the next-server and filename arguments to
the target machine.
gPXE Example
This sample shows how to configure the ISC DHCP server to enable gPXE.
allow booting;
allow bootp;
# gPXE options
option space gpxe;
option gpxe-encap-opts code 175 = encapsulate gpxe;
option gpxe.bus-id code 177 = string
class "pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server <TFTP server address>;
if not exists gpxe.bus-id {
filename "/gpxelinux.0";
}
}
VMware, Inc. 33
ESX and vCenter Server Installation Guide
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
gpxelinux.0 binary on the TFTP server. The IP address assigned will be in the range defined in the subnet
section of the configuration file.
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
pxelinux.0 binary on the TFTP server. The IP address assigned will be in the range defined in the subnet section
of the configuration file.
The TFTP server is always listening for PXE clients on the network. When it detects that a PXE client is asking
for PXE services, it sends the client a network package that contains this boot menu.
Each PXE boot menu selection points to the location of the kernel and ramdisk files for ESX. You can create
one PXE configuration file for each target ESX host, or create one PXE configuration file and name it default.
Following is an example of a PXE configuration file that you might use with PXELINUX without gPXE. See
also the /isolinux/isolinux.cfg file on the ESX installation DVD.
default menu.c32
menu title ESX Boot Menu
timeout 30
label local
menu label Interactive Local Installation
kernel http://<server>/vmlinuz
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet
34 VMware, Inc.
Chapter 5 Booting the ESX Installer
label scripted
menu label Scripted Installation
kernel http://<server>/vmlinuz
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=nfs://
10.20.118.55/ks.cfg
label network_rpm
menu label Interactive Installation with RPM files on the network
kernel http://<server>/vmlinuz
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
Following is an example of a PXE configuration file that you might use with PXELINUX without gPXE. See
also the /isolinux/isolinux.cfg file on the ESX installation DVD.
default menu.c32
menu title ESX Boot Menu
timeout 30
label local
menu label Interactive Local Installation
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet
label scripted
menu label Scripted Installation
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=nfs://10.20.118.55/ks.cfg
label network_rpm
menu label Interactive Installation with RPM files on the network
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
VMware, Inc. 35
ESX and vCenter Server Installation Guide
Required Files
In the PXE configuration file, you must include paths to the following files:
n vmlinuz is the boot loader kernel code.
The path test/ used in the example is relative to /tftpboot. The actual path is /tftpboot/test/ on the TFTP
server.
Installation Mode
ks=nfs://10.20.118.55/ks.cfg is the path to the ESX installation script. In a scripted installation, your script
includes all the necessary responses to fill in the blanks, including the location of the installation media.
In an interactive installation, omit the ks= option. If you are performing an interactive installation with the
installation media at a remote location, include the askmedia boot option, which causes the installer to prompt
you for the location of the installation media.
ESX 3.x supported a hybrid installation. In this mode, you could supply an incomplete ESX installation script,
and the installer prompts you for the missing parts. ESX 4.0 does not support this. You either have all responses
in your ESX installation script or you have no script.
IPAPPEND
For scripted installations, the IPAPPEND option specifies that the same network adapter the machine boots
from is also used for connecting to the network. When you include the IPAPPEND option in the PXE
configuration file, omit the --device option to the installation script network command. The IPAPPEND option
has no impact on interactive installations. The following snippet shows how to include the IPAPPEND option
in the PXE configuration file:
label Installer
menu default
kernel http://<server>/vmlinuz
append initrd=http://<server>/initrd.img mem=512M vmkopts=debugLogToSerial:1 ks=nfs://
10.20.118.55/ks.cfg
IPAPPEND 2
If you omit the network --device option from the installation script, the IPAPPEND option from the PXE
configuration file, and the netdevice bootstrap command, the installer uses the first plugged in network
adapter.
The initial boot file, pxelinux.0 tries to load a PXE configuration file. First it tries with the MAC address of the
target ESX host, prefixed with its ARP type code (01 for Ethernet). If that fails, it tries with the hexadecimal
notation of target ESX system IP address. Ultimately, it tries to load a file named default.
For example, you might save the file on the TFTP server at /tftpboot/pxelinux.cfg/01-00-21-5a-ce-40-f6.
The MAC address of the network adapter on the target ESX host is 00-21-5a-ce-40-f6.
36 VMware, Inc.
Chapter 5 Booting the ESX Installer
The kernel image and ramdisk directory is located on a Web server (for gPXE) or on the TFTP server in the /
tftpboot directory (for PXELINUX without gPXE. For example, the directory might be at /tftpboot/esx/ and
contain the following files:
-r--r--r-- 1 root root 1922578 Nov 12 05:51 initrd.img
-r--r--r-- 1 root root 966633 Nov 12 05:51 vmlinuz
These files come from the ESX installation DVD, under the /isolinux directory.
You reference the vmlinuz and initrd.img files from the PXE configuration file. The following code snippet
shows how you reference vmlinuz and initrd.img in the PXE configuration script:
kernel esx/vmlinuz
append initrd=esx/initrd.img ...
...
Remote management applications supported for installation include Integrated Lights-Out (iLO), Dell Remote
Access Card (DRAC), IBM management module (MM), and Remote Supervisor Adapter II (RSA II). For a list
of currently supported server models and remote management firmware versions, see “Supported Remote
Management Firmware Versions,” on page 19.
Generally, administrators use remote management applications to perform GUI-based, remote installations of
ESX. However, you can use a remote management application for scripted installations as well.
If you use remote management applications to install ESX, be careful using the virtual CD feature. The virtual
CD might encounter corruption problems with systems or networks under load. If you must use this method,
run the media test provided by the ESX installer. If a remote installation from an ISO image fails, complete the
installation from the physical DVD media.
VMware recommends that instead of using the virtual CD media for the entire installation, you boot from the
virtual CD, enter the askmedia option in the ESX installer boot screen, and then complete the installation with
NFS, HTTP/HTTPS, or FTP. The ESX ISO must be mounted in a place that is accessible by one of these network
installation methods. This approach is much more reliable than attempting the entire installation via virtual
media.
If you PXE boot the installer, you cannot install custom drivers during the ESX installation. If you choose to
boot the installer from the DVD and install custom drivers during the ESX installation, the drive that you use
for the ESX DVD is the drive that you must use for the custom driver CD/DVD. If the drive is a USB drive
(including an emulated USB drive), you must not detach the drive during the installation procedure. If the
ESX DVD is an ISO image, the custom driver CD/DVD must be an ISO image as well.
VMware, Inc. 37
ESX and vCenter Server Installation Guide
38 VMware, Inc.
Installing VMware ESX 6
You have multiple options for installing ESX. You can install ESX interactively or by using a script. For
interactive installation, you can use graphical mode or text mode.
Prerequisites
Procedure
A series of installation messages scroll past until the Welcome page appears.
4 Click Next to continue.
5 Select I accept the terms of the license agreement and click Next.
You cannot install this product unless you accept the license agreement.
NOTE If the alignment of the license agreement screen is skewed to the left, you might need to auto-adjust
your host monitor.
6 Select your keyboard type from the list and click Next.
VMware, Inc. 39
ESX and vCenter Server Installation Guide
You might need custom drivers if your system is not listed in the Hardware Compatibility Guide and has a
network or storage device that was not originally compatible with ESX 4.0.
If you PXE booted the ESX installer, you cannot install custom drivers during the installation process. You
can install them after the ESX installation is complete.
n Select Yes and click Add to install custom drivers. The installer prompts you to insert the media
containing the custom drivers. After you add the custom drivers to the list, the installer prompts you
to reinsert the ESX installation DVD and continue with the installation. Click Next to continue.
n Select No if you do not need to install custom drivers. You can install custom drivers after the ESX
installation is complete, using other command-line and GUI tools available to you, such as the vSphere
CLI and vCenter Update Manager. Click Next to continue.
Virtual machine network traffic shares this network adapter until you configure a virtual switch for
another network adapter. You can configure other network adapters at a later time from the vSphere
Client.
11 If the adapter is connected to a VLAN, select This adapter requires a VLAN ID, enter a VLAN ID number
between 0 and 4095, and click Next.
VMware recommends that you use a static IP address to simplify client access. If you want to use static
settings but you do not have the required information, you can use DHCP for the installation and configure
static settings after you consult with your network administrator.
For the host name, type the complete host name including the domain. This option is available only if you
use a static IP address.
14 (Optional) Select the location of the unpacked ESX installation ISO image.
These options appear if you entered the askmedia bootstrap command at the mode selection screen. You
can specify one of the following locations:
n DVD or USB (You can select a CD-ROM drive other than the one you might be using for booting the
installer.)
n Network file system (NFS) server and a directory path.
n HTTP or HTTPS URL
n FTP URL
40 VMware, Inc.
Chapter 6 Installing VMware ESX
Option Description
Standard Setup The installer configures the default partitions on a single hard drive or LUN
where you install ESX. The default partitions are sized based on the capacity
of the hard drive or LUN.
Advanced Setup Allows you to specify esxconsole.vmdk partition settings, kernel options,
and a bootloader location and password. If you leave the Configure boot
loader automatically option selected, the installer places the boot loader in
the master boot record (MBR).
CAUTION The installer erases all content on the selected storage device.
a Configure a location for the VMFS datastore to store the service console.
n Create new datastore – Select the same disk as ESX or select another disk. If you select another
disk, the disk used for the ESX location contains only the /boot and vmkcore partitions, and the
rest of the disk is unpartitioned. The second disk is formatted as a single VMFS partition that
spans the entire disk.
You can create additional partitions post-install, using the vSphere Client.
n Use existing datastore – Select an existing datastore available to the host.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on
a SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared
between hosts.
The Bootloader Options page appears if you deselected the Configure boot loader automatically check
box.
The installer writes the arguments to the grub.conf file and passes them to the ESX kernel every time
ESX boots.
By default, the GRUB bootloader is installed in the MBR. Use this option for most installations. For
legacy hardware that stores BIOS information in the MBR, click Install GRUB on the first partition
of the disk, instead of the Master Boot Record.
VMware, Inc. 41
ESX and vCenter Server Installation Guide
If an installation error occurs at this point, the ISO image might be invalid or there might be something
wrong with the DVD media. To troubleshoot, try the ISO download process again, make sure the DVD is
in working order, and make sure the DVD drive and DVD media type are compatible. When you retry
the installation, perform the media check operation. Alternatively, use another media access option, such
as HTTP.
24 Click Next and then click Finish to exit the installer and reboot the host.
25 During reboot, press the key required to enter your machine’s BIOS setup or boot menu
26 Set the first boot device to be the drive on which you installed ESX.
After you install ESX and reboot the host, you can log in to the service console to read the installation log at /
var/log/esx_install.log.
NOTE In previous releases of ESX, if the system did not boot up after installation, one troubleshooting approach
was to mount the partitions for debugging. For ESX 4.0, mounting the partitions would not be helpful in
resolving the issue. If after installation the system does not boot up, the most likely cause is that the BIOS is
configured to boot from the wrong disk.
Prerequisites
Procedure
A series of installation messages scroll past until the Welcome page appears.
4 Enter 1 to continue.
42 VMware, Inc.
Chapter 6 Installing VMware ESX
You cannot install this product unless you accept the license agreement.
You might need custom drivers if your system is not listed in the Hardware Compatibility Guide and has a
network or storage device that was not originally compatible with ESX 4.0.
If you PXE booted the ESX installer, you cannot install custom drivers during the installation process. You
can install them after the ESX installation is complete.
n Enter 1 to install custom drivers with the ESX installation. If you enter 1, the installer prompts you to
insert the media containing the custom drivers. After you add the custom drivers, the installer
prompts you to reinsert the ESX installation DVD and continue with the installation.
n Enter 2 if you do not need to install custom drivers.
You can install custom drivers after the ESX installation is complete, using other command-line and GUI
tools available to you, such as the vSphere CLI and vCenter Update Manager.
10 Select the network adapter for the ESX service console. Virtual machine network traffic shares this network
adapter until you configure a virtual switch for another network adapter. You can configure network
adapters later from the vSphere Client.
Enter 1. a Enter 2.
b Enter a number that corresponds to a network adapter.
c Optionally, enter 1 to assign a VLAN ID. Otherwise,
enter 2.
d Enter a VLAN ID number between 0 and 4095.
11 Configure the network settings. VMware recommends that you use a static IP address to simplify client
access. If you want to use static settings but you do not have the required information, you can use DHCP
for the installation and configure static settings after you consult with your network administrator.
n Enter 1 to keep the automatic DHCP settings.
n Enter 2 to configure the IP settings. For the host name, type the complete host name including the
domain.
These options appear if you entered the askmedia bootstrap command at the mode selection screen.
n Enter 1 to specify DVD or USB media. You can select a DVD-ROM drive other than the one you might
be using to boot the installer.
n Enter 2 to specify a network file system (NFS) server and a directory path.
VMware, Inc. 43
ESX and vCenter Server Installation Guide
15 (Optional) Configure a location for the VMFS datastore partition for the service console.
n Enter 1 to create a new datastore. For the datastore location, enter 1 to select the same disk as ESX, or
enter 2 to select another disk.
If you select another disk for the VMFS partition, the ESX disk will contain only the /boot and vmkcore
partitions, with the remainder of the disk unpartitioned. The VMFS disk will be formatted as a single
partition that spans the entire disk.
You can create additional partitions post-install, using the vSphere Client.
n Enter 2 to select an existing datastore available to the host.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
18 (Optional) Enter 1 to specify kernel arguments for the GRUB bootloader. To skip this option, enter 2. The
software writes the arguments to the grub.conf file and passes them to the ESX kernel every time ESX
boots.
19 (Optional) Enter 1 to specify a bootloader password. It can be up to 30 characters. To skip this option, enter
2.
44 VMware, Inc.
Chapter 6 Installing VMware ESX
If an installation error occurs at this point, the ISO image might be invalid or there might be something
wrong with the DVD media. To troubleshoot, try the ISO download process again, make sure the DVD is
in working order, and make sure the DVD drive and DVD media type are compatible. When you retry
the installation, perform the media check operation. Alternatively, use another media access option, such
as HTTP.
25 During reboot, press the key required to enter your machine’s BIOS setup or boot menu.
This key is often a function key or Delete.
26 Set the first boot device to be the drive on which you installed ESX.
After you install ESX and reboot the host, you can log in to the service console to read the installation log at /
var/log/esx_install.log.
NOTE In previous releases of ESX, if the system did not boot up after installation, one troubleshooting approach
was to mount the partitions for debugging. For ESX 4.0, mounting the partitions would not be helpful in
resolving the issue. If after installation the system does not boot up, the most likely cause is that the BIOS is
configured to boot from the wrong disk.
The installation script contains the installation settings for ESX. You can apply the script to all your hosts that
will have a similar configuration.
2 Edit the installation script as needed to change settings that are unique for each host.
VMware, Inc. 45
ESX and vCenter Server Installation Guide
One of the settings that you can configure in a script is the IP setting, which can be static IP or DHCP for the
host on which you are installing ESX. Choose one of the following approaches:
n Create multiple scripts, each containing unique network identification information. The unique network
information includes the static IP address and host name of each ESX host.
n Create one script (or use a default script) that uses DHCP to set up multiple ESX hosts. After you complete
a scripted installation, you can then configure each ESX host separately to assign a unique host name and
IP address. VMware recommends that you use static IP addresses.
The IPAPPEND PXE configuration option specifies that the same network adapter the machine boots from
is also used for connecting to the network. See “IPAPPEND,” on page 36.
The command section of the script contains the options specified for the ESX installation. This section is
required and must appear first in the script.
Instead of writing a script, you can use the following default scripts:
n After your first interactive installation of ESX, the installer creates a /root/ks.cfg script in the ESX
filesystem. This script reflects the choices you made in the interactive installation. If you perform a second
interactive installation on the same host with choices that differ from the first, /root/ks.cfg is overwritten
with a new version.
n The installation media contains the following default installation scripts:
ks-first-safe.cfg Installs ESX on the first detected disk and preserves the VMFS datastores
on the disk.
When you install ESX using ks-first-safe.cfg or ks-first.cfg, the default root password is
mypassword.
This default script runs if you select the ESX Scripted Install to first disk (overwrite VMFS) option in the boot
options menu.
You cannot modify the default script on the installation media. If you run the default script, the root password is
mypassword. After the installation, you can log in to the ESX host and modify the default settings using the
vSphere Client.
46 VMware, Inc.
Chapter 6 Installing VMware ESX
Prerequisites
Procedure
VMware, Inc. 47
ESX and vCenter Server Installation Guide
4 (Optional) At the end of the boot options list, enter a ks= command.
5 Press Enter.
The ESX installation proceeds, using the options that you specified.
autopart (optional)
Compared to kickstart, the behavior of the ESX 4.0 autopart command is significantly different. Carefully edit
the autopart command in your existing scripts.
Creates the default partitions on the disk. Not required if you include the part or partition command.
--disk= or --drive= Specifies the disk to partition. For the accepted disk name formats, see “Disk
Device Names,” on page 56.
--firstdisk= (Line break is for formatting purposes.)
<disk-type1>, Partitions the first non-USB disk found. This is the same disk as found by the
[<disk-type2>,...] clearpart --firstdisk command.
48 VMware, Inc.
Chapter 6 Installing VMware ESX
You can add an optional string argument to the --firstdisk flag to select the disk
types. The strings that you can use are as follows:
n local
n remote
n Device driver name in the vmkernel
If you omit this command, MD5-based and shadow passwords are enabled by default.
VMware, Inc. 49
ESX and vCenter Server Installation Guide
--ldapbasedn= Specifies the distinguished name in your LDAP directory tree under which user
information is stored. Requires --enableldap.
--enableldaptls Enables transport layer security lookups. Requires --enableldap.
--enablead Enables active directory authentication. Requires --addomain and --addc.
--addomain Active directory domain name. Requires --enablead.
--addc Active directory domain controller. Requires --enablead.
bootloader (optional)
Sets up the GRUB boot loader.
--append= Specifies extra kernel parameters for when the system is booting.
--driveorder= Specifies which drive is first in the BIOS boot order.
--location (Line break is for formatting purposes.)
=[mbr|partition|none] Specifies where the boot loader is installed. The values are: mbr for the master
boot record, partition for the first sector of the partition with the VMnix kernel,
or none to not install the boot loader. If you omit the location option, the default
location is the MBR.
--md5pass= Sets the GRUB bootloader password with the md5 encrypted password.
--password= Sets the GRUB boot loader password.
--upgrade Upgrades the existing boot loader configuration and preserves existing entries.
clearpart (optional)
Compared to kickstart, the behavior of the ESX 4.0 clearpart command is significantly different. Carefully
edit the clearpart command in your existing scripts.
50 VMware, Inc.
Chapter 6 Installing VMware ESX
You can add an optional string argument to the --firstdisk flag to select the disk
types. The strings that you can use are as follows:
n local
n remote
n Device driver name in the vmkernel
dryrun (optional)
Parses and checks the installation script. Does not perform the installation.
esxlocation (optional)
Specifies an existing Linux partition to use as the /boot partition. The partition must be formatted with an ext2
or ext3 file system, be at least 1100MB, and be a primary partition.
--disk= or --drive= Specifies the disk to search for an existing Linux partition that can be used as /
boot. See Table 6-1 for the accepted disk name formats.
--firstdisk= (Line break is for formatting purposes.)
<disk-type1>, Uses the first disk that has a partition suitable to be the /boot partition. Supports
[<disk-type2>, ...] the same argument format as the autopart command.
firewall (optional)
Compared to kickstart, the behavior of the ESX 4.0 firewall command is significantly different. Carefully edit
the firewall command in your existing scripts.
firewallport (optional)
Specifies firewall ports to allow or disallow connections.
VMware, Inc. 51
ESX and vCenter Server Installation Guide
--name=<name> Assigns a descriptive name to the firewall rule. The name must be specified for
inbound ports.
--enableService=<service> Allows services specified in services.xml to pass through the firewall.
--disableService=<service> Disables services specified in services.xml from passing through the firewall.
install (optional)
Specifies that this is a fresh installation. (All scripted installations are fresh installations.)
install cdrom
n nfs.
n usb
Installs from the first USB media found to contain the installation image.
For example:
install usb
--server= Specifies which NFS server to connect to. Use with nfs.
--dir= Specifies which directory on the NFS server to mount. Use with nfs.
<url> Defines the location of the runtime environment. Use with url (http/https/
ftp/nfs).
keyboard (optional)
Sets the keyboard type for the system.
<keyboardType> Specifies the keyboard map for the selected keyboard type.
--esx=<license-key> Specifies the vSphere license key to use. The format is 5 five-character tuples
(XXXXX-XXXXX-XXXXX-XXXXX-XXXXX).
52 VMware, Inc.
Chapter 6 Installing VMware ESX
network (optional)
Configures network information for the system.
--netmask= Specifies the subnet mask for the installed system. Used with the
--bootproto=static option. If you omit this option, the default is the standard
netmask for the given IP address.
--hostname= Specifies the host name for the installed system. Only works with
--bootproto=static.
--vlanid=<vlanid> Specifies a VLAN to use for networking. Set to an integer between 0 and 4095.
--addvmportgroup=(0|1) Specifies whether to add the VM Network port group, which is used by virtual
machines. The default value is 1.
paranoid
Causes any warning messages to interrupt the installation. If you omit this command, warning messages are
just logged.
Create service console partitions (except /boot) on the virtual disk and not on the physical disk.
Creates a partition on the system. Not required if you include the autopart command.
VMware, Inc. 53
ESX and vCenter Server Installation Guide
--onfirstdisk= Partitions the first non-USB disk found. This is the same disk as found by the
<disk-type1>, autopart –-firstdisk command.
You can add an optional string argument to the --firstdisk flag to select the disk
[<disk-type2>,...]
types. The strings that you can use are as follows:
n local
n remote
n Device driver name in the vmkernel
--fstype= Sets the file system type for the partition. Usually of type vmfs3, ext3, swap, or
vmkcore.
reboot (optional)
Reboots the system after scripted installation is finished.
rootpw (required)
Sets the root password for the system. Can be between 6 and 64 characters.
timezone (required)
Sets the time zone for the system.
--utc (required) Indicates that the BIOS clock is set to UTC (Greenwich Mean) time. Do not omit
this option.
<timezone> (optional) Specifies the timezone value. See the Olson database for supported values.
virtualdisk (optional)
NOTE The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between hosts.
54 VMware, Inc.
Chapter 6 Installing VMware ESX
Specifies the name of the virtual disk. If you omit the --path= option, the name
of the VMDK is <name>/default-<name>.vmdk.
--onvmfs= Specifies the name of the VMFS volume where the VMDK file is created.
--onfirstvmfs= (Line break is for formatting purposes.)
(<disk-type1>, Uses the first VMFS volume on a disk that matches the given description and
[<disk-type2>,...]) has more free space than the requested size. Uses the same argument format as
autopart.
%include or include
Specifies an additional installation script to parse. You can add several include commands to your script. When
you use the %include command, put the <filename> argument on the same line as the command.
%packages
Adds or removes a package from the installation ISO image.
The packages.xml file governs whether a package is added or removed by default. The
requirement="recommended" tag means that the package is installed by default. To override the default setting
in the script, include:
%packages
-<package_name> # The package will not be installed.
The requirement="optional" tag means that the package is not installed by default. To override the default
setting in the script, include:
%packages
<package_name> # The package will be installed.
--resolvedeps Installs the listed packages and automatically resolves package dependencies.
--ignoredeps Ignores the unresolved dependencies and installs the listed packages without
the dependencies.
%pre (optional)
Specifies a script to be executed before the kickstart configuration is evaluated. For example, a %pre script can
generate include files, as shown here:
# Partitioning
%include part.cfg
...
%pre
cat > /tmp/part.cfg <<EOF
VMware, Inc. 55
ESX and vCenter Server Installation Guide
%post (optional)
Executes the specified script after package installation has been completed. If you specify multiple %post
sections, they are executed in the order they appear in the installation script. For example:
%post
MY_MAC=`esxcfg-nics -l | tail -1 | awk '{print $7}'` CONF_URL="http://example.com/$MY_MAC"
esxcfg-firewall --allowOutgoing
--interpreter python -c "import urllib; urllib.urlretrieve('$CONF_URL', '/tmp/myconfig.sh')"
esxcfg-firewall --blockOutgoing
sh /tmp/myconfig.sh
sdX, cciss/cNdN sda, cciss/c0d0 Shortened device path from the service console.
56 VMware, Inc.
Chapter 6 Installing VMware ESX
accepteula or vmaccepteula
Only in ESX.
autopart
Compared to kickstart, the behavior of the ESX 4.0 autopart command is significantly different. Carefully edit
the autopart command in your existing scripts.
auth or authconfig
--enablead Only in ESX.
--addomain Only in ESX.
--addc Only in ESX.
--enablehesiod Only in kickstart.
--hesiodlhs Only in kickstart.
--hesiodrhs Only in kickstart.
--enablesmbauth Only in kickstart.
--smbservers Only in kickstart.
--smbworkgroup Only in kickstart.
--enablecache Only in kickstart.
bootloader
--driveorder= Only in ESX.
--upgrade Only in ESX.
--useLilo Only in kickstart.
--lba32 Only in kickstart.
--linear Only in kickstart.
--nolinear Only in kickstart.
clearpart
Compared to kickstart, the behavior of the ESX 4.0 clearpart command is significantly different. Carefully
edit the clearpart command in your existing scripts.
device
Only in kickstart.
VMware, Inc. 57
ESX and vCenter Server Installation Guide
deviceprobe
Only in kickstart.
driverdisk
Only in kickstart.
dryrun
Only in ESX.
esxlocation
Only in ESX.
firewall
Compared to kickstart, the behavior of the ESX 4.0 firewall command is significantly different. Carefully edit
the firewall command in your existing scripts.
firewallport
Only in ESX.
%include or include
In ESX, the include command can be specified without the leading %.
install
url nfs Only in ESX.
usb Only in ESX.
harddrive Only in kickstart.
interactive
Only in kickstart.
keyboard
Optional in ESX. Mandatory in kickstart.
lang
Only in kickstart.
langsupport
Only in kickstart.
lilocheck
Only in kickstart.
logvol
Only in kickstart.
58 VMware, Inc.
Chapter 6 Installing VMware ESX
mouse
Only in kickstart.
network
--bootproto=bootp Only in kickstart.
--vlanid=<vlanid> Only in ESX.
--addvmportgroup=(0|1) Only in ESX.
--device= ethX identifiers are only in kickstart.
paranoid
Only in ESX.
part or partition
Compared to kickstart, the behavior of the ESX 4.0 part or partition command is significantly different.
Carefully edit the part or partition command in your existing scripts.
raid
Only in kickstart.
reboot
--noeject Only in ESX.
skipx
Only in kickstart.
text
Only in kickstart.
virtualdisk
Only in ESX.
volgroup
Only in kickstart.
xconfig
Only in kickstart.
VMware, Inc. 59
ESX and vCenter Server Installation Guide
60 VMware, Inc.
ESX Partitioning 7
ESX hosts have required and optional partitions.
/boot and vmkcore are physical partitions. /, swap, /var/log, and all the optional partitions are stored on a
virtual disk called esxconsole-<system-uuid>/esxconsole.vmdk. The virtual disk is stored in a VMFS volume.
Required Partitions
ESX requires several partitions.
If you delete a required partition, be sure to create a new one of the same type. You cannot define the sizes of
the /boot, vmkcore, and /vmfs partitions when you use the graphical or text installation modes. You can define
these partition sizes when you do a scripted installation.
/boot ext3 The ESX boot disk requires Physical partition Stores information required to
1.25GB of free space and The boot drive boot the ESX host system.
includes the /boot and usually defaults to For example, this is where the
vmkcore partitions. The /boot the specified /boot grub boot loader resides.
partition alone requires partition location.
1100MB.
Not swap 600MB recommended Virtual disk in a Allows ESX to use disk space
applicable minimum VMFS volume when more memory is needed
1600MB maximum than the physical RAM allows.
Use the default value applied NOTE Do not confuse the ESX
during installation. swap partition with virtual
machine swap space. See the
Resource Management Guide.
/ ext3 Calculated dynamically based Virtual disk in a Contains the ESX operating
on the size of the /usr partition. VMFS volume system and services, accessible
By default, the minimum size is through the service console. Also
5GB and no /usr partition is contains third-party add-on
defined. services or applications you
install.
VMware, Inc. 61
ESX and vCenter Server Installation Guide
Not VMFS3 esxconsole.vmdk: 1200MB Physical partition Used to store virtual machines.
applicable located on one of the You can create any number of
following: VMFS volumes on each LUN if the
n Local or boot space is available.
drive VMFS2 is supported in read-only
n Local SCSI mode to import legacy virtual
volume machines.
n Networked SCSI
volume
n SAN
The service console
must be installed on
a VMFS datastore
that is resident on a
host's local disk or
on a SAN disk that is
masked and zoned
to that particular
host only.
Not vmkcore The ESX boot disk requires Physical partition Used to store core dumps for
applicable 1.25GB of free space and located on one of the debugging and technical support.
includes the /boot and following: If multiple ESX hosts share a SAN,
vmkcore partitions. The /boot n Local SCSI configure a vmkcore partition
partition alone requires volume with 100MB for each host.
1100MB. n Networked SCSI
volume
n SAN
Cannot be located on
a software iSCSI
volume.
Optional Partitions
You can create optional partitions during or after the ESX installation procedure.
/home ext3 512MB Virtual disk in a VMFS volume Used for storage by individual
users.
/tmp ext3 1024MB Virtual disk in a VMFS volume Used to store temporary files.
/usr ext3 Virtual disk in a VMFS volume Used for user programs and
data.
/var/log ext3 2000MB Virtual disk in a VMFS volume Used to store log files.
The graphical and text installers
create this 2000MB partition by
default.
62 VMware, Inc.
Post-Installation Considerations for
ESX 8
After you install ESX, you must consider host management through the vSphere Client, licensing, and adding
and removing custom extensions.
Prerequisites
You must have the URL of the host. This is the IP address or host name.
Procedure
What to do next
See Chapter 16, “Managing ESX/ESXi and vCenter Server Licenses,” on page 107.
VMware, Inc. 63
ESX and vCenter Server Installation Guide
Procedure
64 VMware, Inc.
Installing, Removing, and Updating
Third-Party Extensions 9
A third-party extension is designed to be incorporated into ESX/ESXi in order to enhance, or extend, the
functions of ESX/ESXi. For example, an extension might be a VMkernel module, a driver, or a CIM provider.
VMware provides the following tools for installing, removing, and updating extensions to ESX/ESXi hosts:
vSphere Host Update Graphical utility for ESXi only. See the Upgrade Guide.
Utility
vCenter Update Manager For ESX and ESXi, automates patching and updating of extensions. See the
vCenter Update Manager Administration Guide.
esxupdate Command-line utility for ESX only. See the Patch Management Guide.
You can use vSphere Host Update Utility to check for new release updates and patches that are applicable to
the ESXi hosts registered in the vSphere Host Update Utility. vSphere Host Update Utility builds the host list
by tracking the hosts that you connect to directly through the vSphere Client. You can also add hosts to the
list manually.
VMware, Inc. 65
ESX and vCenter Server Installation Guide
IMPORTANT Run vihostupdate on ESX 4.0/ESXi 4.0 hosts. Run vihostupdate35 on ESX 3.5/ESXi 3.5 hosts.
NOTE The esxupdate utility is supported as well. It is for ESX only. See the Patch Management Guide.
The vihostupdate command works with bulletins. Each bulletin consists of one or more vSphere bundles and
addresses one or more issues.
Towards the end of a release, bulletins include a large number of other bulletins. Bulletins are available in
offline bundles and in a depot with associated metadata.zip files.
n If you use offline bundles, all patches and corresponding metadata are available as one ZIP file.
n If you use a depot, the metadata.zip file points to metadata, which describes the location of the files.
The command supports querying installed software on a host, listing software in a patch, scanning for bulletins
that apply to a host, and installing all or some bulletins in the patch. You can specify a patch by using a bundle
ZIP file or a depot’s metadata ZIP file.
vihostupdate supports https://, http://, and ftp:// downloads. You can specify the protocols in the
download URL for the bundle or metadata file. vihostupdate also supports local paths. See “Update an ESX/
ESXi Host Using Offline Bundles with the vihostupdate Utility,” on page 66. To search a local depot where
the vSphere CLI is installed, use /local/depot/metadata.zip without of the file:/// parameter.
Prerequisites
Before you can update or patch an ESX/ESXi host from the command line, you must have access to a machine
on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the
vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Power off any virtual machines that are running on the host and place the host into maintenance mode.
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
66 VMware, Inc.
Chapter 9 Installing, Removing, and Updating Third-Party Extensions
3 (Optional) List all the bulletins that are available in the bundle.
n Search an offline HTTP server:
vihostupdate.pl --server <server> --list --bundle http://<webserver>/rollup.zip
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Prerequisites
Before you can update or patch an ESX/ESXi host from the command line, you must have access to a machine
on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the
vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Power off any virtual machines that are running on the host and place the host into maintenance mode.
2 Scan the depot for bulletins that are applicable to the host:
vihostupdate.pl --server <server> --scan --metadata http://<webserver>/depot/metadata.zip
Do not specify more than one ZIP file at the command line each time you run the command. If you specify
--metadata more than once, the command processes only the last file that was specified.
3 (Optional) List all bulletins in the depot at the metadata.zip file location:
vihostupdate.pl --list --metadata http://<webserver>/depot/metadata.zip
This command lists all the bulletins in the depot, even those that do not apply to the host.
VMware, Inc. 67
ESX and vCenter Server Installation Guide
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
For detailed information about the esxupdate command, see the Patch Management Guide.
Prerequisites
Before you remove a custom package, shut down or migrate running virtual machines off of the ESX host.
Procedure
2 Run the esxupdate query command to display a list of the installed bulletins.
3 Run esxupdate -b <bulletinID> remove command, where <bulletinID> is the bulletin for the extension
to remove.
Prerequisites
Before you remove a custom package, shut down or migrate running virtual machines off of the ESX/ESXi
host.
Procedure
68 VMware, Inc.
Chapter 9 Installing, Removing, and Updating Third-Party Extensions
VMware, Inc. 69
ESX and vCenter Server Installation Guide
70 VMware, Inc.
Preparing the vCenter Server
Databases 10
vCenter Server and vCenter Update Manager require databases to store and organize server data.
You do not need to install a new database for the vCenter Server installation to work. During installation, you
can point the vCenter Server system to any existing supported database. vCenter Server supports Oracle and
Microsoft SQL Server databases. vCenter Update Manager also supports Oracle and Microsoft SQL Server
databases. For detailed information about supported database versions, see the Compatibility Matrixes on the
VMware vSphere documentation Web site.
CAUTION If you have a VirtualCenter database that you want to preserve, do not perform a fresh installation
of vCenter Server. See the Upgrade Guide.
VMware recommends using separate databases for vCenter Server and vCenter Update Manager. However,
for a small deployments, a separate database for vCenter Update Manager might not be necessary.
Each vCenter Server instance must have its own database. vCenter Server instances cannot share the same
database schema. Multiple vCenter Server databases can reside on the same database server, or they can be
separated across multiple database servers. For Oracle, which has the concept of schema objects, you can run
multiple vCenter Server instances in a single database server if you have a different schema owner for each
vCenter Server instance, or use a dedicated Oracle database server for each vCenter Server instance.
Table 10-1 lists the configuration and patch requirements for the databases that are supported with
vCenter Server.
VMware, Inc. 71
ESX and vCenter Server Installation Guide
Contact your DBA for the appropriate database credentials, or install the bundled Microsoft SQL Server 2005
Express database.
Microsoft SQL Server 2005 Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
Express machines.
If the machine has Microsoft SQL Native Client installed, remove it before installing
vCenter Server with the bundled database.
If the machine has MSXML Core Services 6.0 installed, remove it before installing
vCenter Server with the bundled database. If you cannot remove it using the
Add or Remove Programs utility, use the Windows Installer CleanUp utility. See
http://support.microsoft.com/kb/968749.
Microsoft SQL Server 2005 For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client
driver (version 9.x) for the client.
Ensure that the machine has a valid ODBC DSN entry.
If Microsoft SQL Server 2005 is not already installed and the machine has MSXML Core
Services 6.0 installed, remove MSXML Core Services 6.0 before installing Microsoft SQL Server
2005. If you cannot remove it using the Add or Remove Programs utility, use the Windows
Installer CleanUp utility. See http://support.microsoft.com/kb/968749.
Microsoft SQL Server 2008 For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client
driver (version 10.x) for the client.
Ensure that the machine has a valid ODBC DSN entry.
Oracle 10g If necessary, first apply patch 10.2.0.3 (or later) to the client and server. Then apply patch
5699495 to the client.
Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory
(<vCenter install location>\Infrastructure\tomcat\lib)
The Oracle 10g client comes with ojdbc14.jar (<Oracle client install location>
\oracle\product\10.2.0\<instance_name>\jdbc\lib). The vCenter Server installer
copies the file from the Oracle client install location to the vCenter Server tomcat directory
(<vCenter install location>\Infrastructure\tomcat\lib)
If the ojdbc14.jar file is not found in the Oracle 10g client location, the vCenter Server installer
prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
Oracle 11g Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory
(<vCenter install location>\Infrastructure\tomcat\lib)
The Oracle 11g client comes with ojdbc14.jar (<Oracle client install location>\app
\Administrator\product\11.1.0\<instancename>\sqldeveloper\jdbc\lib). The
vCenter Server installer copies the file from the Oracle client install location to the vCenter
Server tomcat directory (<vCenter install location>\Infrastructure\tomcat\lib)
If the ojdbc14.jar file is not found in the Oracle 11g client location, the vCenter Server installer
prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have
a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit
system is 64 bit.
72 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
Procedure
You now have a DSN that is compatible with vCenter Server. When the vCenter Server installer prompts you
for a DSN, select the 32-bit DSN.
Changing the vCenter Server computer name impacts database communication if the database server is on the
same computer with vCenter Server. If you have changed the machine name, verify that communication
remains intact by completing the following procedure.
The name change has no impact on communication with remote databases. You can skip this procedure if your
database is remote.
NOTE The name-length limitation applies to the vCenter Server system. The data source name (DSN) and
remote database systems can have names with more than 15 characters.
Check with your database administrator or the database vendor to make sure all components of the database
are working after you rename the server.
Procedure
2 Make sure that the vCenter Server computer name is updated in the domain name service (DNS).
One way to test this is by pinging the computer name. For example, if the computer name is
host-1.company.com, run the following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
VMware, Inc. 73
ESX and vCenter Server Installation Guide
If the machine has Microsoft SQL Native Client installed, remove it before installing vCenter Server with the
bundled database.
These include:
n Monitoring the growth of the log file and compacting the database log file, as needed. See the
documentation for the database type you are using.
n Scheduling regular backups of the database.
n Backing up the database before any vCenter Server upgrade. See your database documentation for
information on backing up your database.
In the script, you can customize the location of the data and log files.
The user created by this script does not follow any security policy. The passwords are provided only for
convenience. Change the passwords as appropriate.
To prepare a SQL Server database to work with vCenter Server, you generally need to create a SQL Server
database user with database operator (DBO) rights. When you do this, make sure that the database user login
has the db_owner fixed database role on the vCenter Server database and on the MSDB database. The
db_owner role on the MSDB database is required for installation and upgrade only, and you can revoke it after
installation.
If you run this script as well as the script to create the database schema, you do not have to grant DBO
permissions on the vCenter Server database. For environments in which the vCenter Server database user
cannot have DBO permissions, these scripts are especially useful. The user created by this script has DBO
privileges on both VCDB and MSDB databases. To change this, remove the two occurrences of this line:
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
IMPORTANT If you remove these lines, you must also run the script that creates the vCenter Server database
schema, instead of allowing the vCenter Server installer to create the schema.
74 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
Procedure
1 Log in to a Query Analyzer session as the sysadmin (SA) or a user account with sysadmin privileges.
The script is located in the vCenter Server installation package /<installation directory>/vpx/dbschema/
DB_and_schema_creation_scripts_MSSQL.txt file.
use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf', SIZE = 2000KB, FILEGROWTH = 10% )
LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf', SIZE = 1000KB, FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
go
use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser!0', @defdb='VCDB',
@deflanguage='us_english'
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go
use MSDB
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go
You now have a Microsoft SQL Server database that you can use with vCenter Server.
What to do next
Use a Script to Create the Microsoft SQL Server Database Schema (Optional)
The vCenter Server installer creates the schema automatically during installation. For experienced database
administrators who need more control over schema creation due to environmental constraints, you can
optionally use a script to create your database schema.
To have the vCenter Server installer create your schema for you, see “Configure a SQL Server ODBC
Connection,” on page 76.
Prerequisites
Before you use this script, create the SQL Server database. You can create the SQL Server database manually
or by using a script.
Procedure
1 Create a vCenter Server database user with the db_datawriter and db_datareader permissions.
2 Open a query analyzer window with a user having DBO rights on the vCenter Server and MSDB databases.
VMware, Inc. 75
ESX and vCenter Server Installation Guide
3 Locate the dbschema scripts in the vCenter Server installation package /<installation directory>/vpx/
dbschema directory.
The DBO user must own the objects created by these scripts. Open the scripts one at a time in the Query
Analyzer window and press F5 to execute each script in the order shown here.
VCDB_mssql.SQL
purge_stat1_proc_mssql.sql
purge_stat2_proc_mssql.sql
purge_stat3_proc_mssql.sql
purge_usage_stats_proc_mssql.sql
stats_rollup1_proc_mssql.sql
stats_rollup2_proc_mssql.sql
stats_rollup3_proc_mssql.sql
cleanup_events_mssql.sql
delete_stats_proc_mssql.sql
upsert_last_event_proc_mssql.sql
5 For all supported editions of Microsoft SQL Server (except Microsoft SQL Server 2005 Express), ensure
that the SQL Server Agent service is running by using these additional scripts to set up scheduled jobs on
the database.
job_schedule1_mssql.sql
job_schedule2_mssql.sql
job_schedule3_mssql.sql
job_cleanup_events_mssql.sql
What to do next
1 On the machine on which you intend to install vCenter Server, create a DSN that points to the database
server with the schema.
a If a database reinitialization warning message appears in the vCenter Server installer, select Do not
overwrite, leave my existing database in place and continue the installation.
This message appears if you are using a database that has vCenter Server tables created by a previous
installation. The message does not appear if the database is clean.
If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. (See “Join a Linked Mode Group After
Installation,” on page 99.)
If you use SQL Server for vCenter Server, do not use the master database.
See your Microsoft SQL ODBC documentation for specific instructions regarding configuring the SQL Server
ODBC connection.
76 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
Prerequisites
n Review the required database patches specified in “vCenter Server Database Patch and Configuration
Requirements,” on page 71. If you do not prepare your database correctly, the vCenter Server installer
displays error and warning messages.
n Create a database using SQL Server Management Studio on the SQL Server.
n Create a database user with database operator (DBO) rights.
The default database for the DBO user is the one that you created using SQL Server Management Studio.
Make sure that the database login has the db_owner fixed database role on the vCenter Server database
and on the MSDB database. The db_owner role on the MSDB database is required for installation and
upgrade only. You can revoke this role after installation.
n If you are using a named instance of Microsoft SQL Server 2008 Standard Edition with vCenter Server, do
not name the instance MSSQLSERVER. If you do, the JDBC connection does not work, and certain features,
such as Performance Charts, are not available.
Procedure
1 On your vCenter Server system, open the Microsoft Windows ODBC Data Source Administrator.
n On a 32-bit system, select Settings > Control Panel > Administrative Tools > Data Sources
(ODBC).
n On a 64-bit system, open C:\WINDOWS\SYSWOW64\odbc32.exe.
5 Select the server name from the Server drop-down menu and click Next.
Type the SQL Server host name in the text box if it is not in the drop-down menu.
7 If you selected SQL authentication, type your SQL Server login name and password and click Next.
8 Select the database created for the vCenter Server system from the Change the default database to menu
and click Next.
9 Click Finish.
What to do next
To test the data source, from the ODBC Microsoft SQL Server Setup menu, select Test Data Source and click
OK. Ensure that the SQL Agent is running on your database server.
This applies to SQL Server 2005 and SQL Server 2008 editions.
VMware, Inc. 77
ESX and vCenter Server Installation Guide
This procedure applies to remote Microsoft SQL Server database servers. You can skip this procedure if your
database is local.
Procedure
1 Start the SQL Server Configuration Manager by selecting Start > All Programs > Microsoft SQL Server
> Configuration Tools > SQL Server Configuration Manager.
2 Select SQL Server Network Configuration > Protocols for <Instance name>.
3 Enable TCP/IP.
7 Restart the SQL Server service from SQL Server Configuration Manager > SQL Server Services.
8 Start the SQL Server Browser service from SQL Server Configuration Manager > SQL Server
Services.
When using the script, you can customize the location of the data and log files.
NOTE The user created by this script does not follow any security policy. The passwords are provided only
for convenience. Change the passwords as appropriate.
78 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
Procedure
The script is located in the vCenter Server installation package /<installation directory>/vpx/dbschema/
DB_and_schema_creation_scripts_oracle.txt file.
For a Windows installation, change the directory path to the vpx01.dbf file.
You now have an Oracle database that you can use with vCenter Server.
What to do next
You can configure an Oracle database for vCenter Server either locally on the same Microsoft Windows
machine as vCenter Server or remotely on a network-connected Linux, UNIX or Microsoft Windows host.
Prerequisites
Procedure
2 Run the following SQL command to create a vCenter Server database user with the correct permissions.
The script is located in the vCenter Server installation package /<installation directory>/vpx/dbschema/
DB_and_schema_creation_scripts_oracle.txt file.
By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role does not have these privileges, explicitly grant
them to the vCenter Server database user.
You now have an Oracle database user that you can reference in the vCenter Server installer.
What to do next
Create the Oracle database, including all necessary table spaces and privileges.
VMware, Inc. 79
ESX and vCenter Server Installation Guide
To have the vCenter Server installer create your schema for you, see “Configure an Oracle Connection for Local
Access,” on page 81 or “Configure an Oracle Connection for Remote Access,” on page 81, depending on
your environment.
Prerequisites
Before you use this script, create the Oracle database and user. You can create the Oracle database and user
manually or by using scripts.
Procedure
1 Open a SQL*Plus window with a user that has schema owner rights on the vCenter Server database.
2 Locate the dbschema scripts in the vCenter Server installation package /<installation directory>/vpx/
dbschema directory.
@<path>/VCDB_oracle.SQL
@<path>/purge_stat1_proc_oracle.sql
@<path>/purge_stat2_proc_oracle.sql
@<path>/purge_stat3_proc_oracle.sql
@<path>/purge_usage_stats_proc_oracle.sql
@<path>/stats_rollup1_proc_oracle.sql
@<path>/stats_rollup2_proc_oracle.sql
@<path>/stats_rollup3_proc_oracle.sql
@<path>/cleanup_events_oracle.sql
@<path>/delete_stats_proc_oracle.sql
4 For all supported editions of Oracle Server, run these additional scripts to set up scheduled jobs on the
database.
@<path>/job_schedule1_oracle.sql
@<path>/job_schedule2_oracle.sql
@<path>/job_schedule3_oracle.sql
@<path>/job_cleanup_events_oracle.sql
You now have a database schema that is compatible with vCenter Server 4.0.
What to do next
1 On the machine where you are installing vCenter Server, create a DSN that points to the database server
with the schema.
a If a database reinitialization warning message appears in the vCenter Server installer, select Do not
overwrite, leave my existing database in place and continue the installation.
This message appears if you are using a database that has vCenter Server tables created by a previous
installation. The message does not appear if the database is clean.
80 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. (See “Join a Linked Mode Group After
Installation,” on page 99.)
Prerequisites
Before configuring an Oracle connection, review the required database patches specified in “vCenter Server
Database Patch and Configuration Requirements,” on page 71. If you do not prepare your database correctly,
the vCenter Server installer displays error and warning messages.
Procedure
1 Download Oracle 10g or Oracle 11g from the Oracle Web site, install it, and create a database.
2 Configure the TNS Service Name option in the ODBC DSN. The TNS Service Name is the net service name
for the database to which you want to connect. You can find the net service name in the tnsnames.ora file
located in the NETWORK\ADMIN folder in the Oracle database installation location.
Prerequisites
Before configuring an Oracle connection, review the required database patches specified in “vCenter Server
Database Patch and Configuration Requirements,” on page 71. If you do not prepare your database correctly,
the vCenter Server installer displays error and warning messages.
Procedure
3 Create a new tablespace for a vCenter Server system using a SQL statement such as the following.
CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON NEXT
500K;
4 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.
CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;
5 Either grant dba permission to the user, or grant the following permissions to the user.
grant connect to <user>grant resource to <user>grant create view to <user>grant unlimited
tablespace to <user> # To ensure space is sufficient
By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role does not have these privileges, explicitly grant
them to the vCenter Server database user.
VMware, Inc. 81
ESX and vCenter Server Installation Guide
6 Use a text editor or the Net8 Configuration Assistant to edit the tnsnames.ora file located in the directory
C:\Oracle\Oraxx\NETWORK\ADMIN, where xx is either 10g or 11g.
Add the following entry, where HOST is the managed host to which the client must connect.
VPX =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS=(PROTOCOL=TCP)(HOST=vpxd-Oracle)(PORT=1521))
)
(CONNECT_DATA =
(SERVICE_NAME = VPX)
)
)
The TNS Service Name is the net service name for the database to which you want to connect, in this case,
VPX. You can find the net service name in the tnsnames.ora file.
Procedure
1 Create a new tablespace for a vCenter Server system using a SQL statement such as the following.
CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON NEXT
500K;
2 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.
CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;
3 Either grant dba permission to the user, or grant the following permissions to the user.
grant connect to <user>grant resource to <user>grant create view to <user>grant unlimited
tablespace to <user> # To ensure space is sufficient
By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role does not have these privileges, explicitly grant
them to the vCenter Server database user.
What to do next
82 VMware, Inc.
Introduction to Installing
vCenter Server 11
You can install vCenter Server on a physical system or on a virtual machine running on an ESX host.
This chapter includes the following topics:
n “vCenter Server Prerequisites,” on page 83
n “Using a User Account for Running vCenter Server with SQL Server,” on page 84
n “About Installing vCenter Server on IPv6 Machines,” on page 85
n “Configure the URLs on a Standalone vCenter Server System,” on page 85
n “Running the vCenter Server and vSphere Client Installers from a Network Drive,” on page 85
n “vCenter Server Components,” on page 85
n “Required Data for Installing vCenter Server,” on page 86
IMPORTANT If you want to keep your existing VirtualCenter configuration, see the Upgrade Guide.
n There must be no Network Address Translation (NAT) between the vCenter Server system and the hosts
it will manage.
n Create a vCenter Server database, unless you plan to install the bundled SQL Server 2005 Express.
n The system that you use for your vCenter Server installation must belong to a domain rather than a
workgroup. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and
systems available on the network when using such features as vCenter Guided Consolidation Service. To
determine whether the system belongs to a workgroup or a domain, right-click My Computer and click
Properties and the Computer Name tab. The Computer Name tab displays either a Workgroup label or
a Domain label.
VMware, Inc. 83
ESX and vCenter Server Installation Guide
n During the installation, the connection between the machine and the domain controller must be working.
n The computer name cannot be more than 15 characters.
n The DNS name of the machine must match the actual computer name.
n Make sure the system on which you are installing vCenter Server is not an Active Directory domain
controller.
n On each system that is running vCenter Server, make sure that the domain user account has the following
permissions:
n Member of the Administrators group
n Act as part of the operating system
n Log on as a service
n Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration that resolves properly
from all managed ESX hosts.
n If you install vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must have
the NTFS format, not the FAT32 format.
n Consider whether the vCenter Server instance will be standalone or in a Linked Mode group. See
Chapter 14, “Creating vCenter Server Linked Mode Groups,” on page 97.
n vCenter Server, like any other network server, should be installed on a machine with a fixed IP address
and well-known DNS name, so that clients can reliably access the service. If you use DHCP instead of a
static IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the
domain name service (DNS). One way to test this is by pinging the computer name. For example, if the
computer name is host-1.company.com, run the following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Using a User Account for Running vCenter Server with SQL Server
You can use the Microsoft Windows built-in system account or a user account to run vCenter Server. With a
user account, you can enable Windows authentication for SQL Server, and it also provides more security.
The user account must be an administrator on the local machine. In the installation wizard, you specify the
account name as DomainName\Username. You must configure the SQL Server database to allow the domain
account access to SQL Server.
The Microsoft Windows built-in system account has more permissions and rights on the server than the
vCenter Server system needs, which can contribute to security problems. Even if you do not plan to use
Microsoft Windows authentication for SQL Server or you are using an Oracle database, you might want to set
up a local user account for the vCenter Server system. In this case, the only requirement is that the user account
is an administrator on the local machine.
For SQL Server DSNs configured with Windows authentication, use the same user account for the VMware
VirtualCenter Management Webservices service and the DSN user.
If you install an instance of vCenter Server as a local system account on a local SQL Server database with
Integrated Windows NT Authentication and you add an Integrated Windows NT Authentication user to the
local database server with the same default database as vCenter Server, vCenter Server might not start. To
resolve this issue, remove the Integrated Windows NT Authentication user from the local SQL database server,
or change the default database for the local system user account to the vCenter Server database for the SQL
Server user account setup.
84 VMware, Inc.
Chapter 11 Introduction to Installing vCenter Server
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server system,
because the default vCenter Server URL entries are no longer accurate. The vCenter Server installer configures
default URL entries as follows:
n For the VirtualCenter.VimApiUrl key, the default value is http(s)://<FQDN of VC machine>/sdk.
n For the Virtualcenter.VimWebServicesUrl key, the default value is https://<FQDN of VC
machine>:<installed-webservices-port>/vws.
Procedure
1 From the vSphere Client, connect directly to the vCenter Server instance on which you have changed the
domain or host name.
2 Select Administration > vCenter Server Settings and click Advanced Settings.
3 For the Virtualcenter.VimApiUrl key, change the value to point to the location where the vSphere Client
and SDK clients can access the vCenter Server system.
4 For the Virtualcenter.VimWebServicesUrl key, change the value to point to the location where
vCenter Server Webservices is installed.
5 For the Virtualcenter.Instancename key, change the value so that the modified name appears in the
vCenter Server inventory view.
In Windows, you can map a network drive, run the installers from the network drive, and install the software
on the local machine.
Microsoft.NET 3.0 SP1 Software used by the Database Upgrade wizard and the vSphere Client. Also
Framework used by vCenter Server if you are using the bundled database.
VMware, Inc. 85
ESX and vCenter Server Installation Guide
VMware vCenter vCenter Server module that provides a comprehensive set of tools to efficiently
Orchestrator manage your virtual IT environment. The vCenter Server performs a silent
installation of vCenter Orchestrator. If you install vCenter Server on an IPv6
operating system, the vCenter Orchestrator module is not supported. If you
install vCenter Server in a mixed environment (both IPv4 and IPv6 enabled),
the vCenter Orchestrator module can only be configured using IPv4. See the
vCenter Orchestrator Administration Guide.
Microsoft SQL Server Free, bundled version of the Microsoft SQL Server database for smaller scale
2005 Express (optional) applications. If you enter a path to an existing database, the installer does not
install the bundled database.
The vCenter Server autorun.exe application includes links to install the following optional components:
vSphere Client Client application used to connect directly to an ESX host or indirectly to an
ESX host through a vCenter Server.
vCenter Converter vCenter Server module that enables you to convert your physical machines to
Enterprise for virtual machines.
vCenter Server
vCenter Guided vCenter Server module that discovers physical systems and analyzes them for
Consolidation Service preparation to be converted into virtual machines.
vCenter Update Manager vCenter Server module that provides security monitoring and patching
support for ESX hosts and virtual machines.
Table 11-1 lists the information that you are prompted for during the installation. Note the values entered in
case you need to reinstall vCenter Server and want to use the same values. VMware Knowledge Base
article 1010023 contains a linked worksheet that complements Table 11-1.
vCenter Server license key None If you omit the license key, vCenter Server is installed in evaluation
mode. After you install vCenter Server, you can enter the
vCenter Server license in the vSphere Client.
Standalone or join group Standalone Join a Linked Mode group to enable the vSphere Client to view,
search, and manage data across multiple vCenter Server systems.
Fully qualified domain name of None Required if this instance of vCenter Server is joining a group. This is
Directory Services for the the name of a remote instance of vCenter Server. The local and remote
vCenter Server group instances will be members of a Linked Mode group.
LDAP port for the Directory 389 Required if this instance of vCenter Server is joining a Linked Mode
Services for the remote group. This is the remote instance’s LDAP port. See “Required Ports,”
vCenter Server instance on page 18.
Data source name (DSN) None Required to use an existing database. Not required if you are using
the bundled database.
Database user name None
86 VMware, Inc.
Chapter 11 Introduction to Installing vCenter Server
vCenter Server account Microsoft Use a user-specified account if you plan to use Microsoft Windows
information Windows system authentication for SQL Server. See “Using a User Account for
Can be the Microsoft Windows account Running vCenter Server with SQL Server,” on page 84.
system account or a user-
specified account
VMware, Inc. 87
ESX and vCenter Server Installation Guide
88 VMware, Inc.
Installing vCenter Server 12
After you install vCenter Server and the vSphere Client, you can configure communication between them.
This chapter includes the following topics:
n “Download the vCenter Server Installer,” on page 89
n “Install vCenter Server in a Virtual Machine,” on page 89
n “Install vCenter Server,” on page 90
Procedure
1 Download the zip file for the vCenter Server from the VMware product page at
http://www.vmware.com/products/.
Deploying the vCenter Server system in the virtual machine has the following advantages:
n Rather than dedicating a separate server to the vCenter Server system, you can place it in a virtual machine
running on the same ESX host where your other virtual machines run.
n You can provide high availability for the vCenter Server system by using VMware HA.
n You can migrate the virtual machine containing the vCenter Server system from one host to another,
enabling maintenance and other activities.
n You can create snapshots of the vCenter Server virtual machine and use them for backups, archiving, and
so on.
Prerequisites
VMware, Inc. 89
ESX and vCenter Server Installation Guide
Procedure
2 On any machine that has network access to your ESX host, install the vSphere Client.
3 Using the vSphere Client, access the ESX host directly to create the virtual machine for hosting
vCenter Server.
Prerequisites
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<installer location>\.
This selection controls the language for only the installer. When you use the vSphere Client to connect to
the vCenter Server system, the vSphere Client appears in the language associated with the locale setting
on your machine. You can alter this behavior with a command-line instruction or by changing the locale
in the registry of the machine. See Basic System Administration.
5 Select I agree to the terms in the license agreement and click Next.
6 Type your user name, organization, and vCenter Server license key, and click Next.
If you omit the license key, vCenter Server will be in evaluation mode, which allows you to use the full
feature set. After installation, you can convert vCenter Server to licensed mode by entering the license key
using the vSphere Client.
If your database is a local SQL Server database using Windows NT authentication, leave the user
name and password fields blank.
If you specify a remote SQL Server database that uses Windows NT authentication, the database user
and the logged-in user on the vCenter Server machine must be the same.
A dialog box might appear warning you that the DSN points to an older version of a repository that must
be upgraded. If you click Yes, the installer upgrades the database schema, making the database irreversibly
incompatible with previous VirtualCenter versions. See the Upgrade Guide.
90 VMware, Inc.
Chapter 12 Installing vCenter Server
If you want to use Windows authentication for SQL Server, specify an account that is an administrator on
the local machine. As a best practice, type the account name as <DomainName>\<Username>. Type the
account password, retype the password, and click Next.
9 Either accept the default destination folders or click Change to select another location, and click Next.
NOTE To install the vCenter Server on a drive other than C:, verify that there is enough space in the C:
\WINDOWS\Installer folder to install the Microsoft Windows Installer .msi file. If you do not have enough
space, your vCenter Server installation might fail.
10 Select Create a standalone VMware vCenter Server instance or Join Group and click Next.
Join a Linked Mode group to enable the vSphere Client to view, search, and manage data across multiple
vCenter Server systems. See Chapter 14, “Creating vCenter Server Linked Mode Groups,” on page 97.
This option does not appear if you are upgrading the VirtualCenter database schema. If it does not appear,
you can join a Linked Mode group after the installation is complete.
11 If you join a group, enter the fully qualified domain name and LDAP port number of any remote
vCenter Server system and click Next.
In some cases, you can enter the IP address instead of the fully qualified domain name. To help ensure
connectivity, the best practice is to use the fully qualified domain name. For IPv6, unless both the local
and the remote machine are in IPv6 mode, you must enter the fully qualified domain name of the remote
machine instead of the IPv6 address. If the local machine has an IPv4 address and the remote machine has
an IPv6 address, the local machine must support IPv4 and IPv6 mixed mode. The domain name server
must be able to resolve both IPv4 and IPv6 addresses if your environment has both addressing types in a
single Linked Mode group.
12 Enter the port numbers that you want to use or accept the default port numbers and click Next.
13 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
14 Click Finish.
What to do next
See Chapter 13, “Postinstallation Considerations for vCenter Server,” on page 93.
VMware, Inc. 91
ESX and vCenter Server Installation Guide
92 VMware, Inc.
Postinstallation Considerations for
vCenter Server 13
After you install vCenter Server, consider the postinstallation options and requirements.
n Install the vSphere Client and make sure that you can access the vCenter Server instance.
n Check the license server configuration. A license server is required if this vCenter Server is managing
ESX 3.x/ESXi 3.5 hosts. For information about installing the VMware License Server, see the documentation
for VMware Infrastructure 3.
n For environments that require strong security, VMware recommends that you replace the default
certificates on your vCenter Server system with certificates signed by a commercial Certificate Authority
(CA). See vSphere 4.0 technical note Replacing vCenter Server Certificates at
http://www.vmware.com/resources/techresources/.
n When vCenter Server and the database are installed on the same machine, after rebooting the machine,
the VMware VirtualCenter Management Webservices service might not start. To start the service
manually, select Settings > Control Panel > Administrative Tools > Services > VMware VirtualCenter
Management Webservices and start the service. The machine might require several minutes to start the
service.
n For Oracle databases, note the following:
n For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
install location>\Infrastructure\tomcat\lib)
n The Oracle 10g client and Oracle 11g client come with ojdbc14.jar (<Install location>\oracle
\product\10.2.0\<instance_name>\jdbc\lib or <Install location>\app\Administrator\product
\11.1.0\<instance_name>\sqldeveloper\jdbc\lib). The vCenter Server installer copies the file from
the Oracle client install location to the vCenter Server tomcat directory (<vCenter install location>
\Infrastructure\tomcat\lib)
n If the ojdbc14.jar file is not found in the Oracle 10g or Oracle 11g client location, the vCenter Server
installer prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
VMware, Inc. 93
ESX and vCenter Server Installation Guide
Prerequisites
n You must have the vCenter Server installer or the vSphere Client installer.
n You must be a member of the Administrators group on the machine.
Procedure
This selection controls the language only for the installer. When you use the vSphere Client, the vSphere
Client appears in the language associated with the locale setting on the machine. You can alter this behavior
with a command-line instruction or by changing the locale in the registry of the machine. See Basic System
Administration.
4 Select I agree to the terms in the license agreement and click Next.
5 Type your user name and company name and click Next.
6 Select Install VMware vSphere Host Update Utility to manage host patches, updates, and upgrades from
this machine and click Next.
For large deployments and for environments with clustered hosts, VMware recommends that you use
vCenter Update Manager instead of the vSphere Host Update Utility.
7 Accept the default installation location and click Next, or click Change to select a different location and
click Next.
You can use the vSphere Client to connect to an ESX/ESXi host or to connect to a vCenter Server system.
NOTE Do not use the Windows built-in Guest account to start the vSphere Client. By default, the Guest Account
is disabled. When you use the Guest account to log in to Windows, you cannot access the applications that are
already installed on the computer.
94 VMware, Inc.
Chapter 13 Postinstallation Considerations for vCenter Server
Procedure
1 Select Start > Programs > VMware > VMware vSphere Client.
2 In the vSphere Client login window, log in to an ESX/ESXi host as root or as a normal user, or log in to a
vCenter Server system as the administrator.
3 Click Login.
If you cannot connect to the vCenter Server system, you might need to start the VMware VirtualCenter
Management Webservices service manually. To do this, select Settings > Control Panel > Administrative
Tools > Services > VMware VirtualCenter Management Webservices and start the service. The machine
might require several minutes to start the service.
Security warning messages appear because the vSphere Client detects certificates signed by the ESX/ESXi
host or vCenter Server system (default setting). For highly secure environments, certificates generated by
a trusted third-party are recommended.
The vSphere Host Update Utility is bundled with the vSphere Client. You can install the utility when you
install the vSphere Client. If the vSphere Client is already installed and the vSphere Host Update Utility is not,
use this procedure to install vSphere Host Update Utility.
Prerequisites
To use vSphere Host Update Utility, you must have the following:
n Workstation or laptop with the vSphere Client installed.
n Network connection between the ESX/ESXi host and the workstation or laptop.
n Internet connectivity to download patch and update bundles or upgrade images from VMware.com if you
do not have a local depot.
Procedure
1 Open a command window by selecting Start > Run and then entering cmd.
This executable is in the \vpx subfolder of the vCenter Server installation package.
What to do next
VMware, Inc. 95
ESX and vCenter Server Installation Guide
CAUTION Uninstalling a vCenter Server system while it is running disrupts the vSphere Client connections,
which can cause data loss.
Uninstalling vCenter Server or the vSphere Client does not uninstall any of the other components, such as the
bundled database or Microsoft .NET Framework. Do not uninstall the other components if other applications
on your system depend on them.
Procedure
1 If you are uninstalling the vCenter Server, unlicense the vCenter Server and the hosts, and remove the
license keys from the license inventory.
2 If you are uninstalling the vCenter Server, remove the hosts from the Hosts and Clusters inventory.
3 As Administrator on the Microsoft Windows system, select Start > Settings > Control Panel > Add/
Remove Programs.
4 Select the component to remove from the list and click Remove.
5 Click Yes to confirm that you want to remove the program and click Finish.
96 VMware, Inc.
Creating vCenter Server Linked Mode
Groups 14
A Linked Mode group allows you to log in to any single instance of vCenter Server and view and manage the
inventories of all the vCenter Server systems in the group.
You can join multiple vCenter Server systems to form a Linked Mode group. You can configure a Linked Mode
group during vCenter Server installation or after vCenter Server is installed.
To join a vCenter Server group, you enter the fully qualified domain name (or IP address) of a remote machine
on which vCenter Server 4.0 is running. The remote machine can be any vCenter Server 4.0 instance that is or
will become a member of the Linked Mode group.
You must also provide the Lightweight Directory Access Protocol (LDAP) port number of the remote vCenter
Server instance.
vCenter Server instances in a group replicate shared global data to the LDAP directory. The global data includes
the following information for each vCenter Server instance:
n Connection information (IP and ports)
n Certificates
n Licensing information
n User roles
All the requirements for standalone vCenter Server systems apply to Linked Mode systems. See
“vCenter Server Prerequisites,” on page 83.
VMware, Inc. 97
ESX and vCenter Server Installation Guide
The following requirements apply to each vCenter Server system that is a member of a Linked Mode group:
n DNS must be operational for Linked Mode replication to work.
n The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a
two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances
are installed.
n When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain
user who is an administrator on both the machine where vCenter Server is installed and the target machine
of the Linked Mode group.
n All vCenter Server instances must have network time synchronization. The vCenter Server installer
validates that the machine clocks are not more than 5 minutes apart.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server system,
because the default vCenter Server URL entries are no longer accurate. The vCenter Server installer configures
default URL entries as follows:
n For the Virtualcenter.VimApiUrl key, the default value is http(s)://<Fully qualified domain name
(FQDN) of VC machine>/sdk.
Procedure
1 Isolate the vCenter Server system from the Linked Mode group.
See “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 100.
2 Change the domain name or the machine name to make them match.
98 VMware, Inc.
Chapter 14 Creating vCenter Server Linked Mode Groups
3 From the vSphere Client, connect directly to the vCenter Server instance on which you have changed the
domain or machine name.
4 Select Administration > vCenter Server Settings and click Advanced Settings.
5 For the Virtualcenter.VimApiUrl key, change the value to point to the location where the vSphere Client
and SDK clients can access the vCenter Server system.
6 For the Virtualcenter.VimWebServicesUrl key, change the value to point to the location where
vCenter Server Webservices is installed.
7 For the Virtualcenter.Instancename key, change the value so that the modified name appears in the
vCenter Server inventory view.
For example, suppose you have three machines on which you want to install vCenter Server. You want the
three instances to be members of a Linked Mode group.
1 On Machine 1, you install vCenter Server as a standalone instance because you do not yet have a remote
vCenter Server machine to join.
2 On Machine 2, you install vCenter Server, choose to join a Linked Mode group, and provide the fully
qualified domain name of Machine 1.
3 On Machine 3, you upgrade to vCenter Server 4.0. After the upgrade, you configure Machine 3 to join
either Machine 1 or Machine 2. Machine 1, Machine 2, and Machine 3 are now members of a Linked
Mode group.
Prerequisites
See “Linked Mode Prerequisites,” on page 97 and “Linked Mode Considerations,” on page 98.
Procedure
1 Select Start > All Programs > VMware > vCenter Server Linked Mode Configuration.
2 Click Next.
4 Click Join this vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of a remote vCenter Server instance that is a member of
the group and click Next.
If you enter an IP address for the remote server, the installer converts it into a fully qualified domain name.
VMware, Inc. 99
ESX and vCenter Server Installation Guide
6 If the vCenter Server installer detects a role conflict, select how to resolve the conflict.
Option Description
Yes, let VMware vCenter Server Click Next.
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name> <role_name>,
where <vcenter_name> is the name of the vCenter Server system that is
joining the Linked Mode group, and <role_name> is the name of the original
role.
No, I'll resolve the conflicts myself To resolve the conflicts manually:
a Using the vSphere Client, log in to one of the vCenter Server systems
using an account with Administrator privileges.
b Rename the conflicting role.
c Close the vSphere Client session and return to the vCenter Server
installer.
d Click Back and click Next.
The installation continues without conflicts.
A conflict results if the joining system and the Linked Mode group each contain a role with the same name
but with different privileges.
7 Click Finish.
vCenter Server restarts. Depending on the size of your inventory, the change to Linked Mode might take
from a few seconds to a few minutes to complete.
The vCenter Server instance is now part of a Linked Mode group. After you form a Linked Mode group, you
can log in to any single instance of vCenter Server and view and manage the inventories of all the vCenter
Servers in the group. It might take several seconds for the global data (such as user roles) that are changed on
one machine to be visible on the other machines. The delay is usually 15 seconds or less. It might take a few
minutes for a new vCenter Server instance to be recognized and published by the existing instances, because
group members do not read the global data very often.
What to do next
For information about configuring and using your Linked Mode group, see Basic System Administration.
Procedure
1 Select Start > All Programs > VMware > vCenter Server Linked Mode Configuration.
3 Click Isolate this vCenter Server instance from linked mode group and click Next.
The vCenter Server instance is no longer part of the Linked Mode group.
a Verify that the vCenter Server domain name matches the machine name. If they do not match, change
one or both to make them match.
b Update the URLs to make them compatible with the new domain name and machine name.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server
system, because the default vCenter Server URL entries are no longer accurate. See “Configure the
URLs on a Linked Mode vCenter Server System,” on page 98.
If a vCenter Server instance is no longer reachable by remote instances of vCenter Server, the following
symptom might occur:
n Clients logging in to other vCenter Server systems in the group cannot view the information that
belongs to the vCenter Server system on which you changed the domain name because the users
cannot log in to the system.
n Any users that are currently logged in to the vCenter Server system might be disconnected.
n Search queries do not return results from the vCenter Server system.
To resolve this issue, make sure that the Virtualcenter.VimApiUrl key points to the location where the
vSphere Client and SDK clients can access the vCenter Server system, and the
Virtualcenter.VimWebServicesUrl key points to the location where vCenter Server Webservices is
installed. For the Virtualcenter.Instancename key, change the value so that the modified name appears in
the vCenter Server inventory view.
n If you cannot join a vCenter Server instance, you can resolve the problem with the following actions:
n Ensure that the machine is grouped into the correct organizational unit in the corresponding domain
controller.
n When you install vCenter Server, ensure that the logged in user account has administrator privileges
on the machine.
n To resolve trust problems between a machine and the domain controller, remove the machine from
the domain and then add it to the domain again.
n To ensure that the Windows policy cache is updated, run the gpupdate /force command from the
Windows command line. This command performs a group policy update.
n If the local host cannot reach the remote host during a join operation, verify the following:
n Remote vCenter Server IP address or fully qualified domain name is correct.
n LDAP port on the remote vCenter Server is correct.
n VMwareVCMSDS service is running.
n Make sure your Windows and network-based firewalls are configured to allow Linked Mode.
Incorrect configuration of firewalls can cause licenses and roles to become inconsistent between instances.
Prerequisites
n The Windows version must be an earlier than Windows Server 2008. For Windows Server 2008, Windows
automatically configures the firewall to permit access.
n There must be no network-based firewalls between vCenter Server Linked Mode instances. For
environments with network-based firewalls, see “Configuring Firewall Access by Opening Selected
Ports,” on page 102.
Procedure
7 Click OK.
Incorrect configuration of firewalls can cause licenses and roles to become inconsistent between instances.
Procedure
u Configure Windows RPC ports to generically allow selective ports for machine-to-machine RPC
communication.
This procedure describes how to install vCenter Guided Consolidation as an additional module (sometimes
called a plug-in) on the same machine that hosts vCenter Server or on a remote machine.
The VMware vCenter Guided Consolidation service includes the following components:
vCenter Collector This service discovers computers in your network and collects performance
service data. To enable this service, the installer prompts you to enter a user name and
password for an administrative account on the local machine. This account can
be a domain user account specified as DomainName\UserName. The vCenter
Collector service uses port 8181 and 8182, by default.
Prerequisites
Before you install vCenter Guided Consolidation, download the software installer and install
vCenter Server 4.0 on the local machine or on a machine that is reachable by the local machine.
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<vc-installer location>\.
5 Select I agree to the terms in the license agreement and click Next.
6 Accept the default installation location, or click Change to select a different location, and click Next.
8 Enter the port numbers that you want to use or accept the default port numbers and click Next.
10 Enter the port number that the vCenter Server system uses for secure HTTP (HTTPS) communication.
11 Enter the user name and password for the vCenter Server system and click Next.
The user account must have extension registration privileges on the vCenter Server system.
12 Select the server identity from the drop-down menu and click Next.
This procedure describes how to install vCenter Update Manager as an additional module (sometimes called
a plug-in) on the same machine that hosts vCenter Server or on a remote machine.
Prerequisites
Before you install vCenter Update Manager, download the software installer and install vCenter Server 4.0 on
the local machine or on a machine that is reachable by the local machine.
vCenter Update Manager requires a supported database. The database requirements are the same as vCenter
Server. You can use a supported database that is configured to work with vCenter Update Manager, or you
can install the Microsoft SQL Server 2005 Express database that is bundled with vCenter Update Manager.
vCenter Update Manager can use the same database as vCenter Server, but VMware recommends that you
have separate databases for vCenter Server and vCenter Update Manager.
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<vc-installer location>\.
5 Select I agree to the terms in the license agreement and click Next.
6 Enter the connection information for the vCenter Server system to which vCenter Update Manager will
be an extension.
a Enter the IP address. By default, the IP address is that of the local host.
b Enter the port number that the vCenter Server system is configured to use for HTTP. By default,
vCenter Server uses port 80.
c Enter the user name and password for the vCenter Server system.
7 Choose the type of database that you want to use for vCenter Update Manager.
n To use the bundled database, click Install a Microsoft SQL Server 2005 Express instance and click
Next.
This database is suitable for small deployments of up to 5 hosts and 50 virtual machines.
n To use an existing database, click Use an existing supported database, select your database from the
list of available DSNs, and click Next.
8 If you chose to use an existing database, enter the user name and password for the DSN and click Next.
If your database is a local SQL Server database using Microsoft Windows NT authentication, leave the
user name and password fields blank.
9 Select the fully qualified domain name or IP address to identify this instance of vCenter Update Manager
on the network.
Make sure that the fully qualified domain name is accessible by the vCenter Server system and by all the
ESX/ESXi hosts managed by the vCenter Server system.
10 Enter the port numbers that you want to use or accept the default port numbers.
11 (Optional) Select Yes, I have an Internet connection, and I want to configure proxy settings now.
12 Click Next.
If the local machine has proxy settings configured, the installer uses these settings by default.
14 (Optional) Select Authenticate proxy using the credentials below, and enter the user name and password
to use for authentication.
15 Accept the default installation location or click Change to select a different location.
16 Accept the default location for patch downloads or click Change to select a different location, and click
Next.
What to do next
Install the Update Manager client plug-in. See the vCenter Update Manager Administration Guide.
This procedure describes how to install vCenter Converter as an additional module (sometimes called a plug-
in) on the same machine that hosts vCenter Server or on a remote machine.
Prerequisites
Before you install vCenter Converter, download the software installer and install vCenter Server 4.0 on the
local machine or on a machine that is reachable by the local machine.
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<vc-installer location>\.
6 Accept the default installation location and click Next, or click Change to select a different location and
click Next.
8 Enter the connection information for the vCenter Server system to which vCenter Converter will be an
extension.
a Enter the IP address. By default, the IP address is that of the local host.
b Enter the port number that the vCenter Server system is configured to use for secure HTTP (HTTPS).
By default, vCenter Server uses port 443.
c Enter an administrative user name and password for the vCenter Server system.
9 Enter the port numbers that you want to use or accept the default port numbers and click Next.
10 Select the vCenter Server identity from the drop-down menu and click Next.
What to do next
Install the Converter client plug-in. See the vCenter Converter Administration Guide.
Each host requires a license, and each vCenter Server instance requires a license. You cannot assign multiple
license keys to a host or to a vCenter Server system. You can license multiple hosts with one license key if the
key has enough capacity for more than one host. Likewise, you can license multiple vCenter Server instances
with one license key if the key has a capacity greater than one. When you apply a minor upgrade or patch the
ESX/ESXi or vCenter Server software, you do not need to replace the existing license key with a new one. If
you upgrade the edition of the license (for example, from standard to enterprise), you must replace the existing
license key in the inventory with a new upgraded license key.
IMPORTANT From the ESX/ESXi license perspective, a CPU is a processor with a physical processor in it. When
you purchase a license, you select the edition, the number of CPUs, and the maximum number of cores per
CPU. For example, if you purchase an enterprise license with 100 CPUs, you must also choose the maximum
number of cores per CPU. For example, you might select a maximum of 2 cores per CPU, 6 cores per CPU, or
12 cores per CPU. The choice depends on the type of hardware on which you are installing ESX/ESXi.
If you do not have a license server installed and you need one, download the VMware License Server from the
VMware Web site.
The License Server installation requires no downtime. No virtual machines, servers, hosts, or clients need to
be powered off for the installation of the license server.
Procedure
2 In the License Server text box, enter the port number and license server machine name, as in port@host.
4 Click OK.
After you use the license portal to combine license keys, you must add the new license key to the vCenter Server
license inventory and remove the old license keys.
1 You uninstall vCenter Server without first unlicensing and removing the hosts.
2 You reinstall vCenter Server and make it part of a different Linked Mode group.
3 The host license keys from the previous group are not transferred to the new group.
4 You add hosts that were licensed by the previous vCenter Server group to the new group.
6 The host license keys now belong to two Linked Mode groups. If the total assignment of the key exceeds
the key's capacity, this scenario is not supported and causes your license usage to be out of compliance.
3 You add the host to another vCenter Server instance and choose to retain the license when you perform
the Add Host operation.
4 The host license key belongs to two separate license inventories. If the total assignment of the key exceeds
the key's capacity, this scenario is not supported and causes your license usage to be out of compliance.
1 You have two vCenter Server instances that belong to the same Linked Mode group.
4 When you add a license key, the key becomes available to all the vCenter Server systems within the same
Linked Mode group. The license keys are shared, and each system in the group has the same inventory
view, although this might not always seem so because of replication delays.
Global.licenses If you have global permission at the root folder, you can view and modify all
licenses in the vCenter Server inventory. This includes other vCenter Server
systems in a Linked Mode group.
Read-only If you have read-only permission on a host, the vCenter Server displays the
first and last five characters of the license key assigned to the host, the features
present in the license, and the expiration date for the license.
If you have neither of these permissions but you can add a host to vCenter Server, you can add a license to the
inventory and assign a license to the host when you perform the add host operation.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, click Home > Licensing.
From these report views, you can right-click entities to add, assign, and remove license keys and copy license
information to your clipboard.
Example 16-4. Use the Product View to Add and Assign a License Key
In this example, you select the Product view in the Licensing Report window. In the Evaluation Mode list,
right-click a vCenter Server instance and select Change license key. You can then assign a license key that is
in the license inventory or add a new license key and assign it in a single operation.
What to do next
If you have a license with zero assigned capacity, as seen in the Assigned column of the License Report, ask
yourself the following questions:
n Did I forget to assign this license key to an asset?
n Did I forget to remove this license key from the inventory?
Prerequisites
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
5 Enter the license key, enter an optional label for the key, and click OK.
6 Click OK.
Prerequisites
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
3 In the Add License Keys text area, enter license keys one per line.
If any of the keys are invalid, an error message lists the invalid keys. You can correct the invalid keys and
try adding them again, or delete them.
6 If you are not ready to assign license keys to assets, click Next through the remaining wizard screens and
click Finish to save your changes.
NOTE After you assign a license to a host, the software might update the license report before the license
assignment operation is complete. If the host becomes disconnected immediately after you assign the license,
the license report might not accurately reflect the host license state. The report might show the host as licensed,
even though the license assignment operation is not yet complete. When the host is reconnected to a
vCenter Server system, the license assignment operation continues, and the host becomes licensed as shown
in the report.
Prerequisites
To assign a license to a host, the host must be connected to a vCenter Server system.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
4 Click the ESX or vCenter Server tab to display the available assets.
7 In the Product window, select an appropriate license key and click Next.
The capacity of the license key must be greater than or equal to the sum of the asset CPUs.
8 If you are not ready to remove any license keys, click Next to skip the Remove License Keys page and click
Finish to save your changes.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
4 In the Save As dialog box, select a folder, a filename, and a format for the exported license data and click
Save.
Procedure
3 Click Edit.
4 Assign a license key.
n Select Assign an existing license key to this host and select a license key from the Product list.
n Select Assign a new license key to this host, click Enter Key, and enter a license key and an optional
label for the license key.
5 Click OK.
Prerequisites
You must have a communication channel through a firewall before adding a host.
Procedure
2 Expand the inventory as needed and click the appropriate datacenter, folder, or cluster.
4 When prompted by the Add Host wizard, assign an existing vSphere license key or add a new vSphere
license key.
If you try to configure features that are not included in the host license, the vSphere Client displays an error
message.
Procedure
The Licensed Features window displays the list of features that you can configure on the host.
Procedure
Troubleshooting Licensing
These topics provide guidelines for troubleshooting your license setup for environments with only ESX 4.0/
ESXi 4.0 hosts and environments that have a mixture of ESX 4.0/ESXi 4.0 and legacy ESX 3.x/ESXi 3.5 hosts.
If you cannot resolve the problem, contact VMware for support as follows:
n If you have difficulties in configuring licensed features, file a support request at
http://www.vmware.com/support.
n To license vCenter Server, you must apply a vCenter Server license key.
n To license ESX/ESXi, you must apply a vSphere license key.
n If you downgrade your license from evaluation mode to a license that does not support the features that
you configured while using evaluation mode, the features might stop working without warning.
n If a licensing-related error message appears when you try to configure a feature, check the licensed features
on the host and on the vCenter Server system to make sure that the host or vCenter Server system is
licensed to use the feature that you are trying to configure.
n If all the hosts in a vCenter Server system inventory become disconnected, this might be because the
vCenter Server license is expired or the 60-day evaluation period has expired.
n If you cannot power on the virtual machines that reside on a host, this might be because the host license
is expired or the 60-day evaluation period is expired.
n If an ESX/ESXi host is managed by a vCenter Server system, changes made to the host license via direct
connection to the host do not persist, because the changes are overwritten by the license key assigned via
vCenter Server. See “About Overriding the Host License Configuration,” on page 117.
n If vCenter Server is managing ESX 3.x/ESXi 3.5 hosts, vCenter Server must check out vCenter Server Agent
licenses from a license server. If vCenter Server is having trouble communicating with your license server,
do the following:
n Check that the license server Microsoft Windows service is running.
n Check that the license server is listening.
n Check the license server status.
If your license server is operating properly, you might have a problem with your license file.
If your license server is working correctly and your license file is correct, check that you correctly
configured centralized or single-host licensing, as appropriate to your environment.
For detailed troubleshooting and configuration instructions, see the licensing documentation in the
Installation Guide or the Setup Guide for VMware Infrastructure 3.
Applying Licenses
If you cannot apply a license to an asset, the license might not match the currently configured features and
resources. When you assign a license to an asset, the license must be compatible with all the configured
resources and features.
For example, suppose you add 10 ESX hosts to the vCenter Server inventory during the evaluation period.
After the evaluation period expires, you try to assign a Foundation edition license to a vCenter Server system.
The assignment operation fails because the Foundation edition allows a vCenter Server system to manage up
to three hosts only. To correct this issue, you can upgrade the edition or you can remove seven hosts from the
inventory.
As another example, suppose that you configure VMotion and DRS on a cluster of Enterprise edition hosts.
Later, you try to assign Standard license keys to the hosts. This operation fails because the Standard edition
does not include VMotion and DRS. You must assign Enterprise licenses to the ESX hosts or disable VMotion
and DRS. For detailed information about how to disable features, see the VMware Knowledge Base.
Also, make sure you are applying the correct license key, as follows:
n To license vCenter Server assets, you must apply a vCenter Server license key.
n To license ESX/ESXi assets, you must apply a vSphere license key.
If you use the Configuration > Licensed Features > Edit operation, the host license configuration is overridden
by any license assignment operation that you perform in vCenter Server.
License Expiration
Upon license expiration, the vCenter Server software and the ESX/ESXi software continue to run, but certain
operations stop working.
If a vCenter Server license expires, the managed hosts become disconnected from the vCenter Server inventory,
and you cannot add hosts to the inventory. The hosts and the virtual machines on the hosts continue to run.
By using the vSphere Client to connect directly to the host, you can power on or reset the virtual machines.
After you assign a valid vCenter Server license, you can reconnect all the hosts at once as follows:
If an ESX/ESXi host license expires, the virtual machines that reside on the host continue to run, but you cannot
power on the virtual machines or reset them.
Without a license, you are able to perform some operations, but you cannot power on or reset your virtual
machines. All hosts are disconnected from the vCenter Server system if the evaluation period expires before
you assign a license to the vCenter Server system. Any single ESX/ESXi host is disconnected from the
vCenter Server system if the ESX/ESXi evaluation period expires before you assign a license to the host.
When you switch your vCenter Server system and ESX from evaluation mode to licensed mode, consider the
following:
n If a vCenter Server system is managing VMware Infrastructure 3 hosts (for example, ESX 3.x or ESXi 3.5),
the vCenter Server system must have access to a license server. You can download the VMware License
Server from the VMware Web site.
n To license vCenter Server, you must apply a vCenter Server license key.
n To license ESX/ESXi, you must apply a vSphere license key.
n When you assign a license to a machine on which a VMware vSphere component is installed, the license
must be compatible with all resources and features that you configure during the evaluation period.
For example, suppose you add 10 ESX hosts to the vCenter Server system inventory during the evaluation
period. After the evaluation period expires, you try to assign an edition license that limits the number of
hosts that can be managed by a vCenter Server system. The assignment operation fails because the edition
allows a vCenter Server system to manage fewer than 10 hosts. To correct this issue, you can upgrade your
license key to a higher edition or you can remove hosts from the inventory.
As another example, if you configure a cluster of ESX hosts to use Fault Tolerance and DRS during the
evaluation period, you can only assign a license that allows the use of those features. Hence, the assignment
of a higher edition license succeeds. To assign a lower edition license, you must first disable Fault Tolerance
and DRS.
Symbols bulletins 66
/ 61 bulletins, for patching ESX/ESXi 67
/ partition 22, 61 bundled database 74
/boot 61
/boot partition 61 C
/home 62 CIM provider 65
/root/ks.cfg 46 clearpart command 48
/tmp 62 clients, firewall 18
/usr 62 combining license keys 109
/var/log 62 components included with the vCenter Server
installer 85
/vmfs/volumes 61
computer name
%include command 48
Oracle 73
%packages command 48
SQL Server 73
%post command 48
configuration options 27
%pre command 48
configuring ports 18
connecting
Numerics Oracle database 81, 82
32-bit DSN requirement 72
SQL Server database 76
3rd-party extensions 65
cores per CPU 108
3rd-party modules, removing 68
creating a SQL Server database 74
creating an Oracle database 78
A
custom extension, removing 68
accepteula command 48
adding license keys 112, 113
D
additional modules 103
data source name 72
append 25
databases
applying licenses, troubleshooting 117 maintaining 74
applying patches 66 Oracle 81
applying patches to ESX/ESXi 67 preparing 97
askmedia 25, 34 SQL Server 76, 78
assigning license keys 113 DBO privileges 74
ATA disks 13 default installation scripts 46
auth command 48 default root password 46
authconfig command 48 depot, for patching ESX/ESXi 67
autopart command 48 determining which features are licensed 115
DHCP, for PXE booting the ESX installer 33
B Directory Services 99, 100
boot options 25
dividing license keys 109
boot prompt 27
DNS 101
booting the ESX installer 27
domain controller 101
booting the ESX installer from the DVD 28
downgrading license keys 109
bootloader 48
download the vCenter Server installer 89
bootloader kernel options 27
DRAC 19, 37
bootstrap commands 27
drivers 65
O R
ODBC databases 76 ramdisk 37
offline bundles 66 Read-only permission 111
optional partitions 22, 61 reboot command 48
Oracle database registry settings 102
changing the computer name 73 reinstalling vCenter Server 96
remote access 81 remote Oracle database 81
requirements 71 remote SQL Server database 74
EN-000112-00
vSphere Upgrade Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
4 System Requirements 27
ESX Hardware Requirements 27
ESXi Hardware Requirements 30
vCenter Server and the vSphere Client Hardware Requirements 32
vCenter Server Software Requirements 33
vSphere Client Software Requirements 34
Support for 64-Bit Guest Operating Systems 34
Requirements for Creating Virtual Machines 34
Required Ports 34
Supported Remote Management Firmware Versions 35
VMware, Inc. 3
vSphere Upgrade Guide
Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer 42
Back Up VirtualCenter 2.x 43
Downtime During the vCenter Server Upgrade 43
4 VMware, Inc.
Contents
Index 109
VMware, Inc. 5
vSphere Upgrade Guide
6 VMware, Inc.
About This Book
To learn how to simplify and automate your datacenter upgrade, see the vCenter Update Manager Administration
Guide.
If you have legacy versions of ESX, ESXi, and VirtualCenter, and you want to migrate to vSphere 4.0 by
performing fresh installations that do not preserve existing data, see the following manuals:
n ESX and vCenter Server Installation Guide
n ESXi Installable and vCenter Server Setup Guide
n ESXi Embedded and vCenter Server Setup Guide
Intended Audience
This book is intended for anyone who needs to upgrade from earlier versions of ESX/ESXi and vCenter Server
to ESX 4.0/ESXi 4.0 and vCenter Server 4.0. The information in this manual is written for experienced Microsoft
Windows or Linux system administrators who are familiar with virtual machine technology and datacenter
operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
VMware, Inc. 7
vSphere Upgrade Guide
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
8 VMware, Inc.
Changes to the Upgrade Process 1
VMware vSphere introduces many changes to the upgrade process for vCenter Server and ESX/ESXi.
This chapter includes the following topics:
n “vCenter Server Upgrade,” on page 9
n “Host Upgrade,” on page 9
n “Datastore Upgrade,” on page 10
n “Virtual Machine Upgrade,” on page 10
n “Licensing,” on page 11
When you upgrade from VirtualCenter 2.x to vCenter Server 4.0, consider the following:
n The unified installer is no longer supported.
The autorun.exe executable file provides an HTML interface that presents the following installers:
n vCenter Server
n vCenter Guided Consolidation
n vSphere Client
n vCenter Update Manager
n vCenter Converter
n The database schema upgrade occurs before the upgrade to vCenter Server. This ensures that your existing
version of VirtualCenter 2.x remains in place until the database schema upgrade completes successfully.
When the database schema upgrade is successful, the upgrade to vCenter Server begins.
Host Upgrade
The process of upgrading ESX/ESXi hosts includes several changes from the upgrade process in previous
releases.
When you upgrade from ESX 3.x/ESXi 3.5 to ESX 4.0/ESXi 4.0, you can use either the vSphere Host Update
Utility or vCenter Update Manager.
VMware, Inc. 9
vSphere Upgrade Guide
This utility is intended for small deployments with fewer than 10 ESX/ESXi hosts and without vCenter Server
or vCenter Update Manager. The utility includes a wizard that guides you through upgrades. While an upgrade
is in progress, the utility provides visual status.
With Update Manager 4.0 you can perform orchestrated upgrades of hosts and virtual machines. Orchestrated
upgrades allow you to upgrade all hosts in the inventory using host upgrade baselines. Orchestrated upgrades
can be used to upgrade the virtual machine hardware and VMware Tools of virtual machines in the inventory
at once, using baseline groups containing the following baselines:
n VM Hardware Upgrade to Match Host
n VMware Tools Upgrade to Match Host
Orchestrated upgrades can be performed at a cluster, folder, datacenter, or individual entity level.
In addition, this tool enables you to configure policy-based compliance monitoring and remediation. For
example, you can define a host upgrade baseline to upgrade an ESX host to ESX 4.0, a virtual machine upgrade
baseline to upgrade the virtual machine hardware to the latest version, and VMware Tools to the latest version.
To do this, you use wizard-based workflows to first schedule host upgrades for an entire cluster and then
schedule a virtual machine upgrade for all the virtual machines.
Built-in best practices in the wizard workflows prevent erroneous upgrade sequences. For example, the wizard
prevents you from upgrading virtual machine hardware before you upgrade hosts in a cluster. vCenter Update
Manager monitors hosts and virtual machines for compliance against your defined upgrade baselines.
Noncompliance appears in detailed reports and in the dashboard view. vCenter Update Manager supports
mass remediation.
For detailed information about how to use vCenter Update Manager and how to orchestrate upgrades, see the
vCenter Update Manager Administration Guide.
Datastore Upgrade
No VMFS upgrade is required if you are upgrading from ESX 3.x/ESXi 3.5 with VMFS3 datastores.
Read-only VMFS2 support is deprecated in vSphere 4.0 and might be removed in future vSphere releases.
CAUTION If you do not perform the upgrade in the correct order, your virtual machines might lose network
connectivity.
To ensure that the virtual machine upgrade happens in the correct order, you can use vCenter Update Manager
to automate the process. See the vCenter Update Manager Administration Guide.
10 VMware, Inc.
Chapter 1 Changes to the Upgrade Process
Licensing
Licensing is centralized in vCenter Server.
If you upgrade all your hosts, you no longer need a license server or host-based license files. All product licenses
are encapsulated in 25-character license keys that you can manage and monitor from vCenter Server.
Each ESX/ESXi host requires one license key. Each vCenter Server instance requires one license key. You cannot
assign multiple license keys to a host or to a vCenter Server system. When you apply a minor upgrade or patch
the ESX/ESXi or vCenter Server software, you do not need to replace the existing license key with a new one.
If you upgrade the edition of the license (for example, from standard to enterprise), you must replace the
existing license key in the inventory with a new upgraded license key.
On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your legacy licenses. After you upgrade to vCenter Server and ESX 4.0/ESXi 4.0, use the vSphere Client
to assign the upgraded license keys to your assets.
VMware, Inc. 11
vSphere Upgrade Guide
12 VMware, Inc.
Example Upgrade Scenarios 2
Upgrade scenarios for vSphere 4.0 include cases with and without clustered hosts, hosts that you upgrade on
the same machine where they are currently running, and hosts that you upgrade using different machines.
CAUTION VMware recommends that you read about the upgrade process before attempting to upgrade. If you
do not follow appropriate safeguards, you might lose data and lose access to your servers. Without careful
planning, you might incur more downtime than is necessary.
You must complete the upgrade process in a specific order. If you do not complete each upgrade stage before
moving on, you can lose data and server access. Order is also important within each upgrade stage.
Generally, you can perform the upgrade process for each component in only one direction. For example, after
you upgrade to vCenter Server, you cannot revert to VirtualCenter 2.x. With appropriate backups and
planning, you can restore your original software records.
You can take any amount of time to complete each of the upgrade procedures. However, keep in mind the
following considerations:
n You must complete one procedure before you move to the next procedure.
n Some major procedures include minor substeps. Follow the directions within each procedure regarding
the required sequence of minor substeps.
VMware, Inc. 13
vSphere Upgrade Guide
Because certain commands can simultaneously upgrade more than one stage, VMware recommends that you
thoroughly understand the irreversible changes at each stage before you upgrade your production
environments.
To ensure that your datacenter upgrade goes smoothly, you can use vCenter Update Manager to manage the
process for you.
The following list of tasks provides a high-level overview of the upgrade process.
a Make sure your database is compatible with vCenter Server 4.0. This release discontinues support for
some database versions and adds support for other database versions. See the Compatibility Matrixes
on the VMware vSphere documentation Web site.
b Make sure that you have the required permissions to perform this procedure. See “Database
Prerequisites,” on page 39.
c Take a full backup of the VirtualCenter 2.x database. See your database documentation.
d Back up the VirtualCenter 2.x SSL certificates. See “Back Up VirtualCenter 2.x,” on page 43.
The downtime required for this upgrade is based on the amount of data in the database. During this time,
you cannot perform provisioning operations, such as cloning or creating virtual machines. The upgrade
from VirtualCenter 2.5 is faster in comparison to the upgrade from VirtualCenter 2.0.x because of
differences in changes to the database schema and the amount of data migration.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0. Your VMware High
Availability (HA) and VMware Distributed Resource Scheduler (DRS) clusters are automatically
reconfigured. (Check to ensure that the automatic reconfiguration is successful. In some cases, you might
need to reconfigure the clusters manually.)
For a detailed description of the upgrade procedure, see Chapter 5, “Preparing for the Upgrade to vCenter
Server,” on page 37 and Chapter 6, “Upgrading to vCenter Server 4.0,” on page 45.
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
For a detailed description of the procedure, see “Upgrade to the vSphere Client,” on page 56.
4 If your environment has vCenter Guided Consolidation, complete the consolidation plan and then
upgrade it to the latest version.
6 Use vCenter Update Manager to upgrade ESX 3.x hosts to ESX 4.0.
14 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
vCenter Update Manager puts the host into maintenance mode before upgrading the host. The downtime
for the procedure depends on the network speed and the server boot time.
In case of upgrade failure, vCenter Update Manager supports rollback to the previous release.
For a detailed description of the procedure, see the vCenter Update Manager Administration Guide.
7 Use vCenter Update Manager to upgrade your virtual machines. vCenter Update Manager ensures that
the VMware Tools upgrade and the virtual hardware upgrade happen in the correct order to prevent loss
of your network connectivity. vCenter Update Manager also performs automatic backups of your virtual
machines in case you need to roll back after the upgrade. You can upgrade clusters without powering off
the virtual machines if Distributed Resource Scheduler is available for the cluster.
8 Upgrade your product licenses:
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using vCenter Server.
This scenario assumes that you do not have host clusters and you do not have vCenter Update Manager. In
such a case, you probably do not have VirtualCenter either. If you do have VirtualCenter, the following process
can apply to your environment as well.
The following list of tasks provides a high-level overview of the upgrade process.
a Make sure your database is compatible with vCenter Server 4.0. This release discontinues support for
some database versions and adds support for other database versions. See the Compatibility Matrixes
on the VMware vSphere documentation Web site.
b Make sure that you have the required permissions to perform this procedure. See “Database
Prerequisites,” on page 39.
c Take a full backup of the VirtualCenter 2.x database. See your database documentation.
d Back up the VirtualCenter 2.x SSL certificates. See “Back Up VirtualCenter 2.x,” on page 43.
The downtime required for this upgrade is based on the amount of data in the database. During this time,
you cannot perform provisioning operations, such as cloning or creating virtual machines. The upgrade
from VirtualCenter 2.5 is faster in comparison to the upgrade from VirtualCenter 2.0.x because of
differences in changes to the database schema and the amount of data migration.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0.
For a detailed description of the upgrade procedure, see Chapter 5, “Preparing for the Upgrade to vCenter
Server,” on page 37 and Chapter 6, “Upgrading to vCenter Server 4.0,” on page 45.
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
During vSphere Client installation, install the vSphere Host Update Utility. By default, this utility is not
installed. Install it if you plan to use this Windows machine to initiate host upgrades.
For a detailed description of the procedure, see “Upgrade to the vSphere Client,” on page 56.
VMware, Inc. 15
vSphere Upgrade Guide
4 If your environment has vCenter Guided Consolidation, complete the consolidation plan and then
upgrade it to the latest version.
5 Use vSphere Host Update Utility to upgrade ESX 3.x/ESXi 3.5 hosts to ESX 4.0.
This procedure involves putting the host into maintenance mode before you upgrade the host. The
downtime for the procedure depends on the network speed and the server boot time.
In case of upgrade failure, the process supports rollback to the previous release.
For a detailed description of the procedure, see Chapter 11, “Upgrade to ESX 4.0 or ESXi 4.0,” on
page 75.
6 Use the vSphere Client to upgrade your virtual machines:
a If they are not already powered on, power on the virtual machines and upgrade to the latest version
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0.
b Power off the virtual machines and upgrade to the latest version of virtual hardware to take advantage
of the new virtual hardware.
The virtual machine upgrade process has changed in this release. In earlier releases, the virtual hardware
upgrade came before the VMware Tools upgrade. For this release, you must upgrade the VMware Tools
before you upgrade the virtual hardware.
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX/ESXi host and the virtual machines on the hosts.
The following example provides a high-level overview of the upgrade process in an environment with ESX 3.x/
ESXi 3.5 and VirtualCenter 2.x, using VMotion to migrate your running virtual machines to ESX 4.0/ESXi 4.0.
The hosts in your environment must be licensed for and able to use VMotion.
You can perform a migration upgrade without VMotion. The only difference is the amount of downtime for
the virtual machines.
The disadvantage of a migration upgrade is that this plan requires additional resources. A migration upgrade
calls for sufficient resources to run the production environment partly on older hosts and partly on upgraded
hosts. Any required redundancies and safeguards must be available on both upgraded and non-upgraded
infrastructure during the transition.
Prerequisites
16 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
a Make sure your database is compatible with vCenter Server 4.0. This release discontinues support for
some database versions and adds support for other database versions. See the Compatibility Matrixes
on the VMware vSphere documentation Web site.
b Make sure that you have the required permissions to perform this procedure. See “Database
Prerequisites,” on page 39.
c Take a full backup of the VirtualCenter 2.x database. See your database documentation.
d Back up the VirtualCenter 2.x SSL certificates. See “Back Up VirtualCenter 2.x,” on page 43.
The downtime required for this upgrade is based on the amount of data in the database. During this time,
you cannot perform provisioning operations, such as cloning or creating virtual machines. The upgrade
from VirtualCenter 2.5 is faster in comparison to the upgrade from VirtualCenter 2.0.x because of
differences in changes to the database schema and the amount of data migration.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0. Your VMware High
Availability (HA) and VMware Distributed Resource Scheduler (DRS) clusters are automatically
reconfigured. (Check to ensure that the automatic reconfiguration is successful. In some cases, you might
need to reconfigure the clusters manually.)
For a detailed description of the upgrade procedure, see Chapter 5, “Preparing for the Upgrade to vCenter
Server,” on page 37 and Chapter 6, “Upgrading to vCenter Server 4.0,” on page 45.
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
For a detailed description of the procedure, see “Upgrade to the vSphere Client,” on page 56.
4 If your environment has vCenter Guided Consolidation, complete the consolidation plan and then
upgrade it to the latest version.
5 If your environment has vCenter Update Manager, upgrade it to the latest version.
Procedure
1 Use VMotion to evacuate the virtual machines from the ESX 3.x/ESXi 3.5 hosts.
2 Upgrade to ESX 4.0/ESXi 4.0, or perform a fresh installation of ESX 4.0/ESXi 4.0.
For VMotion to work, the ESX 3.x/ESXi 3.5 and ESX 4.0/ESXi 4.0 hosts must be managed by the same
vCenter Server instance.
4 Use VMotion to move virtual machine to the ESX 4.0/ESXi 4.0 host.
What to do next
a If they are not already powered on, power on the virtual machines and upgrade to the latest version
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0./ESXi 4.0.
b Power off the virtual machines and upgrade to the latest version of virtual hardware to take advantage
of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware versions. See Basic
System Administration.
VMware, Inc. 17
vSphere Upgrade Guide
The virtual machine upgrade process is different for ESX 4.0/ESXi 4.0. In earlier versions, you upgraded
the virtual hardware upgrade before you upgraded VMware Tools. For ESX 4.0/ESXi 4.0, you upgrade
VMware Tools before you upgrade the virtual hardware.
You can use either the vSphere Client or vCenter Update Manager to upgrade virtual machines. In a
clustered environment, VMware recommends that you use vCenter Update Manager . See the vCenter
Update Manager Administration Guide. If you are using the vSphere Client to upgrade virtual machines, see
Chapter 13, “Upgrading Virtual Machines,” on page 85.
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX 2.5.x host and the virtual machines on the hosts.
The following example provides a high-level overview of the upgrade process in an environment with ESX 2.5.x
and VirtualCenter 1.4.x, using upgrade VMotion to migrate your running virtual machines to ESX 4.0. The
hosts in your environment must be licensed for and able to use VMotion.
You can perform a migration upgrade without VMotion. The only difference is the amount of downtime for
the virtual machines.
Upgrade VMotion (also known as VMotion with datastore relocation) is a special case in which you perform
a one-way VMotion. In this scenario, you move virtual disks from a VMFS 2 volume to a VMFS 3 volume.
Requirements include persistent-mode disks, a VMFS 2 volume that is visible to the ESX 4.0 host, and
compatible host CPUs.
The disadvantage of a migration upgrade is that this plan requires additional resources. A migration upgrade
calls for sufficient resources to run the production environment partly on older hosts and partly on upgraded
hosts. Any required redundancies and safeguards must be available on both upgraded and non-upgraded
infrastructure during the transition.
Prerequisites
1 Install vCenter Server 4.0. You cannot upgrade VirtualCenter 1.4.x to vCenter Server 4.0. You must perform
a fresh installation.
For the supported operating systems, database types, and other prerequisites, see the Compatibility
Matrixes and the Installation Guide on the VMware vSphere documentation Web site.
18 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
For the supported operating systems and other prerequisites, see the Compatibility Matrixes and the
Installation Guide.
Procedure
2 Create a VMFS3 datastore with a capacity that is greater than or equal to the VMFS2 datastore on the
ESX 2.5.x host.
4 Remove the ESX 2.5.x host from VirtualCenter 1.4.x and add it to vCenter Server 4.0.
For upgrade VMotion to work, the ESX 2.5.x and ESX 4.0/ESXi 4.0 hosts must be managed by the same
vCenter Server.
Upgrade VMotion requires that both the VMFS2 and VMFS3 volume are visible to the ESX 4.0 host. VMFS2
volumes are read-only on ESX 4.0/ESXi 4.0 hosts.
Upgrade VMotion copies the disk from VMFS2 to VMFS3. This process takes a varying amount of time,
depending on the size of the disk and the IO load.
The hardware version of the virtual machines is automatically upgraded from version 3 to version 4.
What to do next
a If they are not already powered on, power on the virtual machines and upgrade to the latest version
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0./ESXi 4.0.
b Power off the virtual machines and upgrade to the latest version of virtual hardware (version 7) to
take advantage of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware
versions. See Basic System Administration.
The virtual machine upgrade process is different for ESX 4.0/ESXi 4.0. In earlier versions, you upgraded
the virtual hardware upgrade before you upgraded VMware Tools. For ESX 4.0/ESXi 4.0, you upgrade
VMware Tools before you upgrade the virtual hardware.
You can use either the vSphere Client or vCenter Update Manager to upgrade virtual machines. In a
clustered environment, VMware recommends that you use vCenter Update Manager . See the vCenter
Update Manager Administration Guide. If you are using the vSphere Client to upgrade virtual machines, see
Chapter 13, “Upgrading Virtual Machines,” on page 85.
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX 2.5.x host and the virtual machines on the hosts.
VMware, Inc. 19
vSphere Upgrade Guide
Prerequisites
a Make sure your database is compatible with vCenter Server 4.0. This release discontinues support for
some database versions and adds support for other database versions. See the Compatibility Matrixes
on the VMware vSphere documentation Web site.
b Make sure that you have the required permissions to perform this procedure. See “Database
Prerequisites,” on page 39.
c Take a full backup of the VirtualCenter 2.x database. See your database documentation.
d Back up the VirtualCenter 2.x SSL certificates. See “Back Up VirtualCenter 2.x,” on page 43.
The downtime required for this upgrade is based on the amount of data in the database. During this time,
you cannot perform provisioning operations, such as cloning or creating virtual machines. The upgrade
from VirtualCenter 2.5 is faster in comparison to the upgrade from VirtualCenter 2.0.x because of
differences in changes to the database schema and the amount of data migration.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0. Your VMware High
Availability (HA) and VMware Distributed Resource Scheduler (DRS) clusters are automatically
reconfigured. (Check to ensure that the automatic reconfiguration is successful. In some cases, you might
need to reconfigure the clusters manually.)
For a detailed description of the upgrade procedure, see Chapter 5, “Preparing for the Upgrade to vCenter
Server,” on page 37 and Chapter 6, “Upgrading to vCenter Server 4.0,” on page 45.
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
For a detailed description of the procedure, see “Upgrade to the vSphere Client,” on page 56.
4 If your environment has vCenter Guided Consolidation, complete the consolidation plan and then
upgrade it to the latest version.
5 If your environment has vCenter Update Manager, upgrade it to the latest version.
20 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
Procedure
2 Add ESX 2.5.x or ESX 3.x/ESXi 3.5 hosts to vCenter Server 4.0.
3 Power off or suspend the virtual machines on the ESX 2.5.x or ESX 3.x/ESXi 3.5 hosts.
What to do next
b Power off the virtual machines and upgrade to the latest version of virtual hardware to take advantage
of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware versions. See Basic
System Administration.
The virtual machine upgrade process is different for ESX 4.0/ESXi 4.0. In earlier versions, you upgraded
the virtual hardware upgrade before you upgraded VMware Tools. For ESX 4.0/ESXi 4.0, you upgrade
VMware Tools before you upgrade the virtual hardware.
You can use either the vSphere Client or vCenter Update Manager to upgrade virtual machines. In a
clustered environment, VMware recommends that you use vCenter Update Manager . See the vCenter
Update Manager Administration Guide. If you are using the vSphere Client to upgrade virtual machines, see
Chapter 13, “Upgrading Virtual Machines,” on page 85.
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX 2.5.x host and the virtual machines on the hosts.
Prerequisites
Before you begin this procedure, install the vSphere Client. You can install the vSphere Client on the same
machine with your previous version of the VI Client. You must have the previous version of the VI Client to
connect to previous versions of VirtualCenter and ESX/ESXi. For a detailed description of the procedure, see
“Upgrade to the vSphere Client,” on page 56.
VMware, Inc. 21
vSphere Upgrade Guide
Procedure
1 Power off or suspend the virtual machines on the ESX 2.5.x or ESX 3.x/ESXi 3.5 host.
IMPORTANT For suspended virtual machine migrations, both hosts must have identical processors.
2 Evacuate the virtual machines from the host by moving the virtual machines to other hosts.
3 Upgrade ESX 3.x/ESXi 3.5 to ESX 4.0, or perform a fresh installation of ESX 4.0. A fresh installation is
required if your legacy hosts are ESX 2.5.x.
What to do next
a If they are not already powered on, power on the virtual machines and upgrade to the latest version
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0./ESXi 4.0.
b Power off the virtual machines and upgrade to the latest version of virtual hardware to take advantage
of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware versions. See Basic
System Administration.
The virtual machine upgrade process is different for ESX 4.0/ESXi 4.0. In earlier versions, you upgraded
the virtual hardware upgrade before you upgraded VMware Tools. For ESX 4.0/ESXi 4.0, you upgrade
VMware Tools before you upgrade the virtual hardware.
You can use either the vSphere Client or vCenter Update Manager to upgrade virtual machines. In a
clustered environment, VMware recommends that you use vCenter Update Manager . See the vCenter
Update Manager Administration Guide. If you are using the vSphere Client to upgrade virtual machines, see
Chapter 13, “Upgrading Virtual Machines,” on page 85.
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX 2.5.x host and the virtual machines on the hosts.
One common reason for doing this is to upgrade to a 64-bit platform. When you upgrade to vCenter Server on
a new machine, you can keep your existing database where it is or move it. You might want to move your
database to keep the database local to the vCenter Server machine.
22 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
This process is described in detail in Chapter 7, “Upgrading to vCenter Server on a Different Machine and
Keeping the Existing Database,” on page 49.
VMware, Inc. 23
vSphere Upgrade Guide
24 VMware, Inc.
Changing Host Types 3
Changing host types from ESX to ESXi (or ESXi to ESX) have no in-place upgrade, but you can migrate existing
virtual machines and datastores or perform an in-place, fresh installation to replace one host type with another.
If you install ESXi Installable on the same disk where ESX is installed, ESXi overwrites the VMFS datastores
on the disk. To prevent this, you can migrate virtual machines from an ESX host to an ESXi host.
Procedure
2 Use the vSphere Client to reregister the virtual machines on the ESXi host.
Prerequisites
You must have an ESXi Embedded host. An ESXi Embedded host is a physical server that contains an ESX
image preinstalled as firmware in the factory or burned onto an external USB key.
VMware, Inc. 25
vSphere Upgrade Guide
Procedure
2 Reregister the virtual machines with the ESX host by using vSphere Client.
IMPORTANT ESXi Installable and ESXi Embedded can exist on the same host. However, having them on the
same host causes ESXi upgrades to fail, so coexistence is not supported.
CAUTION Overwriting the ESXi Embedded image might cause you to lose drivers installed by your hardware
vendor.
Prerequisites
You must have an ESXi Embedded host. An ESXi Embedded host is a physical server that contains an ESX
image preinstalled as firmware in the factory or burned onto an external USB key.
Procedure
2 Copy virtual machines from the ESXi Embedded VMFS datastore to the ESXi Installable VMFS datastore.
3 Reboot the machine and configure the boot setting to boot from the hard disk where you installed ESXi
rather than the USB disk.
4 If you can remove the ESXi Embedded USB device, remove it. If the USB device is internal, clear or
overwrite the USB partitions.
Removing or overwriting ESXi Embedded is required so that the ESXi host can be upgraded in the future.
26 VMware, Inc.
System Requirements 4
Hosts running vCenter Server and ESX must meet specific hardware and operating system requirements.
This chapter includes the following topics:
n “ESX Hardware Requirements,” on page 27
n “ESXi Hardware Requirements,” on page 30
n “vCenter Server and the vSphere Client Hardware Requirements,” on page 32
n “vCenter Server Software Requirements,” on page 33
n “vSphere Client Software Requirements,” on page 34
n “Support for 64-Bit Guest Operating Systems,” on page 34
n “Requirements for Creating Virtual Machines,” on page 34
n “Required Ports,” on page 34
n “Supported Remote Management Firmware Versions,” on page 35
64-Bit Processor
n VMware ESX 4.0 will only install and run on servers with 64-bit x86 CPUs.
n Known 64-bit processors:
n All AMD Opterons support 64 bit.
n All Intel Xeon 3000/3200, 3100/3300, 5100/5300, 5200/5400, 7100/7300, and 7200/7400 support 64 bit.
n All Intel Nehalem (no Xeon brand number assigned yet) support 64 bit.
RAM
2GB RAM minimum
Network Adapters
One or more network adapters. Supported network adapters include:
n Broadcom NetXtreme 570x gigabit controllers
n Intel PRO 1000 adapters
VMware, Inc. 27
vSphere Upgrade Guide
ATA and IDE disk drives – ESX supports installing and booting on either an ATA drive or ATA RAID is
supported, but ensure that your specific drive controller is included in the supported hardware. IDE drives
are supported for ESX installation and VMFS creation.
28 VMware, Inc.
Chapter 4 System Requirements
VMware has tested these combinations, however, other combinations might work as well.
Table 4-1 lists the tested combinations for burning the ESX installation ISO image onto DVD media.
Phillips + RW DVD8801 Roxio Creator Classic version: 6.1.1.48 SONY DVD +RW 120min / 4.7 GB
Philips PLDS DVD + RW DH-16A6S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips PLDS DVD + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips BenQ PBDS + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Memorex DVD-R
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Office Depot DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Ativa DVD-RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 TDK DVD+R
Verbatim DVD+R
SONY DVD-R
Maxell DVD+R
Table 4-2 lists the tested combinations for burning the ESX installation ISO image onto USB media.
VMware, Inc. 29
vSphere Upgrade Guide
You need the following hardware and system resources to install and use ESXi 4.0:
n Supported server platform (for a list of supported platforms, see the Systems Compatibility Guide)
n VMware ESXi 4.0 will only install and run on servers with 64-bit x86 CPUs.
n Known 64-bit processors:
n All AMD Opterons support 64 bit.
n All Intel Xeon 3000/3200, 3100/3300, 5100/5300, 5200/5400, 7100/7300, and 7200/7400 support 64 bit.
n All Intel Nehalem (no Xeon brand number assigned yet) support 64 bit.
n 2GB RAM minimum
n One or more Gigabit or 10Gb Ethernet controllers. For a list of supported network adapter models, see the
Hardware Compatibility Guide at http://www.vmware.com/resources/compatibility.
n One or more of the following controllers (any combination can be used):
n Basic SCSI controllers – Adaptec Ultra-160 or Ultra-320, LSI Logic Fusion-MPT, or most NCR/Symbios
SCSI.
n RAID controllers – Dell PERC (Adaptec RAID or LSI MegaRAID) or IBM (Adaptec) ServeRAID
controllers.
n SCSI disk or a local (non-network) RAID LUN with unpartitioned space for the virtual machines.
n For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board SATA
controllers.
NOTE You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 4.0 host. To use the
SATA CD-ROM device, you must use IDE emulation mode.
ESXi 4.0 Installable supports installing on and booting from the following storage systems:
n SATA disk drives – SATA disk drives connected behind supported SAS controllers or supported on-board
SATA controllers.
Supported SAS controllers include:
n LSI1068E (LSISAS3442E)
n LSI1068 (SAS 5)
n IBM ServeRAID 8K SAS controller
n Smart Array P400/256 controller
n Dell PERC 5.0.1 controller
30 VMware, Inc.
Chapter 4 System Requirements
NOTE Sharing VMFS datastores on SATA disks across multiple ESXi 4.0 hosts is not supported.
n SCSI disk drives – Supported for installing ESXi 4.0 and for storing virtual machines.
n Serial Attached SCSI (SAS) disk drives – Supported for installing ESXi 4.0 and for storing virtual machines
on VMFS partitions.
For example, operating four virtual machines with Red Hat Enterprise Linux or Windows XP requires at
least 3GB of RAM for baseline performance. This includes approximately 1024MB for the virtual machines
(256MB minimum for each operating system as recommended by vendors).
Running these four virtual machines with 512MB RAM requires that the ESXi 4.0 host be equipped with
approximately 4GB RAM, which includes 2048MB for the virtual machines.
These calculations do not take into account possible memory savings from using variable overhead
memory for each virtual machine. See the Resource Management Guide.
n Dedicated Fast Ethernet adapters for virtual machines – Place the management network and virtual
machine networks on different physical network cards. Dedicated Gigabit Ethernet cards for virtual
machines, such as Intel PRO 1000 adapters, improve throughput to virtual machines with high network
traffic.
n Disk location – Place all data used by your virtual machines on physical disks allocated specifically to
virtual machines. Performance is better when you do not place your virtual machines on the disk
containing the ESXi 4.0 Installable boot image. Use physical disks that are large enough to hold disk images
used by all the virtual machines.
n VMFS3 partitioning – The ESXi 4.0 installer creates the initial VMFS volumes automatically on blank local
disks. To add disks or modify the original configuration, use the vSphere Client. This application ensures
that the starting sectors of partitions are 64K-aligned, which improves storage performance.
NOTE For SAS-only environments, the installer might not format the disks. For some SAS disks, it is
difficult to identify whether the disks are local or remote. After the installation, you can use the vSphere
Client to set up VMFS.
n Processors – Faster processors improve ESXi 4.0 performance. For certain workloads, larger caches
improve ESXi 4.0 performance.
n Hardware compatibility – Use devices in your server that are supported by ESXi 4.0 drivers. See the
Hardware Compatibility Guide at http://www.vmware.com/resources/compatibility.
VMware, Inc. 31
vSphere Upgrade Guide
vCenter Server includes a service called VMware VirtualCenter Management Webservices. This service
requires 128MB to 1.5GB of additional memory. The VirtualCenter Management Webservices process
allocates the required memory at startup.
n Disk storage – 2GB. Disk requirements might be higher if the database runs on the same machine.
n Microsoft SQL Server 2005 Express disk requirements – Up to 2GB free disk space to decompress the
installation archive. Approximately 1.5GB of these files are deleted after the installation is complete.
n Networking – Gigabit connection recommended.
See your database documentation for the hardware requirements of your database. The database requirements
are in addition to the vCenter Server requirements if the database and vCenter Server run on the same machine.
You must also have 400MB free on the drive that has your %temp% directory.
If all of the prerequisites are already installed, 300MB of free space is required on the drive that has your
%temp% directory, and 450MB is required for the vSphere Client 4.0.
32 VMware, Inc.
Chapter 4 System Requirements
IMPORTANT The recommended disk sizes assume default log levels. If you configure more granular log levels,
more disk space is required.
vCenter Server must be hosted on a 64-bit Windows operating system for this configuration.
See the Compatibility Matrixes on the VMware vSphere documentation Web site.
VMware, Inc. 33
vSphere Upgrade Guide
The vSphere Client requires the Microsoft .NET 3.0 SP1 Framework. If your system does not have it installed,
the vSphere Client installer installs it.
For a list of supported operating systems, see the Compatibility Matrixes on the VMware vSphere documentation
Web site.
See the Guest Operating System Installation Guide for a complete list.
To determine whether your server has 64-bit VMware support, you can download the CPU Identification
Utility at the VMware downloads page: http://www.vmware.com/download/shared_utilities.html.
Virtual chip set Intel 440BX-based motherboard with NS338 SIO chip
Required Ports
vCenter Server requires certain ports to send and receive data.
The vCenter Server system must be able to send data to every managed host and receive data from every
vSphere Client. To enable migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
34 VMware, Inc.
Chapter 4 System Requirements
VMware uses designated ports for communication. Additionally, the managed hosts are listening for data from
the vCenter Server system on designated ports. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
Table 4-7 lists the default ports that are required for communication between components.
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This is useful if you accidentally use http://server instead of https://server.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind
to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another
service is running on this port, it might be preferable to remove it or change its port to different port. If
needed, you can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the firewall.
The vCenter Server system also uses port 443 to listen for data transfer from the vSphere Web Access
Client and other SDK clients.
If you use another port number for HTTPS, you must use <ip-address>:<port> when you log in to the
vCenter Server system.
636 For vCenter Linked Mode, this is the SSL port of the local instance. If another service is running on this
port, it might be preferable to remove it or change its port to different port. If needed, you can run the
SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also
send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked
by firewalls between the server and the hosts, or between hosts.
902/903 Ports 902 and 903 must not be blocked between the vSphere Client and the hosts. These ports are used
by the vSphere Client to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Webservices.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Webservices.
If you want the vCenter Server system to use a different port to receive vSphere Client data, see Basic System
Administration.
To tunnel the vSphere Client data through the firewall to the receiving port on the vCenter Server system, see
Basic System Administration. VMware does not recommended this method because it disables the vCenter Server
console function.
Table 4-8 lists the remote management firmware versions that are supported for installing ESX 4.0 remotely.
NOTE If you are using a remote management application to access the ESXi direct console, consider enabling
high-contrast mode in the direct console by pressing F4.
VMware, Inc. 35
vSphere Upgrade Guide
Table 4-8. Supported Remote Management Server Models and Firmware Versions
Remote Controller
Make and Model DRAC Firmware Java ActiveX
36 VMware, Inc.
Preparing for the Upgrade to vCenter
Server 5
Before you upgrade to vCenter Server, review the prerequisites.
This chapter includes the following topics:
n “About the vCenter Server 4.0 Upgrade,” on page 37
n “vCenter Server Upgrade Summary,” on page 37
n “Prerequisites for the vCenter Server Upgrade,” on page 38
n “vCenter Server Database Patch and Configuration Requirements,” on page 40
n “Database Scenarios,” on page 41
n “Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer,” on page 42
n “Back Up VirtualCenter 2.x,” on page 43
n “Downtime During the vCenter Server Upgrade,” on page 43
ESX 4.0 and ESXi 4.0 hosts that are managed together in a vCenter Server system can run the same virtual
machines, use VMotion to migrate virtual machines between the hosts, and access the same datastores.
You can manage ESX 3.x/ESXi 3.5 hosts in the same cluster with ESX 4.0/ESXi 4.0 hosts. You can manage ESX
2.x as standalone hosts in a vCenter Server system. ESX 2.x hosts cannot be added to clusters.
VMware, Inc. 37
vSphere Upgrade Guide
Linked Mode Cannot join a Linked Mode group during the upgrade procedure.
Join after the upgrade to vCenter Server is complete.
License server License server To manage ESX 3.x/ESXi 3.5 hosts, verify that the vCenter Server
system is configured to use a license server. Install a license server if
necessary.
ESX ESX 2.5 host Supported with vCenter Server 4.0, but cannot add the hosts to
clusters.
If you do not currently have the license key, you can install in evaluation mode and use the vSphere Client
to enter the license key later.
n The installation path of the previous version of VirtualCenter must be compatible with the installation
requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). For example the
installation path cannot have commas (,) or periods (.). If your previous version of VirtualCenter does
not meet this requirement, you must perform a clean installation of vCenter Server 4.0.
n Make sure the system on which you are installing vCenter Server is not an Active Directory domain
controller, primary or backup.
n Make sure that the computer name has no more than 15 characters.
38 VMware, Inc.
Chapter 5 Preparing for the Upgrade to vCenter Server
n vCenter Server 4.0 uses TCP/IP Ports 80 and 443 for the VMware vSphere Web client. You cannot run
vCenter Server on the same machine as a Web server using TCP/IP port 80 (HTTP) or port 443 (HTTPS)
because doing so causes port conflicts.
n If you use vCenter Guided Consolidation Service in the VirtualCenter 2.x environment, complete the
consolidation plan before you upgrade to vCenter Server 4.0. The upgrade to vCenter Server 4.0 does not
preserve or migrate any data gathered by the vCenter Guided Consolidation Service. After the upgrade,
all of the data is cleared, and you cannot restore it.
n Back up the SSL certificates that are on the VirtualCenter 2.x system before you upgrade to
vCenter Server 4.0.
n If you upgrade to vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must
have the NTFS format, not the FAT32 format.
n If you use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server
computer name is updated in the domain name service (DNS). One way to test this is by pinging the
computer name. For example, if the computer name is host-1.company.com, run the following command
in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Database Prerequisites
Before you upgrade to vCenter Server, consider the following points:
n If your database server is not supported by vCenter Server, perform a database upgrade to a supported
version or import your database into a supported version. See “Database Scenarios,” on page 41.
n You must perform a complete backup of your VirtualCenter 2.x database before you begin the
vCenter Server upgrade. The VirtualCenter 2.x database schema is not compatible with vCenter Server 4.0.
The vCenter Server 4.0 installer upgrades your existing VirtualCenter Server database schema with extra
fields, thus making the database unusable by VirtualCenter 2.x.
n You must have login credentials, the database name, and the database server name that will be used by
the vCenter Server database. The database server name is typically the ODBC System data store name
(DSN) connection name for the vCenter Server database.
n To use a newly supported Oracle database, such as Oracle 11g, you do not need to perform a clean
installation of vCenter Server if your existing database is also Oracle. For example, you can first upgrade
your existing Oracle 9i database to Oracle 10g or Oracle 11g and then upgrade VirtualCenter 2.x to
vCenter Server 4.0.
n To use a newly supported SQL database, such as Microsoft SQL 2008, you do not need to perform a clean
installation of vCenter Server if your existing database is also Microsoft SQL Server. For example, you can
upgrade a Microsoft SQL Server 2000 database to Microsoft SQL Server 2005 or Microsoft SQL Server 2008
and then upgrade VirtualCenter 2.x to vCenter Server 4.0.
n If you are upgrading from VirtualCenter 2.0.x and you are using the previously bundled demonstration
MSDE database, you must perform a clean installation of vCenter Server. VirtualCenter 2.0.x with the
demonstration MSDE database has no supported upgrade path to vCenter Server 4.0.
n If you are upgrading from VirtualCenter 2.5 with the bundled SQL Server 2005 Express, you do not need
to perform a clean installation of vCenter Server.
n If you have a Microsoft SQL database and you are upgrading from VirtualCenter 2.0.x, make sure that
bulk logging is enabled. You can disable it after the upgrade is complete.
n If you have a Microsoft SQL database, your system DSN must be using the SQL Native Client driver.
VMware, Inc. 39
vSphere Upgrade Guide
n Make sure that the database user has the following permissions:
n Oracle Either assign the DBA role or grant the following permissions to the
user:
grant connect to <user>
grant resource to <user>
grant create view to <user>
grant create any sequence to <user> # For upgrade from VC 2.0.x
grant create any table to <user> # For upgrade from VC 2.0.x
grant execute on dbms_lock to <user> # For upgrade from VC 2.0.x/
2.5
grant unlimited tablespace to <user> # To ensure sufficient
space
After the upgrade is complete, you can optionally remove the following
permissions from the user profile: create any sequence and create any
table.
n Microsoft SQL Server Make sure that the database login has the db_owner fixed database role
on the vCenter Server database and on the MSDB database. The
db_owner role on the MSDB database is required for installation and
upgrade only. You can revoke this role after the installation or upgrade
process is complete.
NOTE vCenter Update Manager also requires a database. VMware recommends that you use separate
databases for vCenter Server and vCenter Update Manager.
If your VirtualCenter 2.x database is not supported for upgrade to vCenter Server 4.0, first upgrade your
database (or import your database into a database that is supported for upgrade to vCenter Server) and then
upgrade to vCenter Server.
Table 5-2 lists the configuration and patch requirements for the databases that are supported for upgrade to
vCenter Server. If your database is not listed in this table, see “Database Scenarios,” on page 41.
For a complete list of database versions supported with vCenter Server, see the Compatibility Matrixes on the
VMware vSphere documentation Web site.
40 VMware, Inc.
Chapter 5 Preparing for the Upgrade to vCenter Server
Microsoft SQL Server Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
2005 Express machines.
You cannot install the bundled database during an upgrade to vCenter Server. If you want to
use the bundled database, Microsoft SQL Server 2005 Express must be already installed or you
must perform a clean installation of vCenter Server.
Microsoft SQL Server For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client driver
2005 (version 9.x) for the client.
Ensure that the machine has a valid ODBC DSN entry.
Microsoft SQL Server For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client driver
2008 (version 10.x) for the client.
Ensure that the machine has a valid ODBC DSN entry.
Oracle 10g If necessary, first apply patch 10.2.0.3 (or later) to the client and server. Then apply patch 5699495
to the client.
Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
install location>\Infrastructure\tomcat\lib)
The Oracle 10g client comes with ojdbc14.jar (<Oracle client install location>\oracle
\product\10.2.0\<instance_name>\jdbc\lib). The vCenter Server installer copies the file
from the Oracle client install location to the vCenter Server tomcat directory (<vCenter
install location>\Infrastructure\tomcat\lib)
If the ojdbc14.jar file is not found in the Oracle 10g client location, the vCenter Server installer
prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
Oracle 11g Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
install location>\Infrastructure\tomcat\lib)
The Oracle 11g client comes with ojdbc14.jar (<Oracle client install location>\app
\Administrator\product\11.1.0\<instancename>\sqldeveloper\jdbc\lib). The
vCenter Server installer copies the file from the Oracle client install location to the vCenter
Server tomcat directory (<vCenter install location>\Infrastructure\tomcat\lib)
If the ojdbc14.jar file is not found in the Oracle 11g client location, the vCenter Server installer
prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
Database Scenarios
When you upgrade to vCenter Server 4.0, you must make sure your database is supported with
vCenter Server 4.0.
Table 5-3 lists the database types that you can use with either VirtualCenter 2.x or vCenter Server, or both. This
is not a list of supported database versions. For a list of supported database versions, see the Compatibility
Matrixes on the VMware vSphere documentation Web site. The purpose of Table 5-3 is to describe the
vCenter Server upgrade scenarios for each database type.
Table 5-3. vCenter Server Upgrade Scenarios for Each Database Type
Supported in Supported in
Database Type VirtualCenter 2.x vCenter Server 4.0 Supported Scenario
Experimental Yes (VirtualCenter 2.0.x) No After you upgrade to a database server that is
MSDE database supported by vCenter Server, you can perform
a fresh installation or upgrade to
vCenter Server.
VMware, Inc. 41
vSphere Upgrade Guide
Table 5-3. vCenter Server Upgrade Scenarios for Each Database Type (Continued)
Supported in Supported in
Database Type VirtualCenter 2.x vCenter Server 4.0 Supported Scenario
If you perform a fresh installation of vCenter Server 4.0, you can then import your database information into
a database that is supported by vCenter Server 4.0. For information about performing a fresh installation, see
the ESX and vCenter Server Installation Guide or the ESXi and vCenter Server Setup Guide. For information about
importing your database, see your database documentation or consult your database administrator.
Changing the vCenter Server computer name impacts database communication if the database server is on the
same computer with vCenter Server. If you have changed the machine name, verify that communication
remains intact by completing the following procedure.
The name change has no impact on communication with remote databases. You can skip this procedure if your
database is remote.
NOTE The name-length limitation applies to the vCenter Server system. The data source name (DSN) and
remote database systems can have names with more than 15 characters.
Check with your database administrator or the database vendor to make sure all components of the database
are working after you rename the server.
Procedure
2 Make sure that the vCenter Server computer name is updated in the domain name service (DNS).
One way to test this is by pinging the computer name. For example, if the computer name is
host-1.company.com, run the following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
42 VMware, Inc.
Chapter 5 Preparing for the Upgrade to vCenter Server
If you begin the upgrade to vCenter Server, and you did not back up your VirtualCenter 2.x database and SSL
certificates, you cannot restore your previous VirtualCenter configuration. You cannot roll back your database
to the previous database schema. The only way to recover from an unsuccessful upgrade is to use your backed
up database and SSL certificates.
Procedure
3 Take notes on the existing VirtualCenter installation regarding the selections, settings, and information
used. For example, note any nondefault settings, such as the IP address, the database DSN, user name,
password, and assigned ports.
What to do next
VMware, Inc. 43
vSphere Upgrade Guide
44 VMware, Inc.
Upgrading to vCenter Server 4.0 6
The upgrade to vCenter Server includes a database schema upgrade and an upgrade of VirtualCenter 2.x.
This chapter includes the following topics:
n “About the Database Upgrade Wizard,” on page 45
n “Upgrade to vCenter Server,” on page 45
When you perform an upgrade to vCenter Server, you must use a VirtualCenter 2.x database that is supported
for upgrade by vCenter Server 4.0.
The Database Upgrade wizard runs after you click Install in the vCenter Server installer. The Database
Upgrade wizard upgrades the database schema to make it compatible with vCenter Server 4.0. The schema
defines the tables, the fields in each table, and the relationships between fields and tables.
If you are upgrading from VirtualCenter 2.5, the Database Upgrade wizard runs in the background. If you are
upgrading from VirtualCenter 2.0.x, the Database Upgrade wizard appears and you must complete the wizard.
The Database Upgrade wizard does not upgrade an unsupported database version (for example, Oracle 9i)
into a supported database.
CAUTION You cannot use the updated database schema with previous versions of VirtualCenter. You cannot
roll back the schema update. You must create a back up of your database before you upgrade your database
and before you begin the upgrade to vCenter Server.
This procedure requires downtime for the VirtualCenter Server that you are upgrading. No virtual machines
need to be powered off.
If the upgrade fails, there is no automatic rollback to the previous VirtualCenter version.
Prerequisites
The prerequisites for upgrading to vCenter Server include requirements for the vCenter Server system and
requirements for the database. See “Prerequisites for the vCenter Server Upgrade,” on page 38.
VMware, Inc. 45
vSphere Upgrade Guide
Procedure
1 Select Start > Control Panel > Administrative Tools > Services > VMware VirtualCenter Server to stop
the service.
2 As Administrator on the Windows system, insert the VMware vCenter Server Installation CD or double-
click autorun.exe.
3 When the vCenter Server Installer page appears, click vCenter Server.
6 Select I agree to the terms in the license agreement and click Next.
If you omit the license key, vCenter Server will be in evaluation mode. After installation, you can convert
vCenter Server to licensed mode by entering the license key using the vSphere Client.
8 Enter the database password that corresponds to the username and DSN that the installer displays and
click Next.
You can omit the database username and password if the DSN is using Windows NT authentication.
If you specify a remote SQL Server database that uses Windows NT authentication, the database user and
the logged-in user on the vCenter Server machine must be the same.
If you choose this option, you cannot continue the upgrade. Cancel the upgrade, back up your
VirtualCenter environment (as described in “Back Up VirtualCenter 2.x,” on page 43), and restart the
upgrade process.
If the database schema is current, this dialog does not appear.
10 Click I have taken a backup of the existing vCenter Server database and SSL certificates and click
Next.
12 Enter the port numbers to use or accept the default port numbers shown on the page and click Next.
13 Click Install.
If you are upgrading from VirtualCenter 2.0.x, the Database Upgrade wizard appears. The upgrade is not
complete until the wizard upgrades the database schema. If you are upgrading from VirtualCenter 2.5, the
database schema is upgraded in the background.
46 VMware, Inc.
Chapter 6 Upgrading to vCenter Server 4.0
What to do next
For upgrades from VirtualCenter 2.5, the Database Upgrade wizard runs in the background. This procedure
is for upgrades from VirtualCenter 2.0.x.
Procedure
The table for performance data can be large. If you do not keep the table, you cannot view historical
performance statistics for the time when the database was maintained in VirtualCenter 2.x.
Your database is now compatible with vCenter Server 4.0. It is no longer compatible with VirtualCenter
2.x. The vCenter Server installer begins installing vCenter Server 4.0.
What to do next
VMware, Inc. 47
vSphere Upgrade Guide
48 VMware, Inc.
Upgrading to vCenter Server on a
Different Machine and Keeping the
Existing Database 7
When you upgrade to vCenter Server, you can install vCenter Server on a new machine. One common reason
for doing this is to run vCenter Server on a 64-bit machine.
Preparing the database for any type of upgrade always means creating a full backup. In addition, you have
the following options:
n After you create a full backup of the database, leave it where it is. This option makes sense if your database
is remote from VirtualCenter, and you want it to remain remote after the upgrade to vCenter Server.
n After you create a full backup of the database, restore it onto the machine on which you are installing
vCenter Server. This option makes sense if the database is local to VirtualCenter and you want it to be
local after the upgrade to vCenter Server.
n For Microsoft SQL Server databases only, create a full backup of the database, detach the database, and
attach it to the machine on which you are installing vCenter Server. This option makes sense if the database
is local to VirtualCenter and you want it to be local after the upgrade to vCenter Server.
For Microsoft SQL Server databases, when you decide between the backup/restore option or the detach/attach
option, consider the downtime required. For guidance on these options, consult your organization's database
administrator.
Consult your database administrator or see your database documentation about backing up and restoring
databases.
The machine with the VirtualCenter 2.x database is referred to as the source machine. The machine on which
the vCenter Server 4.0 database will reside is referred to as the destination machine.
VMware, Inc. 49
vSphere Upgrade Guide
Prerequisites
n You must have a VirtualCenter 2.x system running with a local or remote Microsoft SQL Server database.
n You must have Microsoft SQL Server Management Studio installed on the source machine and the
destination machine. The Express versions (SQLServer2005_SSMSEE.msi and
SQLServer2005_SSMSEE_x64.msi) are free downloads from Microsoft.
Procedure
1 In SQL Server Management Studio, make a full back up of the source machine database.
2 Copy the backup file (.bak) to the C:\ drive on the destination machine.
3 On the destination machine, open SQL Server Management Studio and right-click the Databases folder.
4 Select New Database, enter the source machine database name, and click OK.
5 Right-click the new database icon and select Task > Restore > Database.
8 In the Restore Database window, select the checkbox next to your .bak file.
9 On the Options page, select the Overwrite the existing database checkbox and click OK.
The VirtualCenter 2.x database is successfully restored onto the new database, which you can use for the
upgrade to vCenter Server 4.0.
What to do next
Consult your database administrator or see your database documentation about detaching and attaching
databases.
The machine with the VirtualCenter 2.x database is referred to as the source machine. The machine on which
the vCenter Server 4.0 database will reside is referred to as the destination machine.
Prerequisites
n Take a full backup of the database.
n You must have a VirtualCenter 2.x system running with a local or remote Microsoft SQL Server database.
n You must have Microsoft SQL Server Management Studio installed on the source machine and the
destination machine. The Express versions (SQLServer2005_SSMSEE.msi and
SQLServer2005_SSMSEE_x64.msi) are free downloads from Microsoft.
50 VMware, Inc.
Chapter 7 Upgrading to vCenter Server on a Different Machine and Keeping the Existing Database
Procedure
a Selecting Start > Control Panel > Administrative Tools > Services > VMware VirtualCenter
Server.
2 In the SQL Server Management Studio, open the Databases directory, right-click the VirtualCenter 2.x
database, and select Tasks > Detach.
5 In SQL Server Management Studio on the destination machine, right-click the Databases directory and
select Attach.
6 Select the .mdf file that you copied to the destination machine's database folder and click OK.
The database from the source machine is attached to the destination machine.
What to do next
Consult your database administrator or see your database documentation about backing up and restoring
databases.
The machine with the VirtualCenter 2.x database is referred to as the source machine. The machine on which
the vCenter Server 4.0 database will reside is referred to as the destination machine.
Prerequisites
You must have a VirtualCenter 2.x system running with a local or remote Oracle 10g or Oracle 11g database.
Procedure
1 On the source machine, log in to Oracle SQL*Plus as the VirtualCenter 2.x database user and export the
database as a .dmp file.
2 Copy the .dmp file onto the C:\ drive of the destination machine.
4 Create a user.
create user VCUSER identified by CENSORED default tablespace vctest;
5 Import the .dmp file into the Oracle 64-bit database on the destination machine.
The VirtualCenter 2.x database is restored onto the new database, which you can use for the upgrade to
vCenter Server 4.0.
VMware, Inc. 51
vSphere Upgrade Guide
What to do next
Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have
a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit
system is 64 bit.
Procedure
You now have a DSN that is compatible with vCenter Server. When the vCenter Server installer prompts you
for a DSN, select the 32-bit DSN.
VMware recommends that you back up your VirtualCenter database before you perform this procedure.
Prerequisites
The prerequisites for upgrading to vCenter Server include requirements for the vCenter Server system and
requirements for the database. See “Prerequisites for the vCenter Server Upgrade,” on page 38.
The database for the source machine can be local or remote, but it must be supported with vCenter Server 4.0.
If it is not supported, back it up and upgrade it to a supported database or import the tables into a supported
database. See “Database Scenarios,” on page 41.
If you are upgrading on a 64-bit system, see “Create a 32-Bit DSN on a 64-Bit Operating System,” on page 52.
Procedure
1 On the source machine, copy the SSL certificate folder at %ALLUSERSPROFILE%\Application Data\VMware
\VMware VirtualCenter.
52 VMware, Inc.
Chapter 7 Upgrading to vCenter Server on a Different Machine and Keeping the Existing Database
3 On the destination machine, configure a system DSN that points to the database.
4 On the source machine, stop the VirtualCenter service by selecting Start > Control Panel > Administrative
Tools > Services > VMware VirtualCenter Server.
6 When prompted by the installer, select the DSN that you configured on the destination machine.
The Database Upgrade wizard upgrades the database tables to make them compatible with vCenter
Server 4.0. If you are upgrading from VirtualCenter 2.0.x, you must complete the Database Upgrade
wizard. If you are upgrading from VirtualCenter 2.5, the Database Upgrade wizard runs in the
background.
The legacy VirtualCenter data is preserved and the database schema is upgraded to make it compatible with
vCenter Server 4.0. After the schema is upgraded, the database is not compatible with previous versions of
VirtualCenter.
What to do next
VMware, Inc. 53
vSphere Upgrade Guide
54 VMware, Inc.
Postupgrade Considerations for
vCenter Server 8
After you upgrade to vCenter Server, consider the postupgrade options and requirements.
n To view the upgrade log, open %TEMP%\VCDatabaseUpgrade.log.
n Install the vSphere Client and make sure you can access the vCenter Server instance.
n Upgrade any additional modules that are linked to this instance of vCenter Server. Additional modules
might include vCenter Update Manager, vCenter Converter, and vCenter Guided Consolidation, for
example.
n On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your VirtualCenter 2.x license. Using the vSphere Client, assign the upgraded license key to the
vCenter Server 4.0 host.
n In the vSphere Client, select Home > vCenter Server Settings > Licensing to verify that the vCenter Server
is connected to a license server. A license server is required if this vCenter Server is managing ESX 3.x/
ESXi 3.5 hosts. For information about installing the VMware License Server, see the documentation for
VMware Infrastructure 3.
n For Oracle databases, copy the Oracle JDBC Driver (ojdbc14.jar) driver to the[VMware vCenter Server]
\tomcat\lib folder.
n For SQL Server databases, if you enabled bulk logging for the upgrade, disable it after the upgrade is
complete.
n Optionally, join the vCenter Server system to a Linked Mode group.
n Optionally, upgrade the ESX/ESXi hosts in the vCenter Server inventory to ESX 4.0/ESXi 4.0.
n Optionally, enable SSL certification checking. Select Home > vCenter Server Settings > SSL Settings.
Select vCenter requires verified host SSL certificates and click OK. When you enable SSL checking, the
hosts become disconnected from vCenter Server, and you must reconnect them.
VMware, Inc. 55
vSphere Upgrade Guide
The VI Client 2.5 and the vSphere Client 4.0 can be installed on the same machine.
The vSphere Client upgrade operation requires no downtime. No virtual machines or clients need to be
powered off for this process.
Procedure
1 (Optional) Use Add/Remove Programs from the Windows Control Panel to remove any previous vCenter
Server client.
Older vCenter Server clients do not need to be removed and are useful if you need to connect to legacy
hosts.
If the vSphere Client installation fails, uninstall the vSphere Client using Add/Remove Programs from
the Windows Control Panel. Then reinstall the vSphere Client.
Install this utility if your environment does not use vCenter Update Manager and you want to use this
workstation to initiate upgrades of ESX 3.x/ESXi 3.5 hosts and manage ESXi host patching.
After you install the vSphere Client 4.0, you can connect to vCenter Server using the domain name or IP address
of the Windows machine on which vCenter Server is installed and the user name and password of a user on
that machine.
If you do not have the VI Client 2.5 installed and you use vSphere Client to connect to VirtualCenter 2.5, the
vSphere Client prompts you to download and install the VI Client 2.5. After you install the VI Client 2.5, you
can use the vSphere Client log-in interface to connect to VirtualCenter 2.5 or vCenter Server 4.0.
What to do next
Use the vSphere Client to connect to the vCenter Server IP address with your Windows login username and
password. Specifically, use the login credentials appropriate to the Windows machine on which vCenter Server
is installed. The vCenter Server username and password might be different than the username and password
you use for ESX/ESXi.
If the vSphere Client displays security alerts and exceptions when you log in or perform some operations, such
as opening performance charts or viewing the Summary tab, this might mean that your Internet Explorer (IE)
security settings are set to High. If your IE security settings are set to High, enable the Allow scripting of
Internet Explorer web browser control setting in IE.
If you cannot connect to the vCenter Server system, you might need to start the VMware VirtualCenter Server
service manually. To start the service, in the Settings menu, select Control Panel > Administrative Tools >
Services > VMware VirtualCenter Server. The machine might require several minutes to start the service.
If you do not have a license server installed and you need one, download the VMware License Server from the
VMware Web site.
The License Server installation requires no downtime. No virtual machines, servers, hosts, or clients need to
be powered off for the installation of the license server.
56 VMware, Inc.
Chapter 8 Postupgrade Considerations for vCenter Server
Table 8-1 lists the license server scenarios and the necessary actions.
In-place upgrade from VirtualCenter 2.x to vCenter Server. License server is on the same None
machine.
In-place upgrade from VirtualCenter 2.x to vCenter Server. License server is on a None
different machine.
Uninstall VirtualCenter 2.x. Preserve the license server. Perform a clean installation of Point vCenter Server to the
vCenter Server with a rebuilt, clean database. existing license server.
Uninstall VirtualCenter 2.x and the license server. Perform a clean installation of Install a new license server, and
vCenter Server with a rebuilt, clean database. point vCenter Server to the new
license server.
Clean installation of vCenter Server with a rebuilt, clean database. License server was Point vCenter Server to the
on a different machine. existing license server.
Upgrade to vCenter Server using a different machine. The VirtualCenter 2.x system is Point vCenter Server to the
the source machine. The vCenter Server 4.0 system is the destination machine. existing license server.
See Chapter 7, “Upgrading to vCenter Server on a Different Machine and Keeping the
Existing Database,” on page 49.
Prerequisites
Before you join a Linked Mode group, review the Linked Mode prerequisites and considerations. See the
Installation Guide.
Procedure
1 From the Start menu, select All Programs > VMware > vCenter Server Linked Mode Configuration.
2 Click Next.
4 Click Join vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of any remote vCenter Server that is or will be a member
of the group and click Next.
If you enter an IP address for the remote server, the installer converts it into a fully qualified domain name.
VMware, Inc. 57
vSphere Upgrade Guide
6 If the vCenter Server installer detects a role conflict, select how to resolve the conflict.
Option Description
Yes, let VMware vCenter Server Click Next.
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name><role_name>
where <vcenter_name> is the name of the vCenter Server system that is
joining the Linked Mode group and <role_name> is the name of the original
role.
No, I'll resolve the conflicts myself To resolve the conflicts manually:
a Using the vSphere Client, log in to the vCenter Server system that is
joining the Linked Mode group using an account with Administrator
privileges.
b Rename the conflicting role.
c Close the vSphere Client session and return to the vCenter Server
installer.
d Click Back, and click Next.
The installation continues without conflicts.
A conflict results if the joining system and the Linked Mode group each contain a role with the same name
but with different privileges.
7 Click Finish.
vCenter Server restarts. Depending on the size of your inventory, the change to Linked Mode might take
from a few seconds to a few minutes to complete.
The vCenter Server instance is now part of a Linked Mode group. It might take several seconds for the global
data (such as user roles) that are changed on one machine to be visible on the other machines. The delay is
usually 15 seconds or less. It might take a few minutes for a new vCenter Server instance to be recognized and
published by the existing instances, because group members do not read the global data very often.
After you form a Linked Mode group, you can log in to any single instance of vCenter Server and view and
manage the inventories of all the vCenter Servers in the group.
What to do next
For more information about Linked Mode groups, see Basic System Administration.
You do not need to change this value. You might want to increase this number if the vCenter Server frequently
performs many operations and performance is critical. You might want to decrease this number if the database
is shared and connections to the database are costly. VMware recommends that you not change this value
unless your system has one of these problems.
Perform this task before you configure the authentication for your database. For more information on
configuring authentication, see the documentation for your database.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Administration > vCenter
Server Configuration and click Database.
58 VMware, Inc.
Chapter 8 Postupgrade Considerations for vCenter Server
Prerequisites
You might need some or all of the following items to restore VirtualCenter and its components in the event of
a system failure or disaster. Follow your company disaster recovery guidelines for storage and handling of
these items.
n Installation media for the same version of VirtualCenter you are restoring
n VMware Infrastructure 3 license file or a running license server
n Database backup files
n SSL files found in: %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\SSL on the
VirtualCenter system
n Notes from the original installation regarding the selections, settings, and information used
n vpxd.cfg
Procedure
2 Restore the previous version of the VirtualCenter database from the backup.
3 Reinstall your original version of VirtualCenter, selecting the restored database during the installation
process.
4 Verify that the license server is running if one was in use in the original installation.
5 Restore the VirtualCenter SSL certificate folder and vpxd.cfg to the %ALLUSERSPROFILE%\Application Data
\VMware\VMware VirtualCenter directory.
VMware, Inc. 59
vSphere Upgrade Guide
60 VMware, Inc.
Upgrading Datastore and Network
Permissions 9
In previous releases of vCenter Server, datastores and networks inherited access permissions from the
datacenter. In vCenter Server 4.0, they have their own set of privileges that control access to them. This might
require you to manually assign privileges, depending on the access level you require.
In vCenter 4.0, users are initially granted the No Access role on all new managed objects, including datastores
and networks. This means, by default, users cannot view or perform operations on them. All existing objects
in vCenter maintain their permissions after the upgrade. To determine whether to assign permissions to
existing datastores and networks, the upgrade process uses the datacenter's Read-only privilege.
n If the Read-only privilege is nonpropagating (not inherited by child objects), VMware assumes access
privileges should not be assigned to datastores and networks. In such cases, you must update your roles
to include the new datastore and network privileges desired. This is required for users to view and perform
operations on these objects.
n If the Read-only privilege is propagating (inherited by child objects), VMware assumes access privileges
should be assigned to datastores and networks so users can view them and perform basic operations that
require access. In such cases, the default minimum privileges are automatically assigned during the
upgrade process.
After the upgrade process, if your roles require users to have additional privileges, for example, the ability
to delete a datastore or network, you need to update your permission roles.
Table 9-1 lists the privileges assigned to datastores and networks before the upgrade to vCenter 4.0 and after
the upgrade to vCenter 4.0, and the action required by administrators to enable access.
NOTE The Read-only propagating permission on a datacenter, as well as all other permissions you have set,
will continue to work as expected after the upgrade.
VMware, Inc. 61
vSphere Upgrade Guide
Datastore Privileges
In VMware vSphere 4.0, datastores have their own set of access control privileges. As a result, you might need
to reconfigure your permissions to grant the new datastore privileges. This is required if you have
nonpropagating Read-only permission set on the datacenter for users.
Table 9-2 lists the default datastore privileges that, when selected for a role, can be paired with a user and
assigned to a datastore.
Allocate Space Allocate space on a datastore for a virtual hosts, vCenter datastores datastores, virtual
machine, snapshot, or clone. Servers disks
Browse Browse files on a datastore, including CD- hosts, vCenter datastores datastores,
Datastore ROM or Floppy media and serial or parallel Servers datastore folders,
port files. In addition, the browse datastore hosts, virtual
privilege allows users to add existing disks machines
to a datastore.
Delete Datastore Delete a file in the datastore. hosts, vCenter datastores datastores
File Servers
File Carry out file operations in the datastore hosts, vCenter datastores datastores
Management browser. Servers
Move Datastore Move a datastore between folders in the vCenter Servers datastore, datastores,
inventory. source and datastore folders
destination
NOTE Privileges are required on both the
object
source and destination objects.
Network Privileges
In VMware vSphere 4.0, networks have their own set of access control privileges. As a result, you might need
to reconfigure your permissions to grant the new network privileges. This is required if you have
nonpropagating Read-only permission set on the datacenter.
Table 9-3 lists the default network privileges that, when selected for a role, can be paired with a user and
assigned to a network.
Assign Network Assign a network to a virtual VCenter Servers virtual network, virtual
machine. machine machine
62 VMware, Inc.
Chapter 9 Upgrading Datastore and Network Permissions
Move Network Move a network between folders in hosts, vCenter Servers network, networks
the inventory. source and
destination
NOTE Privileges are required on both
the source and destination objects.
Prerequisites
Before performing the update procedure, determine which users need access to each datastore and which
privileges each user needs. If necessary, define new datastore roles or modify the Database Consumer sample
role. This sample role assigns the Allocate Space privilege to the datastore, which enables users to perform
basic virtual machine operations, such as creating clones and taking snapshots. In addition, organize your
datastores in folders that coincide with users' access needs.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you have set,
will be kept intact after the datastore permissions upgrade.
Procedure
2 On the Home page, click Datastores to display the datastores in the inventory.
3 Select the datastore or datastore folder and click the Permissions tab.
4 Right-click in the Permissions tab and from the context pop-up menu, choose Add Permission.
This role enables users to browse the datastore without giving them other datastore privileges. For
example, choose Read-only for users who need to attach CD/DVD-ROM ISO images to a datastore.
8 Select the users and groups for whom to add the role.
VMware, Inc. 63
vSphere Upgrade Guide
9 Click OK.
All users are added to the Users and Groups list for this role.
10 Click OK.
NOTE You need to set up permissions for new datastores that you create. By default, new datastores are created
under the datacenter folder in the inventory. You can move it into a datastore folder, as appropriate.
Before performing the update procedure, determine the network organization for virtual machines, hosts, and
users. If necessary, define new networking roles or modify the Network Consumer sample role. This sample
role assigns the Assign Network privilege. In addition, group your networks in folders that coincide with your
organizational needs.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you have set,
will be kept intact after the network permissions upgrade.
Procedure
2 On the Home page, click Networking to display the networks in the inventory.
3 Select the network or network folder and click the Permissions tab.
4 Right-click in the Permissions tab and from the context menu, choose Add Permission.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you
have set, will be kept intact after the upgrade.
8 Select the users and groups for whom to add the role.
9 Click OK.
All users are added to the Users and Groups list for this role.
10 Click OK.
64 VMware, Inc.
Chapter 9 Upgrading Datastore and Network Permissions
New networks that you create are added under the datacenter by default.
NOTE You need to set up permissions for new networks that you create. By default, new networks are created
under the datacenter folder in the inventory. You can move it into a network folder, as appropriate.
VMware, Inc. 65
vSphere Upgrade Guide
66 VMware, Inc.
Preparing for the Upgrade to ESX 4.0/
ESXi 4.0 10
After completing the upgrade to vCenter Server, upgrade legacy VMware ESX/ESXi hosts to ESX 4.0/ESXi 4.0.
These topics are intended for administrators who are upgrading ESX, ESXi, and virtual machines from ESX 3.x/
ESXi 3.5 hosts to ESX 4.0/ESXi 4.0. One topic discusses the upgrade path from ESX 2.5.5.
vSphere Host Update Graphical utility for standalone hosts. Allows you to perform remote upgrades
Utility of ESX 3.x/ESXi 3.5 hosts to ESX 4.0/ESXi 4.0. vSphere Host Update Utility
upgrades the virtual machine kernel (vmkernel) and the service console, where
present. vSphere Host Update Utility does not upgrade VMFS datastores or
virtual machine guest operating systems.
vCenter Update Manager Robust software for upgrading, updating, and patching clustered hosts, virtual
machines, and guest operating systems. Orchestrates host and virtual machine
upgrades. If your site uses vCenter Server, VMware recommends that you use
VMware Update Manager instead of vSphere Host Update Utility. See the
vCenter Update Manager Administration Guide.
VMware, Inc. 67
vSphere Upgrade Guide
vSphere Host Update Utility provides an easy way to upgrade from a remote location, without a CD, and with
minimum down time. The application upgrades the virtual machine kernel (vmkernel) and the service console,
where present. vSphere Host Update Utility does not upgrade VMFS datastores or virtual machine guest
operating systems.
You can use vSphere Host Update Utility to upgrade ESX 3.x to ESX 4.0 and ESXi 3.5 hosts to ESXi 4.0. You
cannot use vSphere Host Update Utility to convert ESX hosts to ESXi hosts, or the reverse.
When you select a host to be upgraded, the tool performs an automated host compatibility check as a
preupgrade step. The check verifies that each host is compatible with ESX 4.0/ESXi 4.0, including the required
CPU, and has adequate boot and root partition space. In addition to the automated preupgrade script, you can
specify a postupgrade configuration script to ease deployment. This tool effectively eliminates the need for
complex scripted upgrades.
The Host Upgrade wizard allows you to make upgrade configuration choices. Your choices are saved in an
installation script, which the software uploads to the selected host along with the installation ISO image.
vSphere Host Update Utility supports local or remote mounted ISO binary image files.
The software initiates the upgrade by rebooting the host and running the upgrade script. While an upgrade is
in progress, vSphere Host Update Utility provides visual status so that you can monitor the status of the
upgrade. If an error occurs during this process, the software rolls back the host software to the previous ESX
version.
In addition to performing upgrades, vSphere Host Update Utility lets you learn about, download, and install
maintenance and patch releases, which provide security, stability, and feature enhancements for ESXi 4.0.
To use vSphere Host Update Utility, you must have the following items:
n A workstation or laptop with vSphere Host Update Utility installed.
vSphere Host Update Utility is bundled with the vSphere Client. You can install vSphere Host Update
Utility when you install the vSphere Client. If the vSphere Client is already installed but vSphere Host
Update Utility is not installed, you can install an updated version by rerunning the vSphere Client installer.
n A network connection between the host and the computer that is running vSphere Host Update Utility.
For example, you can define a host upgrade baseline to upgrade an ESX host to ESX 4.0, a virtual machine
upgrade baseline to upgrade the virtual machine hardware to the latest version, and the VMware Tools to the
latest version. To do this, you use wizard-based workflows to first schedule host upgrades for an entire cluster
and then schedule a virtual machine upgrade for all the virtual machines.
Built-in best practices in the wizard workflows preclude erroneous upgrade sequences. For example, the
wizard prevents you from upgrading virtual machine hardware before you upgrade hosts in a cluster.
68 VMware, Inc.
Chapter 10 Preparing for the Upgrade to ESX 4.0/ESXi 4.0
You can use Distributed Resource Scheduler (DRS) to prevent virtual machine downtime during the upgrade
process.
Update Manager monitors hosts and virtual machines for compliance against your defined upgrade baselines.
Noncompliance appears in detailed reports and in the dashboard view. Update Manager supports mass
remediation.
You can perform orchestrated upgrades of hosts at the folder, cluster, or datacenter level.
DHCP IP addresses can be problematic during host upgrades. Suppose, for example, a host loses its DHCP IP
address during the upgrade because the lease period configured on the DHCP server expires. The host upgrade
tool that you are using (either vCenter Update Manager or vSphere Host Update Utility) would lose
connectivity to the host. The host upgrade might be successful, but the upgrade tool would report the upgrade
as failed, because the tool would be unable to connect to the host. To prevent this scenario, use static IP
addresses for your hosts.
Table 10-1 lists the components that each application upgrades. For components that are not upgraded by the
listed tool, you can perform the upgrade by some other method, generally by using the vSphere Client.
After the upgrade to ESX 4.0, the service console's partitions are stored in a .vmdk file. These partitions
include /, swap, and all the optional partitions. The name of this file is esxconsole-<system-uuid>/
esxconsole.vmdk. All .vmdk files, including the esxconsole.vmdk, are stored in VMFS volumes.
VMware, Inc. 69
vSphere Upgrade Guide
ESXi
For ESXi, the upgrade to ESXi 4.0 preserves almost all configuration data, including your networking, security,
and storage configuration. The only configuration not preserved is related to licensing, because a new ESXi 4.0
license is required after the upgrade.
ESX
For ESX, the upgrade reuses the existing /boot partition to hold the ESX 4.0 boot files.
After the upgrade, the ESX 3.x installation is mounted in the new ESX 4.0 installation under the /esx3-
installation directory.
The upgrade to ESX 4.0 preserves almost all configuration data, including your networking, security, and
storage configuration. Specifically, the upgrade to ESX 4.0 preserves the following files from the ESX 3.x file
system.
n /etc/logrotate.conf
n /etc/localtime
n /etc/ntp.conf
n /etc/syslog.conf
n /etc/sysconfig/ntpd
n /etc/sysconfig/xinetd
n /etc/sysconfig/console
n /etc/sysconfig/i18n
n /etc/sysconfig/clock
n /etc/sysconfig/crond
n /etc/sysconfig/syslog
n /etc/sysconfig/keyboard
n /etc/sysconfig/mouse
n /etc/ssh
n /etc/nsswitch.conf
n /etc/yp.conf
n /etc/krb.conf
n /etc/krb.realms
n /etc/krb5.conf
n /etc/login.defs
n /etc/pam.d
n /etc/hosts.allow
70 VMware, Inc.
Chapter 10 Preparing for the Upgrade to ESX 4.0/ESXi 4.0
n /etc/hosts.deny
n /etc/ldap.conf
n /etc/openldap
n /etc/sudoers
n /etc/snmp
n /usr/local/etc
n /etc/rc.d/rc*.d/*
n /etc/xinetd.conf
n /etc/motd
n /etc/initiatorname.vmkiscsi
n /etc/vmkiscsi.conf
NOTE To migrate other files, consider using a postupgrade script. For example, you might want to create a
script that copies the .ssh directory for root. The creation of custom scripts is beyond the scope of this manual.
Procedure
n Back up the files in the /etc/passwd, /etc/groups, /etc/shadow, and /etc/gshadow directories.
The /etc/shadow and /etc/gshadow files might not be present on all installations.
n Back up any custom scripts.
n Back up your .vmx files.
n Back up local images, such as templates, exported virtual machines, and .iso files.
For more information about the VMware vSphere Command-Line Interface and the vicfg-cfgbackup
command, see the vSphere Command-Line Interface Installation and Reference Guide.
Procedure
2 In the vSphere CLI, run the vicfg-cfgbackup command with the -s flag to save the host configuration to
a specified backup filename.
vicfg-cfgbackup --server <ESXi-host-ip> --portnumber <port_number> --protocol
<protocol_type> --username username --password <password> -s <backup-filename>
VMware, Inc. 71
vSphere Upgrade Guide
You can upgrade most versions of VMware ESX/ESXi to the ESX 4.0/ESXi 4.0 version. You cannot perform an
in-place upgrade from ESX to ESXi (or from ESXi to ESX). To upgrade virtual machines from ESX to ESXi (or
from ESXi to ESX), you must perform a migration upgrade.
Table 10-2 gives details of upgrade support for ESX and ESXi. Upgrade support for a version of ESX/ESXi
includes all associated update releases. For example, where upgrading from ESX 3.5 is supported, upgrades
from ESX 3.5 Update 1, ESX 3.5 Update 2, and so on are included.
When you upgrade from ESX 2.5.5 to ESX 4.0, you can perform a migration upgrade with or without VMotion.
In a migration upgrade, you migrate ESX 2.5.5 virtual machines to ESX 4.0 hosts, as follows: Evacuate the
virtual machines from the ESX 2.5.5 host. Do a fresh install of ESX 4.0. Migrate the virtual machines back to
the newly installed ESX 4.0 host. See “Upgrading by Moving Virtual Machines Using Upgrade VMotion,” on
page 18.
72 VMware, Inc.
Chapter 10 Preparing for the Upgrade to ESX 4.0/ESXi 4.0
Direct, in-place upgrade from ESX 2.5.5 to ESX 4.0 is not supported, even if you upgrade to ESX 3.x as an
intermediary step. The default ESX 2.5.5 installation creates a /boot partition that is too small to enable
upgrades to ESX 4.0. As an exception, if you have a non-default ESX 2.5.5 installation on which at least 100MB
of space is available on the /boot partition, you can upgrade ESX 2.5.5 to ESX 3.x and then to ESX 4.0.
The upgrade of ESX 2.5.5 to ESX 3.x requires the use of one of the following methods:
n Graphical upgrade from CD
n Text-mode upgrade from CD
n Tarball upgrade using the service console
n Scripted upgrade from CD or PXE server using esxupdate
n Scripted upgrade from CD or PXE server using kickstart commands
For information about these upgrade methods, see the VMware Infrastructure 3 documentation.
For the upgrade of ESX 3.x to ESX 4.0, you can use vSphere Host Update Utility or vCenter Update Manager.
VMware, Inc. 73
vSphere Upgrade Guide
74 VMware, Inc.
Upgrade to ESX 4.0 or ESXi 4.0 11
The upgrade procedures differ for ESX 4.0 and ESXi 4.0.
CAUTION You must upgrade to vCenter Server before you upgrade ESX/ESXi. If you do not upgrade in the
correct order, you can lose data and lose access to your servers.
vSphere Host Update Utility is meant for small deployments in which a host is being managed by a single
administrator. For example, the following scenario is not supported: Admin 1 starts to upgrade host1 using
vSphere Host Update Utility. Admin 2 starts the vSphere Host Update Utility, detects that host1 is running
ESX 3.5, and tries to upgrade the host. The vSphere Host Update Utility does not report that an upgrade is
already in progress.
VMware supports and recommends that you perform one upgrade at a time when you use vSphere Host
Update Utility. If you do upgrade multiple hosts simultaneously and the upgrade fails for one of the hosts,
you must close and restart vSphere Host Update Utility to retry the upgrade on the host that failed. In this
case, you must wait until the upgrade for all the hosts is complete before you restart the utility. For simplicity,
it is best practice to upgrade one host at a time.
IMPORTANT For large deployments and for environments with clustered hosts, VMware recommends that you
use vCenter Update Manager instead of vSphere Host Update Utility.
When you upgrade a host, no third-party management agents or third-party software applications are
migrated to the ESX 4.0/ESXi 4.0 host.
Prerequisites
VMware, Inc. 75
vSphere Upgrade Guide
Procedure
1 Download an ESX 4.0 ISO file and save it on the same Windows computer on which vSphere Host Update
Utility is installed.
2 Use the vSphere Client to put the host into maintenance mode.
3 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
If a host is not in the list, you can add it by selecting Host > Add Host.
5 Type the location of the ESX 4.0 installation file to use or click Browse to select the location from a file
browser and click Next.
6 Select I accept the terms in the license agreement and click Next.
7 Type the administrative account information for the selected host and click Next.
8 Select the datastore and size of the service console virtual disk (VMDK).
VMware recommends that you select a datastore that is local to the ESX host. The service console VMDK
requires at least 8.4GB of available space.
NFS and software iSCSI datastores are not supported as the destination for the ESX 4.0 service console
VMDK.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
9 (Optional) To disable automatic rollback, deselect the Attempt to reboot host and roll back upgrade in
case of failure check box.
By default, if upgrade errors occur, the host reboots and rolls back the upgrade. If you disable this behavior,
you can troubleshoot the errors manually.
10 (Optional) To automate post-upgrade configuration, select Run a post-upgrade script and type the
location of a custom post-upgrade script, or click Browse to select the location from a file browser.
The upgrade installer supports the Bash (.sh) and Python (.py) interpreters.
11 (Optional) Select Roll back the upgrade if the post-upgrade script fails and select the number of seconds
(0 to 180 seconds) for the installer to wait before it rolls back the upgrade if the post-upgrade script fails.
By default, if the post-upgrade script fails, the host upgrade remains in effect.
12 Click Next.
The host upgrade begins. You can view the upgrade progress in the Host Details pane.
The host is upgraded to ESX 4.0. If the upgrade fails, restart the vSphere Host Update Utility before you retry
the upgrade.
The vSphere Host Update Utility might appear to stop working. If this happens, wait several minutes to see
if the utility starts working again. VMware recommends that you do not cancel the upgrade at any point during
the upgrade process. The host might appear to successfully boot into ESX 4.0. If this happens, continue to wait
until the utility displays the message: Upgrade Succeeded before you close the utility.
76 VMware, Inc.
Chapter 11 Upgrade to ESX 4.0 or ESXi 4.0
What to do next
vSphere Host Update Utility is meant for small deployments in which a host is being managed by a single
administrator. For example, the following scenario is not supported: Admin 1 starts to upgrade host1 using
vSphere Host Update Utility. Admin 2 starts the vSphere Host Update Utility, sees that host1 is running ESXi
3.5, and tries to upgrade the host. The vSphere Host Update Utility does not report that an upgrade is already
in progress.
VMware supports and recommends that you perform one upgrade at a time when you use vSphere Host
Update Utility. If you do upgrade multiple hosts simultaneously and the upgrade fails for one of the hosts,
you must close and restart vSphere Host Update Utility to retry the upgrade on the host that failed. In this
case, you must wait until the upgrade for all the hosts is complete before you restart the utility. For simplicity,
it is best practice to upgrade one host at a time.
IMPORTANT For large deployments and for environments with clustered hosts, VMware recommends that you
use vCenter Update Manager instead of vSphere Host Update Utility.
When you upgrade a host, no third-party management agents or third-party software applications are
migrated to the ESX 4.0/ESXi 4.0 host.
Prerequisites
Procedure
1 Download an ESXi 4.0 ZIP file and save it on the same Windows computer on which vSphere Host Update
Utility is installed.
2 Use the vSphere Client to put the host into maintenance mode.
3 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
If a host is not in the list, you can add it by selecting Host > Add Host.
5 Type the location of the ESXi 4.0 upgrade file to use or click Browse to select the location from a file browser
and click Next.
6 Select I accept the terms in the license agreement and click Next.
7 Type the administrative account information for the selected host and click Next.
8 Click Finish.
The host upgrade begins. You can view the upgrade progress in the Host Details pane.
VMware, Inc. 77
vSphere Upgrade Guide
The host is upgraded to ESXi 4.0. If the upgrade fails, restart vSphere Host Update Utility before you retry the
upgrade.
vSphere Host Update Utility might appear to stop working. If this happens, wait several minutes to see if the
utility starts working again. VMware recommends that you do not cancel the upgrade at any point during the
upgrade process. The host might appear to successfully boot into ESXi 4.0. If this happens, continue to wait
until the message Upgrade Succeeded appears before you close the utility.
What to do next
78 VMware, Inc.
Postupgrade Considerations for
Hosts 12
A host upgrade is not entirely complete until after you have ensured that the host management, configuration,
and licensing is in place.
For ESXi, you can use the vSphere Client to export the log files.
For a successful ESX upgrade, you can find upgrade log files at these locations on the host:
n /esx3-installation/esx4-upgrade/
n /var/log/vmware/
For an unsuccessful ESX upgrade, you can find upgrade log files at these locations on the host:
n /esx4-upgrade/
n /var/log/vmware/
n If vCenter Server manages the host, you must reconnect the host to vCenter Server by right-clicking the
host in the vCenter Server inventory and selecting Connect.
n When the upgrade is complete, ESX/ESXi is in evaluation mode. Evaluation mode lasts for 60 days. You
must assign an upgraded license to your product within 60 days after the upgrade. Use the License Portal
and the vSphere Client to configure licensing.
n On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your ESX/ESXi license. Use the vSphere Client to assign the upgraded license key to the ESX/
ESXi host.
n The host sdX devices might be renumbered after the upgrade. If necessary, update any scripts that
reference sdX devices.
n After the ESX/ESXi upgrade, you must convert LUN masking to the claim rule format. To do this, run the
esxcli corestorage claimrule convert command in the vSphere Command-Line Interface. This
command converts the /adv/Disk/MaskLUNs advanced configuration entry in esx.conf to claim rules with
MASK_PATH as the plug-in. See the vSphere Command-Line Interface Installation and Reference Guide.
VMware, Inc. 79
vSphere Upgrade Guide
n “vSphere Host Update Utility Support for Rolling Back ESX/ESXi Upgrades,” on page 82
n “Roll Back an ESX Upgrade,” on page 82
n “Roll Back an ESXi Update, Patch, or Upgrade,” on page 83
n “Restore the ESX Host Configuration,” on page 83
n “Restore the ESXi Host Configuration,” on page 83
vSphere Web Access is a user interface that runs in a Web browser and provides access to the virtual machine’s
display. The vSphere Web Access service is installed when you install ESX 4.0 or vCenter Server 4.0, but is not
running by default. Before you log in and start managing virtual machines, you must start the vSphere Web
Access service on your ESX or vCenter Server instance.
Prerequisites
You must have root privileges to check the status and run the vSphere Web Access service.
Procedure
2 Type the command to check whether the Web Access service is running.
3 (Optional) If vSphere Web Access is not running, type the command to start Web Access.
What to do next
You can now use vSphere Web Access to log in to the ESX host. See the vSphere Web Access Administrator's
Guide.
The 60-day evaluation count down starts even if the host is licensed and you are not using evaluation mode.
For example, suppose you decide 10 days after the first power-on to switch from licensed mode to evaluation
mode. Only 50 days remain of the evaluation period. Sixty days after the first power-on, it is too late to switch
to evaluation mode because zero days remain of the evaluation period. During the evaluation period, if you
switch the ESX/ESXi machine from evaluation mode to licensed mode, the evaluation timer does not stop
counting down.
To prevent losing the availability of the evaluation mode, VMware recommends that before (or shortly after)
you power on your ESX/ESXi machine for the first time, decide whether you want to use evaluation mode.
One advantage of using evaluation mode is that it offers full feature functionality, which lets you try features
that you might not have yet without paying additional license costs.
80 VMware, Inc.
Chapter 12 Postupgrade Considerations for Hosts
After you upgrade a host from ESX 3.x to ESX 4.0, the ESX bootloader boots into ESX 4.0 by default, but retains
the option to boot into ESX 3.x. The ESX 3.x boot option is useful if the ESX 4.0 upgrade does not work as
expected in your environment. However, after you confirm that the upgrade is stable, you might want to
disable the ability to roll back to ESX 3.x.
This procedure is applicable only if you left the default rollback option enabled when you performed the
upgrade. If you deselected the rollback option, this procedure is not applicable. Only a system administrator
can perform this optional procedure.
Prerequisites
Before executing this script, make sure that you have copied all required data from the legacy ESX mount
points under /esx3-installation.
Procedure
1 In the ESX 4.0 service console, run the cleanup-esx3 command with the optional -f (force) flag.
If you omit the -f flag, the software prompts you to confirm that you want to disable the ability to roll
back to the ESX 3.x.
While the server is powering on, observe that the bootloader menu does not include an option for ESX
3.x.
The host looks the same as a clean installation of ESX 4.0. The cleanup-esx3 script removes the following files
and references from the ESX 4.0 host:
n ESX 3.x references in the /etc/fstab directory
n ESX 3.x boot files in the /boot directory
n The rollback-to-esx3 script in the /usr/sbin/ directory
NOTE Consider leaving the license server and the license server configuration in place if the vCenter Server
instance might need to manage ESX 3.x/ESXi 3.5 hosts in the future. The license server does not interfere with
operations if you leave it in place.
Procedure
1 As Administrator on the Microsoft Windows system, select Start > Settings > Control Panel > Add/
Remove Programs.
3 Click Yes to confirm that you want to remove the program and click Finish.
5 In the License Server text box, delete the path to the license server.
VMware, Inc. 81
vSphere Upgrade Guide
6 If the Reconfigure ESX 3 hosts using license servers to use this server option is selected, unselect it.
7 Click OK.
For ESX, the default behavior for vSphere Host Update Utility is to roll back the host to the previous version
of ESX if the upgrade does not complete successfully. You can override the default behavior by deselecting the
Attempt to reboot host and roll back upgrade in case of failure check box in the upgrade wizard. Disabling
the roll back allows you to debug your host if the installer fails.
For ESXi, vSphere Host Update Utility does not support roll back. However, after an upgrade, the ESXi host
might reboot into the previous version of the firmware if the upgrade version does not boot successfully. You
cannot disable this behavior. If the upgrade fails for VMware Tools or the vSphere Client, roll back is not
supported and the packages are removed from the host. The packages are removed because insufficient space
is available on ESXi for two versions of VMware Tools and two versions of the vSphere Client. vSphere Host
Update Utility must delete the previous versions before writing the new versions to disk.
After the roll back, upgrade to ESXi 3.5 Update 4 to obtain the latest version of ESXi 3.5 firmware, VMware
Tools and the VI Client.
Procedure
The rollback-to-esx3 command reconfigures the bootloader to boot into ESX 3.x and removes the ability
to boot into ESX 4.0.
You can include the optional -f (force) flag. If you omit the -f flag, you are prompted to confirm that you
want to roll back to ESX 3.x.
While the host is powering on, observe that the boot menu has changed to ESX 3.x.
3 After the host boots into ESX 3.x, delete the ESX 4.0 service console VMDK folder from the VMFS datastore.
The service console VMDK folder name has the following format: esxconsole-<UUID>.
82 VMware, Inc.
Chapter 12 Postupgrade Considerations for Hosts
ESXi permits only one level of rollback. Only one previous build can be saved at a time. In effect, each ESXi 4.0
host stores up to two builds, one boot build and one standby build.
When you manually boot into the standby build instead of the current boot build, an irreversible rollback
occurs. The standby build becomes the new boot build and remains the boot build until you perform another
update.
Procedure
2 When the page that displays the current boot build appears, press Shift+r to select the standby build.
The previous update rolls back. The standby build becomes the boot build.
Procedure
1 Reinstall the original version of ESX on the host. See the Installation Guide.
See http://www.vmware.com/resources/techresources/610.
To restore a configuration on a host, you must run the vSphere CLI virtual appliance from a remote host. When
you restore the configuration, the target host must be in maintenance mode, which means all virtual machines
(including the vSphere CLI virtual appliance) must be powered off.
For more information, see the ESXi and vCenter Server Setup Guide.
For more information about the VMware vSphere Command-Line Interface and the vicfg-cfgbackup
command, see the vSphere Command-Line Interface Installation and Reference Guide.
Procedure
3 In the vSphere CLI, run the vicfg-cfgbackup command with the -l flag to load the host configuration
from a specified backup file.
VMware, Inc. 83
vSphere Upgrade Guide
84 VMware, Inc.
Upgrading Virtual Machines 13
After you perform an ESX/ESXi upgrade, VMware recommends that you upgrade all the virtual machines that
reside on the host.
The first step in upgrading virtual machines is to upgrade VMware Tools. If the virtual machines do not have
VMware Tools installed, you can use the VMware Tools upgrade procedure to install VMware Tools. After
you install or upgrade VMware Tools, upgrade the virtual machine hardware.
vSphere Client Requires you to perform the virtual machine upgrade one step at a time.
vCenter Update Manager Automates the process of upgrading and patching virtual machines, thereby
ensuring that the steps occur in the correct order. You can use vCenter Update
Manager to directly upgrade virtual machine hardware, VMware Tools, and
virtual appliances. You can also patch and update third-party software running
on the virtual machines and virtual appliances. See the vCenter Update Manager
Administration Guide.
VMware, Inc. 85
vSphere Upgrade Guide
Although the guest operating system can run without VMware Tools, you lose important functionality and
convenience. If you do not have VMware Tools installed in your virtual machine, you cannot use the shutdown
or restart options. You can use only the power options. Shut down the guest operating system from the virtual
machine console before you power off the virtual machine.
The installers for VMware Tools for Microsoft Windows, Linux, Solaris, and NetWare guest operating systems
are built into ESX/ESXi and VMware Server as ISO image files. An ISO image file looks like a CD-ROM to your
guest operating system and even appears as a CD-ROM disc in Microsoft Windows Explorer. You do not use
an actual CD-ROM disc to install VMware Tools, nor do you need to download the CD-ROM image or burn
a physical CD-ROM of this image file.
When you install VMware Tools, VMware vCenter Server temporarily connects the virtual machine’s first
virtual CD-ROM disk drive to the ISO image file that contains the VMware Tools installer for your guest
operating system. You are ready to begin the installation process.
When you upgrade VMware Tools, the software completely uninstalls and reinstalls the VMware Tools
package. For this reason, some functionality such as networking might temporarily stop working in the middle
of the upgrade procedure. The functionality is restored at the end of the upgrade procedure.
If you create a virtual machine on ESX 4.0/ESXi 4.0 and select the typical path, the virtual hardware version is
version 7. Virtual machines with virtual hardware version 7 are not supported on ESX 3.x/ESXi 3.5 hosts. When
you create virtual machines on ESX 4.0/ESXi 4.0, select the custom path and select virtual hardware version 4
to ensure that your virtual machines can run on ESX 3.x/ESXi 3.5 hosts. When the virtual machines have virtual
hardware version 4, you can migrate the virtual machines between the ESX 3.x/ESXi 3.5 and ESX 4.0/ESXi 4.0
hosts and use VMotion.
If you create virtual machines that use paravirtualization (VMI) or an enhanced networking device (vmxnet),
VMotion is not supported. In this case, you can move the virtual machine to the ESX 3.x host if the virtual
machine is powered off. Virtual machines that you create on ESX 4.0/ESXi 4.0 hosts are not supported on ESX 2.x
hosts.
Update Manager makes the process of upgrading the virtual machines convenient by providing baseline
groups. When you remediate a virtual machine against a baseline group containing the
VMware Tools Upgrade to Match Host baseline and the VM Hardware Upgrade to Match Host baseline,
Update Manager sequences the upgrade operations in the correct order. As a result, the guest operating system
is in a consistent state at the end of the upgrade.
86 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
If an ESX/ESXi host is not managed by vCenter Server, you cannot use VMotion to move virtual machines. The
virtual machines must have some downtime when the ESX/ESXi host reboots after upgrade.
You might not have to shut down more than a single virtual machine at any given time. You can stagger virtual
machine downtimes to accommodate a schedule convenient to you and your customers.
For example:
n If your virtual machine users are located in diverse time zones, you can prepare by migrating virtual
machines to specific hosts to serve a given time zone. This way you can arrange host upgrades so that
virtual machine downtime occurs transparently outside business hours for that time zone.
n If your virtual machine users operate around the clock, you can delay downtime for their virtual machines
to normally scheduled maintenance periods. You do not need to upgrade any stage within a certain time
period. You can take as long as needed at any stage.
During the VMware Tools upgrade, the virtual machine remains powered on. For Microsoft Windows
operating systems, you must reboot the guest operating system at the end of the VMware Tools upgrade
procedure. For Linux, Netware, and Solaris guest operating systems, no reboot is required at the end of the
procedure.
c Reboot the virtual machine at the end of the VMware Tools upgrade.
g The Windows operating system detects new devices and prompts you to reboot the virtual machine.
During the virtual hardware upgrade, the virtual machine must be shut down for all guest operating systems.
VMware, Inc. 87
vSphere Upgrade Guide
Table 13-1 summarizes the downtime required by guest operating system and by upgrade operation.
Microsoft Windows Downtime for reboot of guest Downtime for shut down and power on of
operating system virtual machine
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 If the Microsoft Windows New Hardware wizard appears in the virtual machine console, complete the
wizard and accept the defaults.
Upgrading virtual hardware and installing or upgrading VMware Tools includes enhancements to the
virtual network adapter. A Microsoft Windows guest operating system might interpret these changes as
indicating a different network adapter in the virtual machine and start the New Hardware wizard
accordingly.
88 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
What to do next
Prerequisites
NOTE This procedure requires the RPM installer. The RPM installer is not available for ESXi hosts. Only the
tar installer is available for ESXi hosts. For ESXi hosts, see “Perform an Interactive Upgrade of VMware Tools
on a Linux Guest with the Tar Installer,” on page 91.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
When the installer is finished, VMware Tools is installed. No confirmation or finish button appears.
9 In a terminal window, as root (su -), run the following command to configure VMware Tools:
vmware-config-tools.pl
VMware, Inc. 89
vSphere Upgrade Guide
10 Answer the prompts and press Enter to accept the default values if appropriate for your configuration
and follow the instructions at the end of the script.
11 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
What to do next
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
NOTE The RPM installer is not available for ESXi hosts. Only the tar installer is available for ESXi hosts. For
ESXi hosts, see “Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the Tar Installer,”
on page 91.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 In the virtual machine console, log in as root (su -) and, if necessary, create the /mnt/cdrom directory:
mkdir /mnt/cdrom
Some Linux distributions automatically mount CD-ROMs. If your distribution uses automounting, do not
use the mount and umount commands.
90 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
Some Linux distributions use different device names or organize the /dev directory differently. Modify
the following commands to reflect the conventions used by your distribution:
mount /dev/cdrom /mnt/cdrom
cd /tmp
9 (Optional) If you have a previous installation, delete the previous vmware-tools-distrib directory:
rm -rf /tmp/vmware-tools-distrib
10 List the contents of the /mnt/cdrom/ directory and note the filename of the VMware Tools RPM installer:
ls /mnt/cdrom
11 Uncompress the rpm installer, where <xxxxxx> is the build or revision number of the ESX/ESXi version:
rpm -Uhv /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.i386.rpm
If you attempt to install an RPM installation over a tar installation, or the reverse, the installer detects the
previous installation and must convert the installer database format before continuing.
15 Answer the prompts and press Enter to accept the default values if appropriate for your configuration
and follow the instructions at the end of the script.
16 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
What to do next
VMware, Inc. 91
vSphere Upgrade Guide
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 In the virtual machine console, log in as root (su -) and, if necessary, create the /mnt/cdrom directory:
mkdir /mnt/cdrom
Some Linux distributions automatically mount CD-ROMs. Verify the state by running the mount
command. If the CD-ROM device is mounted, each of the device's partitions with a recognized file system
appears in the output of the mount command as something like this:
/dev/cdrom on /mnt/cdrom type iso9660 (ro,nosuid,nodev)
If the CD-ROM device is listed, it is mounted. If the CD-ROM device is already mounted, do not use the
mount and umount commands.
Some Linux distributions use different device names or organize the /dev directory differently. Modify
the following commands to reflect the conventions used by your distribution:
mount /dev/cdrom /mnt/cdrom
10 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools tar installer:
ls /mnt/cdrom
11 Uncompress the tar installer, where <xxxxxx> is the build or revision number of the ESX/ESXi version.
tar zxpf /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.tar.gz
If you attempt to install a tar installation over an RPM installation, or the reverse, the installer detects the
previous installation and must convert the installer database format before continuing.
92 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
./vmware-install.pl
14 Answer the prompts and press Enter to accept the default values if appropriate for your configuration
and follow the instructions at the end of the script.
15 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
16 (Optional) When the upgrade is complete, log off the root account:
exit
What to do next
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 In the virtual machine console, log in as root (su -) and, if necessary, mount the VMware Tools virtual
CD-ROM image, as follows.
Usually, the Solaris volume manager mounts the CD-ROM under /cdrom/vmwaretools. If the CD-ROM is
not mounted, restart the volume manager using the following commands:
/etc/init.d/volmgt stop
/etc/init.d/volmgt start
VMware, Inc. 93
vSphere Upgrade Guide
7 After the CD-ROM is mounted, change to a working directory (for example, /tmp) and extract VMware
Tools:
cd /tmp
Respond to the prompts and press Enter to accept the default values.
What to do next
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 In the virtual machine console, load the CD-ROM driver so the CD-ROM device mounts the ISO image
as a volume.
7 Select Novell > Utilities > Server Console to open the Netware Server Console, and enter one of the
following commands:
n In the NetWare 6.5 Server Console, enter: LOAD CDDVD.
n In the NetWare 6.0 or NetWare 5.1 Server Console, enter: LOAD CD9660.NSS.
94 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
9 Check the VMware Tools label on the virtual machine Summary tab.
When the installation finishes, the message VMware Tools for NetWare are now running appears in the Logger
Screen (NetWare 6.5 and NetWare 6.0 guests) or the Console Screen (NetWare 5.1 guests).
What to do next
Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
Prerequisites
You must have the following items before you perform an automatic upgrade:
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
If the guest operating system has an out-of-date version of VMware Tools, the Install/Upgrade Tools dialog
box appears.
VMware, Inc. 95
vSphere Upgrade Guide
6 (Optional) For Microsoft Windows guest operating systems only, specify a location for the log file by
entering values in the Advanced Options field.
7 Click OK.
8 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
What to do next
Prerequisites
Create backups or snapshots of the virtual machines. See Basic System Administration.
Procedure
3 Select the host or cluster that contains the virtual machines to upgrade.
7 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
What to do next
(Recommended) Upgrade the virtual machine hardware to version 7. See “Upgrade Virtual Hardware on
Multiple Virtual Machines,” on page 98.
96 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n Virtual machines must have a version of VMware Tools shipped with ESX 3.0.1 or later installed.
n Virtual machines must be hosted on an ESX 3.0.1 or later, and VirtualCenter must be version 2.0.1 or later.
Virtual machines residing on a VMware Server host cannot be automatically upgraded.
n Virtual machines must be running a Linux or Microsoft Windows guest operating system that is supported
by ESX 3.0.1 or later and VirtualCenter 2.0.1 or later.
Procedure
4 In the Advanced pane, select Check and upgrade Tools before each power-on and click OK.
The next time you power on the virtual machine, it checks the ESX/ESXi host for a newer version of VMware
Tools. If a newer version is available, it is installed and the guest operating system is restarted (if required).
What to do next
VMware, Inc. 97
vSphere Upgrade Guide
Prerequisites
n Create a backup or snapshot of the virtual machine. See Basic System Administration.
n Upgrade VMware Tools.
n Make sure that all .vmdk files are available to the ESX/ESXi host on a VMFS3 datastore.
n Make sure that the virtual machine is stored on VMFS3 or NFS datastores.
n Make sure that no suspend files exist.
n Make sure that at least one virtual disk exists.
n Determine the version of the virtual hardware by selecting the virtual machine and clicking the Summary
tab. The VM Version label displays the virtual hardware version.
IMPORTANT VMware recommends that before you upgrade the virtual hardware, first upgrade VMware Tools
on the virtual machine. This is especially important for virtual machines with Microsoft Windows guest
operating systems. On Microsoft Windows virtual machines, if you upgrade the virtual hardware before you
upgrade VMware Tools, the virtual machine might lose its network settings.
To automate this process, consider using vCenter Update Manager for virtual machine upgrades. vCenter
Update Manager ensures that upgrade procedures happen in the correct order. See the vCenter Update Manager
Administration Guide.
Procedure
2 From the vSphere Client, right-click a virtual machine in the inventory and select Upgrade Virtual
Hardware.
The software upgrades the virtual hardware to the latest supported version.
The Upgrade Virtual Hardware option appears if the virtual hardware on the virtual machine is not the
latest supported version.
If the virtual machine has a Microsoft Windows guest operating system, the operating system detects a
new device, configures the device, and prompts you to reboot the guest operating system. If any unknown
devices are recognized, the operating system prompts you to configure the device manually.
5 For Windows guest operating systems, reboot the guest operating system to make the changes take effect.
The virtual hardware version is 7 on the VM Version label on the virtual machine Summary tab.
Prerequisites
n Create backups or snapshots of the virtual machines. See Basic System Administration.
n Upgrade VMware Tools.
n Make sure that all .vmdk files are available to the ESX/ESXi host on a VMFS3 datastore.
n Make sure that the virtual machines are stored on VMFS3 or NFS datastores.
n Make sure that no suspend files exist.
n Make sure that at least one virtual disk exists for each virtual machine.
98 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
Procedure
3 Select the host or cluster that contains the virtual machines to upgrade.
6 Right-click your selections, select Upgrade Virtual Hardware and click Yes.
7 Power on the virtual machines.
For Microsoft Windows guest operating systems, the operating system detects a new device, configures
the device, and prompts you to reboot the guest operating system. If any unknown devices are recognized,
the operating system prompts you to configure the device manually.
8 For Windows guest operating systems, reboot the guest operating system to make the changes take effect.
The virtual hardware version is 7 on the VM Version label on the virtual machine Summary tab.
VMware, Inc. 99
vSphere Upgrade Guide
VMware provides the following tools for installing updates and patches to ESX/ESXi hosts:
vCenter Update Manager For ESX and ESXi, automates patching and updates. See the vCenter Update
Manager Administration Guide.
esxupdate Command-line utility for ESX only. See the Patch Management Guide.
You can use vSphere Host Update Utility to check for new release updates and patches that are applicable to
the ESXi hosts registered in the vSphere Host Update Utility. vSphere Host Update Utility builds the host list
by tracking the hosts that you connect to directly through the vSphere Client. You can also add hosts to the
list manually.
To use vSphere Host Update Utility, you must have the following items:
n A workstation or laptop with vSphere Host Update Utility installed.
vSphere Host Update Utility is bundled with the vSphere Client. You can install vSphere Host Update
Utility when you install the vSphere Client. If the vSphere Client is already installed but vSphere Host
Update Utility is not installed, you can install an updated version by rerunning the vSphere Client installer.
n A network connection between the host and the computer that is running vSphere Host Update Utility.
Prerequisites
Procedure
1 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
vSphere Host Update Utility verifies that the selected host is reachable and adds the host to the list.
What to do next
Procedure
1 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
vSphere Host Update Utility downloads patches and updates from the official servers.
What to do next
These behaviors are expected and are managed by vSphere Host Update Utility as needed. If you install a
patch, do not be concerned if vSphere Host Update Utility installs multiple patches.
Procedure
1 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
2 Select a host.
For each host that you scan, vSphere Host Update Utility downloads available updates to the host. After
the host is updated, an OK button appears.
6 Click OK.
After all updates are applied, vSphere Host Update Utility restarts the updated services.
What to do next
If you have multiple hosts, repeat this procedure until all hosts are updated.
Customize the application by modifying the settings.config XML file, located in the application folder. If
you installed the vSphere Client at the default location, the settings.config XML file is located at one of the
following locations:
n 32-bit OS: %PROGRAMFILES%\VMware\Infrastructure\VIUpdate 4.0
n 64-bit OS: %PROGRAMFILES(X86)%\VMware\Infrastructure\VIUpdate 4.0
RemoteDepot URL of the remote server to retrieve host patches and updates.
LocalDepot Local path on your machine where host patches and updates are stored.
ProxyServer Proxy server to use for downloads. By default, this element is empty.
AskBeforeDownload Display a confirmation prompt to download patches from the VMware patch
repository. Can be True or False. By default, the value is set to True.
For each update, the update utility updates the standby build. After the update, you then reboot the host. After
the host reboots, the standby build becomes the boot build, and the previous boot build becomes the standby
build. If the update is successful, the host continues to boot from the new boot build until the next update.
For example, suppose the current boot build is 52252 and the current standby build is 51605. When you update
the host to build 52386, the update process replaces build 51605 with build 52386 and makes build 52252 the
standby build. If the update is successful, you continue to boot from build 52386 until the next update.
If an update fails and the ESXi 4.0 host cannot boot from the new build, the host reverts to booting from the
original boot build.
ESXi permits only one level of rollback. Only one previous build can be saved at a time. In effect, each ESXi 4.0
host stores up to two builds, one boot build and one standby build.
When you manually boot into the standby build instead of the current boot build, an irreversible rollback
occurs. The standby build becomes the new boot build and remains the boot build until you perform another
update.
Procedure
2 When the page that displays the current boot build appears, press Shift+r to select the standby build.
The previous update rolls back. The standby build becomes the boot build.
IMPORTANT Run vihostupdate on ESX 4.0/ESXi 4.0 hosts. Run vihostupdate35 on ESX 3.5/ESXi 3.5 hosts.
NOTE The esxupdate utility is supported as well. It is for ESX only. See the Patch Management Guide.
The vihostupdate command works with bulletins. Each bulletin consists of one or more vSphere bundles and
addresses one or more issues.
Towards the end of a release, bulletins include a large number of other bulletins. Bulletins are available in
offline bundles and in a depot with associated metadata.zip files.
n If you use offline bundles, all patches and corresponding metadata are available as one ZIP file.
n If you use a depot, the metadata.zip file points to metadata, which describes the location of the files.
The command supports querying installed software on a host, listing software in a patch, scanning for bulletins
that apply to a host, and installing all or some bulletins in the patch. You can specify a patch by using a bundle
ZIP file or a depot’s metadata ZIP file.
vihostupdate supports https://, http://, and ftp:// downloads. You can specify the protocols in the
download URL for the bundle or metadata file. vihostupdate also supports local paths. See “Update an ESX/
ESXi Host Using Offline Bundles with the vihostupdate Utility,” on page 105. To search a local depot where
the vSphere CLI is installed, use /local/depot/metadata.zip without of the file:/// parameter.
Update an ESX/ESXi Host Using Offline Bundles with the vihostupdate Utility
You can use the vihostupdate utility in conjunction with offline bundles or with a depot. This topic describes
the procedure using offline bundles.
Prerequisites
Before you can update or patch an ESX/ESXi host from the command line, you must have access to a machine
on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the
vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Power off any virtual machines that are running on the host and place the host into maintenance mode.
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
3 (Optional) List all the bulletins that are available in the bundle.
n Search an offline HTTP server:
vihostupdate.pl --server <server> --list --bundle http://<webserver>/rollup.zip
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Prerequisites
Before you can update or patch an ESX/ESXi host from the command line, you must have access to a machine
on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the
vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Power off any virtual machines that are running on the host and place the host into maintenance mode.
2 Scan the depot for bulletins that are applicable to the host:
vihostupdate.pl --server <server> --scan --metadata http://<webserver>/depot/metadata.zip
Do not specify more than one ZIP file at the command line each time you run the command. If you specify
--metadata more than once, the command processes only the last file that was specified.
3 (Optional) List all bulletins in the depot at the metadata.zip file location:
vihostupdate.pl --list --metadata http://<webserver>/depot/metadata.zip
This command lists all the bulletins in the depot, even those that do not apply to the host.
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Prerequisites
Before you can uninstall an update or patch from an ESX/ESXi host from the command line, you must have
access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You
can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere
Management Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about deploying or
installing the vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
EN-000105-03
vSphere Basic System Administration
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 9
Getting Started
1 vSphere Components 15
Components of vSphere 15
vSphere Client Interfaces 17
Functional Components 17
Managed Components 19
Access Privileges Components 21
vCenter Server Modules 21
vCenter Components That Require Tomcat 22
Optional vCenter Server Components 22
VMware, Inc. 3
vSphere Basic System Administration
4 VMware, Inc.
Contents
VMware, Inc. 5
vSphere Basic System Administration
System Administration
6 VMware, Inc.
Contents
Appendixes
VMware, Inc. 7
vSphere Basic System Administration
Index 357
8 VMware, Inc.
Updated Information
This Basic System Administration is updated with each release of the product or when necessary.
This table provides the update history of the Basic System Administration.
Revision Description
EN-000105-03 n The list of supported guest operating systems in topic “Linux Requirements for
Guest Customization,” on page 177 has been revised.
EN-000105-02 n The following sentence has been removed from the note in“Change the Virtual
Processor or CPU Configuration,” on page 150: "Changing the number of
processors an imported virtual machine uses is not supported." This information no
longer pertains to vSphere.
n Added information to “About Snapshots,” on page 203 that clarifies the issue of
using snapshots for virtual machine backups.
EN-000105-01 n The topic “Add a USB Controller to a Virtual Machine,” on page 166 now reflects
that although you can add a USB controller to a virtual machine, adding USB devices
is not supported.
n Chapter 16, “Migrating Virtual Machines,” on page 185 has been revised to remove
references to VMware Server. VMware Server hosts are not supported by vCenter
Server.
n In Table A-21 the description for the Host USB device privilege now reflects that
adding USB devices to virtual machines is not supported.
n Minor revisions.
VMware, Inc. 9
vSphere Basic System Administration
10 VMware, Inc.
About This Book
®
This manual, Basic System Administration, describes how to start and stop the VMware vSphere Client
components, build your vSphere environment, monitor and manage the information generated about the
components, and set up roles and permissions for users and groups using the vSphere environment. This
manual also provides information for managing, creating, and configuring virtual machines in your datacenter.
In addition, this manual provides brief introductions to the various tasks you can perform within the system
as well as cross-references to the documentation that describes all the tasks in detail.
Intended Audience
The information presented in this manual is written for system administrators who are experienced Windows
or Linux system administrators and who are familiar with virtual machine technology and datacenter
operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Table 1. Abbreviations
Abbreviation Description
tmplt Template
VMware, Inc. 11
vSphere Basic System Administration
VC vCenter Server
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
12 VMware, Inc.
Getting Started
VMware, Inc. 13
vSphere Basic System Administration
14 VMware, Inc.
vSphere Components 1
VMware vSphere™ includes components and operations essential for managing virtual machines.
With vSphere, you can choose between two approaches to managing virtual machines. vSphere works with
several client interfaces and offers many optional components and modules, such as VMware High Availability
(HA), VMware VMotion™, VMware Distributed Resource Scheduler (DRS), VMware Update Manager, and
VMware Converter Enterprise.
vSphere allows you to treat your virtual environment objects as managed components such as virtual machines,
hosts, datacenters, resource pools, and clusters. Functional components of vSphere provide the best way to
manage each of these managed components of your virtual environment.
Finally, vSphere provides powerful administration tools through access privileges components.
Components of vSphere
VMware vSphere is a suite of software components for virtualization.
To run your vSphere environment, you need the following components:
Through ESX/ESXi, you run the virtual machines, install operating systems,
run applications, and configure the virtual machines. Configuration includes
identifying the virtual machine’s resources, such as storage devices.
VMware, Inc. 15
vSphere Basic System Administration
Each ESX/ESXi host has a vSphere Client available for your management use.
If your ESX/ESXi host is registered with vCenter Server, a vSphere Client that
accommodates vCenter Server features is available.
vCenter Server A service that acts as a central administrator for VMware ESX/ESXi hosts that
are connected on a network. vCenter Server directs actions on the virtual
machines and the virtual machine hosts (the ESX/ESXi hosts).
vCenter Server is a single Windows Service and is installed to run
automatically. vCenter Server runs continuously in the background,
performing its monitoring and managing activities even when no vSphere
Clients are connected and even if nobody is logged on to the computer where
it resides. It must have network access to all the hosts it manages and be
available for network access from any machine where the vSphere Client is run.
vCenter Server can be installed in a Windows virtual machine on an ESX/ESXi
host, allowing it to take advantage of the high-availability afforded by VMware
HA. See the Installation Guide for details on setting up this configuration.
Multiple vCenter Server systems can be joined together using Linked Mode to
allow them to be managed using a single vSphere Client connection.
vCenter Server plug-ins Applications that provide additional features and functionality to vCenter
Server. Typically, plug-ins consist of a server component and a client
component. After the plug-in server is installed, it is registered with vCenter
Server and the plug-in client is available to vSphere clients for download. After
a plug-in is installed on a vSphere client, it might alter the interface by adding
views, tabs, toolbar buttons, or menu options related to the added functionality.
Plug-ins leverage core vCenter Server capabilities, such as authentication and
permission management, but can have their own types of events, tasks,
metadata, and privileges.
In addition to plug-ins that are available independently of vCenter Server,
some vCenter Server features are implemented as plug-ins, and can be
managed using the vSphere Client Plug-in Manager. These features include
vCenter Storage Monitoring, vCenter Hardware Status, and vCenter Service
Status.
vCenter Server database A persistent storage area for maintaining status of each virtual machine, host,
and user managed in the vCenter Server environment. The vCenter Server
database can be remote or local to the vCenter Server system.
If you are accessing your ESX/ESXi host directly through a vSphere Client, and
not through a vCenter Server system and associated vSphere Client, you do
not use a vCenter Server database.
vCenter Server agent On each managed host, software that collects, communicates, and executes the
actions received from vCenter Server. The vCenter Server agent is installed the
first time any host is added to the vCenter Server inventory.
16 VMware, Inc.
Chapter 1 vSphere Components
Host agent On each managed host, software that collects, communicates, and executes the
actions received through the vSphere Client. It is installed as part of the ESX/
ESXi installation.
vSphere Client A required component and the primary interface for creating, managing, and
monitoring virtual machines, their resources, and their hosts. It also provides
console access to virtual machines.
vSphere Web Access A Web interface through which you can perform basic virtual machine
management and configuration and get console access to virtual machines. It
is installed with your ESX/ESXi host. Similar to the vSphere Client, vSphere
Web Access works directly with a host or through vCenter Server. See the
vSphere Web Access Administrator’s Guide for additional information.
VMware Service Console A command-line interface for configuring an ESX host. For an ESXi host, use
the vSphere Command-Line Interface.
vSphere Command-Line A command-line interface for configuring an ESXi host. The vSphere
Interface Command-Line Interface can also be used to perform Storage VMotion
operations on both ESX/ESXi hosts.
Functional Components
Functional components are used to monitor and manage your vSphere infrastructure.
The functional components are accessible from the vSphere Client Home page. Functional components are
divided into four categories: Inventory, Administration, Management, and Solutions and Applications.
Inventory
You use the Inventory functional components to view the objects managed by vCenter Server. Managed objects
include datacenters, resource pools, clusters, networks, datastores, templates, hosts, and virtual machines. The
inventory options are:
Search Allows you to search the vSphere inventory for hosts, virtual machines,
networks, datastores, and folders matching specified criteria.
Hosts and Clusters Provides a hierarchical view of hosts, clusters, and their child objects.
VMware, Inc. 17
vSphere Basic System Administration
VMs and Templates Provides a view of all virtual machines and templates in the inventory, grouped
by datacenters and folders.
Datastores Provides a view of all datastores in the inventory, grouped by datacenters and
folders.
Networks Provides a view of all networks in the inventory, grouped by datacenters and
folders.
Administration
You use the Administration functional components to configure and monitor the state of your hosts or vCenter
Server systems. The options are:
Roles Allows you to view and create roles used to grant access privileges to users.
Sessions Allows you to view all vSphere Client sessions currently connected to the
selected vCenter Server system. If you have sufficient privileges, you can
terminate sessions. Sessions are available through vCenter Server only.
Licensing Allows you to view and administer vSphere licenses. This is available through
vCenter Server only. To administer licenses for a standalone host, use the host
Configuration tab.
vCenter Server Settings Allows you to configure a number of settings for the selected vCenter Server
system. The vCenter Server settings are available through vCenter Server only.
vCenter Server Status Provides a list of vSphere services with their current status. The status details
include warning and alert information.
Guided Consolidation Analyzes computers in your enterprise and recommends the best candidates
to virtualize. The consolidation interface guides you through the conversion
process based on the computers you select for consolidation.
Management
You use the Management functional components to monitor and manage the objects in the vSphere inventory.
Management functional components are available through vCenter Server only. The options are:
Scheduled Tasks Provides a list of activities and a means to schedule those activities. Scheduled
tasks are available through vCenter Server only.
Events Provides a list of all the events that occur in the vCenter Server environment.
Use this option to view all events. To see only events relevant to a particular
object, use the Tasks & Events tab for that object. Events are available through
vCenter Server only.
Maps Provides a visual representation of the status and structure of the vSphere
environment and the relationships between managed objects. This includes
hosts, networks, virtual machines, and datastores. Maps are available only
through vCenter Server.
Host Profiles Allows you to view, create, apply, and check compliance for host profiles.
Customization Allows you to create new virtual machine guest operating system
Specifications Manager specifications and manage existing specifications.
18 VMware, Inc.
Chapter 1 vSphere Components
NOTE This panel appears only if you purchased and installed VMware vSphere extensions that are sold
separately from the VMware vCenter Server product.
Managed Components
Managed components are objects in your virtual and physical infrastructure on which you can place
permissions, monitor tasks and events, and set alarms. You can group most managed components by using
folders to more easily manage them.
All managed components, with the exception of hosts, can be renamed to represent their purposes. For
example, they can be named after company departments or locations or functions. vCenter Server monitors
and manages the following components of your virtual and physical infrastructure:
Datacenters Unlike a folder, which is used to organize a specific object type, a datacenter is
an aggregation of all the different types of objects needed to do work in virtual
infrastructure: hosts, virtual machines, networks, and datastores.
If two virtual machines connect to networkA, they are connected to the same
network. Rules are different across datacenters. Theoretically, the same
physical network can appear in two datacenters and be called two different
names. Or networkA might have one meaning in datacenterA and a different
meaning in datacenterB. Moving objects between datacenters can create
problems or, at least, unpredictable results.
VMware, Inc. 19
vSphere Basic System Administration
To have a single namespace (that is, a single datacenter) for all networks and
datastores, use folders within the datacenter to organize the networks and
datastores. To have separate namespaces (separate datacenters) for networks
and datastores, create two datacenters.
Folders A top-level structure for vCenter Server only. Folders allow you to group
objects of the same type so you can easily manage them. For example, you can
use folders to set permissions across objects, to set alarms across objects, and
to organize objects in a meaningful way.
A folder can contain other folders, or a group of objects of the same type:
datacenters, clusters, datastores, networks, virtual machines, templates, or
hosts. For example, one folder can contain hosts and a folder containing hosts,
but it cannot contain hosts and a folder containing virtual machines.
The datacenter folders form a hierarchy directly under the root vCenter Server
and allow users to group their datacenters in any convenient way. Within each
datacenter is one hierarchy of folders with virtual machines and templates, one
with hosts and clusters, one with datastores, and one with networks.
Hosts The physical computer on which the virtualization platform software, such as
ESX/ESXi, is installed and all virtual machines reside. If the vSphere Client is
connected directly to an ESX/ESXi host, only that host is available for
management.
NOTE When vCenter Server refers to a host, this means the physical machine
on which the virtual machines are running. All virtual machines within the
VMware vSphere environment are physically on ESX/ESXi hosts. The term host
in this Help system refers to the ESX/ESXi host that has virtual machines on it.
Networks A set of virtual network interface cards (virtual NIC), virtual switches
(vSwitch), and port groups that connect virtual machines to each other or to
the physical network outside of the virtual datacenter. All virtual machines that
connect to the same port group belong to the same network in the virtual
environment, even if they are on different physical servers. You can monitor
networks and set permissions and alarms on port groups.
Resource pools A structure that allows delegation of control over the resources of a host.
Resource pools are used to compartmentalize all resources in a cluster. You can
create multiple resource pools as direct children of a host or cluster and
configure them. Then delegate control over them to other individuals or
organizations. The managed resources are CPU and memory from a host or
cluster. Virtual machines execute in, and draw their resources from, resource
pools.
vCenter Server provides, through the DRS components, various options in
monitoring the status of the resources and adjusting or suggesting adjustments
to the virtual machines using the resources. You can monitor resources and set
alarms on them.
20 VMware, Inc.
Chapter 1 vSphere Components
Templates A master copy of a virtual machine that can be used to create and provision
new virtual machines.
Virtual machines A virtualized x86 or x64 personal computer environment in which a guest
operating system and associated application software can run. Multiple virtual
machines can operate on the same managed host machine concurrently.
vApps VMware vApp is a format for packaging and managing applications. A vApp
can contain multiple virtual machines.
Each user logs in to a vCenter Server system through the vSphere Client. Each user is identified to the server
as someone who has rights and privileges to selected objects, such as datacenters and virtual machines, within
the vSphere environment. The vCenter Server system has full rights and privileges on all hosts and virtual
machines within the vSphere environment. The server passes on only those actions and requests from a user
that the user has permission to perform. Access privileges affect which vSphere Client objects appear in the
inventory.
The server determines which access privileges and requests to allow based on the role assigned to the user or
the user’s group on each object. vCenter Server administrators can create custom roles with specific sets of
privileges, as well as use the sample roles that vCenter Server provides.
Users and Groups Created through the Windows domain or Active Directory database or on the
ESX/ESXi host. The server, vCenter Server or ESX/ESXi, registers users and
groups as part of the assigning privileges process.
Roles A set of access rights and privileges. Selected sample roles exist. You can also
create roles and assign combinations of privileges to each role.
Some modules are packaged separately from the base product and require separate installation. Modules and
the base product can be upgraded independently of each other. VMware modules include:
VMware Update Manager Enables administrators to apply updates and patches across ESX/ESXi hosts
and all managed virtual machines. This module provides the ability to create
user-defined security baselines which represent a set of security standards.
Security administrators can compare hosts and virtual machines against these
baselines to identify and remediate systems that are not in compliance.
VMware Converter Enables users to convert physical machines, and virtual machines in a variety
Enterprise for vCenter of formats, to ESX/ESXi virtual machines. Converted systems can be imported
Server into the vCenter Server inventory.
VMware, Inc. 21
vSphere Basic System Administration
vShield Zones vShield Zones is an application-aware firewall built for VMware vCenter
Server integration. vShield Zones inspects client-server communications and
inter-virtual-machine communication to provide detailed traffic analytics and
application-aware firewall partitioning. vShield Zones is a critical security
component for protecting virtualized datacenters from network-based attacks
and misuse.
VMware vCenter VMware vCenter Orchestrator is a workflow engine that enables you to create
Orchestrator and execute automated workflows within your VMware vSphere environment.
vCenter Orchestrator coordinates workflow tasks across multiple VMware
products and third-party management and administration solutions through
its open plug-in architecture. vCenter Orchestrator provides a library of
workflows that are highly extensible; any operation available in the vCenter
Server API can be used to customize vCenter Orchestrator workflows.
VMware Data Recovery VMware Data Recovery is a disk-based backup and recovery solution that
provides complete data protection for virtual machines. VMware Data
Recovery is fully integrated with VMware vCenter Server to enable centralized
and efficient management of backup jobs and includes data de-duplication to
minimize disk usage.
The Tomcat Web server is installed as part of the vCenter Server installation. The components that require
Tomcat to be running include the following.
n Linked Mode
n CIM/Hardware Status tab
n Performance charts
n WebAccess
n vCenter Storage Monitoring/Storage Views tab
n vCenter Service Status
VMotion A feature that enables you to move running virtual machines from one ESX/
ESXi host to another without service interruption. It requires licensing on both
the source and target host. vCenter Server centrally coordinates all VMotion
activities.
VMware HA A feature that enables a cluster with High Availability. If a host goes down, all
virtual machines that were running on the host are promptly restarted on
different hosts in the same cluster.
22 VMware, Inc.
Chapter 1 vSphere Components
When you enable the cluster for HA, you specify the number of hosts you
would like to be able to recover. If you specify the number of host failures
allowed as 1, HA maintains enough capacity across the cluster to tolerate the
failure of one host. All running virtual machines on that host can be restarted
on remaining hosts. By default, you cannot power on a virtual machine if doing
so violates required failover capacity. See the VMware Availability Guide for
more information.
VMware DRS A feature that helps improve resource allocation and power consumption
across all hosts and resource pools. VMware DRS collects resource usage
information for all hosts and virtual machines in the cluster and gives
recommendations (or migrates virtual machines) in one of two situations:
n Initial placement – When you first power on a virtual machine in the
cluster, DRS either places the virtual machine or makes a recommendation.
n Load balancing – DRS tries to improve resource utilization across the
cluster by performing automatic migrations of virtual machines (VMotion)
or by providing a recommendation for virtual machine migrations.
vSphere SDK package APIs for managing virtual infrastructure and documentation describing those
APIs. The SDK also includes the vCenter Server Web Service interface, Web
Services Description Language (WSDL), and example files. This is available
through an external link. You can download the SDK package from the
VMware APIs and SDKs Documentation page on the VMware Web site.
VMware Data Recovery VMware Data Recovery is a disk-based backup and recovery solution that
provides complete data protection for virtual machines. VMware Data
Recovery is fully integrated with VMware vCenter Server to enable centralized
and efficient management of backup jobs and includes data de-duplication to
minimize disk usage.
VMware, Inc. 23
vSphere Basic System Administration
24 VMware, Inc.
Starting and Stopping the vSphere
Components 2
You can start and stop each one of the major vSphere components, ESX/ESXi, and vCenter Server. You might
want to stop a component to perform maintenance or upgrade operations.
Procedure
u On the physical box where ESX/ESXi is installed, press the power button until the power on sequence
begins.
The ESX/ESXi host starts, locates its virtual machines, and proceeds with its normal ESX/ESXi functions.
Procedure
VMware, Inc. 25
vSphere Basic System Administration
Procedure
ESX shuts down. When it is finished, a message indicates that it is safe to power off your system.
For information about accessing the service console, see “Connect to the Service Console,” on page 29.
Procedure
For example, select Control Panel > Administrative Tools > Services and click VMware VirtualCenter
Server.
3 In the VMware vCenter Server Services Properties dialog box, click the General tab and view the service
status.
If you have manually stopped the vCenter Server service or must start it for any reason, perform the steps
below.
26 VMware, Inc.
Chapter 2 Starting and Stopping the vSphere Components
Procedure
For example, select Control Panel > Administrative Tools > Services and click VMware VirtualCenter
Server.
2 Right-click VMware VirtualCenter Server, select Start, and wait for startup to complete.
You should not have to stop the vCenter Server service. The vCenter Server should operate without
interruption. Continuous operation ensures that all monitoring and task activities are performed as expected.
Procedure
For example, select Start > Control Panel > Administrative Tools > Services.
3 Right-click VMware VirtualCenter Server, select Stop, and wait for it to stop.
4 Close the Properties dialog box.
A login screen appears when you start the vSphere Client. After you log in, the client displays the objects and
functionality appropriate to the server you are accessing and the permissions available to the user you logged
in as.
Procedure
If this is the first time you are starting the vSphere Client, log in as the administrator:
n If the managed host is not a domain controller, log in as either <local host name>\<user> or <user>,
where <user> is a member of the local Administrators group.
n If the managed host is a domain controller, you must log in as <domain>\<user>, where <domain> is
the domain name for which the managed host is a controller and <user>is a member of that domain’s
Domain Administrators group. VMware does not recommend running on a domain controller .
2 Double-click a shortcut or select the vSphere Client from Start > Programs > VMware > vSphere Client.
3 Enter or select the server name, your user name, and your password.
If you are logging in to a vCenter Server system that is part of a Connected Group, logging in to that server
connects you to all servers in that group.
NOTE Only previously entered server names appear in the Serverdrop-down menu.
VMware, Inc. 27
vSphere Basic System Administration
NOTE Closing a vSphere Client session does not stop the server.
Procedure
u Click the close box (X) , or select File > Exit.
The vSphere Client shuts down. The vSphere Client is logged out of the vCenter Server system. The server
continues to run all its normal activities in the background. Any scheduled tasks are saved and performed by
vCenter Server.
As with the vSphere Client, vSphere Web Access can either be used to connect directly to an ESX/ESXi host or
to a vCenter Server system. The functionality of vSphere Web Access is a subset of vSphere Client functionality.
The vSphere Web Access console provides a remote mouse-keyboard-screen (MKS) for the virtual machines.
You can interact with a guest operating system running in a virtual machine and connect remotely to the virtual
machine’s mouse, keyboard, and screen.
Procedure
3 Type your user name and password, and click Log In.
After your user name and password are authorized by vSphere Web Access, the vSphere Web Access
home page appears.
Procedure
u Click the Log Out link at the top right corner of every page.
Remote client devices are disconnected when you log out of vSphere Web Access.
28 VMware, Inc.
Chapter 2 Starting and Stopping the vSphere Components
ESXi does not have a service console. Some service console commands are available for ESXi through the remote
command-line interface.
The vSphere SDK is used for scripted manipulation of your vSphere instead. The vSphere Client is the primary
interface to all nonscripted activities, including configuring, monitoring, and managing your virtual machines
and resources.
If your DNS server cannot map the host’s name to its DHCP-generated IP address, you must determine the
service console's numeric IP address. Another caution against using DHCP is that the numeric IP address might
change as DHCP leases run out or when the system is rebooted.
VMware does not recommend using DHCP for the service console unless your DNS server can handle the host
name translation.
CAUTION Do not use dynamic (DHCP) addressing when sharing the network adapter assigned to the service
console with virtual machines. ESX requires a static IP address for the service console when sharing a network
adapter.
Whether you use the service console locally or through a remote connection, you must log in using a valid user
name and password.
NOTE Depending on the security settings for your ESX computer, you might be able to connect remotely to
the service console using SSH or Telnet. For more information on the security settings, see the ESX Configuration
Guide.
Procedure
u Press Alt+F2 to get to the login screen and log in.
Detailed usage notes for most service console commands are available as manual or man pages.
NOTE ESXi does not have a service console. However, many of the functions provided by the service console
are available through the vSphere CLI.
VMware, Inc. 29
vSphere Basic System Administration
Procedure
u At the service console command line, type the man command followed by the name of the command for
which you want to see information.
30 VMware, Inc.
Using vCenter Server in Linked Mode 3
You can join multiple vCenter Server systems using vCenter Linked Mode to allow them to share information.
When a server is connected to other vCenter Server systems using Linked Mode, you can connect to that
vCenter Server system and view and manage the inventories of all the vCenter Server systems that are linked.
Linked Mode uses Microsoft Active Directory Application Mode (ADAM) to store and synchronize data across
multiple vCenter Server systems. ADAM is installed automatically as part of vCenter Server installation. Each
ADAM instance stores data from all of the vCenter Server systems in the group, including information about
roles and licenses. This information is regularly replicated across all of the ADAM instances in the connected
group to keep them in sync.
When vCenter Server systems are connected in Linked Mode, you can:
n Log in simultaneously to all vCenter Server systems for which you have valid credentials.
n Search the inventories of all the vCenter Server systems in the group.
n View the inventories off all of the vCenter Server systems in the group in a single inventory view.
You cannot migrate hosts or virtual machines between vCenter Server systems connected in Linked Mode.
For additional information on troubleshooting Linked Mode groups, see ESX and vCenter Server Installation
Guide.
All the requirements for standalone vCenter Server systems apply to Linked Mode systems. For more
information, see ESX and vCenter Server Installation Guide.
VMware, Inc. 31
vSphere Basic System Administration
The following requirements apply to each vCenter Server system that is a member of a Linked Mode group:
n DNS must be operational for Linked Mode replication to work.
n The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a
two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances
are installed.
n When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain
user who is an administrator on both the machine where vCenter Server is installed and the target machine
of the Linked Mode group.
n All vCenter Server instances must have network time synchronization. The vCenter Server installer
validates that the machine clocks are not more than 5 minutes apart.
Prerequisites
See “Linked Mode Prerequisites,” on page 31 and “Linked Mode Considerations,” on page 32.
Procedure
1 Select Start > All Programs > VMware > vCenter Server Linked Mode Configuration.
2 Click Next.
4 Click Join this vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of a remote vCenter Server instance that is a member of
the group and click Next.
If you enter an IP address for the remote server, the installer converts it into a fully qualified domain name.
32 VMware, Inc.
Chapter 3 Using vCenter Server in Linked Mode
6 If the vCenter Server installer detects a role conflict, select how to resolve the conflict.
Option Description
Yes, let VMware vCenter Server Click Next.
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name> <role_name>,
where <vcenter_name> is the name of the vCenter Server system that is joining
the Linked Mode group, and <role_name> is the name of the original role.
No, I'll resolve the conflicts myself To resolve the conflicts manually:
a Using the vSphere Client, log in to one of the vCenter Server systems
using an account with Administrator privileges.
b Rename the conflicting role.
c Close the vSphere Client session and return to the vCenter Server
installer.
d Click Back and click Next.
The installation continues without conflicts.
A conflict results if the joining system and the Linked Mode group each contain a role with the same name
but with different privileges.
7 Click Finish.
vCenter Server restarts. Depending on the size of your inventory, the change to Linked Mode might take
from a few seconds to a few minutes to complete.
The vCenter Server instance is now part of a Linked Mode group. After you form a Linked Mode group, you
can log in to any single instance of vCenter Server and view and manage the inventories of all the vCenter
Servers in the group. It might take several seconds for the global data (such as user roles) that are changed on
one machine to be visible on the other machines. The delay is usually 15 seconds or less. It might take a few
minutes for a new vCenter Server instance to be recognized and published by the existing instances, because
group members do not read the global data very often.
If the roles defined on each vCenter Server system are different, the roles lists of the systems are combined into
a single common list. For example, if vCenter Server 1 has a role named Role A and vCenter Server 2 has a role
named Role B, then both servers will have both Role A and Role B after they are joined in a linked mode group.
If two vCenter Server systems have roles with the same name, the roles are combined into a single role if they
contain the same privileges on each vCenter Server system. If two vCenter Server systems have roles with the
same name that contain different privileges, this conflict must be resolved by renaming at least one of the roles.
You can choose to resolve the conflicting roles either automatically or manually.
If you choose to reconcile the roles automatically, the role on the joining system is renamed to <vcenter_name>
<role_name> where <vcenter_name> is the name of the vCenter Server system that is joining the Linked Mode
group and <role_name> is the name of the original role.
If you choose to reconcile the roles manually, connect to one of the vCenter Server systems with the vSphere
Client and rename one instance of the role before proceeding to join the vCenter Server system to the Linked
Mode group.
If you remove a vCenter Server system from a linked mode group, the vCenter Server system retains all the
roles it had as part of the group.
VMware, Inc. 33
vSphere Basic System Administration
Procedure
1 Select Start > All Programs > VMware > vCenter Server Linked Mode Configuration.
3 Click Isolate this vCenter Server instance from linked mode group and click Next.
4 Click Continue and click Finish.
The vCenter Server instance is no longer part of the Linked Mode group.
vCenter Server systems in a Linked Mode group can be in different domains as long as the domains have a
trust relationship.
Procedure
1 Isolate the vCenter Server system from the Linked Mode group.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server system,
because the default vCenter Server URL entries are no longer accurate. The vCenter Server installer configures
default URL entries as follows:
n For the Virtualcenter.VimApiUrl key, the default value is http(s)://<Fully qualified domain name
(FQDN) of VC machine>/sdk.
Procedure
1 Isolate the vCenter Server system from the Linked Mode group.
See “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 34.
2 Change the domain name or the machine name to make them match.
3 From the vSphere Client, connect directly to the vCenter Server instance on which you have changed the
domain or machine name.
4 Select Administration > vCenter Server Settings and click Advanced Settings.
34 VMware, Inc.
Chapter 3 Using vCenter Server in Linked Mode
5 For the Virtualcenter.VimApiUrl key, change the value to point to the location where the vSphere Client
and SDK clients can access the vCenter Server system.
6 For the Virtualcenter.VimWebServicesUrl key, change the value to point to the location where
vCenter Server Webservices is installed.
7 For the Virtualcenter.Instancename key, change the value so that the modified name appears in the
vCenter Server inventory view.
a Verify that the vCenter Server domain name matches the machine name. If they do not match, change
one or both to make them match.
b Update the URLs to make them compatible with the new domain name and machine name.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server
system, because the default vCenter Server URL entries are no longer accurate. See “Configure the
URLs on a Linked Mode vCenter Server System,” on page 34.
If a vCenter Server instance is no longer reachable by remote instances of vCenter Server, the following
symptom might occur:
n Clients logging in to other vCenter Server systems in the group cannot view the information that
belongs to the vCenter Server system on which you changed the domain name because the users
cannot log in to the system.
n Any users that are currently logged in to the vCenter Server system might be disconnected.
n Search queries do not return results from the vCenter Server system.
To resolve this issue, make sure that the Virtualcenter.VimApiUrl key points to the location where the
vSphere Client and SDK clients can access the vCenter Server system, and the
Virtualcenter.VimWebServicesUrl key points to the location where vCenter Server Webservices is
installed. For the Virtualcenter.Instancename key, change the value so that the modified name appears in
the vCenter Server inventory view.
VMware, Inc. 35
vSphere Basic System Administration
n If you cannot join a vCenter Server instance, you can resolve the problem with the following actions:
n Ensure that the machine is grouped into the correct organizational unit in the corresponding domain
controller.
n When you install vCenter Server, ensure that the logged in user account has administrator privileges
on the machine.
n To resolve trust problems between a machine and the domain controller, remove the machine from
the domain and then add it to the domain again.
n To ensure that the Windows policy cache is updated, run the gpupdate /force command from the
Windows command line. This command performs a group policy update.
n If the local host cannot reach the remote host during a join operation, verify the following:
n Remote vCenter Server IP address or fully qualified domain name is correct.
n LDAP port on the remote vCenter Server is correct.
n VMwareVCMSDS service is running.
n Make sure your Windows and network-based firewalls are configured to allow Linked Mode.
Incorrect configuration of firewalls can cause licenses and roles to become inconsistent between instances.
Prerequisites
n The Windows version must be an earlier than Windows Server 2008. For Windows Server 2008, Windows
automatically configures the firewall to permit access.
n There must be no network-based firewalls between vCenter Server Linked Mode instances. For
environments with network-based firewalls, see “Configuring Firewall Access by Opening Selected
Ports,” on page 36.
Procedure
7 Click OK.
Incorrect configuration of firewalls can cause licenses and roles to become inconsistent between instances.
36 VMware, Inc.
Chapter 3 Using vCenter Server in Linked Mode
Procedure
u Configure Windows RPC ports to generically allow selective ports for machine-to-machine RPC
communication.
Procedure
u From the vSphere Client Home page, click vCenter Service Status.
The vCenter Service Status screen appears and enables you to view the following information:
n A list of all vCenter Server systems and their services, and vCenter Server plug-ins.
n The status of all listed items.
n The date and time when the last change in status occurred.
n Any messages associated with the change in status.
VMware, Inc. 37
vSphere Basic System Administration
38 VMware, Inc.
Using the vSphere Client 4
The vSphere Client serves as the principal interface for administering vCenter Server and ESX/ESXi.
The vSphere Client user interface is configured based on the server to which it is connected:
n When the server is a vCenter Server system, the vSphere Client displays all the options available to the
vSphere environment, according to the licensing configuration and the user permissions.
n When the server is an ESX/ESXi host, the vSphere Client displays only the options appropriate to single
host management.
When you first log in to the vSphere Client, it displays a Home page with icons that you select to access various
vSphere Client functions. When you log out of the vSphere Client, the client application remembers the view
that was displayed when it was closed, and will return you to that view when you next log in.
You perform many management tasks from the Inventory view, which consists of a single window containing
a menu bar, a navigation bar, a toolbar, a status bar, a panel section, and pop-up menus.
VMware, Inc. 39
vSphere Basic System Administration
Procedure
n Click the Close Tab link to disable Getting Started tabs for the type of object selected.
n Change the vSphere Client settings to turn off display of all Getting Started tabs.
c Deselect the Show Getting Started Tabs check box and click OK.
Procedure
The status bar appears at the bottom of the window. It contains icons to view triggered alarms or recent tasks.
The Tasks button displays any currently running or recently completed active tasks. Included is a progress
bar indicating the percentage complete of each task. The recent tasks and the triggered alarm panels display
across the bottom of the vSphere Client window.
Panel Sections
In the body of the vSphere Client page is a panel section. In most views, there is a left and a right panel: the
Inventory panel and the Information panel.
Inventory panel Displays a hierarchical list of vSphere objects when an Inventory or Maps view
appears.
Information panels Display lists and charts. Depending on the navigation items or Inventory item
selected, the Information panel is divided into tabbed elements.
40 VMware, Inc.
Chapter 4 Using the vSphere Client
Procedure
If the vSphere Client is connected to a vCenter Server system that is part of a connected group in vCenter
Linked Mode, then you can search the inventories of all vCenter Server systems in that group. You can only
view and search for inventory objects that you have permission to view. Because the search service queries
Active Directory for information about user permissions, you must be logged in to a domain account in order
to search all vCenter Server systems in Linked Mode. If you log in using a local account, searches return results
only for the local vCenter Server system, even if it is joined to other servers in Linked Mode.
NOTE If your permissions change while you are logged in, the search service might not immediately recognize
these changes. To ensure that your search is carried out with up-to-date permissions, log out of all your open
sessions and log in again before performing the search.
Procedure
1 Click the icon in the search field at the top right of the vSphere Client window and select the type of
inventory item to search for.
n Virtual Machines
n Folders
n Hosts
n Datastores
n Networks
n Inventory, which finds matches to the search criteria in any of the available managed object types.
2 Type one or more search terms into the search field and press Enter.
3 (Optional) If more items are found than can be displayed in the results pane, click Show all to display all
results.
What to do next
If you are not satisfied with the results of the simple search and want to refine your search, perform an advanced
search.
VMware, Inc. 41
vSphere Basic System Administration
For example, you can search for virtual machines matching a particular search string which reside on hosts
whose names match a second search string.
Procedure
1 Choose View > Inventory > Search to display the advanced search page.
2 Click the icon in the search field at the top right of the vSphere Client window and select the type of
inventory item to search for.
n Virtual Machines
n Folders
n Hosts
n Datastores
n Networks
n Inventory, which finds matches to the search criteria in any of the available managed object types.
b From the drop-down menu, select the additional property that you want to use to restrict the search
results.
The available properties depend on the type of object you are searching for.
c Select or type the appropriate options for the property you have selected.
d To add more properties, click Add and repeat steps Step b through Step c.
An advanced search always finds objects that match all the properties in the list.
5 Click Search.
Using Lists
Many vSphere Client inventory tabs display lists of information.
For example, the Virtual Machines tab displays a list of all the virtual machines associated with a host or a
cluster. Sort any list in the vSphere Client by clicking the column label heading. A triangle in the column head
shows the sort order as ascending or descending.
You can also filter a list, sorting and including only selected items. A filter is sorted by a keyword. Select the
columns you want to include in the search for the keyword.
42 VMware, Inc.
Chapter 4 Using the vSphere Client
The list is updated based on whether filtering is on or off. For example, if you are in the Virtual Machines tab,
you have filtered the list, and the filtered text is “powered on”, you see a list only of virtual machines whose
state is set to powered on. If the state of any of these virtual machines changes to something else, they are
removed from the list. New virtual machines that are added are also being filtered. Filtering is persistent for
the user session.
Procedure
1 On any inventory panel displaying a list, click the arrow next to the filter box at the top right of the pane
and select the attributes on which to filter.
2 Type text directly into the filtering field to specify search criteria.
There is a one-second interval between keystrokes. If you type in the text and wait for one second, the
search starts automatically. The Filter field does not support boolean expressions or special characters and
is not case sensitive.
Export a List
You can export a list.
Procedure
3 Type a filename, select a file type in the dialog box, and click Save.
Custom Attributes
Custom attributes can be used to associate user-specific meta-information with virtual machines and managed
hosts.
Attributes are the resources that are monitored and managed for all the managed hosts and virtual machines
in your vSphere environment. Attributes’ status and states appear on the various Inventory panels.
After you create the attributes, set the value for the attribute on each virtual machine or managed host, as
appropriate. This value is stored with vCenter Server and not with the virtual machine or managed host. Then
use the new attribute to filter information about your virtual machines and managed hosts. If you no longer
need the custom attribute, remove it. A custom attribute is always a string.
For example, suppose you have a set of products and you want to sort them by sales representative. Create a
custom attribute for sales person name, Name. Add the custom attribute, Name, column to one of the list views.
Add the appropriate name to each product entry. Click the column title Name to sort alphabetically.
The custom attributes feature is available only when connected to a vCenter Server system.
VMware, Inc. 43
vSphere Basic System Administration
Procedure
2 Click Add and enter the values for the custom attribute.
a In the Name text box, type the name of the attribute.
b In the Type drop-down menu, select the attribute type:Virtual Machine, Host, or Global.
c In the Value text box, type the value you want to give to the attribute for the currently selected object.
d Click OK.
After you have defined an attribute on a single virtual machine or host, it is available to all objects of
that type in the inventory. However, the value you specify is applied only to the currently selected
object.
3 (Optional) To change the attribute name, click in the Name field and type the name you want to assign to
the attribute.
4 Click OK.
Procedure
4 To edit the value of an attribute that has already been defined, double-click the Value field for that attribute
and enter the new value.
Select Objects
vCenter Server objects are datacenters, networks, datastores, resource pools, clusters, hosts, and virtual
machines.
44 VMware, Inc.
Chapter 4 Using the vSphere Client
Procedure
u Locate the object by browsing or search.
n From the vSphere Client Home page, click the icon for the appropriate inventory view, and browse
through the inventory hierarchy to select the object.
n Perform a search for the object, and double-click it in the search results.
Install Plug-Ins
You can install plug-ins using the Plug-in Manager.
Procedure
6 After installation is complete, verify that the plug-in is listed under the Installed tab and that it is enabled.
Procedure
Disabling a plug-in does not remove it from the client. You must uninstall the plug-in to remove it.
VMware, Inc. 45
vSphere Basic System Administration
Remove Plug-Ins
You can remove plug-ins through the operating system’s control panel.
Procedure
u Consult your operating system’s documentation for instructions on how to use the Add/Remove Programs
control panel.
Troubleshooting Extensions
In cases were vCenter Server extensions are not working, you have several options to correct the problem.
vCenter Server extensions running on the tomcat server have extension.xml files which contain the URL where
the corresponding Web application can be accessesed (files are located in C:\Program Files\VMware
\Infrastructure\VirtualCenter Server\extensions). Extension installers populate these XML files using the
DNS name for the machine.
vCenter Server, extension servers, and the vSphere Clients that will use them must be located on systems under
the same domain. If they are not, or the DNS of the extension server is changed, the extension clients will not
be able to access the URL and the extension will not work.
You can edit the XML files manually by replacing the DNS name with an IP address. Re-register the extension
after editing its extension.xml file.
If you need to save vSphere Client data, you can do one of the following:
Procedure
n Use the Microsoft Windows Print Screen option to print a copy of the vSphere Client window.
n Select File > Export and select a format in which to save the vCenter Server data. Open the data in an
appropriate application and print from that application.
46 VMware, Inc.
Configuring Hosts and vCenter Server 5
Configuring ESX hosts, vCenter Server systems, and the vSphere Client involves several tasks. This section
contains information about some of the most common tasks.
For complete information about configuring ESX hosts, vCenter Server, and the vSphere Client, see the
following manuals:
n Introduction to vSphere
Provides information about how to configure ESX host networking, storage, and security.
n ESXi Configuration Guide
Host Configuration
Before you create virtual machines on your hosts, you must configure them to ensure that they have correct
licensing, network and storage access, and security settings. Each type of host has a manual that provides
information on the configuration for that host.
n For information on configuring an ESX host, see the ESX Configuration Guide.
n For information on configuring an ESXi host, see the ESXi Configuration Guide.
VMware, Inc. 47
vSphere Basic System Administration
The vCenter Server Settings dialog box enables you to configure the following items:
Licensing Assign vCenter Server a new or existing license key. Specify whether to use a
VMware License Server.
Runtime Settings View the unique runtime settings for a vCenter Server system. If you change
the DNS name of the vCenter Server, use this option to modify the vCenter
Server name to match.
Active Directory Specify the active directory timeout, maximum number of users and groups to
display in the Add Permissions dialog box, and the frequency for performing
a synchronization and validation of the vCenter Server system’s known users
and groups.
SNMP Specify the SNMP receiver URLs, ports, and community strings.
Ports Specify the HTTP and HTTPS ports for the Web Service to use
Timeout Settings Specify how long, in seconds, the vSphere Client waits for a response from
vCenter Server before timing out.
Logging Options Specify the amount of detail collected in vCenter Server log files.
Database Specify the password required to access the vCenter Server database and the
maximum number of database connections to be created.
Database Retention Specify when vCenter Server tasks and events should be deleted.
Policy
SSL Settings Specify whether you want vCenter Server and the vSphere Client to verify the
SSL certificates of the remote host when establishing remote connections. The
vCenter requires verified host SSL certificates option is enabled by default,
and is required for the VMware Fault Tolerance feature to operate.
Advanced Settings Specify advanced settings. VMware recommends that you do not change these
settings without contacting VMware technical support.
See the vSphere Client online Help for more information on these settings.
Procedure
2 If the vCenter Server system is part of a connected group, select the server to configure from the Current
vCenter Server drop-down menu.
Changes to the vCenter Server configuration apply to the current vCenter Server system only.
48 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Configure your firewall to allow communication between the vSphere Client and vCenter Server by opening
ports 80 and 443.
vCenter Server acts as a web service. If your environment requires the use of a web proxy, vCenter Server can
be proxied like any other web service.
Prerequisites
Before vCenter Server can send email, you must perform the following tasks:
n Configure the SMTP server settings for vCenter Server or Microsoft Outlook Express.
n Specify email recipients through the Alarm Settings dialog box when you configure alarm actions.
To perform this task, the vSphere Client must be connected to a vCenter Server.
Procedure
2 If the vCenter Server system is part of a connected group, in Current vCenter Server, select the vCenter
Server system to configure.
4 For email message notification, set the SMTP server and SMTP port:
Option Description
SMTP Server The DNS name or IP address of the SMTP gateway to use for sending email
messages.
Sender Account The email address of the sender, for example, notifications@example.com.
5 Click OK.
These features are not available when your vSphere Client is connected to an ESX/ESXi host.
Procedure
u From the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
VMware, Inc. 49
vSphere Basic System Administration
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
The Message of the day text is sent as a notice message to all active session users and to new users when they
log in.
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
3 Click Change.
Managed systems run SNMP agents, which can provide information to a management program in at least one
of the following ways:
n In response to a GET operation, which is a specific request for information from the management system.
n By sending a trap, which is an alert sent by the SNMP agent to notify the management system of a particular
event or condition.
Management Information Base (MIB) files define the information that can be provided by managed devices.
The MIB files contain object identifiers (OIDs) and variables arranged in a hierarchy.
vCenter Server and ESX/ESXi have SNMP agents. The agent provided with each product has differing
capabilities.
The traps sent by vCenter Server are typically sent to other management programs. You must configure your
management server to interpret the SNMP traps sent by vCenter Server.
To use the vCenter Server SNMP traps, configure the SNMP settings on vCenter Server and configure your
management client software to accept the traps from vCenter Server.
The traps sent by vCenter Server are defined in VMWARE-VC-EVENT-MIB.mib. See “VMWARE-VC-EVENT-MIB,”
on page 62.
50 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Prerequisites
To complete the following task, the vSphere Client must be connected to a vCenter Server. In addition, you
need the DNS name and IP address of the SNMP receiver, the port number of the receiver, and the community
identifier.
Procedure
2 If the vCenter Server is part of a connected group, in Current vCenter Server, select the appropriate server.
4 Enter the following information for the Primary Receiver of the SNMP traps.
Option Description
Receiver URL The DNS name and IP address of the SNMP receiver.
Receiver port The port number of the receiver to which the SNMP agent sends traps.
If the port value is empty, vCenter Server uses the default port, 162.
Community The community identifier.
5 (Optional) Enable additional receivers in the Enable Receiver 2, Enable Receiver 3, and Enable Receiver 4
options.
6 Click OK.
The vCenter Server system is now ready to send traps to the management system you have specified.
What to do next
Configure your SNMP management software to receive and interpret data from the vCenter Server SNMP
agent. See “Configure SNMP Management Client Software,” on page 53.
Versions of ESX prior to ESX 4.0 included a Net-SNMP-based agent. You can continue to use this Net-SNMP-
based agent in ESX 4.0 with MIBs supplied by your hardware vendor and other third-party management
applications. However, to use the VMware MIB files, you must use the embedded SNMP agent.
By default, the embedded SNMP agent is disabled. To enable it, you must configure it using the vSphere CLI
command vicfg-snmp. For a complete reference to vicfg-snmp options, see vSphere Command-Line Interface
Installation and Reference Guide.
Prerequisites
SNMP configuration for ESX/ESXi requires the vSphere CLI. For information on installing and using the
vSphere CLI, see vSphere Command-Line Interface Installation and Reference Guide.
Procedure
VMware, Inc. 51
vSphere Basic System Administration
An SNMP community defines a group of devices and management systems. Only devices and management
systems that are members of the same community can exchange SNMP messages. A device or management
system can be a member of multiple communities.
Prerequisites
SNMP configuration for ESX/ESXi requires the vSphere CLI. For information on installing and using the
vSphere CLI, see vSphere Command-Line Interface Installation and Reference Guide.
Procedure
u From the vSphere CLI, type
vicfg-snmp.pl --server <hostname> --username <username> --password <password> -c <com1>.
Replace <com1> with the community name you wish to set. Each time you specify a community with this
command, the setings you specify overwrite the previous configuration. To specify multiple communities,
separate the community names with a comma.
For example, to set the communities public and internal on the host host.example.com, you might type
vicfg-snmp.pl --server host.example.com --username user --password password -c public,
internal.
To send traps with the SNMP agent, you must configure the target (receiver) address, community, and an
optional port. If you do not specify a port, the SNMP agent sends traps to UDP port 162 on the target
management system by default.
Prerequisites
SNMP configuration for ESX/ESXi requires the vSphere CLI. For information on installing and using the
vSphere CLI, see vSphere Command-Line Interface Installation and Reference Guide.
52 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Procedure
Replace <target address>, <port>, and <community> with the address of the target system, the port number
to send the traps to, and the community name, respectively. Each time you specify a target with this
command, the settings you specify overwrite all previously specified settings. To specify multiple targets,
separate them with a comma.
For example, to send SNMP traps from the host host.example.com to port 162 on target.example.com using
the public community, type
vicfg-snmp.pl --server host.example.com --username user --password password -t
target.example.com@162/public.
3 (Optional) Send a test trap to verify that the agent is configured correctly by typing
vicfg-snmp.pl --server <hostname> --username <username> --password <password> --test.
By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management systems.
You can use the vicfg-snmp command to configure an alternative port. To avoid conflicting with other services,
use a UDP port that is not defined in /etc/services.
IMPORTANT Both the embedded SNMP agent and the Net-SNMP-based agent available in the ESX service
console listen on UDP port 161 by default. If you enable both of these agents for polling on an ESX host, you
must change the port used by at least one of them.
Prerequisites
SNMP configuration for ESX/ESXi requires the vSphere CLI. For information on installing and using the
vSphere CLI, see vSphere Command-Line Interface Installation and Reference Guide.
Procedure
Replace <port> with the port for the embedded SNMP agent to use for listening for polling requests.
To configure your management client software, you must specify the communities for the managed device,
configure the port settings, and load the VMware MIB files. Refer to the documentation for your management
system for specific instructions for these steps.
VMware, Inc. 53
vSphere Basic System Administration
Prerequisites
To complete this task, you must download the VMware MIB files from the VMware website.
Procedure
1 In your management software, specify the vCenter Server or ESX/ESXi system as an SNMP-based
managed device.
These must correspond to the communities set for the SNMP agent on the vCenter Server system or ESX/
ESXi host.
3 (Optional) If you configured the SNMP agent to send traps to a port on the management system other
than the default UDP port 162, configure the management client software to listen on the port you
configured.
4 Load the VMware MIBs into the management software so you can view the symbolic names for the vCenter
Server or ESX/ESXi variables.
To prevent lookup errors, load the MIB files in the following order:
a VMWARE-ROOT-MIB.mib
b VMWARE-TC-MIB.mib
c VMWARE-PRODUCTS-MIB.mib
d VMWARE-SYSTEM-MIB.mib
e VMWARE-ENV-MIB.mib
f VMWARE-RESOURCES-MIB.mib
g VMWARE-VMINFO-MIB.mib
i VMWARE-AGENTCAP-MIB.mib
j VMWARE-VC-EVENT-MIB.mib
The management software can now receive and interpret traps from vCenter Server or ESX/ESXi systems.
SNMP Diagnostics
Use SNMP tools to diagnose configuration problems.
You can use the following tools to diagnose problems with SNMP configuration:
n Type vicfg-snmp.pl --server <hostname> --username <username> --password <password> --test at the
vSphere command-line interface to prompt the embedded SNMP agent to send a test warmStart trap.
n Type vicfg-snmp.pl --server <hostname> --username <username> --password <password> --show to
display the current configuration of the embedded SNMP agent.
n The SNMPv2-MIB.mib file provides a number of counters to aid in debugging SNMP problems. See
“SNMPv2 Diagnostic Counters,” on page 65.
n The VMWARE-AGENTCAP-MIB.mib file defines the capabilities of the VMware SNMP agents by product
version. Use this file to determine if the SNMP functionality that you want to use is supported.
54 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
The virtual machine uses its own virtual hardware devices. Do not install agents in the virtual machine that
are intended to monitor physical hardware.
Procedure
u Install the SNMP agents you normally would use for that purpose in the guest operating systems. No
special configuration is required on ESX.
Table 5-1 lists the MIB files provided by VMware and describes the information that each file provides.
VMWARE-ROOT-MIB.mib Contains VMware’s enterprise OID and top level OID assignments.
VMWARE-AGENTCAP-MIB.mib Defines the capabilities of the VMware agents by product versions.
VMWARE-ENV-MIB.mib Defines variables and trap types used to report on the state of physical hardware
components of the host computer.
VMWARE-OBSOLETE-MIB.mib Defines OIDs that have been made obsolete to maintain backward compatibility
with earlier versions of ESX/ESXi. Includes variables formerly defined in the
files VMWARE-TRAPS-MIB.mib and VMWARE-VMKERNEL-MIB.mib.
VMWARE-PRODUCTS-MIB.mib Defines OIDs to uniquely identify each SNMP agent on each VMware platform
by name, version, and build platform.
VMWARE-RESOURCES-MIB.mib Defines variables used to report information on resource usage of the VMkernel,
including physical memory, CPU, and disk utilization.
VMWARE-SYSTEM-MIB.mib The VMWARE-SYSTEM-MIB.mib file is obsolete. Use the SNMPv2-MIB to obtain
information from sysDescr.0 and sysObjec ID.0.
Table 5-2 lists MIB files included in the VMware MIB files package that are not created by VMware. These can
be used with the VMware MIB files to provide additional information.
VMware, Inc. 55
vSphere Basic System Administration
VMWARE-ROOT-MIB
The VMWARE-ROOT-MIB.mib file defines the VMware enterprise OID and top level OID assignments.
vmwSystem vmware 1
vmwVirtMachines vmware 2
vmwResources vmware 3
vmwProductSpecific vmware 4
vmwLdap vmware 40
vmwTraps vmware 50
vmwOID vmware 60
vmwareAgentCapabilities vmware 70
VMWARE-ENV-MIB
The VMWARE-ENV-MIB.mib defines variables and trap types used to report on the state of physical components
of the host computer.
n vmwEnvHardwareEvent, which is sent when an ESXi host has detected a material change in the physical
condition of the hardware.
n vmwESXEnvHardwareEvent, which is sent when an ESX host has detected a material change in the physical
condition of the hardware.
56 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
VMWARE-OBSOLETE-MIB
The VMWARE-OBSOLETE-MIB.mib file contains all previously published managed objects that have been made
obsolete. This file is provided to maintain compatibility with older versions of ESX/ESXi.
The variables defined in this file were originally defined in previous versions of the VMWARE-RESOURCES-MIB.mib
and VMWARE-TRAPS-MIB.mib files. Table 5-5 lists the variables defined in VMWARE-OBSOLETE-MIB.mib.
VMware, Inc. 57
vSphere Basic System Administration
58 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Table 5-6 lists the traps defined in VMWARE-OBSOLETE-MIB.mib. These traps were originally defined in VMWARE-
TRAPS-MIB.mib.
ESX/ESXi Traps
vmPoweredOn This trap is sent when a virtual machine is powered on from a suspended or powered off
state.
vmPoweredOff This trap is sent when a virtual machine is powered off.
vmHBLost This trap is sent when a virtual machine detects a loss in guest heartbeat. VMware Tools
must be installed in the guest operating system in order for this value to be valid.
vmHBDetected This trap is sent when a virtual machine detects or regains the guest heartbeat. VMware
Tools must be installed in the guest operating system in order for this value to be valid.
vmSuspended This trap is sent when a virtual machine is suspended.
VMware, Inc. 59
vSphere Basic System Administration
VMWARE-PRODUCTS-MIB
The VMWARE-PRODUCTS-MIB.mib file defines OIDs to uniquely identify each SNMP agent on each VMware
platform.
oidESX vmwOID 1
vmwESX vmwProductSpecific 1
vmwDVS vmwProductSpecific 2
vmwVC vmwProductSpecific 3
vmwServer vmwProductSpecific 4
VMWARE-RESOURCES-MIB
The VMWARE-RESOURCES-MIB.mib file defines variables used to report information on resource usage.
CPU Subtree
vmwCPU vmwResources 1 Defines the root OID for the subtree of variables
used to report CPU information.
vmwNumCPUs vmwCPU 1 The number of physical CPUs present on the
system.
Memory Subtree
vmwMemory vmwResources 2 Defines the root OID for the subtree of variables
used to report memory information.
vmwMemSize vmwMemory 1 Amount of physical memory present on the host (in
KB).
vmwMemCOS vmwMemory 2 Amount of physical memory allocated to the service
console (in KB). This variable does not apply to ESXi
hosts, which do not have a service console.
vmwMemAvail vmwMemory 3 The amount of memory available to run virtual
machines and to allocate to the hypervisor. It is
computed by subtracting vmwMemCOS from
vmwMemSize.
Storage Subtree
vmwStorage vmwResources 5 Defines the root OID for the subtree of variables
used to report memory information.
vmwHostBusAdapterNumber vmwStorage 1 The number of entries in the
vmwHostBusAdapterTable.
vmwHostBusAdapterTable vmwStorage 2 A table of Host Bus Adapters found in this host.
vmwHostBusAdapterEntry vmwHostBusAdapterTable 1 An entry in the Host Bus Adapter table holding
details for a particular adapter.
vmwHostBusAdapterIndex vmwHostBusAdapterEntry 1 An arbitrary index assigned to this adapter.
vmwHbaDeviceName vmwHostBusAdapterEntry 2 The system device name for this adapter.
60 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
VMWARE-SYSTEM-MIB
The VMWARE-SYSTEM-MIB.mib file provides variables for identifying the VMware software running on a managed
system by product name, version number, and build number.
VMWARE-TC-MIB
The VMWARE-TC-MIB.mib file provides common textual conventions used by VMware MIB files.
n unknown(1)
n chassis(2)
n powerSupply(3)
n fan(4)
n cpu(5)
n memory(6)
n battery(7)
n temperatureSensor(8)
n raidController(9)
n voltage(10)
n unknown(1)
n normal(2)
n marginal(3)
n critical(4)
n failed(5)
VMware, Inc. 61
vSphere Basic System Administration
VMWARE-VC-EVENT-MIB
The VMWARE-VC-EVENT-MIB.mib file provides definitions for traps sent by vCenter Server. These definitions were
provided by VMWARE-TRAPS-MIB.mib in earlier versions of VirtualCenter Server.
Table 5-11 lists the variables defined for the vCenter Server traps.
vmwVpxdTrapType vmwVC 301 The trap type of the vCenter Server trap.
vmwVpxdHostName vmwVC 302 The name of the affected host.
vmwVpxdVMName vmwVC 303 The name of the affected virtual machine.
vmwVpxdOldStatus vmwVC 304 The prior status.
vmwVpxdNewStatus vmwVC 305 The new status.
vmwVpxdObjValue vmwVC 306 The object value.
VMWARE-VMINFO-MIB
The VMWARE-VMINFO-MIB.mib file defines variables and traps for reporting virtual machine information.
62 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
vmwHbaTgtEntry vmwHbaTgtTable 1 A record for a specific storage disk. May change across
reboots.
vmwHbaTgtVmIdx vmwHbaTgtEntry 1 A number corresponding to the virtual machine’s index
(vmwVmIdx) in the vmwVmTable.
VMware, Inc. 63
vSphere Basic System Administration
vmwVmConfigFilePath vmwTraps 102 The configuration file of the virtual machine generating
the trap.
Table 5-13 lists the traps defined in VMWARE-VMINFO-MIB.mib. These traps were formely defined in VMWARE-TRAPS-
MIB.mib.
64 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
snmpInPkts snmp 1 The total number of messages delivered to the SNMP entity
from the transport service.
snmpInBadVersions snmp 3 The total number of SNMP messages that were delivered
to the SNMP entity and were for an unsupported SNMP
version.
snmpInBadCommunityNames snmp 4 The total number of community-based SNMP messages
delivered to the SNMP entity that used an invalid SNMP
community name.
snmpInBadCommunityUses snmp 5 The total number of community-based SNMP messages
delivered to the SNMP entity that represented an SNMP
operation that was not allowed for the community named
in the message.
snmpInASNParseErrs snmp 6 The total number of ASN.1 or BER errors encountered by
the SNMP entity when decoding received SNMP messages.
snmpEnableAuthenTraps snmp 30 Indicates whether the SNMP entity is permitted to generate
authenticationFailure traps. The value of this object
overrides any configuration information. It therefore
provides a means of disabling all authenticationFailure
traps.
snmpSilentDrops snmp 31 The total number of Confirmed Class PDUs delivered to
the SNMP entity that were silently dropped because the
size of a reply containing an alternate Response Class PDU
with an empty variable-bindings field was greater than
either a local constraint or the maximum message size
associated with the originator of the request.
snmpProxyDrops snmp 32 The total number of Confirmed Class PDUs delivered to
the SNMP entity that were silently dropped because the
transmission of the message to a proxy target failed in a
manner other than a time-out such that no Response Class
PDU could be returned.
The following task describes how to access and view system logs.
Procedure
1 From the Home page of a vSphere Client connected to either a vCenter Server system or an ESX/ESXi host,
click System Logs.
2 From the drop-down menu, select the log and entry you want to view.
VMware, Inc. 65
vSphere Basic System Administration
NOTE On Windows systems, several log files are stored in the Local Settings directory, which is located at C:
\Documents and Settings\<user name>\Local Settings\. This folder is hidden by default.
Virtual Machine log file vmware.log in the same directory as the .vmx file for the virtual machine
Table 5-16 lists log files associated with the vSphere Client machine.
66 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
vSphere Client \vpx directory in the Application Data directory on the vSphere Client machine.
Service log Example: C:\Documents and Settings\<user name>\Local Settings\Application Data
\vpx\viclient-x.log or C:\Users\<user name>\Local Settings\Application Data\vpx
\viclient-x.log
x(=0, 1, ... 9)
Table 5-17 lists log files associated with VMware Server hosts.
If you encounter problems with the VMware Virtual Machine console on a remote vSphere
Client, please submit a support request and this log file.
Run the support script or save the log file before you launch the failed virtual machine
again.
Linux <virtual_machine_name>/<virtual_machine_name>.vmx
Located in the folder where virtual machines are stored.
VMware, Inc. 67
vSphere Basic System Administration
On an ESXi host, you can use the vSphere Client or the vSphere CLI command vicfg-syslog to configure the
following options:
Log file path Specifies a datastore path to a file in which syslogd logs all messages.
Remote host Specifies a remote host to which syslog messages are forwarded. In order to
receive the forwarded syslog messages, your remote host must have a syslog
service installed and correctly configured. Consult the documentation for the
syslog service installed on your remote host for information on configuration.
Remote port Specifies the port on which the remote host receives syslog messages.
You cannot use the vSphere Client or vicfg-syslog to configure syslog behavior for an ESX host. To configure
syslog for an ESX host, you must edit the /etc/syslog.conf file.
For more information on vicfg-syslog, see the vSphere Command-Line Interface Installation and Reference
Guide.
Procedure
5 In the Syslog.Local.DatastorePath text box, enter the datastore path for the file to which syslog will log
messages.
The datastore path should be of the form [<datastorename>] </path/to/file>, where the path is relative to the
root of the volume backing the datastore. For example, the datastore path [storage1] var/log/messages
would map to the path /vmfs/volumes/storage1/var/log/messages.
6 In the Syslog.Remote.Hostname text box, enter the name of the remote host to which syslog data will be
forwarded.
7 In the Syslog.Remote.Port text box, enter the port on the remote host to which syslog data will be
forwarded.
By default, this option is set to 514, which is the default UDP port used by syslog. Changes to this option
take effect only if Syslog.Remote.Hostname is configured.
8 Click OK.
When you export log file data, the vm-support script creates a file of the selected data and stores it in a location
you specify. The default file type is .txt if no other extension is specified. The file contains Type, Time, and
Description.
68 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Procedure
1 From the vSphere Client connected to a vCenter Server system or ESX/ESXi host, select Administration >
Export Diagnostic Data.
2 If the vSphere Client is connected to a vCenter Server system, specify the host whose logs you want to
export and the location for storing the log files.
3 If the vSphere Client is connected to an ESX/ESXi host, specify the location for the log files.
4 Click OK.
Procedure
4 Click OK.
Procedure
n To view the viclient-*.log files, change to the directory, %temp%.
n If you are running the vSphere Client connected to a vCenter Server system, download the log bundle.
The log bundle is generated as a .zip file. By default, the vpxd logs within the bundle are compressed
as .gz files. You must use gunzip to uncompress these files.
n From the vCenter Server system, select Start > Programs > VMware > Generate vCenter Server log
bundle.
You can use this to generate vCenter Server log bundles even when you are unable to connect to the
vCenter Server using the vSphere Client.
The log bundle is generated as a .zip file. By default, the vpxd logs within the bundle are compressed
as .gz files. You must use gunzip to uncompress these files.
Procedure
u Run the following script on the service console: /usr/bin/vm-support
VMware, Inc. 69
vSphere Basic System Administration
Procedure
More serious problems in the VMkernel can freeze the machine without an error message or core dump.
70 VMware, Inc.
Managing the vSphere Client
Inventory 6
The topics in this section describe how to manage the objects in your vSphere environment.
The views and capabilities displayed vary depending on whether the vSphere Client is connected to a vCenter
Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to all kinds of
vSphere Client connections.
Each object in the vSphere Client has a particular place in the overall object hierarchy. An object’s position in
the hierarchy is determined by the object’s functionality.
An object's name must be unique with its parent. vApp names must be unique within the Virtual Machines
and Templates view.
Root folder In vCenter Server only. Child objects are datacenters or subfolders. The root
folder is set as a default for every vCenter Server system. You can change the
name, but not add or remove it.
In a vCenter Server Connected Group, there is one root folder for each vCenter
Server system in the group. The name of the root folder is the name of the
vCenter Server system which it represents.
Folders In vCenter Server only. Child objects are datacenters, hosts, clusters,
networking objects, datastores, virtual machines, templates, or subfolders.
VMware, Inc. 71
vSphere Basic System Administration
Datacenters In vCenter Server only. A datacenter contains folders, clusters, hosts, networks,
datastores and virtual machines. All actions taken upon managed hosts and
virtual machines are applied within their datacenter. Within a datacenter, you
can monitor and manage virtual machines separately from their hosts and use
VMotion.
Clusters In vCenter Server only. Child objects are hosts, virtual machines, or resource
pools.
Hosts Child objects of hosts are virtual machines or resource pools. Hosts are ESX/
ESXi systems. The term host refers to the virtualization platform that is the host
to one or more virtual machines. A host object is the default top structure for
a standalone ESX/ESXi machine.
When the vCenter Server system is connected to the vSphere Client, all ESX/
ESXi systems registered with vCenter Server are referred to as hosts. ESX/ESXi
systems directly connected to the vSphere Client are referred to as standalone
hosts.
Resource pools Child objects of resource pools are virtual machines or other resource pools.
Resource pools are available on ESX/ESXi hosts as well as through vCenter
Server systems.
Virtual machines Located within a host, virtual disks on a datastore, associated within a cluster
or resource pool. Can be listed as a child object to hosts, clusters, or resource
pools. Can be moved between hosts or clusters. When adding to a cluster or
resource pool, you must specify or have in the cluster or resource pool a
designated target host.
Templates A template is a master copy of a virtual machine that can be used to create and
provision new virtual machines.
Networks In vCenter Server only. Child object to datacenters and network folders. There
are two types of networks: vNetwork Standard Switches (vSwitches) and
vNetwork Distributed Switches. vNetwork Standard Switches are associated
with a single host and are discovered when hosts are added to the vSphere
environment. You can add and remove vNetwork Standard Switches through
the vSphere Client. vNetwork Distributed Switches span multiple hosts. You
can add and remove vNetwork Distributed Switches through the vSphere
Client.
Datastores In vCenter Server only. Child object to datacenters and datastore folders.
Datastores are logical containers that hold virtual disk files and other files
necessary for virtual machine operations. Datastores exist on different types of
physical storage devices, including local storage, iSCSI and Fibre Channel
SANs, and NFS. You create datastores by formatting storage devices or by
mounting NFS volumes on your host. In addition, you can add a host with
existing datastores to the inventory.
Libraries Central repositories for virtual machine provisioning media such as virtual
machine templates, ISO images, floppy images, VMDK files, guest
customization files, and so on.
72 VMware, Inc.
Chapter 6 Managing the vSphere Client Inventory
You can view the relationships between inventory objects relationships in the following ways:
Using the Maps feature Shows the inventory object relationships in graphical form.
Clicking an object in the Provides a list of tabbed content that lists related objects.
inventory For example, a datastore has a virtual machine tab that lists the virtual machines
that use the datastore. There is also a host tab that list the hosts that can access
the datastore.
Selecting Hosts and Provides a view of the set of virtual machines that run on a particular host,
Clusters from the Home cluster, or resource pool. Each object has a tab that displays all the virtual
page machines associated or contained within it.
When you view the hosts and clusters page, virtual machine folders are not
displayed. Because virtual machine names are unique within virtual machine
folders, you might see more than one virtual machine with the same name. To
view virtual machines as they are arranged in the folder hierarchy, use the VMs
and Templates view.
Selecting VMs and Displays all virtual machines and templates. Through this view you can
Templates from the organize virtual machines into folder hierarchies.
Home page
Selecting Datastores Displays all datastores in the datacenter. Through this view you can organize
from the Home page datastores into arbitrary folder hierarchies.
Selecting Networking Displays all abstract network devices, called vSwitches and vNetwork
objects from the Home Distributed Switches. Through this view you can organize networking devices
page into arbitrary folder hierarchies.
Procedure
1 From the vSphere Client, right-click the parent object in the inventory.
2 Select New <Object>, where <Object> is a folder, datacenter, cluster, resource pool, host, or virtual machine.
VMware, Inc. 73
vSphere Basic System Administration
Procedure
1 From the vSphere Client, right-click the parent object in the inventory.
2 Select New <Object>, where <Object> is a folder, datacenter, cluster, resource pool, host, or virtual machine.
You cannot move the root folder. If you connect directly to a host using the vSphere Client, you cannot move
the host.
When you remove an object (such as a folder, datacenter, cluster, or resource pool) from the inventory, vCenter
Server does the following:
n Removes all of the object’s child inventory objects.
n Removes all the tasks and alarms associated with the object.
n Returns all processor and migration licenses assigned to the object to available status.
n If the object is a host, ceases to manage the object’s virtual machines, but allows them to remain on the
host.
NOTE Removing a virtual machine from the inventory does not delete it from its datastore.
74 VMware, Inc.
Chapter 6 Managing the vSphere Client Inventory
Procedure
1 From the vSphere Client, right-click the object and select Remove.
2 In the confirmation dialog box that appears, confirm that you want to remove the object.
To use the Datastore Browser, you need to have a role with the Browse Datastore privilege.
You can use the Datastore Browser to:
n View or search the contents of a datastore.
n Add a virtual machine or template stored on a datastore to the vSphere Client inventory.
n Copy or move files from one location to another, including to another datastore.
n Upload a file or folder from the client computer to a datastore.
n Download a file from a datastore to the client computer.
n Delete or rename files on a datastore.
The Datastore Browser operates in a manner similar to file system applications like Windows Explorer. It
supports many common file system operations, including copying, cutting, and pasting files. The Datastore
Browser does not support drag-and-drop operations.
You can download virtual disks from a datastore to local storage, but you cannot upload virtual disks from
local storage to a datastore, because the disk format cannot be verified during the upload.
VMware, Inc. 75
vSphere Basic System Administration
76 VMware, Inc.
Managing Hosts in vCenter Server 7
To access the full capabilities of your hosts and to simplify the management of multiple hosts, you should
connect your hosts to a vCenter Server system.
For information on configuration management of ESX/ESXi hosts, see the ESX Configuration Guide or ESXi
Configuration Guide.
The views and capabilities displayed vary depending on whether the vSphere Client is connected to a vCenter
Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to all kinds of
vSphere Client connections.
About Hosts
A host is a virtualization platform that supports virtual machines. A vCenter Server managed host is a host
that is registered with vCenter Server.
The task of managing a host is accomplished through the vSphere Client. This vSphere Client can be connected
either directly to an ESX/ESXi host or indirectly to hosts through a connection to a vCenter Server system.
When ESX/ESXi hosts are connected to the vSphere Client directly, you manage them individually as
standalone hosts. Most of the host configuration and virtual machine configuration features still apply.
Features that require multiple hosts, such as migration with VMotion of a virtual machine from one host to
another, are not available through the standalone host connection.
VMware, Inc. 77
vSphere Basic System Administration
When ESX/ESXi hosts are managed by vCenter Server, they are added to the vSphere environment through a
vSphere Client connected to a vCenter Server system. Managed hosts are hierarchically placed in datacenters,
folders, or clusters under the root vCenter Server system.
CAUTION If an ESX/ESXi host is connected with a vCenter Server system and you attached a vSphere Client
to manage the ESX/ESXi host directly, you receive a warning message but are allowed to proceed. This might
result in conflicts on the host, especially if the host is part of a cluster. This action is strongly discouraged.
All virtual machines on managed hosts are discovered and imported into vCenter Server. When you add
multiple managed hosts, vCenter Server identifies any naming conflicts that exist between virtual machines
and alerts the system administrator, who can then rename virtual machines as necessary.
When vCenter Server connects to a managed host, it does so as a privileged user. The individual vSphere Client
user does not necessarily need to be an administrative user on the managed host.
Add a Host
To manage ESX/ESXi hosts using vCenter Server, you must add the hosts to the vSphere environment through
the vSphere Client.
When you add a host, vCenter Server discovers and adds all the virtual machines contained within that
managed host to the environment.
NOTE If you are connecting your vSphere Client to an ESX/ESXi host directly, the tasks in this section do not
apply.
Procedure
1 In the vSphere Client, display the inventory and select the cluster where you will add the host.
a Type the name or IP address of the managed host in the Host name field.
b Enter the Username and Password for a user account that has administrative privileges on the selected
managed host.
vCenter Server uses the root account to log in to the system and then creates a special user account.
vCenter Server then uses this account for all future authentication.
4 (Optional) Select Enable Lockdown Mode to disable remote access for the administrator account after
vCenter Server takes control of this host.
This option is available for ESXi hosts only. Selecting this check box ensures that the host is managed only
through vCenter Server. Certain limited management tasks can be performed while in lockdown mode
by logging into the local console on the host.
78 VMware, Inc.
Chapter 7 Managing Hosts in vCenter Server
6 Select whether to assign a new or existing license key to the host and click Next.
8 Click Next.
9 Click Finish.
Procedure
1 In the vSphere Client, display the inventory and select the datacenter or folder where you will add the
host.
a Type the name or IP address of the managed host in the Host name field.
b Enter the Username and Password for a user account that has administrative privileges on the selected
managed host.
vCenter Server uses the root account to log in to the system and then creates a special user account.
vCenter Server then uses this account for all future authentication.
4 (Optional) Select Enable Lockdown Mode to disable remote access for the administrator account after
vCenter Server takes control of this host.
This option is available for ESXi hosts only. Selecting this check box ensures that the host is managed only
through vCenter Server. Certain limited management tasks can be performed while in lockdown mode
by logging into the local console on the host.
6 Select whether to assign a new or existing license key to the host and click Next.
7 Select the location for the host's virtual machines and click Next.
Select a virtual machine folder, or the datacenter itself if you do not want to place the virtual machines
into a folder.
8 Click Finish.
VMware, Inc. 79
vSphere Basic System Administration
After you dismiss the Add Host wizard, vCenter Server finishes the process of adding a host by performing
the following steps.
1 Searches the network for the specified managed host and identifies all the virtual machines on the managed
host.
2 Connects to the managed host.
If the wizard cannot connect to the managed host, the managed host is not added to the inventory.
If the host is already being managed by another vCenter Server system, vCenter Server displays a message.
If the vCenter Server can connect to the managed host, but for some reason cannot remain connected, the
host is added, but is in a disconnected state.
4 Reads the number of processors on the managed host and allocates the appropriate number of licenses.
The number of processors is stored in the vCenter Server database and is verified upon each managed
host reconnection and vCenter Server system startup.
If it is not, and the managed host version can be upgraded, vCenter Server prompts you to perform an
upgrade.
The managed host and its associated virtual machines remain in the vCenter Server inventory. By contrast,
removing a managed host from vCenter Server removes the managed host and all its associated virtual
machines from the vCenter Server inventory.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to disconnect.
2 Right-click the host and select Disconnect from the pop-up menu.
If the managed host is disconnected, the word “disconnected” is appended to the object name in
parentheses, and the object is dimmed. All associated virtual machines are similarly dimmed and labeled.
80 VMware, Inc.
Chapter 7 Managing Hosts in vCenter Server
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to reconnect.
2 Right-click the host and select Connect from the pop-up menu.
When the managed host’s connection status to vCenter Server is changed, the statuses of the virtual
machines on that managed host are updated to reflect the change.
If vCenter Server fails to decrypt a host password, the host is disconnected from vCenter Server. You must
reconnect the host and supply the login credentials, which will be encrypted and stored in the database using
the new certificate.
You can remove hosts from a cluster by selecting them in the inventory and dragging them to a new location
within the inventory. The new location can be a folder as a standalone host or another cluster.
Prerequisites
Before you can remove a host from a cluster, you must power off all virtual machines that are running on the
host, or migrate the virtual machines to a new host using VMotion.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
2 Right-click the appropriate managed host icon in the inventory panel, and select Enter Maintenance Mode
from the pop-up menu.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
4 Select the host icon in the inventory panel, and drag it to the new location.
The host can be moved to another cluster or another datacenter. When the new location is selected, a blue
box surrounds the cluster or datacenter name.
5 Right-click the host, and select Exit Maintenance Mode from the pop-up menu.
VMware, Inc. 81
vSphere Basic System Administration
Historical data for removed hosts remains in the vCenter Server database.
Removing a managed host differs from disconnecting the managed host from vCenter Server. Disconnecting
a managed host does not remove it from vCenter Server; it temporarily suspends all vCenter Server monitoring
activities. The managed host and its associated virtual machines remain in the vCenter Server inventory.
Removing a managed host from vCenter Server does not remove the virtual machines from the managed host
or datastore. It removes only vCenter Server’s access to the managed host and virtual machines on that
managed host.
Figure 7-1 illustrates the process for removing a managed host from vCenter Server. In the example here, notice
the lost link between vCenter Server and the removed managed host, while the managed host files remain on
the datastore.
Figure 7-1. Removing a Host
1. Registered host and virtual machines
host A
VM1
VM2 VM1.dsk
VM2.dsk
vCenter
host B VM3.dsk
VM3
VM4.dsk
VM4
shared datastore
host A
VM1
vCenter
VM2 VM1.dsk
VM2.dsk
host B VM3.dsk
VM3
VM4.dsk
VM4
shared datastore
If possible, remove managed hosts while they are connected. Removing a disconnected managed host does
not remove the vCenter Server agent from the managed host.
82 VMware, Inc.
Chapter 7 Managing Hosts in vCenter Server
Prerequisites
Make sure NFS mounts are active. If NFS mounts are unresponsive, the operation fails.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
2 (Optional) If the host is part of a cluster, you must put it in maintenance mode.
a Right-click the managed host in the inventory and select Enter Maintenance Mode from the pop-up
menu.
b On the confirmation dialog, click Yes.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
3 Right-click the appropriate host in the inventory panel, and select Remove from the pop-up menu.
4 In the confirmation dialog that appears, click Yes to remove the managed host.
vCenter Server removes the managed host and associated virtual machines from the vCenter Server
environment. vCenter Server then returns the status of all associated processor and migration licenses to
available.
The host health monitoring tool allows you to monitor the health of a variety of host hardware components
including:
n CPU processors
n Memory
n Fans
n Temperature
n Voltage
n Power
n Network
n Battery
n Storage
n Cable/Interconnect
n Software components
n Watchdog
n Other
The host health monitoring tool presents data gathered using Systems Management Architecture for Server
Hardware (SMASH) profiles. The information displayed depends on the sensors available on your server
hardware.
You can monitor a host’s health status either by connecting the vSphere Client directly to a host, or by
connecting to a vCenter Server system. You can also set alarms to trigger when the host health status changes.
VMware, Inc. 83
vSphere Basic System Administration
When you are connected to a host through vCenter Server, you must use the Hardware Status tab rather than
the Configuration tab to monitor the host health.
If a component is functioning normally, the status indicator is green. The status indicator changes to yellow
or red if a system component violates a performance threshold or is not functioning properly. Generally, a
yellow indicator signifies degraded performance. A red indicator signifies that a component stopped operating
or exceeded the highest threshold.
The Reading column displays the current values for the sensors. For instance, the column displays rotations
per minute (RPM) for fans and degrees Celsius for temperature.
Procedure
1 Log in to the host using the vSphere Client, and select the host in the inventory.
The sensor data appears in a tree. The root of the tree displays the overall host health status.
When you are connected to a host through vCenter Server, you must use the Hardware Status tab rather than
the Configuration tab to monitor the host health.
Procedure
1 Log in to a vCenter Server system using the vSphere Client, and display the Hosts and Clusters view in
the inventory.
2 Select the host in the inventory and click the Hardware Status tab.
84 VMware, Inc.
Chapter 7 Managing Hosts in vCenter Server
Procedure
u Take the appropriate action based on the observed problem.
Problem Action
The Hardware Status tab is not Select Plug-ins > Plug-in Manager and verify that the Hardware Status plug-
visible in the vSphere Client. in is enabled.
The Hardware Status tab displays This error appears when the client system is unable to resolve the domain
the following error message: the name of the vCenter Server system. Either fix the domain name resolution
remote name could not be problem, or edit the file C:\Program Files\VMware\Infrastructure
resolved <SERVER-NAME> where \VirtualCenter Server\extensions\cim-ui\extensions.xml on the
<SERVER-NAME> is the domain vCenter Server system and replace the vCenter Server domain name with its
name of the vCenter Server system. IP address.
The Hardware Status tab displays a Your Internet Explorer security settings are set too high. To change the
security alert. security settings:
a Launch Internet Explorer.
b Select Tools > Internet Options.
c Click the Security tab.
d Select the Local intranet Web content zone.
e Click Custom Level.
f Underneath Allow scripting of Internet Explorer Webbrowser
control, select Enable.
g Click OK to close the Security Settings dialog box, and click OK to close
the Internet Options dialog box.
VMware, Inc. 85
vSphere Basic System Administration
86 VMware, Inc.
Virtual Machine Management
VMware, Inc. 87
vSphere Basic System Administration
88 VMware, Inc.
Consolidating the Datacenter 8
VMware vCenter Guided Consolidation, recommended for smaller IT environments, enables you to streamline
your datacenter by moving business applications, spread across multiple disparate physical systems, into a
centrally managed virtual environment. Use the consolidation feature to start building your virtual
environment, or to further consolidate your datacenter as it grows.
Multiple virtual machines can be hosted on a single physical system, enabling more efficient use of computing
resources. Consolidating your datacenter involves the following process:
Find You search for and select the physical systems in your datacenter that you want
analyzed.
Analyze Selected physical systems are analyzed and performance data on each selected
system is collected. Generally, the longer the duration of the analysis phase,
the higher the confidence in the vCenter Server’s recommendations.
Consolidate Performance data is compared to the resources available on the virtual machine
host systems. The selected physical systems are converted to virtual machines
and imported into vCenter Server on the recommended hosts where they are
managed along with other components of your virtual environment.
VMware, Inc. 89
vSphere Basic System Administration
Default system credentials enable you to store a set of credentials so that you do not have to enter them each
time you add systems for analysis. You can override default credentials when necessary.
Active domains enable you to register domains with the Consolidation feature. Active domains are scanned
daily so that newly added systems are readily available.
Consolidation Prerequisites
Guided Consolidation requires that at least one host is managed through vSphere. It also requires that you
provide credentials to the target physical systems.
Guided Consolidation can convert systems that are configured to any locale. Before you use the feature, ensure
that the following prerequisites are met:
General Requirements
n The following operating systems on systems targeted for analysis are supported:
n Windows 2000 Professional/Server/Advanced
n Windows XP Professional (32 bit and 64 bit)
90 VMware, Inc.
Chapter 8 Consolidating the Datacenter
Network Connections
The Guided Consolidation server must have access to the ports listed in the Table 8-1.
VMware, Inc. 91
vSphere Basic System Administration
92 VMware, Inc.
Chapter 8 Consolidating the Datacenter
vCenter Collector Discovers domains and systems within domains. Collects performance data on
Service those systems.
vCenter Provider Helper service to vCenter Collector Service. Communicates with target systems
Service and passes the data back to vCenter Collector Service.
The Configuration tab displays name, location, and health of Consolidation services. It also enables you to
configure the following settings:
Default system Used by Guided Consolidation to access target physical systems. If necessary,
credentials the default credentials can be overridden.
Active Domains Guided Consolidation automatically scans active domains and caches
information about the systems in them. This information is updated daily. If
you intend to add systems for analysis by selecting them from a domain, you
must specify the domain as Active.
Procedure
1 Click Change in the Default System Credentials area of the Configuration tab.
VMware, Inc. 93
vSphere Basic System Administration
VMware recommends that you leave domains where new systems are frequently added as Active and that
you remove domains that do not frequently change after their information has been cached. Because scanning
active domains is resource intensive, VMware also recommends that no more than 50 domains are
simultaneously active.
NOTE In some cases it can take the system several hours to collect a domain's containment information.
Procedure
1 From the vSphere Client Home page, select Guided Consolidation > Configuration.
4 Click OK.
You can add systems manually by entering a computer name, IP address or range of IP addresses, or file name.
Alternatively, you can select a domain - it must be active - and select systems found within that domain. You
can analyze up to 100 systems simultaneously.
NOTE After adding a system for analysis, it can take up to one hour before the status of the newly added
system changes from Collecting System Information to Analyzing.
Procedure
Option Description
Manually specify the computers Provide computer names, IP addresses, a range of IP addresses, or path to a
file that contains the computer names or IP addresses of the systems you
want according to the following rules:
n Separate multiple computer names, or IP address, with a comma.
n Multiple IP ranges are not permitted.
n If you chose to use a file, each computer name or IP address must be on
a separate line in the file. The file must be accessible to the vSphere Client.
Select the computers by domains Select the systems you want to analyze.
4 Select whether you want to use the configured default credentials, or whether you want to supply a
different set of credentials.
If you chose to override the default credentials, ensure that you enter a domain-qualified user name (for
example, DOMAIN\username) and password.
5 Click OK.
94 VMware, Inc.
Chapter 8 Consolidating the Datacenter
The recommendation indicates how well suited, based on the collected data, a candidate is to a particular
virtual machine host system. Confidence refers to the reliability of the recommendation and it is a function of
the duration of the analysis. Recommendations based on longer periods of analysis – and therefore more
performance data – receive a higher level of confidence.
NOTE After 24 hours of analysis, vCenter Server indicates a high level of confidence in its recommendations.
However, this can be misleading if a system’s workload varies significantly over weeks or months. To ensure
a high level of confidence in a recommendation, allow the duration of the analysis phase to encompass an
amount of time that includes representative peaks and troughs in the systems’ workload. Analysis can run up
to one month.
VMware, Inc. 95
vSphere Basic System Administration
The option to convert systems manually is available only if the VMware Converter Enterprise Client is installed
and enabled on your vSphere Client. You can verify whether VMware Converter Enterprise Client is installed
and enabled through the Plug-in Manager.
Procedure
1 In the Analysis tab, right-click on a system and select Convert to Virtual Machine > Manually.
Procedure
1 In the Analysis tab, select the systems you want to consolidate and click Plan Consolidation.
2 Select a system.
3 (Optional) Change the name displayed in the Physical Computer column by double-clicking it and
entering a new name.
Your entry will be used as the name for the resultant virtual machine.
4 (Optional) Change destinations, if alternative destinations are available, by clicking in the Destinations
column and selecting a destination from the drop-down menu.
The number of stars displayed in the Destination Rating column indicate the degree to which the host
system can comfortably accommodate the estimated resource needs of the resultant virtual machine.
5 Click Consolidate.
What to do next
You can view task progress in the Recent Tasks pane. You view additional information about the task in the
Tasks tab.
Recent tasks are displayed in the Recent Tasks pane. The Tasks tab lists all consolidation tasks. You can view
detailed information about a task by selecting it. Information about events related to the selected task are
displayed in the Task Details pane.
You can filter the list of tasks by entering criteria in the search field and selecting any combination of the
following:
n Name
n Target
n Status
n Initiated by
96 VMware, Inc.
Chapter 8 Consolidating the Datacenter
n Start Time
n Complete Time
Troubleshooting Consolidation
The topics in this section contain information about identifying and solving problems with Guided
Consolidation.
Problem
Although up to 100 systems can be simultaneously analyzed, you might notice performance issues on the
vCenter Server that are due to running Guided Consolidation.
Cause
Analysis is resource intensive and can negatively impact vCenter Server performance.
Solution
Reduce the number of systems that are being analyzed. If necessary, you can either disable Guided
Consolidation or uninstall the Guided Consolidation Service. If you disable Guided Consolidation, collected
data is preserved and no further data is collected. If you uninstall the Guided Consolidation Service, the data
that has been collected will no longer be usable.
Problem
Windows systems that match all of the following conditions will not be discovered by Guided Consolidation
and will not be listed as candidates for analysis:
n The system is not listed in Microsoft Windows Network. The following commands do not list the system:
NET VIEW
NET VIEW /DOMAIN:<the Workgroup or Domain the system belongs to>
n The system is listed in Active Directory but does not have the operatingSystem attribute defined. This can
happen if the system never synchronizes with the Active Directory to which it belongs or was improperly
configured.
Solution
n Enable the Computer Browser service on the machine where Guided Consolidation is installed and on
the systems that are not discovered.
n Ensure that the Log On As credentials for VMware vCenter Collector Provider Service met the
prerequisites as mentioned in “Consolidation Prerequisites,” on page 90.
n Manually enter the static IP address of the target system.
VMware, Inc. 97
vSphere Basic System Administration
Problem
The default settings for some configurations of Windows XP, Windows Vista, and Windows Server 2008
prevent Guided Consolidation from collecting performance data against systems with those operating systems.
n The system is not listed in Microsoft Windows Network. The following commands do not list the system:
NET VIEW
NET VIEW /DOMAIN:<the Workgroup or Domain the system belongs to>
n The system is listed in Active Directory but does not have the operatingSystem attribute defined. This can
happen if the system never synchronizes with the Active Directory to which it belongs or was improperly
configured.
Solution
1 Set the Guided Consolidation target systems' Network access: Sharing and security model for local
accounts option to Classic - local users authenticate as themselves
4 In the left pane, select one of the following depending on which command you ran in the previous step:
a (gpedit.msc) Local Computer Policy > Computer Configuration > Windows Settings > Security
Settings > Local Policies > Security Options
b (secpol.msc) Security Settings > Local Policies > Security Options > Double-click on Network
access: Sharing and security model for local accounts.
c Double-click on Network access: Sharing and security model for local accounts. Ensure that Classic
- local users authenticate as themselves is selected.
Problem
The list of available domains remains empty for Guided Consolidation installed on Windows Server 2008 and
Windows Vista.
Cause
Some configurations of Windows Vista and Windows Server 2008 prevent Guided Consolidation from
discovering LAN Manager Workgroups. The Link-layer discovery protocol (LLDP), introduced in Windows
2008 Server, is not backward compatible with LAN Manager-based protocols and can not discover machines
with earlier operating systems if those systems do not have the appropriate drivers installed. Additionally,
Guided Consolidation does not use LLDP to perform discovery and will not find systems that can only be
discovered through that protocol, or when the Computer Browser Windows Service is not running.
98 VMware, Inc.
Chapter 8 Consolidating the Datacenter
Solution
Ensure that the Computer Browser Windows Service is enabled on the Windows Vista or Windows Server
2008 system where Guided Consolidation is installed and that it is also enabled on all systems to be discovered.
Alternatively, manually enter the static IP address of the system to be analyzed.
Problem
Temporary network errors can sometimes cause Guided Consolidation to stop analysis on one or more systems,
even when the systems are reachable.
Solution
Right-click on the affected systems and select Resume Analysis.
Procedure
1 On the Guided Consolidation host system, open the Services control panel.
2 Stop theVMware vCenter Management Webservices (applicable when Guided Consolidation and
vCenter Server are not collocated), the VMware Collector for vCenter, and the VMware Provider for
vCenter services.
Procedure
CAUTION Do not uninstall the vCenter Collector Service alone. Doing so prevents Guided Consolidation from
operating and will require that you perform a clean installation of Guided Consolidation, which will delete
existing Guided Consolidation data.
VMware, Inc. 99
vSphere Basic System Administration
Deploying an OVF template allows you to add pre-configured virtual machines to your vCenter Server or ESX/
ESXi inventory. Deploying an OVF template is similar to deploying a virtual machine from a template.
However, you can deploy an OVF template from any local file system accessible from the vSphere Client
machine, or from a remote web server. The local file systems can include local disks (such as C:), removable
media (such as CDs or USB keychain drives), and shared network drives.
Exporting OVF templates allows you to create virtual appliances that can be imported by other users. You can
use the export function to distribute pre-installed software as a virtual appliance, or as a means of distributing
template virtual machines to users, including users who cannot directly access and use the templates in your
vCenter Server inventory.
About OVF
OVF is a file format that allows for exchange of virtual appliances across products and platforms.
NOTE To import a virtual machine that was created by another VMware product and is not in OVF format,
use the VMware vCenter Converter module. See the VMware Converter Enterprise for vCenter Server
documentation for more information.
Procedure
Option Description
Deploy from File Browse your file system for an OVF or OVA template.
Deploy from URL Specify a URL to an OVF template located on the internet. Example: http://
vmware.com/VMTN/appliance.ovf
4 If license agreements are packaged with the OVF template, the End User License Agreement page appears.
Agree to accept the terms of the licenses and click Next.
5 (Optional) Edit the name and select the folder location within the inventory where the vApp will reside.
Click Next.
6 Select the deployment configuration from the drop-down menu and click Next.
The option selected typically controls the memory settings, number of CPUs and reservations, and
application-level configuration parameters.
NOTE This page of the wizard is only shown if the OVF template contains deployment options.
7 Select the host or cluster on which you want to deploy the OVF template and click Next.
8 Select the host on which you want to run the deployed OVF template, and click Next.
This page is only shown if the destination is a resource pool associated with a cluster with DRS disabled
or in manual mode.
9 Navigate to, and select the resource pool where you want to run the OVF template and click Next.
This page is only displayed if resource pools or clusters are configured on the host.
10 Select a datastore to store the OVF template file, and click Next.
Datastores are a unifying abstraction for storage locations such as Fibre Channel, iSCSI LUNs, or NAS
volumes. On this page, you select from datastores already configured on the destination cluster or host.
The virtual machine configuration file and virtual disk files are stored on the datastore. Select a datastore
large enough to accommodate the virtual machine and all of its virtual disk files.
11 For each network specified in the OVF template, select a network by right-clicking the Destination
Network column in your infrastructure to set up the network mapping and click Next.
12 On the IP Allocation page, configure how IP addresses are allocated for the virtual appliance and click
Next.
Option Description
Fixed You will be prompted to enter the IP addresses in the Appliance Properties
page.
Transient IP addresses are allocated from a specified range when the appliance is
powered on. The IP addresses are released when the appliance is powered
off.
DHCP A DHCP server is used to allocate the IP addresses.
This page is not shown if the deployed OVF template does not contain information about the IP scheme
it supports.
The set of properties that you are prompted to enter depend on the selected IP allocation scheme. For
example, you are prompted for IP related information for the deployed virtual machines only in the case
of a fixed IP allocation scheme.
The progress of the import task appears in the vSphere Client Status panel.
To get to the Virtual Appliance Marketplace page, select File > Browse VA Marketplace from the main menu.
Procedure
u Select an available vApp and click Download Now
Procedure
1 Select the virtual machine or vApp and select File > Export > Export OVF Template.
NOTE When exporting an OVF template with a name that contain asterisk (*) characters, those
characters turn into underscore characters (_).
b Enter the Directory location where the exported virtual machine template is saved, or click “...” to
browse for the location.
c In the Optimized for field, determine how you want to store the files.
Select Web (OVF) to store the OVF template as a set of files (.ovf, .vmdk, and .mf) This format is
optimal if you plan to publish the OVF files on a web server or image library. The package can be
imported, for example, into the vSphere client by publishing the URL to the .ovf file.
Select Physical Media (OVA) to package the OVF template into a single .ova file. This might be
convenient to distribute the OVF package as a single file if it needs to be explicitly downloaded from
a web site or moved around using a USB key.
d (Optional) To create a new folder for the OVF file, select the Create folder for OVF template checkbox.
n C:\OvfLib\MyVm.mf
n C:\OvfLib\MyVm-disk1.vmdk
By default, the text from the Notes pane on the virtual machine’s Summary tab appears in this text
box.
A vApp is a container, like a resource pool and can contain one or more virtual machines. In addition, a vApp
also shares some functionality with virtual machines. A vApp can power on and power off, and can also be
cloned.
In the vSphere client, a vApp is both represented in the Host and Clusters view and the VM and Template
view. Each view has a specific summary page with the current status of the service and relevant summary
information, as well as operations on the service.
NOTE The vApp metadata resides in the vCenter Server's database, so a vApp can be distributed across multiple
ESX/ESXi hosts. This information can be lost if the vCenter Server database is cleared or if a standalone ESX/
ESXi host that contains a vApp is removed from vCenter Server. You should back up vApps to an OVF package
in order to avoid losing any metadata.
Create a vApp
After you create a datacenter and add a clustered DRS-enabled host to your vCenter Server system, you can
create a vApp.
Procedure
Procedure
u Select File > New > vApp to open the New vApp wizard.
The name can be up to 80 characters long. This name must be unique within the folder. .
Procedure
1 On the Name and Folder page, enter a name for the vApp.
If you are creating a vApp from within another vApp, the vApp Inventory Location selection is
unavailable.
3 Click Next.
NOTE This step does not appear if you create a vApp from a host, cluster, resource pool, or another vApp
within the inventory.
Procedure
1 On the Destination page, select a host, cluster, or resource pool where this vApp will run and click Next.
If you selected a DRS-enabled cluster and the cluster is in DRS manual mode, select the host as the
destination for the vApp.
The message in the Compatibility panel indicates whether the validation for this destination succeeded
or if a specific requirement was not met.
2 Click Next.
Procedure
1 In the Resource Allocation page, allocate CPU and memory resources for this vApp.
2 Click Next.
Procedure
Once a vApp is created, you can populate it with virtual machines or another vApp.
Procedure
1 In the inventory, select the vApp in which you want to create the object machine.
Inventory > vApp > New Virtual Machine Creates a new virtual machine inside the vApp. Complete
the Create New Virtual Machine wizard. See Chapter 11,
“Creating Virtual Machines,” on page 115 for instructions
on creating a new virtual machine.
Inventory > vApp > New Resource Pool Adds a resource pool inside the vApp. Complete the
Create Resource Pool window. See “Add a Cluster,
Resource Pool, Host, or Virtual Machine,” on page 73 for
instructions on adding a new resource pool.
Inventory > vApp > New vApp Creates a new vApp inside the currently selected vApp.
Complete the New vApp wizard. See “Create a vApp,” on
page 106 for instructions on creating a new vApp.
An existing virtual machine or another vApp that is not already contained inside the vApp can be moved into
the currently selected vApp.
Procedure
Either the object moves to the new location or an error message indicates what needs to be done to permit
the move.
Procedure
2 Click the Options tab to edit or view the following vApp properties.
NOTE The IP allocation policy and properties are typically edited by the deployer, while the rest of the
settings are more advanced options typically edited by the vApp author.
3 Click the Start Up tab to edit vApp startup and shutdown options.
Procedure
2 In the Start Up tab of the Edit Service Settings window, select a virtual machine and use the arrow keys
to change the startup order. This order will also be used for shutdown.
3 Specify the delay and action for startup and shutdown for each virtual machine.
Procedure
Procedure
Procedure
Procedure
Option Description
Fixed IP addresses are manually configured. No automatic allocation is performed.
Transient IP addresses are automatically allocated from a specified range when the
appliance is powered on. The IP addresses are released when the appliance
is powered off.
DHCP A DHCP server is used to allocate the IP addresses. The addresses assigned
by the DHCP server is visible in the OVF environments of virtual machines
started in the vApp.
These additional OVF sections originate from the OVF deployment process that created this vApp. Most of
the OVF descriptors are distributed in various vApp settings, but these unrecognized sections are visible here
for reference.
Procedure
Procedure
3 Specify the settings. The settings are displayed on the summary page of the virtual machine. The following
settings can be set and configured:
n Product Name—the product name.
n Version—the version of the vApp.
n Full version—the full version of the vApp.
n Product URL—the product's URL. If a product URL is entered, a user can click the product name on
the virtual machine summary page and go to the product's web page.
n Vendor URL—the vendor's URL. If a vendor URL is entered, a user can click the vendor name on the
virtual machine summary page and go to the vendor's web page.
n Application URL—the application URL. If properties are used for specifying the virtual machine IP
address, a dynamic application URL can be entered that points to a web page exposed by running
the virtual machine. If you enter a valid application URL, the state of the virtual machine changes to
a clickable Available link once the virtual machine is running.
If the virtual machine is configured to use the property called webserver_ip and the virtual machine has a
web server, you can enter http://${webserver_ip}/ as the Application URL.
Procedure
4 Click Properties.
Procedure
3 Click IP Allocation.
4 In the Advanced IP Allocation dialog, you may perform the following actions.
n Select an IP allocation scheme.
n Specify the IP protocols supported by the vApp: IPv4, IPv6, or both.
Configuring IP Pools
IP pools provide a network identity to vApps. An IP pool is a network configuration that is assigned to a
network used by a vApp. The vApp can then leverage vCenter Server to automatically provide an IP
configuration to its virtual machines.
IP pool ranges are configured with IPv4 and IPv6. These ranges are used by vCenter Server to dynamically
allocate IP addresses to virtual machines when a vApp is set up to use transient IP allocation.
Procedure
2 In the IP Pools tab, right-click the IP pool you wish to edit and select Properties.
3 In the Properties dialog, select the IPv4 or the IPv6 tab, depending on your IP protocol.
6 (Optional) Enter a comma-separated list of host address ranges in the Ranges field.
A range is specified as an IP address, a pound sign (#), and a number indicating the length of the range.
The gateway and the ranges must be within the subnet, but must exclude the gateway address.
For example, 10.20.60.4#10, 10.20.61.0#2 indicates that the IPv4 addresses can range from 10.20.60.4 to
10.209.60.13 and 10.20.61.0 to 10.20.61.1.
Select DHCP
You can specify that an IPv4 or IPv6 DHCP server is available on the network.
Procedure
2 In the IP Pools tab, right-click the IP pool you wish to edit and select Properties.
4 Select either the IPv4 DHCP Present or IPv6 DHCP Present check box to indicate that one of the DHCP
servers are available on this network.
Procedure
Procedure
2 In the IP Pools tab, right-click the IP pool you wish to edit and select Properties.
4 Enter the server name and port number for the proxy server.
The server name can optionally include a colon and a port number.
Clone a vApp
Cloning a vApp is similar to cloning a virtual machine.
Prerequisites
To clone a vApp, the vSphere Client must be connected to the vCenter Server system.
A host must be selected in the inventory that is running ESX 3.0 or greater, or a DRS-enabled cluster.
Procedure
NOTE This step is only available if you select a cluster that is in DRS manual mode.
Power On a vApp
Each application within the service will be powered on according to how the startup order is set.
When powering on a vApp within a DRS cluster in manual mode, no DRS recommendations are generated
for virtual machine placements. The power on operation performs as if DRS is run in a semi-automatic or
automatic mode for the initial placements of the virtual machines. This does not affect VMotion
recommendations. Recommendations for individual powering on and powering off of virtual machines are
also generated for vApps that are running.
Procedure
u In the Summary page for the service, click Power On.
If a delay is set in the start up settings, the vApp waits for the set length of time before powering up that
virtual machine.
In the Summary tab, the status indicates when the vApp has started and is available. Links to the product and
vendor Web sites are also found under General.
Procedure
u In the Summary page for the service, click Power Off.
If a delay is set in the shutdown settings, the vApp waits for the set length of time before powering down
that virtual machine.
Procedure
5 Click OK.
Procedure
The Custom path provides more flexibility and options. This path includes the following steps.
The name can be up to 80 characters long. This name must be unique within the folder. Names are case-
insensitive: the name my_vm is identical to My_Vm.
Procedure
1 In the Name and Location screen of the New Virtual Machine wizard, enter a name.
3 Click Next.
Procedure
1 Navigate to the resource pool where you want to run the virtual machine.
Select a Datastore
Select a datastore that will contain the virtual machine and its virtual disk files.
For ESX/ESXi hosts, the datastores are configured on that host, including FC, NAS, and iSCSI volumes.
Procedure
u Select a datastore large enough to hold the virtual machine and all of its virtual disk files and click Next.
The wizard does not install the guest operating system for you. The New Virtual Machine wizard uses this
information to select appropriate default values, such as the amount of memory needed.
Procedure
2 If you select Other, enter a display name for your operating system.
Procedure
u Select the number of processors from the drop-down menu.
Minimum memory size is 4MB. Maximum memory size depends on the host. The memory size must be a
multiple of 4MB. The maximum for best performance represents the threshold above which the host’s physical
memory is insufficient to run the virtual machine at full speed. This value fluctuates as conditions on the host
change (as virtual machines are powered on or off, for example).
Procedure
u Select a size for the virtual memory by using the slider or by selecting the number using the up and down
arrows.
Configure Networks
Select the number of NICs for the virtual machine on the Configure Networks page.
Exercise caution when you configure a virtual machine to connect to multiple networks. Because virtual
machines share their physical network hardware with the host, the accidental or malicious bridging of two
networks by a virtual machine can occur. Spanning Tree protocol cannot protect against these occurrences.
Procedure
1 Select the number of network interface cards (NICs) you want to create on the virtual machine.
2 For each NIC, select a network, adapter type, and whether you want the NIC to connect when the virtual
machine is powered on.
Paravirtual SCSI adapters are available for virtual machines running hardware version 7 and greater. They are
supported on the following guest operating systems:
n Windows Server 2008
n Windows Server 2003
n Red Hat Linux (RHEL) 5
The following features are not supported with Paravirtual SCSI adapters:
n Boot disks
n Record/Replay
n Fault Tolerance
n MSCS Clustering
The IDE adapter is always ATAPI. The default for your guest operating system is already selected. Older guest
operating systems default to the BusLogic adapter.
If you create an LSI Logic virtual machine and add a virtual disk that uses BusLogic adapters, the virtual
machine boots from the BusLogic adapters disk. LSI Logic SAS is available only for virtual machines with
hardware version 7. Disks with snapshots might not experience performance gains when used on LSI Logic
SAS and LSI Logic Parallel adapters.
Procedure
u Choose one of the following SCSI controller types:
n BusLogic Parallel
n LSI Logic SAS
n LSI Logic Parallel
n VMware Paravirtual
The following disk formats are supported. You cannot specify the disk format if the disk resides on an NFS
datastore. The NFS server determines the allocation policy for the disk.
Thin Provisioned Format Use this format to save storage space. For the thin disk, you provision as much
datastore space as the disk would require based on the value you enter for the
disk size. However, the thin disk starts small and at first, uses only as much
datastore space as the disk actually needs for its initial operations.
If the thin disk needs more space later, it can grow to its maximum capacity
and occupy the entire datastore space provisioned to it. Also, you can manually
convert the thin disk into thick.
Thick Format This is the default virtual disk format. The thick virtual disk does not change
its size and from the very beginning occupies the entire datastore space
provisioned to it. Thick format does not zero out the blocks in the allocated
space. It is not possible to convert the thick disk into thin.
Procedure
You can change the size of the disk later, and add additional disks Virtual Machine Properties dialog box.
2 (Optional) If you want your disk to be in thin format, select Allocate and commit space on demand (Thin
Provisioning).
3 (Optional) If you want to use clustering features, select Support clustering features such as Fault
Tolerance.
4 Specify whether you want to store the virtual disk file on the same datastore as the virtual machine files,
or whether you want to store them on a separate datastore.
Procedure
When you map a LUN to a VMFS volume, vCenter Server creates a file that points to the raw LUN.
Encapsulating disk information in a file allows vCenter Server to lock the LUN so that only one virtual machine
can write to it.
NOTE This file has a .vmdk extension, but the file contains only disk information describing the mapping to
the LUN on the ESX/ESXi system. The actual data is stored on the LUN.
You cannot deploy a virtual machine from a template and store its data on a LUN. You can only store its data
in a virtual disk file.
Procedure
2 Select whether you want to store the LUN mapping file on the same datastore as the virtual machine files,
or whether you want to store them on a separate datastore.
3 Select a datastore.
Virtual mode for an RDM specifies full virtualization of the mapped device. It appears to the guest operating
system exactly the same as a virtual disk file in a VMFS volume. The real hardware characteristics are hidden.
Virtual mode enables you to use VMFS features such as advanced file locking and snapshots. Virtual mode is
also more portable across storage hardware than physical mode, presenting the same behavior as a virtual disk
file. When you clone the disk, make a template out of it, or migrate it (if the migration involves copying the
disk), the contents of the LUN are copied into a virtual disk (.vmdk) file.
Physical mode for the RDM specifies minimal SCSI virtualization of the mapped device, allowing the greatest
flexibility for SAN management software. In physical mode, the VMkernel passes all SCSI commands to the
device, with one exception: the REPORT LUNs command is virtualized, so that the VMkernel can isolate the
LUN for the owning virtual machine. Otherwise, all physical characteristics of the underlying hardware are
exposed. Physical mode is useful to run SAN management agents or other SCSI target based software in the
virtual machine. Physical mode also allows virtual-to-physical clustering for cost-effective high availability. A
LUN configured for physical compatibility cannot be cloned, made into a template, or migrated if the migration
involves copying the disk.
Select this option if you want to create a virtual machine without a disk, or if you want to add disks to the
virtual machine later using the Virtual Machine Properties dialog box.
Procedure
u Select Do not create a disk.
To perform additional configuration before completing the virtual machine, select the Edit the virtual machine
settings before completion check box and click Next.
Before you can use your new virtual machine, you must first partition and format the virtual drive, install a
guest operating system, then install VMware Tools. Typically, the operating system’s installation program
handles partitioning and formatting the virtual drive.
The basic steps for a typical operating system are described in this section. See Guest Operating System Installation
Guide for more information on individual guest operating systems.
NOTE It might be necessary to change the boot order in the virtual machine’s BIOS settings. However,
sometimes a virtual machine’s boot sequence progresses too quickly for a user to open a console to the virtual
machine and enter BIOS setup. If this happens, select the Boot Options option on the Options tab of the Virtual
Machine Properties dialog box, and select The next time the virtual machine boots, force entry into the BIOS
setup screen. The virtual machine will enter the BIOS setup the next time it boots.
Procedure
1 Using the vSphere Client, log into the vCenter Server system or host on which the virtual machine resides.
2 Insert the installation CD-ROM for your guest operating system, or create an ISO image file from the
installation CD-ROM.
3 Use the Virtual Machine Settings editor to connect the virtual machine’s CD-ROM drive to the ISO image
file and power on the virtual machine.
When a virtual machine is powered on, a green right arrow appears next to the virtual machine icon in
the inventory list.
Installing VMware Tools in the guest operating system is vital. Although the guest operating system can run
without VMware Tools, you lose important functionality and convenience.
On Linux and Solaris guests, this process controls grabbing and releasing the mouse cursor when the
SVGA driver is not installed.
The VMware Tools user process is not installed on NetWare operating systems. Instead, the vmwtool
program is installed. It controls the grabbing and releasing of the mouse cursor. It also allows you copy
and paste text.
You can optionally install WYSE Multimedia Redirector, which improves streaming video performance in
Windows guest operating systems running on WYSE thin client devices.
The installers for VMware Tools for Windows, Linux, Solaris, and NetWare guest operating systems are built
into ESX/ESXi as ISO image files. An ISO image file looks like a CD-ROM to your guest operating system and
even appears as a CD-ROM disc in Windows Explorer. You do not use an actual CD-ROM disc to install
VMware Tools, nor do you need to download the CD-ROM image or burn a physical CD-ROM of this image
file.
When you choose to install VMware Tools, vCenter Server temporarily connects the virtual machine’s first
virtual CD-ROM disk drive to the ISO image file that contains the VMware Tools installer for your guest
operating system. You are ready to begin the installation process.
Limitations
VMware Tools has the following limitations:
n Shrink disk is not supported.
n For Microsoft Windows NT, the default scripts for suspend and resume do not work.
n The mouse driver installation fails in X windows versions earlier than 4.2.0.
NOTE If you do not have VMware Tools installed in your virtual machine, you cannot use the shutdown or
restart options. You can use only the Power options. If you want to shut down the guest operating system,
shut it down from within the virtual machine console before you power off the virtual machine.
To determine the status of VMware Tools, select the virtual machine and click the Summary tab. The VMware
Tools label indicates whether VMware Tools is installed and current, installed and not current, or not installed.
NOTE During VMware Tools installation, a Windows guest operating system might display a message
indicating that the package has not been signed. If this message appears, click Install Anyway to continue the
installation.
Prerequisites
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 If the New Hardware wizard appears go through the wizard and accept the defaults.
What to do next
n Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary
tab. The VMware Tools label should display the word OK.
n For Windows 2000 and above, VMware Tools installs the VmUpgradeHelper tool to restore the network
configuration. From the Windows guest opertating system, start the VmUpgradeHelper service.
Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To
do this, select the virtual machine and click the Summary tab. The VMware Tools label indicates whether
VMware Tools is installed and current, installed and not current, or not installed.
Prerequisites
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
7 Click Continue when the installer presents a dialog box that shows Completed System Preparation.
When the installer is done, VMware Tools is installed. There is no confirmation or finish button.
8 In a terminal window, as root (su -), run the following command to configure VMware Tools: vmware-
config-tools.pl
Respond to the questions the installer displays on the screen. Press Enter to accept the default values if
appropriate for your configuration.
What to do next
Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary tab.
The VMware Tools label should display the word OK.
Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools.
Select the virtual machine and click the Summary tab. The VMware Tools label indicates whether VMware
Tools is installed and current, installed and not current, or not installed.
Prerequisites
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 In the virtual machine console, log in as root (su -) and, if necessary, create the /mnt/cdrom directory:
mkdir /mnt/cdrom
Some Linux distributions use different device names or organize the /dev directory differently. Modify
the following commands to reflect the conventions used by your distribution:
mount /dev/cdrom /mnt/cdrom
cd /tmp
9 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools tar installer.
ls /mnt/cdrom
If you attempt to install a tar installation over an rpm installation, or the reverse, the installer detects the
previous installation and must convert the installer database format before continuing.
./vmware-install.pl
For each configuration question, press Enter to accept the default value.
What to do next
After you install or upgrade VMware Tools on a virtual machine, verify the status of VMware Tools by checking
the VMware Tools label on the virtual machine Summary tab. The VMware Tools label should display the
word OK.
Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To
do this, select the virtual machine and click the Summary tab. The VMware Tools label indicates whether
VMware Tools is installed and current, installed and not current, or not installed.
NOTE RPM packages are not available with the ESXi installer. Only the tar package is available for ESXi hosts.
Prerequisites
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 In the virtual machine console, log in as root (su -) and, if necessary, create the /mnt/cdrom directory:
mkdir /mnt/cdrom
Some Linux distributions automatically mount CD-ROMs. If your distribution uses automounting, do not
use the mount and umount commands in this procedure.
Some Linux distributions use different device names or organize the /dev directory differently. Modify
the following commands to reflect the conventions used by your distribution:
mount /dev/cdrom /mnt/cdrom
cd /tmp
9 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools rpm installer:
ls /mnt/cdrom
If you attempt to install an rpm installation over a tar installation, or the reverse, the installer detects the
previous installation and must convert the installer database format before continuing.
12 Double-click the RPM installer file and step through the installation.
What to do next
After you install or upgrade VMware Tools on a virtual machine, verify the status of VMware Tools by checking
the VMware Tools label on the virtual machine Summary tab. The VMware Tools label should display the
word OK.
Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To
do this, select the virtual machine and click the Summary tab. The VMware Tools label indicates whether
VMware Tools is installed and current, installed and not current, or not installed.
Prerequisites
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 In the virtual machine console, log in as root (su -) and, if necessary, mount the VMware Tools virtual
CD-ROM image, as follows.
Usually, the Solaris volume manager mounts the CD-ROM under /cdrom/vmwaretools. If the CD-ROM is
not mounted, restart the volume manager using the following commands.
/etc/init.d/volmgt stop
/etc/init.d/volmgt start
6 After the CD-ROM is mounted, change to a working directory (for example, /tmp) and extract VMware
Tools.
cd /tmp
gunzip -c /cdrom/vmwaretools/vmware-solaris-tools.tar.gz | tar xf -
Respond to the configuration questions on the screen. Press Enter to accept the default values.
What to do next
Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary tab.
The VMware Tools label should display the word OK.
Before you upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To do this,
select the virtual machine and click the Summary tab. The VMware Tools label indicates whether VMware
Tools is installed and current, installed and not current, or not installed.
Prerequisites
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 In the virtual machine console, load the CD-ROM driver so the CD-ROM device mounts the ISO image
as a volume. To open the Netware Server Console, select Novell > Utilities > Server Console.
When the installation finishes, the message VMware Tools for NetWare are now running appears in the Logger
Screen (NetWare 6.5 and NetWare 6.0 guests) or the Console Screen (NetWare 5.1 guests).
What to do next
Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary tab.
The VMware Tools label should display the word OK.
Use this dialog box to configure time synchronization between host and guest, notifications of VMware Tools
updates (for Windows and Linux guests only), and specifying which scripts to run when the virtual machine’s
power state changes.
Procedure
n On a Windows guest: Open a console to the virtual machine and double-click the VMware Tools icon in
the system tray from inside the guest operating system.
n On a Linux or Solaris guest: Open a console to the virtual machine and open a terminal window and enter
the command:
/usr/bin/vmware-toolbox &
n On a NetWare guest: Select Novell > Settings > VMware Tools for NetWare.
Procedure
1 Launch the vSphere client and log in to the vCenter Server system.
3 Select the host or cluster that contains the virtual machines you want to upgrade.
5 Select the virtual machines you want to upgrade and power them off.
Command-line options for Linux are documented in the Linux installer for Linux Tools. Command-line
options for Windows are documented in the MSI for Windows Tools and at the following Wikipedia entry:
http://en.wikipedia.org/wiki/Windows_Installer .
8 Click OK.
VMware Tools can also be manually upgraded from within the virtual machine’s operating system by opening
the VMware Tools Properties dialog box (double-click the icon in the system tray) and clicking Upgrade in the
Options tab.
NOTE Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
Procedure
1 Open the Virtual Machine Properties dialog box for the virtual machine you want to upgrade.
3 Select the Check and upgrade Tools before each power-on option under Automatic VMware Tools
Upgrade.
4 Click OK.
The next time the virtual machine is powered on, it checks the ESX/ESXi host for a newer version of VMware
Tools. If one is available, it is installed and the guest operating system is restarted (if required).
Procedure
3 After the guest operating system starts, right-click the virtual machine and select Install VMware Tools.
4 From inside the virtual machine, click OK to confirm that you want to install VMware Tools and launch the
InstallShield wizard.
n If you have autorun enabled in your guest operating system (the default setting for Windows
operating systems), a dialog box appears.
n If autorun is not enabled, run the VMware Tools installer. Click Start > Run and enter
D:\setup.exe, where D: is your first virtual CD-ROM drive.
5 Click Next.
7 Click the red X next to each optional feature you want to install, and select This feature will be installed
on local hard drive.
8 Click Next.
9 Click Finish.
WYSE Multimedia Support is supported on the Windows 2003 and Windows XP guest operating systems only.
WYSE Multimedia Support is installed as part of a VMware Tools installation or upgrade.
Procedure
u Follow the instructions for the custom installation path as described in “Custom VMware Tools
Installation,” on page 131. On the Custom Setup page, select WYSE Multimedia Redirector for
installation.
Procedure
2 In the virtual machine, select Start > Settings > Control Panel > Add or Remove Programs.
4 Click Next.
6 Click the red X next to WYSE Multimedia Redirector and select This feature will be installed on local
hard drive.
7 Click Next.
9 Click Finish.
For virtual machines on ESX Server 3.0.1 or later hosts managed by vCenter Server 2.0.1 or later, WYSE
Multimedia Support can be installed as part of a VMware Tools upgrade started from the vSphere Client.
Procedure
3 Click OK.
If you manage your virtual machines through a vCenter Server system, you can manage multiple virtual
machines and their resources distributed over many ESX/ESXi hosts. Multiple vCenter Server systems can be
joined together in a vCenter Server Connected Group to allow them to be managed with a single vSphere Client
connection.
The vSphere Client is a flexible, configurable interface for managing your virtual machines through an ESX/
ESXi host or through vCenter Server.
Host Agent
VM VM VM
ESX/ESXi host
datastore
vCenter
Server vCenter
database
VM VM VM VM VM VM VM VM VM
ESX/ESXi host ESX/ESXi host ESX/ESXi host
datastore shared
datastore
There are several access points for making changes to power states:
n Selecting the virtual machine and the power option from the Inventory > Virtual Machine menu.
n Selecting Power on from the Commands area.
n Selecting the power option from the right-click menu.
n Scheduling a power state change using the Scheduled Tasks button in the navigation bar.
Power on Powers on the virtual machine and boots the guest operating system if the guest
operating system is installed.
Power off Powers off the virtual machine. The virtual machine does not attempt to shut
down the guest operating system gracefully.
Suspend Pauses the virtual machine activity. All virtual machine operations are frozen
until you issue a resume command.
Resume Allows virtual machine activity to continue and releases the Suspend state.
Reset Shuts down the guest operating system and restarts it.
The following power options perform extra functions in addition to the basic virtual machine power operations.
VMware Tools must be installed in the virtual machine to perform these functions:
Shut down guest Shuts down the guest operating system gracefully.
Restart guest Shuts down and restarts the guest operating system without powering off the
virtual machine.
When a power operation is performed on a virtual machine, the virtual machine power state changes and all
other commands are locked out until the first command is completed.
The figure below illustrates states, transitions, and state-changing commands for virtual machines.
Figure 12-3. Virtual Machine Power State Changes
powered off remove
powered on
resume suspend
state
suspended command
Procedure
u To specify which virtual machines to automatically start or shutdown, select the host in the inventory and
select Configuration tab > Virtual Machine Startup/Shutdown.
Procedure
6 In the right panel specify the Power Controls, Run VMware Tools Scripts, and Advanced options to your
liking.
Powering on a virtual machine boots the guest operating system if the guest operating system is installed.
Powering off a virtual machine is analogous to pressing the off button on a computer without performing a
shut down from the operating system. The virtual machine does not attempt to shut down the guest operating
system gracefully.
Procedure
The shut down power state button in the toolbar performs a shut-down and not a power off by default.
You can configure this option in the virtual machine settings.
The speed of the suspend and resume operations depends on how much data changed while the virtual
machine was running. In general, the first suspend operation takes a bit longer than subsequent suspend
operations take.
When you suspend a virtual machine, a file with a .vmss extension is created. This file contains the entire state
of the virtual machine. When you resume the virtual machine, its state is restored from the .vmss file.
Procedure
1 When you suspend a virtual machine, a file with a .vmss extension is created. This file contains the entire
state of the virtual machine. When you resume the virtual machine, its state is restored from the .vmss file.
If your virtual machine is running in full-screen mode, return to window mode by pressing Ctrl+Alt.
When the vSphere Client completes the suspend operation, it is safe to close the client.
Procedure
1 Start the vSphere Client and display the virtual machine in the inventory.
Applications you were running at the time you suspended the virtual machine are running and the content
is the same as it was when you suspended the virtual machine.
When you create the scheduled task, vCenter Server verifies that you have the correct permissions to perform
the actions on the relevant datacenters, hosts, and virtual machines. Once the task is created, the task is
performed even if you no longer have permission to perform the task.
If a managed host is disconnected, the already discovered virtual machines continue to be listed in the
inventory.
If a managed host is disconnected and reconnected, any changes to the virtual machines on that managed host
are identified, and the vSphere Client updates the list of virtual machines. For example, if node3 is removed
and node4 is added, the new list of virtual machines adds node4 and shows node3 as orphaned.
Prerequisites
Procedure
3 To confirm that you want to remove the virtual machine from the inventory, click OK.
vCenter Server removes references to the virtual machine and no longer tracks its condition.
Prerequisites
Procedure
Procedure
Procedure
1 In the inventory, display the host where the virtual machine is located.
4 Select Allow virtual machines to start and stop automatically with the system.
5 Click Continue immediately if the VMware Tools starts to have the operating system boot immediately
after VMware Tools starts.
6 To have the operating system start after a brief delay, enter a Default Startup Delay time.
This delay allows time for VMware Tools or the booting system to run scripts.
8 Enter a Default Shutdown Delay value to delay shutdown for each virtual machine by a certain amount
of time.
This shutdown delay applies only if the virtual machine has not already shut down before the delay period
elapses. If the virtual machine shuts down before that delay time is reached, the next virtual machine starts
shutting down.
9 Use Move Up and Move Down to specify the order in which the virtual machines start when the system
starts.
10 To configure user-specified autostartup and autoshutdown behavior for any virtual machine, select the
virtual machine and click Edit.
You can configure virtual machines using two tools in the vSphere Client: the Virtual Machine Properties editor
and the Add Hardware wizard. These dialog boxes also allow you to control advanced virtual machine
configuration options. You can also upgrade the virtual hardware of a virtual machine or convert virtual disks
from thin to thick using these dialog boxes.
You must have sufficient permission to perform virtual machine configuration tasks.
The default virtual machine hardware version of a newly created virtual machine is the most recent version
available on the host where the virtual machine is created. If you need to create a virtual machine with a
hardware version older than the highest supported in order to increase compatibility, you can use the custom
virtual machine creation path. The hardware version of a virtual machine can be lower than the highest version
supported by the ESX/ESXi host it is running on if:
n You migrate a virtual machine created on an ESX/ESXi 3.x or earlier host to an ESX/ESXi 4.x host.
n You create a new virtual machine on an ESX 4.x host using an existing virtual disk that was created on an
ESX/ESXi 3.x or earlier host.
n You add a virtual disk created on an ESX/ESXi 3.x or earlier host to a virtual machine created on an ESX/
ESXi 4.x host.
Virtual machines with hardware versions lower than 4 can run on ESX/ESXi 4.x hosts but have reduced
performance and capabilities. In particular, you cannot add or remove virtual devices on virtual machines with
hardware versions lower than 4 when they reside on an ESX/ESXi 4.x host. To make full use of these virtual
machines, upgrade the virtual hardware as described in the Upgrade Guide.
Table 13-1 lists virtual machine hardware versions, the ESX/ESXi versions on which they can be created, edited,
and run, the vCenter Server versions on which they are fully supported, and a brief description of the hardware
version’s capabilities.
ESX/ESXi 4.x create, edit, run create, edit, run run vCenter Server 4.x
ESX Server 3.x – create, edit, run run VirtualCenter Server 2.x and
higher
ESX Server 2.x – – create, edit, run VirtualCenter Server 1.x and
higher
NOTE Virtual machine hardware version 4 may be listed as VM3 in documentation for earlier versions of ESX
and ESXi. Virtual machine hardware version 3 may be listed as VM2 in documentation for earlier versions of
ESX.
Procedure
2 Select one of the two methods for viewing the version information.
Option Description
Select the Summary tab. The virtual machine hardware version appears at the top right corner of the
Summary tab.
Right-click and select Edit Settings. The virtual machine hardware version appears at the top right corner of the
Virtual Machine Properties dialog box.
Some properties of a virtual machine can be changed only while it is powered off, but you can open the
properties editor regardless of the power state. Some of the controls are read-only if the virtual machine is not
powered off.
NOTE If a virtual machine is on a host managed by vCenter Server, be sure to connect to vCenter Server when
adding or modifying virtual hardware for the virtual machine. If you connect the vSphere Client directly to
the host, add hardware operations might fail with the error message Cannot complete operation due to
concurrent modification by another operation.
Procedure
2 Expand the inventory as needed, and select the virtual machine you want to edit.
4 Click the Edit Settings link in the Commands panel to display the Virtual Machine Properties dialog box.
The Virtual Machine Properties dialog box appears. There are three tabs: Hardware, Options, and
Resources.
5 Select a tab and edit the virtual machine configuration.
What to do next
Refer to the following sections for more information about the tabs in the Virtual Machine Properties dialog
box and editing existing virtual machines.
n “Virtual Machine Hardware Configuration,” on page 145
n “Virtual Machine Options,” on page 150
n “Virtual Machine Resource Settings,” on page 155
The status of the device, such as edited or adding, appears in parentheses next to the hardware listing. The
selected guest operating system determines the devices that are available to be added to a given virtual
machine. The devices that can be added are:
n Serial port
n Parallel port
n Floppy drive
n DVD/CD-ROM drive
n USB Controller
n Ethernet adapter
n Hard disk
n SCSI device
Procedure
3 Select or deselect the Connected check box to connect or disconnect the device.
4 If you do not want the CD-ROM drive connected when the virtual machine starts, deselect Connect at
power on.
Option Description
Client Device Select this option to connect the DVD/CD-ROM device to a physical DVD or
CD-ROM device on the system running the vSphere Client.
To connect the device, you must click the Connect CD/DVD button in the
toolbar when you power on the virtual machine.
Host Device a Select this option to connect the DVD/CD-ROM device to a physical DVD
or CD-ROM device on the host.
b Select the specific device from the drop-down list.
Datastore ISO File a Select this option to connect the DVD/CD-ROM device to an ISO file
stored on a datastore accessible to the host.
b Click Browse and select the ISO file.
6 For client devices, select the mode used for the connection.
n Use Pass-through (raw) mode only for remote client device access.
n Use ATAPI emulation to access a host CD-ROM device.
The host CD-ROM device is accessed through emulation mode. Pass-through mode is not functional
for local host CD-ROM access. You can write or burn a remote CD only through pass-through mode
access, but in emulation mode you can only read a CD-ROM from a host CD-ROM device.
7 Alternatively, select Use ISO Image to connect the virtual machine’s drive to an ISO image file.
8 If you selected Use ISO Image, click Browse to navigate to the file.
9 Under Virtual device node, use the drop-down menu to select the device node the drive uses in the virtual
machine.
Procedure
3 Under Device Status, select Connect at power on to connect this virtual machine to the floppy drive when
the virtual machine is powered on.
Option Description
Client Device Select this option to connect the floppy device to a physical floppy device on
the system running the vSphere Client.
To connect the device, you must click the Connect Floppy button in the
toolbar when you power on the virtual machine.
Host Device a Select this option to connect the floppy device to a physical floppy device
on the host.
b Select the specific device from the drop-down list.
Option Description
Use existing floppy image in a Select this option to connect the virtual device to an existing floppy image
datastore on a datastore accessible to the host.
b Click Browse and select the floppy image.
Create new floppy image in datastore a Select this option to create a new floppy image on a datastore accessible
to the host.
b Click Browse and browse to the location for the floppy image.
c Enter a name for the floppy image and click OK.
Procedure
Under Virtual device node, select the virtual device node where you want this device to appear in the
virtual machine.
NOTE The Manage Paths feature for RDM disks is not available for virtual machines on legacy hosts running
versions of ESX Server prior to release 3.0.
Procedure
4 To change the size of the disk, enter a new value in the Provisioned Size text box.
5 For independent mode, which is unaffected by snapshots, select the check box. Then select Persistent or
Nonpersistent mode to determine the persistence of changes.
Procedure
Procedure
3 To connect the virtual NIC when the virtual machine is powered on, select Connect at power on.
5 Under Network connection, use the drop-down menu to select the network label you want the virtual
machine to use.
Procedure
3 Deselect the Connect at power on check box if you do not want the parallel port device to be connected
when the virtual machine powers on.
4 Under Connection, select a button to indicate a physical parallel port or to connect the virtual parallel port
to a file.
n If you select Use physical parallel port, select the port from the drop-down menu.
n If you select Use output file, browse to the file location.
You can change the SCSI controller configuration for a virtual machine on an ESX/ESXi host only.
CAUTION Changing the SCSI controller type might result in a virtual machine boot failure.
You can also specify whether the SCSI bus is shared. Depending on the type of sharing, virtual machines can
access the same virtual disk simultaneously on the same server or any server.
Procedure
5 Click OK.
Option Description
None Virtual disks cannot be shared by other virtual machines.
Virtual Virtual disks can be shared by virtual machines on same server.
Physical Virtual disks can be shared by virtual machines on any server.
Procedure
3 If you selected Use physical serial port on the host, use the drop-down menu to select the port on the
host computer that you want to use for this serial connection.
4 If you selected Use output file, browse to the location of the file on the host that you want to use to store
the output of the virtual serial port.
5 If you selected Use named pipe, use the default pipe name or enter another pipe name of your choice in the
Pipe Name list.
For a serial pipe for a virtual machine on an ESX host for Linux, enter /tmp/<socket> or another UNIX
socket name of your choice.
Then decide whether you are connecting two virtual machines or connecting a virtual machine to an
application on the host.
6 If you are connecting two virtual machines, you must configure a serial port as a named pipe in two virtual
machines: a server virtual machine and a client virtual machine.
a For the server virtual machine, select Server in the Near end list.
b For the client virtual machine, select Client in the Near end list.
a Select Server or Client in the Near end list. In general, select Server if you plan to start this end of
the connection first.
By default, the serial port is connected when you power on the virtual machine. You might deselect the
Connect at power on check box (optional).
8 Under I/O Mode, decide whether to configure this serial port to use interrupt mode or polled mode.
Polled mode is of interest primarily to developers who are using debugging tools that communicate over
a serial connection.
Polled mode causes the virtual machine to consume a disproportionate share of processor (or CPU) time.
This makes the host and other guests run sluggishly. To maintain best performance for applications on
the host, select the Yield CPU on poll check box. This forces the affected virtual machine to use interrupt
mode, which yields processor (or CPU) time if the only task it is trying to do is poll the virtual serial port.
If the virtual machine is on an ESX/ESXi host, you can configure a virtl machine to have up to eight virtual
processors or CPUs. Virtual machines cannot have more virtual CPUs than the actual number of logical CPUs
on the host—that is, the number of physical processor cores if hyperthreading is disabled or two times the
number of physical processor cores if hyperthreading is enabled. For more information about using SMP,
consult the VMware Knowledge Base.
NOTE Not all guest operating systems support SMP, and some that do require reinstallation if the number of
CPUs changes.
Procedure
You can change the following settings in the Options tab of the Virtual Machine Properties Editor:
General Options Virtual machine display name and type of guest operating system. (Read-only)
location of virtual machine and its configuration file.
Appliance Options Virtual machine options for functionality, product information, properties, and
OVF settings specific to virtual appliances.
VMware Tools Power Controls behavior, VMware Tools scripts and automatic updates.
Advanced > CPUID Mask NX flag and advanced identification mask options.
Advanced > Memory/ Hot add enablement for individual virtual machines.
CPU Hotplug
Advanced > Fibre Virtual node and port World Wide Names (WWNs).
Channel NPIV
Advanced > CPU/MMU Settings for enabling Hardware Page Table Virtualization.
Virtualization
Procedure
The virtual machine name appears in the Virtual machine name field.
Changing the name does not change the name of any virtual machine files or the associated directory.
VMware Tools options cannot be changed while the virtual machine is powered on.
Procedure
The stop button on the toolbar can be configured to power off the virtual machine, shut down the guest
operating system, or use the system default. The pause button on the toolbar can be configured to suspend
the virtual machine or use the system default. The reset button on the toolbar can be configured to reset
the virtual machine, restart the guest operating system, or use the system default.
3 Select the actions you want from the drop-down menus under Power Controls.
4 (Optional) Configure VMware Tools scripts to run when you change the virtual machine’s power state by
selecting options under Run VMware Tools scripts.
NOTE For ESX host virtual machines, there are no scripts for resuming and suspending virtual machines.
5 (Optional) Configure VMware Tools to check for and install updates before each power on by selecting the
Check and upgrade Tools before each power on option under Automatic VMware Tools Upgrade.
6 (Optional) Configure the guest operating system to synchronize time with the host by selecting the
Synchronize guest time with host option.
Procedure
3 Under Guest Power Management, select either Suspend the virtual machine or Put the guest operating
system in standby mode and leave the virtual machine powered on.
4 (Optional) If you chose to leave the virtual machine on, select Wake on LAN for virtual machine traffic on
your virtual machine network by selecting the check box.
Not all guest operating systems support Wake on LAN. Only the following types of NICs support Wake
on LAN:
n Flexible (VMware Tools required).
n vmxnet
n Enhanced vmxnet
n vmxnet 3
Procedure
In rare instances, you might find that when you install or run software inside a virtual machine, the
virtual machine appears to stop responding. Generally, the problem occurs early in the program’s
execution. In many cases, you can get past the problem by temporarily disabling acceleration in the
virtual machine.
This setting slows down virtual machine performance, so use it only for getting past the problem with
running the program. After the program stops encountering problems, deselect Disable
acceleration. You might then be able to run the program with acceleration.
c To enable debugging mode, select an option from the Debugging and Statistics section. Debugging
information and statistics can be helpful to VMware technical support in resolving issues.
d To set advanced configuration parameters, click Configuration Parameters. Generally, you should
only change these settings if you intend to use experimental features or when instructed to do so by
a VMware technical support representative.
a Specify whether you want to hide the host’s CPU NX flag from the guest operating system.
Hiding the NX flag prevents the guest operating system from making use of this CPU feature, but
enables the virtual machine to be moved to hosts that do not include the NX feature. When the NX
flag is visible, the guest operating system can make use of the feature, but the virtual machine can be
moved only to hosts with the NX capability.
b Click Advanced to access the CPU Identification Mask dialog box. An explanation of the symbols in
this dialog box is available by clicking Legend.
NOTE The virtual machine must be powered off before you can change this setting.
4 Select Advanced > Memory/CPU Hotplug. VMware Tools must be installed for hotplug functionality to
work properly.
a Select Enable memory hot add for this virtual machine to enable memory hot add, or select Disable
memory hot add for this virtual machine to disable this feature.
b Select Enable CPU hot add only for this virtual machine to enable CPU hot add, select Enable CPU
hot add and remove for this virtual machine to enable CPU hot add and remove, or select Disable
CPU hot plug for this virtual machine to disable this feature.
a Specify the duration in milliseconds you want to delay entering the boot sequence when the virtual
machine is powered on or restarted.
b Select the option under Force BIOS Setup to have the virtual machine enter BIOS setup when it boots.
These options are useful when you need to enter the virtual machine’s BIOS setup because sometimes
the console attaches to the virtual machine after the boot sequence passes the point where you can
enter BIOS.
6 Select Advanced > Paravirtualization. Select Support VMI Paravirtualization to enable VMI
Paravirtualization to enable it, or deselect it to disable this feature.
VMI is a paravirtualization standard that enables improved performance for virtual machines capable of
utilizing it. Currently, this feature is available only for those versions of the Linux guest operating system
which support VMI paravirtualization.
NOTE Enabling paravirtualization utilizes one of the virtual machine’s six virtual PCI slots. Also, enabling
paravirtualization can limit how and where the virtual machine can be migrated. Consider the following
before enabling this feature:
n These hosts support VMI paravirtualization: ESX/ESXi 3.5 and greater, and Workstation 6.0 and
greater. Hardware version 4 virtual machines with paravirtualization enabled that are created on ESX
hosts can be migrated to VMware Server and Workstation hosts without loss of functionality.
n A virtual machine with paravirtualization enabled and that is powered off can be moved manually
to a host that does not support paravirtualization. However, this can result in reduced performance.
n A virtual machine with paravirtualization enabled and that is powered on or in a suspended power
state can not be migrated to a host that does not support paravirtualization.
n Automated vCenter Server DRS migrations of virtual machines with paravirtualization enabled to
hosts that do not support paravirtualization are not allowed.
N-port ID virtualization (NPIV) provides the ability to share a single physical Fibre Channel HBA port
among multiple virtual ports, each with unique identifiers. This allows control over virtual machine access
to LUNs on a per-virtual machine basis.
Each virtual port is identified by a pair of world wide names (WWNs): a world wide port name (WWPN)
and a world wide node name (WWNN). These WWNs are assigned by vCenter Server.
a To edit the virtual machine’s WWNs, power off the virtual machine.
b Ensure that the virtual machine has a datastore containing a LUN that has been made available to the
host.
NOTE A virtual machine with WWNs that are already in use on the storage network is prevented
from powering on. To solve this issue, generate new WWNs or remove them.
Provide the WWN assignments to your SAN administrator. The administrator needs those assignments
to configure virtual machine access to the LUN. For more information on how to configure NPIV for a
virtual machine, see the Fibre Channel SAN Configuration Guide.
8 Select Advanced > Virtualized MMU and specify whether to disable the feature, always use the feature
where available, or have the host system determine whether the feature should be used.
CPU Resources
The CPU Resources panel of the Virtual Machine Properties dialog box lets you allocate processor resources
for a virtual machine, specifying reservations, limits, and shares.
You can edit some of the same information on the Resource Pools tab of the main vSphere Client window,
which you might do to edit resource settings at the same time you edited other virtual machine settings.
Procedure
3 Select a shares value, which represents a relative metric for allocating CPU capacity.
Option Description
Shares The values Low, Normal, High, and Custom are compared to the sum of all
shares of all virtual machines on the server and, on ESX/ESXi hosts, the
service console. Share allocation symbolic values can be used to configure
their conversion into numeric values.
Reservation Guaranteed CPU allocation for this virtual machine.
Limit Upper limit for this virtual machine’s CPU allocation. Select Unlimited to
specify no upper limit.
For more information on share values, see the Resource Management Guide.
NOTE Hyperthreading technology allows a single physical processor to behave like two logical processors.
The processor can run two independent applications at the same time. While hyperthreading does not double
the performance of a system, it can increase performance by better utilizing idle resources. For detailed
information about hyperthreading and its use in vSphere, see the Resource Management Guide (select Help >
Manuals).
ESX generally manages processor scheduling well, even when hyperthreading is enabled. The settings on this
page are useful only for fine-grained tweaking of critical virtual machines.
The Hyperthreading Sharing option provides detailed control over whether a virtual machine should be
scheduled to share a physical processor core (assuming hyperthreading is enabled on the host at all).
The Scheduling Affinity option allows fine-grained control over how virtual machine CPUs are distributed
across the host's physical cores (and hyperthreads if hyperthreading is enabled).
Procedure
Option Description
Any (default) The virtual CPUs of this virtual machine can freely share cores with
other virtual CPUs of this or other virtual machines.
None The virtual CPUs of this virtual machine have exclusive use of a processor
core whenever they are scheduled to it. The other hyperthread of the core is
halted while this virtual machine is using the core.
Internal On a virtual machine with exactly two virtual processors, the two virtual
processors are allowed to share one physical core (at the discretion of the
host scheduler), but this virtual machine never shares a core with any other
virtual machine. If this virtual machine has any other number of processors
other than two, this setting is the same as the None setting.
NOTE This option is not allowed when the virtual machine resides on a DRS cluster, and its values are
cleared when a virtual machine is migrated to a new host. The value of the option is only in tuning the
performance of a precise set of virtual machines on the same host.
The check boxes for the individual processors represent physical cores if hyperthreading is disabled or
logical cores (two per physical core) if hyperthreading is enabled. Checking all the boxes is the same as
not applying any affinity. You must provide at least as many processor affinities as the number of virtual
CPUs in the virtual machine.
Memory Resources
The Memory Resources panel lets you allocate memory resources for a virtual machine and specify
reservations, limits, and shares.
You can edit some of the same information on the Resource Pools tab of the main vSphere Client window,
which you might do to edit resource settings at the same time as other virtual machine settings.
Procedure
3 From the drop-down menu in the Resource allocation panel, select a relative metric for allocating memory
to all virtual machines.
Symbolic values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual
machines on the server and, on an ESX host, the service console. Share allocation symbolic values can be
used to configure their conversion into numeric values.
4 In the Resource allocation panel, use the slider to select the amount of reserved memory and the memory
limit, or use the up and down arrows to enter the number of MBs allocated.
For more information on memory values, see the mem man page.
The Advanced Memory Resources page lets you set low-level options that involve distribution of virtual
machine memory to NUMA memory nodes.
This page appears only if the host utilizes the NUMA memory architecture. Because affinity settings are
meaningful only when used to tweak the performance of a specific set of virtual machines on one host, this
page also is not displayed when the virtual machine resides on a DRS cluster. The option values are cleared
when the virtual machine is moved to a new host.
NUMA memory node affinity enables fine-grained control over how virtual machine memory is distributed
to host physical memory. Checking all the boxes is the same as applying no affinity.
Consult the Resource Management Guide for details about NUMA and advanced memory resources.
NOTE Specify nodes to be used for future memory allocations only if you have also specified CPU affinity. If
you make manual changes only to the memory affinity settings, automatic NUMA rebalancing does not work
properly.
Use the Resources tab in the Virtual Machine Properties dialog box to associate memory allocations with a
NUMA node.
Procedure
Disk Resources
The Disk Resources panel lets you allocate host disk I/O bandwidth to the virtual hard disks of this virtual
machine.
Disk I/O is a host-centric resource and cannot be pooled across a cluster. However, CPU and memory resources
are much more likely to constrain virtual machine performance than disk resources.
Procedure
3 In the Resource Allocation panel, select the virtual hard disk from the list.
4 Click in the Shares field. Use the drop-down menu to change the value to allocate a number of shares of
its disk bandwidth to the virtual machine.
Shares is a value that represents the relative metric for controlling disk bandwidth to all virtual machines.
The values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual machines
on the server and, on an ESX/ESXi host, the service console. Share allocation symbolic values can be used
to configure their conversion into numeric values.
The virtual hardware that you add appears in the hardware list displayed in the Virtual Machine Properties
wizard. The selected guest operating system determines the devices that are available to add to a given virtual
machine.
Virtual machine hardware can be reconfigured while the virtual machine is running, if the following conditions
are met:
n The virtual machine has a guest operating system that supports hot-plug functionality. See the Guest
Operating System Installation Guide.
n The virtual machine is using hardware version 7.
n Virtual CPUs can only be added while the virtual machine is running if CPU Hot Plug has been enabled
on the Options tab of the Virtual Machine Properties dialog box.
NOTE If a virtual machine is on a host managed by vCenter Server, be sure to connect to vCenter Server when
adding or modifying virtual hardware for the virtual machine. If you connect the vSphere Client directly to
the host, add hardware operations might fail with the error message Cannot complete operation due to
concurrent modification by another operation.
Rescan a Host
You rescan a host to ensure that it detects changes made to storage adapter or SAN configuration.
Procedure
1 Select a host.
4 Click Rescan.
6 Click OK.
Procedure
1 In the vSphere Client, click Inventory in the navigation bar. Expand the inventory as needed, and click
the appropriate virtual machine.
2 To display the Virtual Machine Properties dialog box, click the Edit Settings link in the Commands panel.
Procedure
3 Select the type of media you want the virtual port to access: use a physical serial port on the host, output
to a file, or connect to a named pipe.
4 Click Next.
5 If you selected Use physical serial port on the host, use the drop-down menu to select the port on the
host computer that you want to use for this serial connection.
6 If you selected Output to file, browse to the file on the host that you want to use to store the output of the
virtual serial port.
7 If you selected Connect to named pipe, enter a pipe name in the Pipe Name field and use the drop-down
menus to select the near and far ends of the pipe.
The options for the near end are client or server. The options for the far end are a process or a virtual
machine.
By default, the serial port is connected when you power on the virtual machine.
8 (Optional) Deselect the Connect at power on check box if you do not want the serial port to connect when
the virtual machine is powered on.
9 (Optional) Deselect the I/O mode Yield CPU on poll check box if you want to configure this serial port to
use interrupt mode as opposed to polled mode.
Polled mode is of interest primarily to developers who are using debugging tools that communicate over
a serial connection. Polled mode causes the virtual machine to consume a disproportionate share of CPU
time. This makes the host and other guests run sluggishly.
10 (Optional) To maintain best performance for applications on the host, select the Yield CPU on poll check
box.
This forces the affected virtual machine to use interrupt mode, which yields CPU time if the only task it
is trying to do is poll the virtual serial port.
11 Review the information on the Ready to Complete page, and click Finish.
Procedure
3 Select Use physical parallel port on the host or Output to file, and click Next.
4 If you selected Use physical parallel port on the host, select the port from the drop-down menu. If you
selected Output to file, browse to the location of the file.
5 Under Device status, deselect the Connect at power on check box if you do not want the parallel port
device to be connected when the virtual machine powers on.
6 Click Next.
7 Review the information on the Ready to Complete page, and click Finish.
If you are adding a CD/DVD-ROM drive that is backed by USB CD/DVD drive on the host, you must add the
drive as a SCSI device.
Procedure
4 If you do not want the CD-ROM drive connected when the virtual machine starts, deselect Connect at
power on.
5 Click Next.
6 Specify the virtual device node the drive uses in the virtual machine, and click Next.
7 Review the information on the Ready to Complete window, and click Finish or Back if you want to change
any information.
Procedure
6 To have the floppy drive connected to the virtual machine when you power it on, select Connect at power
on.
7 Click Next.
8 Review the information on the Ready to Complete page, and click Finish.
Procedure
4 In the Network connection panel, select either a named network with a specified label or a legacy network.
5 To connect the virtual NIC when the virtual machine is powered on, select Connect at power on.
6 Click Next.
Flexible Supported on virtual machines that were created on ESX Server 3.0 or greater
and that run 32-bit guest operating systems. The Flexible adapter functions as
a Vlance adapter if VMware Tools is not installed in the virtual machine and
as a Vmxnet driver if VMware Tools is installed in the virtual machine.
e1000 Emulates the functioning of an E1000 network card. It is the default adapter
type for virtual machines that run 64-bit guest operating systems.
Enhanced vmxnet An upgraded version of the Vmxnet device with enhanced performance. It
requires that VMware Tools be installed in the virtual machine.
vmxnet 3 Next generation Vmxnet device with enhanced performance and enhanced
networking features. It requires that VMware Tools be installed in the virtual
machine, and is available only on virtual machines with hardware version 7
and greater.
If your virtual machine was created on ESX Server 3.0 or greater and runs a 32-bit guest operating system, the
default adapter type is Flexible. The Flexible adapter functions as a Vlance adapter if the adapter’s driver is
the stock driver the guest operating system. The Flexible adapter functions as a vmxnet adapter if the vmxnet
driver has been installed on the virtual machine as part of the VMware Tools installation.
If your virtual machine runs a 64-bit guest operating system, the default adapter type is E1000. If you change
a virtual machine from a 32-bit to a 64-bit guest operating system, or the reverse, you must remove the existing
network adapter and replace it with a new one, or the virtual machine will not power on.
If you do a hardware upgrade on a legacy virtual machine, the adapter type for that upgraded machine is as
follows:
n If the adapter type was Vlance, the adapter type on the upgraded virtual machine is Flexible. That adapter
functions as a Vlance adapter would function. If you want to obtain significantly better performance, you
need only install the VMware Tools on the virtual machine as described in the previous step.
n If the adapter type is vmxnet, the adapter type on the upgraded virtual machine is still vmxnet. However,
you cannot change this adapter’s type to Vlance, as you would have been able to do on a legacy virtual
machine.
Procedure
3 Select the type of storage for the virtual machine’s disk, and click Next.
You can store virtual machine data in a new virtual disk, an existing virtual disk, or a Mapped SAN LUN.
A virtual disk, which appears as a single hard disk to the guest operating system, is composed of one or
more files on the host file system. Virtual disks can easily be copied or moved on the same host or between
hosts.
b Select the location as either Store with the virtual machine or Specify a datastore.
c If you selected Specify a datastore, browse for the datastore location, and click Next. Continue with
Step 7.
5 If you selected an existing disk, browse for the disk file path and click Next.
a Select the LUN that you want to use for the raw disk, and click Next.
c Select the compatibility mode: physical to allow the guest operating system to access the hardware
directly or virtual to allow the virtual machine to use VMware snapshots and other advanced
functions. Click Next.
a Select Independent to make the disk independent. Independent disks are not affected by snapshots.
b If you selected Independent, select one of the two modes for independent disks:
n Persistent – The disk operates normally except that changes to the disk are permanent even if the
virtual machine is reverted to a snapshot.
n Nonpersistent – The disk appears to operate normally, but whenever the virtual machine is
powered off or reverted to a snapshot, the contents of the disk return to their original state. All
later changes are discarded.
9 Click Next.
Procedure
3 Under Connection, use the drop-down menu to select the physical device you want to use.
4 To connect this virtual machine to the server’s SCSI device when the virtual machine is powered on, select
Connect at power on.
5 Under Virtual device node, select the virtual device node where you want this device to appear in the
virtual machine.
You can also select the check box to indicate that the virtual device is set up in the same way as the physical
unit.
6 Review the information in the Ready to Complete page, and click Finish.
PCI devices connected to a host can be marked as available for passthrough from the Hardware Advanced
Settings in the Configuration tab for the host.
Prerequisites
®
To use VMDirectPath, the host must have Intel Virtualization Technology for Directed I/O (VT-d) or AMD
I/O Virtualization Technology (IOMMU) enabled in the BIOS. In order to add PCI devices to a virtual machine,
the devices must be connected to the host and marked as available for passthrough. In addition, PCI devices
can be added only to virtual machines with hardware version 7.
Procedure
1 Select the virtual machine from the inventory panel and click Virtual Machine > Edit Settings.
3 In the Add Hardware wizard, select PCI Device and click Next.
4 Select the passthrough device to connect to the virtual machine from the drop-down list and click Next.
5 Click Finish.
Prerequisites
An existing virtual machine with a guest operating system and VMware Tools installed. Paravirtual SCSI
adapters do not support bootable disk. Therefore, the virtual machine must be configured with a primary SCSI
adapter to support a disk where the system software is installed.
Procedure
2 Click Add.
6 Click Next.
7 Review your selections and click Finish.
Paravirtual SCSI adapters are available for virtual machines running hardware version 7 and greater. They are
supported on the following guest operating systems:
n Windows Server 2008
n Windows Server 2003
n Red Hat Linux (RHEL) 5
The following features are not supported with Paravirtual SCSI adapters:
n Boot disks
n Record/Replay
n Fault Tolerance
n MSCS Clustering
The thin provisioned disk starts small and at first, uses just as much storage space as it needs for its initial
operations. You can determine whether your virtual disk is in the thin format and, if required, convert it to
thick. After having been converted, the virtual disk grows to its full capacity and occupies the entire datastore
space provisioned to it during the disk’s creation.
For more information on thin provisioning and disk formats, see ESX Configuration Guide or ESXi Configuration
Guide.
Procedure
2 Click Edit Settings to display the Virtual Machine Properties dialog box.
3 Click the Hardware tab and select the appropriate hard disk in the Hardware list.
The Disk Provisioning section on the right shows the type of your virtual disk, either Thin or Thick.
4 Click OK.
What to do next
If your virtual disk is in the thin format, you can inflate it to its full size.
Procedure
2 Click the Summary tab and, under Resources, double-click the datastore for the virtual machine to open
the Datastore Browser dialog box.
3 Click the virtual machine folder to find the virtual disk file you want to convert. The file has the .vmdk
extension.
The virtual disk in thick format occupies the entire datastore space originally provisioned to it.
Templates coexist with virtual machines at any level within the template and virtual machine domain. You
can order collections of virtual machines and templates into arbitrary folders and apply a variety of permissions
to both virtual machines and templates. Virtual machines can be transformed into templates without requiring
a full copy of the virtual machine files and the creation of a new object.
You can use templates to create new virtual machines by deploying the template as a virtual machine. When
complete, the deployed virtual machine is added to the folder chosen by the user.
To view templates, select the datacenter and click the Virtual Machines tab. All virtual machines and templates
for the datacenter are visible from here. Virtual machines and templates have different icons.
Creating Templates
Templates can be created by using an existing virtual machine or cloning a virtual machine or existing template.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
vCenter Server marks that virtual machine as a template and displays the task in the Recent Tasks pane.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
5 Give the new template a name, select its inventory location, and click Next.
Option Description
Same as Source Use the format of the original virtual disk.
Thin Provisioned Use the thin format to save storage space. The thin virtual disk starts small
and at first, uses just as much storage space as it needs for its initial
operations. When the virtual disk requires more space, it can grow to its
maximum capacity and occupy the entire datastore space originally
provisioned to it.
Only VMFS datastores version 3 and later support virtual disks in the thin
format.
Thick Allocate a fixed amount of storage space to the virtual disk. The virtual disk
in the thick format does not change its size and from the very beginning
occupies the entire datastore space provisioned to it.
8 Click Next.
9 Click Finish.
vCenter Server displays the Tasks inventory panel for reference and adds the cloned template to the list
in the information panel.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
5 Give the new template a unique name and description, and click Next.
Option Description
Same as Source Use the format of the original virtual disk.
Thin Provisioned Use the thin format to save storage space. The thin virtual disk starts small
and at first, uses just as much storage space as it needs for its initial
operations. When the virtual disk requires more space, it can grow to its
maximum capacity and occupy the entire datastore space provisioned to it.
Only VMFS datastores version 3 and later support virtual disks in the thin
format.
Thick Allocate a fixed amount of storage space to the virtual disk. The virtual disk
in thick format does not change its size and from the very beginning occupies
the entire datastore space provisioned to it.
9 Click Next.
10 Review the information for your new virtual machine and click Finish.
You cannot use the new template until the cloning task completes.
vCenter Server adds the cloned template to the list in the Virtual Machines tab.
Edit a Template
You can edit templates. You might want to edit templates to upgrade or add applications, or change hardware.
You can edit your template (to upgrade an application, for example). You cannot edit templates as templates.
You must convert the template to a virtual machine, edit it, and convert the edited virtual machine to a template.
Procedure
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
4 Change the name and click outside the field to save your changes.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
3 Select the datacenter that contains the template, and click the Virtual Machines tab.
The virtual machines and templates associated with the datacenter appear in the datacenter panel.
4 Right-click the template, and select Deploy Virtual Machine from this Template.
5 Give the new virtual machine a name, select a location, and click Next.
6 On the Host / Cluster page, select the host on which you want to store the template and click Next.
7 Select a resource pool (if applicable) in which you want to run the virtual machine, and click Next.
Resource pools allow hierarchical management of resources within a host or cluster. Virtual machines and
child pools share the resources of their parent pool.
You are choosing the datastore in which to store the files for the virtual machine. You should select one
that is large enough to accommodate the virtual machine and all of its virtual disk files so that they can
all reside in the same place.
The Advanced button allows you to store individual files in separate locations. To return to the datastore
selection page, click the Basic button.
9 In the Select Guest Customization Option page, perform one of these actions:
n If you do not want to customize your guest operating system, select Do not customize and click
Next.
n If you want to customize your guest operating system, click one of the other selections as appropriate.
You customize guest operating systems through the wizard or by using an existing customization
specification that you create.
NOTE Customization is not supported for all guest operating systems. Additionally, some guest
operating systems require Microsoft Sysprep tools.
10 In the Ready to Complete page, review the information for your new virtual machine, select the Power
on the new Virtual Machine after creation check box if you want to power on the virtual machine
immediately, and click Finish.
After you click Finish, you cannot use or edit the virtual machine until the task completes. This might
take several minutes. The virtual machine is added to the datastore.
When a template that resides on a legacy VMFS2 datastore is converted to a virtual machine, the resulting
virtual machine must be registered on the host where the template was created. Select this host as the
destination for the new virtual machine.
Procedure
1 Start the vSphere Client, and log in to the vCenter Server system.
The virtual machines and templates associated with the datacenter appear in the datacenter panel.
Deleting Templates
You can delete a template by removing it from the inventory or deleting the template from the disk.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
5 Click OK to confirm removing the template from the vCenter Server database.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
3 Select the datastore that contains the template, and click the Virtual Machine tab.
4 Right-click the template, and select Delete from Disk.
5 Click OK to confirm removing the template from the vCenter Server database.
Regain Templates
Templates are associated with hosts, and the only way to regain or register templates after removing and
adding a host is to use the datastore browser to locate the template. Then use the inventory wizard to name
and register the .vmtx file as a template back into vCenter Server.
If you want the template to retain its original name, do not enter a name in the Add to Inventory wizard.
vCenter Server will use the original name if the field in the wizard is left blank.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
3 Right-click the datastore that contains the template and select Browse Datastore.
7 Select a host or cluster on which to store the template, and click Next.
The template is registered to the host. You can view the template from the host’s Virtual Machine tab.
You can place the new clone on any host within any datacenter.
Procedure
1 Start the vSphere Client and log in to the vCenter Server system.
3 Expand the inventory as needed, and click the source virtual machine.
7 Select a host or cluster on which to run the clone, and click Next.
8 If you select a cluster, you must select a specific host within the cluster, and click Next.
9 Select a resource pool in which to run the clone, and click Next.
10 Select the datastore location where you want to store the virtual machine files, and click Next.
11 Click Advanced for more options, and click Next.
The Select Guest Customization Option page appears. You can choose to customize the guest operating
system using the wizard or using an existing customization specification. You can also choose not to
customize.
On the Ready to Complete New Virtual Machine page, you can select the check box to power on the new
virtual machine after creation. After you click Finish, you cannot use or edit the virtual machine until the
task completes. If the task involves the creation of a virtual disk, it could take several minutes to complete.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
4 Select Clone a virtual machine from the drop-down menu, and click OK.
6 Follow the wizard through the same steps as those in the previous task in which you cloned a virtual
machine.
9 Select Now or Later. If later, enter the time and date when you want the virtual machine to be deployed,
and click Next.
To see the calendar, click Later, and click the drop-down arrow to select a date from the calendar. A red
circle indicates today’s date, and a dark circle indicates the scheduled date.
10 Review the information on the Ready to Complete New Virtual Machine page, and click Finish.
Optionally, you can select the check box to power on the new virtual machine after it is created.
vCenter Server adds the new task to the scheduled task list and completes it at the designated time. When
it is time to perform the task, vCenter Server first verifies that the user who created the task still has
permission to complete the task. If the permission levels are not acceptable, vCenter Server sends a
message to the log and the task is not performed.
You can store specifications in the database to customize the guest operating system of a virtual machine during
the cloning or deploying process. Use the Customization Specification Manager to manage customization
specifications you create with the Guest Customization wizard.
NOTE After deploying and customizing nonvolume-licensed versions of Windows XP or Windows 2003, you
might need to reactivate your Microsoft operating system on the new virtual machine.
Guest customization requires that the source virtual machine that you use to create a clone or template has the
following:
n VMware Tools installed
n 32-bit or 64-bit hardware corresponding to the 32-bit or 64-bit operating system being installed
n SCSI disks
vCenter Server customization operates on the disk attached to the virtual SCSI node with the lowest address
on the SCSI controller with the lowest index.
Windows Vista customization is supported only on hosts running ESX/ESXi 3.5 and greater.
Windows XP Home or Windows NT4 operating system guest customization is not supported.
n The guest operating system has the most recent version of VMware Tools installed.
n The Microsoft Sysprep tools are installed on the vCenter Server system.
Microsoft Sysprep tools have certain requirements and impose certain restrictions on the source machine.
n If the virtual machine resides on a host running ESX Server 3.0.x or earlier, both the active partition (the
partition containing boot.ini) and the system partition (the partition containing the system directory, for
example, \WINNT or \WINDOWS), must be on the same virtual disk.
NOTE Customization for Red Hat Enterprise Linux Server version 4 and greater and SUSE Linux
Enterprise Server version 9 and greater is supported only on hosts running ESX/ESXi 3.5 and greater.
n Ubuntu 8.04
n Debian 4.0
n The guest operating system has the most recent version of VMware Tools installed.
n Perl must be installed in the Linux guest operating system.
n The clone or template has a root volume formatted with an ext2, ext3, or ReiserFS file system.
You can set the computer name using one of the following options:
Use a specific name The name can contain alphanumeric characters and the underscore ( _ ) and
hyphen (-) characters. It cannot contain periods (.) or blank spaces and cannot
be made up of digits only. To ensure that the name is unique, select Append a
numeric value to ensure uniqueness. This appends a hyphen followed by a
numeric value to the virtual machine name. Names are case-insensitive.
Use the virtual The computer name that vCenter Server creates is identical to the name of the
machine’s name virtual machine on which the guest operating system is running.
Prompt the user for a The vSphere Client populates the Deploy Virtual Machine wizard with a
name in the Deploy prompt for the computer name after you complete all the steps in the wizard.
wizard
Use a custom Enter a parameter that can be passed to the custom application.
application configured
with vCenter Server to
generate a name
Procedure
1 From the Clone Virtual Machine or Deploy Template wizard, select Guest Customization.
2 Type the virtual machine owner’s name and organization and click Next.
3 Specify the name that will identify the guest operating system on the network and click Next.
4 Type the Windows product key for the new guest operating system.
For Per server, enter the maximum number of simultaneous connections you want the server to
accept.
6 Click Next.
7 Type a password for the administrator account, and confirm the password by typing it again.
NOTE You can change the administrator password only if the administrator password on the source
Windows virtual machine is blank. If the source Windows virtual machine or template already has a
password, the administrator password does not change.
8 To log users into the guest operating system as Administrator, select the check box, and select the number
of times to log in automatically.
9 Click Next.
10 Select the time zone for the virtual machine and click Next.
11 (Optional) On the Run Once page, specify commands to be run the first time a user logs into the guest
operating system and click Next.
12 Select the type of network settings to apply to the guest operating system and click Next:
n Typical settings allow vCenter Server to configure all network interfaces from a DHCP server.
n Custom settings require you to manually configure the network interface settings.
13 Select how the virtual machine will participate in the network by typing the following:
n Workgroup (for example, MSHOME)
n Windows Server Domain: Type the domain, the user name, and the password for a user account that
has permission to add a computer to the specified domain.
14 Click Next.
17 Click Finish to save your changes and exit the Guest Customization wizard.
Procedure
1 From the Clone Virtual Machine or Deploy Template wizard, select Guest Customization.
2 Specify a host name to identify the guest operating system on the network.
3 Enter the Domain Name for the computer and click Next.
4 Select the time zone for the virtual machine and click Next.
5 Select the type of network settings to apply to the guest operating system and click Next:
n Typical settings allow vCenter Server to configure all network interfaces from a DHCP server.
n Custom settings require you to manually configure the network interface settings.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
2 Click New.
3 In the Guest Customization wizard, select Linux from the Target Virtual Machine OS menu.
4 Under Customization Specification Information, enter a name for the specification and an optional
description and click Next.
5 Specify a host name to identify the guest operating system on the network.
6 Enter the Domain Name for the computer and click Next.
7 Select the time zone for the virtual machine and click Next.
8 Select the type of network settings to apply to the guest operating system and click Next:
n Typical settings allow vCenter Server to configure all network interfaces from a DHCP server.
n Custom settings require you to manually configure the network interface settings.
The custom specification you created is listed in the Customization Specification Manager, and can be used to
customize virtual machine guest operating systems.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
2 Click New.
3 In the Guest Customization wizard, select Windows from the Target Virtual Machine OS menu.
5 Under Customization Specification Information, enter a name for the specification and an optional
description, and click Next.
6 Enter the virtual machine owner’s name and organization and click Next.
7 Type the name that will identify the guest operating system on the network and click Next.
8 Type the Windows product key for the new guest operating system.
For Per server, enter the maximum number of simultaneous connections you want the server to
accept.
10 Click Next.
11 Type a password for the administrator account, and confirm the password by typing it again.
NOTE You can change the administrator password only if the administrator password on the source
Windows virtual machine is blank. If the source Windows virtual machine or template already has a
password, the administrator password does not change.
12 To log users into the guest operating system as Administrator, select the check box, and select the number
of times to log in automatically.
13 Click Next.
14 Select the time zone for the virtual machine and click Next.
15 (Optional) On the Run Once page, specify commands to be run the first time a user logs into the guest
operating system and click Next.
16 Select the type of network settings to apply to the guest operating system and click Next:
n Typical settings allow vCenter Server to configure all network interfaces from a DHCP server.
n Custom settings require you to manually configure the network interface settings.
17 Select how the virtual machine will participate in the network and click Next.
n Workgroup (for example, MSHOME)
n Windows Server Domain: Type the domain, the user name, and the password for a user account that
has permission to add a computer to the specified domain.
The custom specification you created is listed in the Customization Specification Manager. You can use it to
customize virtual machine guest operating systems.
vCenter Server saves the customized configuration parameters in the vCenter Server database. If the
customization settings are saved, the administrator, and domain administrator, passwords are stored in
encrypted format in the database. Because the certificate used to encrypt the passwords is unique to each
vCenter Server system, reinstalling vCenter Server, or attaching a new instance of the server the database,
invalidates the encrypted passwords. The passwords must be re-entered before they can be used.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
2 In the Customization Specification Manager, right-click a specification and select Edit.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
4 Click Save.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
2 Click Import.
3 From the Open dialog, browse the .xml to import and click Open.
If the guest operating system pauses when the new virtual machine boots, it might be waiting for you to
correct errors, such as an incorrect product key or invalid user name. Open the virtual machine’s console
to determine whether the system is waiting for information.
Procedure
u Click the Windows Start button and select Programs > Administrative Tools > Event Viewer.
Procedure
u Navigate to /var/log/vmware/customization.log.
Cold Migration Moving a powered-off virtual machine to a new host. Optionally, you can
relocate configuration and disk files to new storage locations. Cold migration
can be used to migrate virtual machines from one datacenter to another.
Migrating a Suspended Moving a suspended virtual machine to a new host. Optionally, you can
Virtual Machine relocate configuration and disk files to new storage location. You can migrate
suspended virtual machines from one datacenter to another.
Migration with VMotion Moving a powered-on virtual machine to a new host. Migration with VMotion
allows you to move a virtual machine to a new host without any interruption
in the availability of the virtual machine. Migration with VMotion cannot be
used to move virtual machines from one datacenter to another.
Migration with Storage Moving the virtual disks or configuration file of a powered-on virtual machine
VMotion to a new datastore. Migration with Storage VMotion allows you to move a
virtual machine’s storage without any interruption in the availability of the
virtual machine.
Both migration of a suspended virtual machine and migration with VMotion are sometimes referred to as “hot
migration”, because they allow migration of a virtual machine without powering it off. Migration with
VMotion is sometimes referred to as "live migration".
You can move virtual machines manually or set up a scheduled task to perform the cold migration.
Cold Migration
Cold migration is the migration of a powered-off virtual machine. With cold migration, you have the option
of moving the associated disks from one datastore to another. The virtual machines are not required to be on
shared storage.
The virtual machine you want to migrate must be powered off prior to beginning the cold migration process.
CPU compatibility checks do not apply when you migrate a virtual machine with cold migration.
3 After the migration is completed, the old version of the virtual machine is deleted from the source host.
Migration of suspended virtual machines is supported in ESX Server 3.x and ESX Server 3i and later only.
Virtual machines created using ESX Server 2.x must be powered off before migration.
When you migrate a suspended virtual machine, the new host for the virtual machine must meet CPU
compatibility requirements, because the virtual machine must resume executing instructions on the new host.
1 The configuration files, including the NVRAM file (BIOS settings), log files, and the suspend file as well
as the disks of the virtual machine are moved from the source host to the destination host’s associated
storage area.
3 After the migration is completed, the old version of the virtual machine is deleted from the source host.
The entire state of the virtual machine, as well as its configuration file, if necessary, is moved to the new host,
while the associated virtual disk remains in the same location on storage that is shared between the two hosts.
After the virtual machine state is migrated to the alternate host, the virtual machine runs on the new host.
The state information includes the current memory content and all the information that defines and identifies
the virtual machine. The memory content includes transaction data and whatever bits of the operating system
and applications are in the memory. The defining and identification information stored in the state includes
all the data that maps to the virtual machine hardware elements, such as BIOS, devices, CPU, MAC addresses
for the Ethernet cards, chip set states, registers, and so forth.
When you migrate a virtual machine with VMotion, the new host for the virtual machine must meet
compatibility requirements in order for the migration to proceed.
1 When the migration with VMotion is requested, vCenter Server verifies that the existing virtual machine
is in a stable state with its current host.
2 The virtual machine state information (memory, registers, and network connections) is copied to the target
host.
If any error occurs during migration, the virtual machines revert to their original states and locations.
Migration of a suspended virtual machine and migration with VMotion can be referred to as hot migration,
because they allow migration of a virtual machine without powering it off.
Ensure that you have correctly configured your hosts in each of the following areas:
n Each host must be correctly licensed for VMotion. For more information on licensing, see the Installation
Guide.
n Each host must meet shared storage requirements for VMotion.
n Each host must meet the networking requirements for VMotion.
During a migration with VMotion, the migrating virtual machine must be on storage accessible to both the
source and target hosts. Ensure that the hosts configured for VMotion use shared storage. Shared storage is
typically on a storage area network (SAN), but can also be implemented using iSCSI and NAS shared storage.
See the VMware SAN Configuration Guide for additional information on SAN and the ESX Configuration Guide
or ESXi Configuration Guide for information on other shared storage.
VMotion requires a Gigabit Ethernet (GigE) network between all VMotion-enabled hosts. Each host enabled
for VMotion must have a minimum of two Ethernet adapters, at least one of which must be a GigE adapter.
n Ensure that the network labels used for virtual machine port groups are consistent across hosts. During a
migration with VMotion, vCenter Server assigns virtual machines to port groups based on matching
network labels.
n Use of Jumbo Frames is recommended for best VMotion performance.
VMotion transfers the running state of a virtual machine between underlying ESX/ESXi systems. Successful
migration requires that the processors of the target host be able to execute using the equivalent instructions
that the processors of the source host were using when the virtual machine was migrated off of the source host.
Processor clock speeds and cache sizes, and the number of processor cores can vary, but processors must come
from the same vendor class (AMD or Intel) and use compatible feature sets to be compatible for migration with
VMotion.
Migrations of suspended virtual machines also require that the virtual machine be able to resume execution
on the target host using equivalent instructions.
When you initiate a migration with VMotion or a migration of a suspended virtual machine, the Migrate Virtual
Machine wizard checks the destination host for compatibility and produces an error message if there are
compatibility problems that will prevent migration.
When a virtual machine is powered on, it determines its available CPU feature set. The virtual machine’s CPU
feature set is based on the host’s CPU feature set. However, some of the host CPU features can be hidden from
the virtual machine if the host is part of a cluster using Enhanced VMotion Compatibility (EVC), or if a CPU
compatibility mask is applied to the virtual machine.
NOTE VMware, in partnership with CPU and hardware vendors, is working to maintain VMotion
compatibility across the widest range of processors. For additional information, search the VMware
Knowledge Base for the VMotion and CPU Compatibility FAQ.
When you attempt to migrate a virtual machine with VMotion, one of the following scenarios applies:
n The destination host feature set matches the virtual machine’s CPU feature set. CPU compatibility
requirements are met, and migration with VMotion proceeds.
n The virtual machine’s CPU feature set contains features not supported by the destination host. CPU
compatibility requirements are not met, and migration with VMotion cannot proceed.
n The destination host supports the virtual machine’s feature set, plus additional user-level features (such
as SSE4.1) not found in the virtual machine’s feature set. CPU compatibility requirements are not met, and
migration with VMotion cannot proceed.
n The destination host supports the virtual machine’s feature set, plus additional kernel-level features (such
as NX or XD) not found in the virtual machine’s feature set. CPU compatibility requirements are met, and
migration with VMotion proceeds. The virtual machine retains its CPU feature set as long as it remains
powered on, allowing it to migrate freely back to the original host. However, if the virtual machine is
rebooted, it acquires a new feature set from the new host, which might cause VMotion incompatibility if
you attempt to migrate the virtual machine back to the original host.
Server hardware’s CPU specifications will usually indicate whether or not the CPUs contain the features that
affect VMotion compatibility. If the specifications of a server or its CPU features are unknown, VMware’s
bootable CPU identification utility (available for download from the VMware website) can be used to boot a
server and determine whether its CPUs contain features such as SSE3, SSSE3, and NX/XD.
®
For more information on identifying Intel processors and their features, see Application Note 485: Intel Processor
Identification and the CPUID Instruction, available from Intel. For more information on identifying AMD
processors and their features, see CPUID Specification, available from AMD.
NX/XD Considerations
The AMD No eXecute (NX) and the Intel eXecute Disable (XD) technology serve the same security purpose.
They mark memory pages as data-only to prevent malicious software exploits and buffer overflow attacks.
Refer to the documentation for your guest operating system to determine whether it supports NX and XD.
In ESX/ESXi 3.0 and later, NX and XD technology is exposed by default for all guest operating systems that
can use it (trading off some compatibility for security by default). Hosts that were previously compatible for
VMotion in ESX Server 2.x might become incompatible after upgrading to ESX/ESXi 3.0 and later, because the
NX or XD is now exposed when it was previously suppressed, but you can use per-virtual machine CPU
compatibility masks to restore compatibility.
SSE3 Considerations
Within the Intel P4 and AMD Opteron processor families, VMware places a restriction between processors that
do support the SSE3 instructions and processors that do not support the SSE3 instructions. Because they are
application level instructions that bypass the virtualization layer, these instructions could cause application
instability if mismatched after a migration with VMotion.
SSSE3 Considerations
Within the Intel P4 and Intel Core processor families, VMware places a restriction between processors that do
support the SSSE3 instructions and processors that do not support the SSSE3 instructions. Because they are
application level instructions that bypass the virtualization layer, these instructions could cause application
instability if mismatched after a migration with VMotion.
SSE4.1 Considerations
Within the Intel Core 2 processor family, VMware places a restriction between processors that do support the
SSE4.1 instructions and processors that do not support the SSE4.1 instructions because they are application
level instructions that bypass the virtualization layer, and could cause application instability if mismatched
after a migration with VMotion.
Configure EVC from the cluster settings dialog box. When you configure EVC, you configure all host processors
in the cluster to present the feature set of a baseline processor. EVC leverages AMD-V Extended Migration
technology (for AMD hosts) and Intel FlexMigration technology (for Intel hosts) to mask processor features so
that hosts can present the feature set of an earlier generation of processors. The baseline feature set must be
equivalent to, or a subset of, the feature set of the host with the smallest feature set in the cluster.
EVC masks only those processor features that affect VMotion compatibility. Enabling EVC does not prevent
a virtual machine from taking advantage of faster processor speeds, increased numbers of CPU cores, or
hardware virtualization support that might be available on newer hosts.
EVC cannot prevent virtual machines from accessing hidden CPU features in all circumstances. Applications
that do not follow CPU vendor recommended methods of feature detection might behave unexpectedly in an
EVC environment. VMware EVC cannot be supported with ill-behaved applications that do not follow the
CPU vendor recommendations. For more information about creating well-behaved applications, search the
VMware Knowledge Base for the article Detecting and Using New Features in CPUs.
EVC Requirements
Hosts in an EVC cluster must meet certain requirements.
To enable EVC on a cluster, the cluster must meet the following requirements:
n You must be running vCenter Server 2.5 Update 2 or later.
n All virtual machines in the cluster that are running on hosts with a feature set greater than the EVC mode
you intend to enable must be powered off or migrated out of the cluster before EVC is enabled. (For
example, consider a cluster containing an Intel Xeon Core 2 host and an Intel Xeon 45nm Core 2 host, on
which you intend to enable the Intel Xeon Core 2 baseline. The virtual machines on the Intel Xeon Core 2
host can remain powered on, but the virtual machines on the Intel Xeon 45nm Core 2 host must be powered
off or migrated out of the cluster.)
n All hosts in the cluster must have CPUs from a single vendor, either AMD or Intel.
n All hosts in the cluster must be running ESX/ESXi 3.5 Update 2 or later.
n All hosts in the cluster must be connected to the vCenter Server system.
n All hosts in the cluster must have advanced CPU features, such as hardware virtualization support (AMD-
V or Intel VT) and AMD No eXecute (NX) or Intel eXecute Disable (XD), enabled in the BIOS if they are
available.
n All hosts in the cluster should be configured for VMotion. See “Host Configuration for VMotion,” on
page 187.
n All hosts in the cluster must have supported CPUs for the EVC mode you want to enable. For specific host
processors supported, see Table 16-1.
Any host added to an existing EVC-enabled cluster must also meet the requirements listed above.
NOTE Hardware vendors sometimes disable particular CPU features in the BIOS by default. This can cause
problems in enabling EVC, because the EVC compatibility checks do not detect features that are expected to
be present for a particular CPU. If you cannot enable EVC on a system with a compatible processor, ensure
that all features are enabled in the BIOS.
When you create an EVC cluster, use one of the following methods:
n Create an empty cluster, enable EVC, and move hosts into the cluster.
n Enable EVC on an existing cluster.
VMware recommends creating an empty EVC cluster as the simplest way of creating an EVC cluster with
minimal disruption to your existing infrastructure.
Prerequisites
Before you create an EVC cluster, ensure that the hosts you intend to add to the cluster meet the requirements
listed in “EVC Requirements,” on page 190.
Procedure
Select the CPU vendor and feature set appropriate for the hosts you intend to add to the cluster. For
information on configuring EVC, see the vSphere Client online Help.
Other cluster features such as VMware DRS and VMware HA are fully compatible with EVC. You can
enable these features when you create the cluster. For information on specific cluster options, see the
vSphere Client online Help.
You can power on the virtual machines on the host, or migrate virtual machines into the cluster with
VMotion, if the virtual machines meet CPU compatibility requirements for the cluster’s baseline feature
set. Virtual machines running on hosts with more features than the EVC cluster baseline must be powered
off before migration into the cluster.
5 Repeat Step 3 and Step 4 for each additional host that you want to move into the cluster.
Prerequisites
Before you enable EVC on an existing cluster, ensure that the hosts in the cluster meet the requirements listed in
“EVC Requirements,” on page 190.
Procedure
2 If virtual machines are running on hosts that have feature sets greater than the baseline feature set you
intend to enable, do one of the following tasks:
n Power off all the virtual machines on the hosts with feature sets greater than the EVC baseline.
n Migrate the cluster’s virtual machines to another host using VMotion.
Because these virtual machines are running with more features than the EVC cluster baseline you
intend to set, power off the virtual machines to migrate them back into the cluster after enabling EVC.
3 Ensure that the cluster contains hosts with CPUs from only one vendor, either Intel or AMD.
Select the CPU vendor and feature set appropriate for the hosts in the cluster.
5 If you powered off or migrated virtual machines out of the cluster, power on the virtual machines in the
cluster, or migrate virtual machines into the cluster.
Any virtual machines running at a higher baseline than the EVC mode you enabled for the cluster must
be powered off before they can be moved back into the cluster.
To raise the EVC mode from a CPU baseline with fewer features to one with more features, you do not need
to turn off any running virtual machines in the cluster. Virtual machines that are running do not have access
to the new features available in the new EVC mode until they are powered off and powered back on. A full
power cycling is required. Rebooting the guest operating system or suspending and resuming the virtual
machine is not sufficient.
To lower the EVC mode from a CPU baseline with more features to one with fewer features, you must first
power off the virtual machines in the cluster, and power them back on after the new mode has been enabled.
Prerequisites
If you intend to lower the EVC mode, power off the currently running virtual machines in the cluster.
Procedure
5 From the VMware EVC Mode drop-down menu, select the baseline CPU feature set you want to enable
for the cluster.
If the selected EVC Mode cannot be selected, the Compatibility pane displays the reason or reasons why,
along with the relevant hosts for each reason.
6 Click OK to close the EVC Mode dialog box, and click OK to close the cluster settings dialog box.
Default values for the CPU compatibility masks are set by VMware to guarantee the stability of virtual
machines after a migration with VMotion.
In some cases, where a choice between CPU compatibility or guest operating system features (such as NX/XD)
exists, VMware provides check-box options to configure individual virtual machines through the virtual
machine’s Advanced Settings option. For more control over the visibility of CPU features, you can edit the
virtual machine’s CPU compatibility mask at the bit level.
CAUTION Manual edit of the CPU compatibility masks without the appropriate documentation and testing
might lead to an unsupported configuration.
CPU compatibility masks cannot prevent virtual machines from accessing masked CPU features in all
circumstances. In some circumstances, applications can detect and use masked features even though they are
hidden from the guest operating system. In addition, on any host, applications that use unsupported methods
of detecting CPU features rather than using the CPUID instruction can access masked features. Virtual
machines running applications that use unsupported CPU detection methods might experience stability
problems after migration.
Virtual machines on hosts running ESX Server 3.0.x have a virtual machine swap file located with the virtual
machine configuration file. Virtual machines on these hosts can be migrated with VMotion only if the
destination host can access the VMFS volume where the swap file is located.
You can configure ESX 3.5 or ESXi 3.5 or later hosts to store virtual machine swapfiles in one of two locations:
with the virtual machine configuration file, or on a local swapfile datastore specified for that host. You can also
set individual virtual machines to have a different swapfile location from the default set for their current host.
The location of the virtual machine swapfile affects VMotion compatibility as follows:
n Migrations between hosts running ESX/ESXi version 3.5 and later: Migrations with VMotion and
migrations of suspended and powered-off virtual machines are allowed.
During a migration with VMotion, if the swapfile location specified on the destination host differs from
the swapfile location specified on the source host, the swapfile is copied to the new location. This can result
in slower migrations with VMotion. If the destination host cannot access the specified swapfile location,
it stores the swapfile with the virtual machine configuration file.
n Migrations between a host running ESX/ESXi version 3.5 and later and a host running an earlier version
of ESX Server: Migrations of suspended and powered-off virtual machines are allowed. If the virtual
machine is configured to use a local swapfile datastore, attempting to migrate it to a host that does not
support this configuration produces a warning, but the migration can proceed. When the virtual machine
is powered on again, the swapfile is located with the virtual machine.
Migrations with VMotion are not allowed unless the destination swapfile location is the same as the source
swapfile location. In practice, this means that virtual machine swapfiles must be located with the virtual
machine configuration file.
See the vSphere Client online Help for more information on configuring swapfile policies.
Some restrictions apply when migrating virtual machines with snapshots. You cannot migrate a virtual
machine with snapshots with Storage VMotion. Otherwise, migrating a virtual machine with snapshots is
permitted, regardless of the virtual machine power state, as long as the virtual machine is being migrated to
a new host without moving its configuration file or disks. (The virtual machine must reside on shared storage
accessible to both hosts.)
If the migration involves moving the configuration file or virtual disks, the following additional restrictions
apply:
n The starting and destination hosts must be running ESX 3.5 or ESXi 3.5 or later.
n All of the virtual machine files and disks must reside in a single directory, and the migrate operation must
move all the virtual machine files and disks to a single destination directory.
Reverting to a snapshot after migration with VMotion might cause the virtual machine to fail, because the
migration wizard cannot verify the compatibility of the virtual machine state in the snapshot with the
destination host. Failure occurs only if the configuration in the snapshot uses devices or virtual disks that are
not accessible on the current host, or if the snapshot contains an active virtual machine state that was running
on hardware that is incompatible with the current host CPU.
You can choose to place the virtual machine and all its disks in a single location, or select separate locations
for the virtual machine configuration file and each virtual disk. The virtual machine does not change execution
host during a migration with Storage VMotion.
During a migration with Storage VMotion, you can transform virtual disks from thick-provisioned to thin-
provisioned or from thin-provisioned to thick-provisioned.
Storage VMotion has a number of uses in administering virtual infrastructure, including the following
examples of use:
n Upgrading ESX/ESXi without virtual machine downtime. During an upgrade from ESX Server 2.x to ESX/
ESXi 3.5 or later, you can migrate running virtual machines from a VMFS2 datastore to a VMFS3 datastore,
and upgrade the VMFS2 datastore without any impact on virtual machines. You can then use Storage
VMotion to migrate virtual machines back to the original datastore without any virtual machine
downtime.
n Storage maintenance and reconfiguration. You can use Storage VMotion to move virtual machines off of
a storage device to allow maintenance or reconfiguration of the storage device without virtual machine
downtime.
n Redistributing storage load. You can use Storage VMotion to manually redistribute virtual machines or
virtual disks to different storage volumes to balance capacity or improve performance.
Procedure
2 Right-click on the virtual machine and select Migrate from the pop-up menu.
Option Description
Change host Move the virtual machine to another host.
Change datastore Move the virtual machine’s configuration file and virtual disks.
Change both host and datastore Move the virtual machine to another host and move its configuration file and
virtual disks.
4 To move the virtual machine to another host, select the destination host or cluster for this virtual machine
migration and click Next.
Any compatibility problem appears in the Compatibility panel. Fix the problem, or select another host or
cluster.
Possible targets include hosts and DRS clusters with any level of automation. If a cluster has no DRS
enabled, select a specific host in the cluster rather than selecting the cluster itself.
5 Select the destination resource pool for the virtual machine migration and click Next.
6 If you chose to move the virtual machine’s configuration file and virtual disks, select the destination
datastore:
n To move the virtual machine configuration files and virtual disks to a single destination, select the
datastore and click Next.
n To select individual destinations for the configuration file and each virtual disk, click Advanced. In the
Datastore column, select a destination for the configuration file and each virtual disk, and click
Next.
7 If you chose to move the virtual machine’s configuration file and virtual disks, select a disk format and click
Next.
Option Description
Same as Source Use the format of the original virtual disk.
If you select this option for an RDM disk in either physical or virtual
compatibility mode, only the mapping file is migrated.
Thin provisioned Use the thin format to save storage space. The thin virtual disk uses just as
much storage space as it needs for its initial operations. When the virtual disk
requires more space, it can grow in size up to its maximum allocated capacity.
This option is not available for RDMs in physical compatibility mode. If you
select this option for a virtual compatibility mode RDM, the RDM is
converted to a virtual disk. RDMs converted to virtual disks cannot be
converted back to RDMs.
Thick Allocate a fixed amount of hard disk space to the virtual disk. The virtual
disk in the thick format does not change its size and from the beginning
occupies the entire datastore space provisioned to it.
This option is not available for RDMs in physical compatibility mode. If you
select this option for a virtual compatibility mode RDM, the RDM is
converted to a virtual disk. RDMs converted to virtual disks cannot be
converted back to RDMs.
Disks are converted from thin to thick format or thick to thin format only when they are copied from one
datastore to another. If you leave a disk in its original location, the disk format is not converted, regardless
of the selection made here.
vCenter Server moves the virtual machine to the new host. Event messages appear in the Events tab. The data
displayed on the Summary tab shows the status and state throughout the migration. If errors occur during
migration, the virtual machines revert to their original states and locations.
Prerequisites
Before migrating a virtual machine with VMotion, ensure that your hosts and virtual machines meet the
requirements for migration with VMotion.
n “Host Configuration for VMotion,” on page 187
n “Virtual Machine Configuration Requirements for VMotion,” on page 194
Procedure
2 Right-click on the virtual machine, and select Migrate from the pop-up menu.
Any compatibility problem appears in the Compatibility panel. Fix the problem, or select another host or
cluster.
Possible targets include hosts and fully automated DRS clusters. You can select a non-automated cluster
as a target. You are prompted to select a host within the non-automated cluster.
Option Description
High Priority vCenter Server reserves resources on both the source and destination hosts
to maintain virtual machine availability during the migration. High priority
migrations do not proceed if resources are unavailable.
Low Priority vCenter Server does not reserve resources on the source and destination
hosts to maintain availability during the migration. Low priority migrations
always proceed. However, the virtual machine might become briefly
unavailable if host resources are unavailable during the migration.
You cannot change the virtual machine’s execution host during a migration with Storage VMotion.
Procedure
2 Right-click on the virtual machine, and select Migrate from the pop-up menu.
Option Description
Same as Source Use the format of the original virtual disk.
If you select this option for an RDM disk in either physical or virtual
compatibility mode, only the mapping file is migrated.
Thin provisioned Use the thin format to save storage space. The thin virtual disk uses just as
much storage space as it needs for its initial operations. When the virtual disk
requires more space, it can grow in size up to its maximum allocated capacity.
This option is not available for RDMs in physical compatibility mode. If you
select this option for a virtual compatibility mode RDM, the RDM is
converted to a virtual disk. RDMs converted to virtual disks cannot be
converted back to RDMs.
Thick Allocate a fixed amount of hard disk space to the virtual disk. The virtual
disk in the thick format does not change its size and from the beginning
occupies the entire datastore space provisioned to it.
This option is not available for RDMs in physical compatibility mode. If you
select this option for a virtual compatibility mode RDM, the RDM is
converted to a virtual disk. RDMs converted to virtual disks cannot be
converted back to RDMs.
Disks are converted from thin to thick format or thick to thin format only when they are copied from one
datastore to another. If you choose to leave a disk in its original location, the disk format is not converted,
regardless of the selection made here.
When you select a host, the Compatibility panel at the bottom of the Migrate Virtual Machine wizard displays
information about the compatibility of the selected host or cluster with the virtual machine’s configuration.
If the virtual machine is compatible, the panel displays the message, Validation succeeded. If the virtual
machine is not compatible with either the host’s or cluster’s configured networks or datastores, the
compatibility window can display both warnings and errors:
n Warning messages do not disable migration. Often the migration is justified and you can continue with
the migration despite the warnings.
n Errors can disable migration if there are no error-free destination hosts among the selected destination
hosts. In this case, the Next button is disabled.
For clusters, the network and datastore configurations are taken into account when checking compatibility
issues. For hosts, the individual host’s configuration is used. A possible problem might be that VMotion is not
enabled on one or both hosts.
A specific host CPU feature’s effects on compatibility are dependent on whether ESX/ESXi exposes or hides
them from virtual machines.
n Features that are exposed to virtual machines are not compatible when they are mismatched.
n Features that are not exposed to virtual machines are compatible regardless of mismatches.
Specific items of virtual machine hardware can also cause compatibility issues. For example, a virtual machine
using an enhanced vmxnet virtual NIC cannot be migrated to a host running a version of ESX that does not
support enhanced vmxnet.
For more information about installing and using the vSphere CLI, see vSphere Command-Line Interface Installation
and Reference.
You can run the svmotion command in either interactive or noninteractive mode.
n To use the command in interactive mode, type svmotion --interactive. You are prompted for all the
information necessary to complete the storage migration. When the command is invoked in interactive
mode, all other parameters given are ignored.
n In noninteractive mode, the svmotion command uses the following syntax:
svmotion [Standard CLI options] --datacenter=<datacenter name> --vm ‘<VM config datastore
path>:<new datastore>’ [--disks ‘<virtual disk datastore path>:<new datastore>, <virtual disk
datastore path>:<new datastore>]’
On Windows systems, use double quotes instead of single quotes around the values specified for the --vm and
--disks options.
For more information on the standard CLI options, see the vSphere Command-Line Interface Installation and
Reference.
<datacenter> The datacenter that contains the virtual machine to be migrated. You must quote the name
if it contains white space or other special characters.
<VM config datastore The datastore path to the virtual machine’s configuration file. If the path contains white
path> space or other special characters, you must quote it.
<new datastore> The name of the new datastore to which the virtual machine configuration file or disk is to
be moved. Do not include brackets around the name of the new datastore.
--disks If you do not specify this parameter, all virtual disks associated with a virtual machine are
relocated to the same datastore as the virtual machine configuration file. By specifying this
parameter, you can choose to locate individual virtual disks to different datastores.
To keep a virtual disk on its current datastore, use the --disks option for that disk with its
current datastore as the <new datastore>.
<virtual disk datastore The datastore path to the virtual disk file.
path>
You must specify the datastore path to the virtual machine’s configuration file in the <VM config datastore
path> svmotion command.
Procedure
1 In the vSphere Client inventory, select the virtual machine and click the Summary tab.
2 Click Edit Settings to display the Virtual Machine Properties dialog box.
The path to the virtual machine configuration file appears in the Virtual Machine Configuration File text box.
Procedure
1 In the vSphere Client inventory, select the virtual machine to which the virtual disk belongs, and click the
Summary tab.
2 Click Edit Settings to display the Virtual Machine Properties dialog box.
3 Click the Hardware tab, and select the virtual disk from the list of devices.
The path to the virtual disk file appears in the Disk File text box.
The examples in this section are formatted on multiple lines for readability. The command should be issued
on a single line.
An example of relocating a virtual machine to new_datastore, while leaving the disks, myvm_1.vmdk and
myvm_2.vmdk on old_datastore:
About Snapshots
A snapshot captures the entire state of the virtual machine at the time you take the snapshot.
This includes:
n Memory state – The contents of the virtual machine’s memory.
n Settings state – The virtual machine settings.
n Disk state – The state of all the virtual machine’s virtual disks.
NOTE Snapshots of raw disks, RDM physical mode disks, and independent disks are not supported.
Snapshots operate on individual virtual machines. In a team of virtual machines, taking a snapshot preserves
the state only of the active virtual machine.
When you revert to a snapshot, you return all these items to the state they were in at the time you took that
snapshot. If you want the virtual machine to be suspended, powered on, or powered off when you launch it,
be sure it is in the correct state when you take that snapshot.
Snapshots are useful when you need to revert repeatedly to the same state but you don’t want to create multiple
virtual machines. With snapshots, you create backup and restore positions in a linear process. You can also
preserve a baseline before diverging a virtual machine in a process tree.
Snapshots can be used as restoration points during a linear or iterative process, such as installing update
packages, or during a branching process, such as installing different versions of a program. Taking snapshots
ensures that each installation begins from an identical baseline.
NOTE While snapshots do provide a "point in time" image of the disk that backup solutions can use, snapshots
should not be used for your own virtual machine backups. Large numbers of snapshots are difficult to manage
and take up large amounts of disk space. Backup solutions, like VMware Data Recovery, use the snapshot
mechanism to "freeze" the state of a virtual machine and make a copy. However, the Data Recovery backup
method has addtitional capabilities that mitigate the limitations of snapshots.
Multiple snapshots refers to the ability to create more than one snapshot of the same virtual machine. To take
snapshots of multiple virtual machines, (for example, snapshots for all members of a team) requires that you
take a separate snapshot of each team member.
Multiple snapshots are not simply a way of saving your virtual machines. With multiple snapshots, you can
save many positions to accommodate many kinds of work processes.
In order to take a snapshot, the state of the virtual disk at the time the snapshot is taken must be preserved.
When this occurs, the guest cannot write to the vmdk file. The delta disk is an additional vmdk file that the guest
is allowed to write. The delta disk represents the difference between the current state of the virtual disk and
the state that existed at the time of the previous snapshot. If more than one snapshot exists, delta disks may
represent the difference (or delta) between each snapshot. For example, a snapshot can be taken, then the guest
could write to every single block of the virtual disk causing the delta disk to grow as large as the entire virtual
disk.
When a snapshot is deleted, all the data from the delta disk that contains the information about the deleted
snapshot is written to the parent disk. This can involve a large amount of disk input and output. This may
reduce the virtual machine performance until consolidation is complete.
NOTE You can find more information on the iterative snapshot deletion behavior by searching VMware's
Knowledge Base system.
The amount of time it takes to commit or delete snapshots is a function of how much data the guest operating
system has written to the virtual disks since the last snapshot was taken. The required time is directly
proportional to the amount of data (committed or deleted) and the virtual machine’s RAM size.
The snapshots taken form a tree. Each time you revert and take another, a branch (child) is formed.
In the process tree, each snapshot has one parent, but one snapshot may have more than one child. Many
snapshots have no children.
In general, it is best to take a snapshot when no applications in the virtual machine are communicating with
other computers. The potential for problems is greatest if the virtual machine is communicating with another
computer, especially in a production environment.
For example, if you take a snapshot while the virtual machine is downloading a file from a server on the
network, the virtual machine continues downloading the file, communicating its progress to the server. If you
revert to the snapshot, communications between the virtual machine and the server are confused and the file
transfer fails.
Take a Snapshot
You can take a snapshot while a virtual machine is powered on, powered off, or suspended. If you are
suspending a virtual machine, wait until the suspend operation has finished before taking a snapshot.
You must power off the virtual machine before taking a snapshot if the virtual machine has multiple disks in
different disk modes. For example, if you have a special purpose configuration that requires you to use an
independent disk, you must power off the virtual machine before taking a snapshot.
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Take Snapshot.
You can also right-click the virtual machine and select Snapshot > Take Snapshot.
4 (Optional) Select the Snapshot the virtual machine’s memory check box if you want to capture the
memory of the virtual machine.
5 (Optional) Select the Quiesce guest file system (Needs VMware Tools installed) check box to pause
running processes on the guest operating system so that file system contents are in a known consistent
state when the snapshot is taken. This applies only to virtual machines that are powered on.
6 Click OK.
When the snapshot has been successfully taken, it is listed in the Recent Tasks field at the bottom of the
vSphere Client.
7 Click the target virtual machine to display tasks and events for this machine or, while the virtual machine
is selected, click the Tasks & Events tab.
Prerequisites
You must power off and delete any existing snapshots before you attempt to change the disk mode.
Procedure
2 Click the Hardware tab, and select the hard disk you want to exclude.
3 Under Mode, select Independent. Independent disks are not affected by snapshots.
Option Description
Persistent Disks in persistent mode behave like conventional disks on your physical
computer. All data written to a disk in persistent mode are written
permanently to the disk.
Nonpersistent Changes to disks in nonpersistent mode are discarded when you power off
or reset the virtual machine. Nonpersistent mode enables you to restart the
virtual machine with a virtual disk in the same state every time. Changes to
the disk are actually written to and read from a redo log file that is deleted
when you power off or reset.
4 Click OK.
The Snapshot Manager window contains the following areas: Snapshot tree, Details region, Command buttons,
Navigation region, and a You are here icon.
n Snapshot tree – Displays all snapshots for the virtual machine.
n You are here icon – Represents the current operational state of the virtual machine. The You are here icon
is always selected and visible when you open the Snapshot Manager.
You cannot go to or select the You are here state. You are here always represents the current and active
state.
n Command Buttons – The Snapshot Manager has three command buttons in the left pane: Go to, Delete,
and Delete All.
n Details – Displays the name and description of the selected snapshot. These fields are blank if you have
not selected a snapshot.
n Navigation Region – Contains buttons for navigating out of the dialog box:
n Close – Closes the Snapshot Manager.
n Help – Opens the help system.
Restore a Snapshot
The Go to button allows you to restore the state of any snapshot.
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Snapshot Manager.
3 Click the Go to button to restore the virtual machine to any arbitrary snapshot.
NOTE Virtual machines running certain kinds of workloads might take several minutes to resume
responsiveness after reverting from a snapshot. This delay may be improved by increasing the guest
memory.
Delete a Snapshot
You can permanently remove a snapshot from vCenter Server.
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Snapshot Manager.
Clicking Delete All permanently removes all snapshots from the virtual machine.
NOTE Delete commits the snapshot data to the parent and removes the selected snapshot. Delete All
commits all the immediate snapshots before the You are here current state to the base disk and removes
all existing snapshots for that virtual machine.
Restore a Snapshot
To return a virtual machine to its original state, you can restore a snapshot.
Procedure
n The Inventory > Virtual Machine > Snapshot menu contains the command Revert to Snapshot.
n The Snapshot Manager has a Go to button.
Parent Snapshot
The parent snapshot is the most recently saved version of the current state of the virtual machine.
If you have just taken a snapshot, that stored state is the parent snapshot of the current state (You are here). If
you revert or go to a snapshot, that snapshot becomes the parent of the current state (You are here).
The parent snapshot is always the snapshot appearing immediately above the You are here icon in the Snapshot
Manager.
NOTE The parent snapshot is not always the snapshot you took most recently.
This command immediately activates the parent snapshot of the current state of the virtual machine.
The current disk and memory states are discarded and restored as they were when you took that snapshot. If
your parent snapshot was taken when the virtual machine was powered off, choosing Snapshot > Revert to
Snapshot moves the powered-on virtual machine to that parent state, that is, to a powered-off state.
NOTE Virtual machines running certain kinds of workloads might take several minutes to resume
responsiveness after reverting from a snapshot. This delay may be improved by increasing the guest memory.
When you revert a virtual machine, the virtual machine returns to the parent snapshot
of the virtual machine (that is, the parent of the current You are here state).
Procedure
u Select Inventory > Virtual Machine > Snapshot > Revert to Snapshot.
vCenter Server and ESX/ESXi hosts determine the level of access for the user based on the permissions that are
assigned to the user. The combination of user name, password, and permissions is the mechanism by which
vCenter Server and ESX/ESXi hosts authenticate a user for access and authorize the user to perform activities.
The servers and hosts maintain lists of authorized users and the permissions assigned to each user.
Privileges define basic individual rights that are required to perform actions and read properties. ESX/ESXi
and vCenter Server use sets of privileges, or roles, to control which users or groups can access particular
vSphere objects. ESX/ESXi and vCenter Server provide a set of pre-established roles. You can also create new
roles.
The privileges and roles assigned on an ESX/ESXi host are separate from the privileges and roles assigned on
a vCenter Server system. When you manage a host using vCenter Server, only the privileges and roles assigned
through the vCenter Server system are available. If you connect directly to the host using the vSphere Client,
only the privileges and roles assigned directly on the host are available.
Several users can access the vCenter Server system from different vSphere Client sessions at the same time.
vSphere does not explicitly restrict users with the same authentication credentials from accessing and taking
action within the vSphere environment simultaneously.
You manage users defined on the vCenter Server system and users defined on individual hosts separately.
Even if the user lists of a host and a vCenter Server system appear to have common users (for instance, a user
called devuser), these users should be treated as separate users who have the same name. The attributes of
devuser in vCenter Server, including permissions, passwords, and so forth, are separate from the attributes of
devuser on the ESX/ESXi host. If you log in to vCenter Server as devuser, you might have permission to view
and delete files from a datastore. If you log in to an ESX/ESXi host as devuser, you might not have these
permissions.
You cannot use vCenter Server to manually create, remove, or otherwise change vCenter Server users. To
manipulate the user list or change user passwords, use the tools you use to manage your Windows domain or
Active Directory. For more information on creating users and groups for use with vCenter Server, see your
Microsoft documentation.
Any changes you make to the Windows domain are reflected in vCenter Server. Because you cannot directly
manage users in vCenter Server, the user interface does not provide a user list for you to review. You see these
changes only when you select users to configure permissions.
vCenter Servers connected in a Linked Mode group use Active Directory to maintain the list of users, allowing
all vCenter Server systems in the group to share a common set of users.
Host Users
Users authorized to work directly on an ESX/ESXi host are added to the internal user list by default when ESX/
ESXi is installed or by a system administrator after installation.
If you log in to an ESX/ESXi host as root using the vSphere Client, you can use the Users and Groups tab to
perform a variety of management activities for these users. You can add users, remove users, change
passwords, set group membership, and configure permissions.
CAUTION See the Authentication and User Management chapter of the ESX Configuration Guide or ESXi
Configuration Guide for information about root users and your ESX/ESXi host before you make any changes to
the default users. Mistakes regarding root users can have serious access consequences.
Groups
You can efficiently manage some user attributes by creating groups. A group is a set of users that you manage
through a common set of permissions.
A user can be a member of more than one group. When you assign permissions to a group, all users in the
group inherit those permissions. Using groups can significantly reduce the time it takes to set up your
permissions model.
The group lists in vCenter Server and an ESX/ESXi host are drawn from the same sources as the user lists. If
you are working through vCenter Server, the group list is called from the Windows domain. If you are logged
on to an ESX/ESXi host directly, the group list is called from a table maintained by the host..
Create groups for the vCenter Server system through the Windows domain or Active Directory database.
Create groups for ESX/ESXi hosts using the Users and Groups tab in the vSphere Client when connected
directly to the host.
NOTE If you use Active Directory groups, make sure that they are security groups and not distribution groups.
Permisions assigned to distribution groups are not enforced by vCenter Server. For more information on
security groups and distribution groups, see the Microsoft Active Directory documentation.
See the Security chapter in the ESX Configuration Guide or ESXi Configuration Guide for information about
removing users and groups from an ESX/ESXi host.
To remove users or groups from vCenter Server, you must remove them from the domain or Active Directory
users and groups list.
If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere
environment and cannot log in again. Users who are currently logged in and are removed from the domain
retain their vSphere permissions only until the next validation period (the default is every 24 hours). Removing
a group does not affect the permissions granted individually to the users in that group, or those granted as
part of inclusion in another group.
If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server
system. If you change the name of a group, the original group becomes invalid only after you restart the vCenter
Server system.
VMware recommends several best practices for creating users and groups in your vSphere environment:
n Use vCenter Server to centralize access control, rather than defining users and groups on individual hosts.
n Choose a local Windows user or group to have the Administrator role in vCenter Server.
n Create new groups for vCenter Server users. Avoid using Windows built-in groups or other existing
groups.
When you assign a user or group permissions, you pair the user or group with a role and associate that pairing
with an inventory object. A single user might have different roles for different objects in the inventory. For
example, if you have two resource pools in your inventory, Pool A and Pool B, you might assign a particular
user the Virtual Machine User role on Pool A and the Read Only role on Pool B. This would allow that user to
power on virtual machines in Pool A, but not those in Pool B, although the user would still be able to view the
status of the virtual machines in Pool B.
The roles created on an ESX/ESXi host are separate from the roles created on a vCenter Server system. When
you manage a host using vCenter Server, only the roles created through vCenter Server are available. If you
connect directly to the host using the vSphere Client, only the roles created directly on the host are available.
System roles System roles are permanent. You cannot edit the privileges associated with
these roles.
Sample roles VMware provides sample roles for convenience as guidelines and suggestions.
You can modify or remove these roles.
All roles permit the user to schedule tasks by default. Users can schedule only tasks they have permission to
perform at the time the tasks are created.
NOTE Changes to permissions and roles take effect immediately, even if the users involved are logged in,
except for searches, where permissions changes take effect after the user has logged out and logged back in
again.
You can use the default roles to assign permissions in your environment, or use them as a model to develop
your own roles.
Table 18-1 lists the default roles for ESX/ESXi and vCenter Server.
Read Only system View the state and details about the object.
View all the tab panels in the vSphere Client except the Console tab.
Cannot perform any actions through the menus and toolbars.
This role is available on ESX/ESXi and vCenter Server.
Virtual Machine Power sample A set of privileges to allow the user to interact with and make hardware
User changes to virtual machines, as well as perform snapshot operations.
Privileges granted include:
n All privileges for the scheduled task privileges group.
n Selected privileges for global items, datastore, and virtual machine
privileges groups.
n No privileges for folder, datacenter, network, host, resource, alarms,
sessions, performance, and permissions privileges groups.
Usually granted on a folder that contains virtual machines or on
individual virtual machines.
This role is available only on vCenter Server.
Virtual Machine User sample A set of privileges to allow the user to interact with a virtual machine’s
console, insert media, and perform power operations. Does not grant
privileges to make virtual hardware changes to the virtual machine.
Privileges granted include:
n All privileges for the scheduled tasks privileges group.
n Selected privileges for the global items and virtual machine
privileges groups.
n No privileges for the folder, datacenter, datastore, network, host,
resource, alarms, sessions, performance, and permissions privileges
groups.
Usually granted on a folder that contains virtual machines or on
individual virtual machines.
This role is available only on vCenter Server.
Resource Pool sample A set of privileges to allow the user to create child resource pools and
Administrator modify the configuration of the children, but not to modify the resource
configuration of the pool or cluster on which the role was granted. Also
allows the user to grant permissions to child resource pools, and assign
virtual machines to the parent or child resource pools.
Privileges granted include:
n All privileges for folder, virtual machine, alarms, and scheduled
task privileges groups.
n Selected privileges for resource and permissions privileges groups.
n No privileges for datacenter, network, host, sessions, or
performance privileges groups.
Additional privileges must be granted on virtual machines and
datastores to allow provisioning of new virtual machines.
Usually granted on a cluster or resource pool.
This role is available only on vCenter Server.
VMware Consolidated sample This role is designed for use by the VMware Consolidated Backup
Backup User product and should not be modified.
This role is available only on vCenter Server.
Datastore Consumer sample A set of privileges to allow the user to consume space on the datastores
on which this role is granted. To perform a space-consuming operation,
such as creating a virtual disk or taking a snapshot, the user must also
have the appropriate virtual machine privileges granted for these
operations.
Usually granted on a datastore or a folder of datastores.
This role is available only on vCenter Server.
Network Consumer sample A set of privileges to allow the user to assign virtual machines or hosts
to networks, provided that the appropriate permissions for the
assignment are also granted on the virtual machines or hosts.
Usually granted on a network or folder of networks.
This role is available only on vCenter Server.
Create a Role
VMware recommends that you create roles to suit the access control needs of your environment.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the
changes you make are propagated to all other vCenter Server systems in the group. Assignments of roles to
specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
Clone a Role
You can make a copy of an existing role, rename it, and later edit it. When you make a copy, the new role is
not applied to the same users or groups and objects.
If you create or modify a role on a vCenter Server system that is part of a connected group in Linked Mode,
the changes you make are propagated to all other vCenter Server systems in the group. However, assignments
of roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
3 To clone the selected role, select Administration > Role > Clone.
A duplicate of the role is added to the list of roles. The name is Copy of <rolename>.
Edit a Role
When you edit a role, you can change any of the privileges selected for that role. When completed, these new
privileges are applied to any user or group assigned the edited role.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the
changes you make are propagated to all other vCenter Server systems in the group. However, assignments of
roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
2 To select the role to edit, click the object in the list of Roles.
Remove a Role
When you remove a role, if it is not assigned to any users or groups, the definition is removed from the list of
possible roles. When you remove a role that is assigned to a user or group you can remove all assignments or
replace them with an assignment to another role.
CAUTION Be sure that you understand how users will be affected before removing all assignments or replacing
them. Users that have no permissions granted to them cannot log in to vCenter Server.
Prerequisites
If you are removing a role from a vCenter Server system that is part of a connected group in Linked Mode,
check the usage of that role on the other vCenter Server systems in the group before proceeding. Removing a
role from one vCenter Server system also removes the role from all other vCenter Server systems in the group,
even if you choose to reassign permissions to another role on the current vCenter Server system.
Procedure
4 Click OK.
The role is removed from the list and is no longer available for assigning to users or groups.
Option Description
Remove Role Assignments Removes any configured user or group and role pairings on the server. If a
user or group does not have any other permissions assigned, they lose all
privileges.
Reassign affected users to Reassigns any configured user or group and role pairings to the selected new
role.
Rename a Role
Renaming a role does not change that role’s assignments.
If you create or modify a role on a vCenter Server system that is part of a connected group in Linked Mode,
the changes you make are propagated to all other vCenter Server systems in the group. However, assignments
of roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
2 To select the role to rename, click the object in the list of roles.
Permissions
In vSphere, a permission consists of a user or group and an assigned role for an inventory object, such as a
virtual machine or ESX/ESXi host. Permissions grant users the right to perform the activities specified by the
role on the object to which the role is assigned.
For example, to configure memory for an ESX/ESXi host, a user must be granted a role that includes the
Host.Configuration.Memory Configuration privilege. By assigning different roles to users or groups for
different objects, you can precisely control the tasks that users can perform in your vSphere environment.
permission =
object
By default, all users who are members of the Windows Administrators group on the vCenter Server system
have the same access rights as any user assigned to the Administrator role on all objects. When connecting
directly to an ESX/ESXi host, the root and vpxuser user accounts have the same access rights as any user
assigned the Administrator role on all objects.
All other users initially have no permissions on any objects, which means they cannot view these objects or
perform operations on them. A user with Administrator privileges must assign permissions to these users to
allow them to perform necessary tasks.
Many tasks require permissions on more than one object. Some general rules can help you determine where
you must assign permissions to allow particular operations:
n Any operation that consumes storage space, such as creating a virtual disk or taking a snapshot, requires
the Datastore.Allocate Space privilege on the target datastore, as well as the privilege to perform the
operation itself.
n Moving an object in the inventory hierarchy requires appropriate privileges on the object itself, the source
parent object (such as a folder or cluster), and the destination parent object.
n Each host and cluster has its own implicit resource pool that contains all the resources of that host or
cluster. Deploying a virtual machine directly to a host or cluster requires the Resource.Assign Virtual
Machine to Resource Pool privilege.
Figure 18-2 illustrates the vSphere inventory hierarchy, and the paths by which permissions can propagate.
root folder
data center
host
virtual machine
Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore
inherits permissions from either its parent datastore folder or parent datacenter. However, virtual machines
inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool
simultaneously. This means that to restrict a user’s privileges on a virtual machine, you must set permissions
on both the parent folder and the parent host, cluster or resource pool for that virtual machine.
You cannot set permissions directly on a vNetwork Distributed Switches. To set permissions for a vNetwork
Distributed Switch and its associated dvPort Groups, set permissions on a parent object, such a folder or
datacenter, and select the option to propagate these permissions to child objects.
n Hosts
n Networks (except vNetwork Distributed Switches)
n dvPort Groups
n Resource pools
n Templates
n Virtual machines
n vApps
Global entities Derive their permissions from the root vCenter Server system.
n Custom fields
n Licenses
n Roles
n Statistics intervals
n Sessions
Permissions applied on a child object always override permissions applied on a parent object. Virtual machine
folders and resource pools are equivalent levels in the hierarchy. If a user or group is assigned propagating
permissions on both a virtual machine's folder and its resource pool, the user has the privileges propagated
from the resource pool and from the folder.
If multiple group permissions are defined on the same object and the user belongs to two or more of those
groups, two situations are possible:
n If no permission is defined for the user on that object, the user is assigned the union of privileges assigned
to the groups for that object.
n If a permission is defined for the user on that object, the user's permission takes precedence over all group
permissions.
In this example, two permissions are assigned on the same object for two different groups.
n Role 1 can power on virtual machines.
n Role 2 can take snapshots of virtual machines.
n Group A is granted Role 1 on VM Folder, with the permission set to propagate to child objects.
n Group B is granted Role 2 on VM Folder, with the permission set to propagate to child objects.
n User 1 is not assigned specific permission.
User 1, who belongs to groups A and B, logs on. User 1 can both power on and take snapshots of VM A and
VM B.
VM B
In this example, permissions are to two different groups on two different objects.
n Role 1 can power on virtual machines.
n Role 2 can take snapshots of virtual machines.
n Group A is granted Role 1 on VM Folder, with the permission set to propagate to child objects.
n Group B is granted Role 2 on VM B.
User 1, who belongs to groups A and B, logs on. Because Role 2 has been assigned at a lower point in the
hierarchy than Role 1, it overrides Role 1 on VM B. User 1 can power on VM A, but not take snapshots. User
1 can take snapshots of VM B, but not power it on.
Figure 18-4. Example 2: Child Permissions Overriding Parent Permissions
In this example, permissions are assigned to a user and to a group on the same object.
n Role 1 can power on virtual machines.
n Group A is granted Role 1 on VM Folder.
n User 1 is granted No Access role on VM Folder.
User 1, who belongs to group A, logs on. The No Access role granted to User 1 on VM Folder overrides the
group permission. User 1 has no access to VM Folder or VMs A and B.
Figure 18-5. Example 3: User Permissions Overriding Group Permissions
VM B
Permission Validation
vCenter Server regularly validates its users and groups against the Windows Active Directory domain.
Validation occurs whenever the vCenter Server system starts and at regular intervals specified in the vCenter
Server settings.
For example, if user Smith was assigned permissions and in the domain the user’s name was changed to Smith2,
vCenter Server concludes that Smith no longer exists and removes permissions for that user when the next
validation occurs.
Similarly, if user Smith is removed from the domain, all permissions are removed when the next validation
occurs. If a new user Smith is added to the domain before the next validation occurs, the new user Smith
receives all the permissions the old user Smith was assigned.
Assign Permissions
After you create users and groups and define roles, you must assign the users and groups and their roles to
the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving
the objects to a folder and setting the permissions on the folder.
Prerequisites
Required privilege: Permissions.Modify permission on the parent object of the object whose permissions you
want to modify.
Procedure
This menu displays all the roles that are assigned to the object. When the role appears, the privileges
contained in the role are listed in the section below the role title for reference purposes.
If you deselect this check box, the role is applied only to the selected object, and does not propagate to the
child objects.
a Select the domain where the user or group is located from the Domain drop-down menu.
b Type a name in the Search box or select a name from the Name list.
c Click Add.
7 Verify the users and groups are assigned to the appropriate permissions, and click OK.
The server adds the permission to the list of permissions for the object.
The list of permissions references all users and groups that have roles assigned to the object, and indicates
where in the vCenter Server hierarchy the role is assigned.
NOTE This procedure applies only to vCenter Server user lists. ESX/ESXi user lists cannot be searched in the
same way.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Management Server Configuration.
Option Description
Active Directory Timeout Specifies in seconds the maximum amount of time vCenter Server allows the
search to run on the selected domain. Searching very large domains can take
a very long time.
Enable Query Limit To specify no maximum limit on the number of users and groups that
vCenter Server displays from the selected domain, deselect the check box.
Users & Groups value Specifies the maximum number of users and groups vCenter Server displays
from the selected domain in the Select Users or Groups dialog box.
4 Click OK.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Management Server Configuration.
Validation is enabled by default. Users and groups are always validated when vCenter Server system
starts, even if validation is disabled.
4 If validation is enabled, enter a value in the Validation Period text box to specify a time, in minutes,
between validations.
Change Permissions
After a user or group and role pair is set for an inventory object, you can change the role paired with the user
or group or change the setting of the Propagate check box. You can also remove the permission setting.
Procedure
3 Click the line item to select the user or group and role pair.
5 In the Change Access Role dialog box, select a role for the user or group from the drop-down menu.
6 To propagate the privileges to the children of the assigned inventory object, click the Propagate check box
and click OK.
Remove Permissions
Removing a permission for a user or group does not remove the user or group from the list of those available.
It also does not remove the role from the list of available items. It removes the user or group and role pair from
the selected inventory object.
Procedure
1 From the vSphere Client, click the Inventory button in the navigation bar.
4 Click the appropriate line item to select the user or group and role pair.
VMware recommends the following best practices when configuring roles and permissions in your vCenter
Server environment:
n Where possible, grant permissions to groups rather than individual users.
n Grant permissions only where needed. Using the minimum number of permissions makes it easier to
understand and manage your permissions structure.
n If you assign a restrictive role to a group, check that the group does not contain the Administrator user or
other users with administrative privileges. Otherwise, you could unintentionally restrict administrators'
privileges in parts of the inventory hierarchy where you have assigned that group the restrictive role.
n Use folders to group objects to correspond to the differing permissions you want to grant for them.
n Use caution when granting a permission at the root vCenter Server level. Users with permissions at the
root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server
settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked
Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group.
n In most cases, enable propagation on permissions. This ensures that when new objects are inserted in to
the inventory hierarchy, they inherit permissions and are accessible to users.
n Use the No Access role to masks specific areas of the hierarchy that you don’t want particular users to
have access to.
Table 18-2 lists common tasks that require more than one privilege. It lists the privileges required to perform
the tasks and, where applicable, the appropriate sample roles. You can use the listed Applicable Roles on the
listed inventory objects to grant permission to perform these tasks, or you can create your own roles with the
equivalent required privileges.
On the network that the virtual machine will be assigned Network Consumer or
to: Virtual Machine
Network.Assign Network Administrator
On the network that the virtual machine will be assigned Network Consumer or
to: Virtual Machine
Network.Assign Network Administrator
Take a virtual machine On the virtual machine or a folder of virtual machines: Virtual Machine Power User
snapshot Virtual Machine.State.Create Snapshot or Virtual Machine
Administrator
Move a virtual machine into a On the virtual machine or folder of virtual machines: Virtual Machine
resource pool n Resource.Assign Virtual Machine to Resource Pool Administrator
n Virtual Machine.Inventory.Move
Install a guest operating On the virtual machine or folder of virtual machines: Virtual Machine Power User
system on a virtual machine n Virtual Machine.Interaction.Answer Question or Virtual Machine
Administrator
n Virtual Machine.Interaction.Console Interaction
n Virtual Machine.Interaction.Device Connection
n Virtual Machine.Interaction.Power Off
n Virtual Machine.Interaction.Power On
n Virtual Machine.Interaction.Reset
n Virtual Machine.Interaction.Configure CD Media (if
installing from a CD)
n Virtual Machine.Interaction.Configure Floppy
Media (if installing from a floppy disk)
n Virtual Machine.Interaction.Tools Install
On a datastore containing the installation media ISO Virtual Machine Power User
image: or Virtual Machine
Datastore.Browse Datastore (if installing from an ISO Administrator
image on a datastore)
Migrate a virtual machine On the virtual machine or folder of virtual machines: Datacenter Administrator or
with VMotion n Resource.Migrate Resource Pool Administrator
n Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
(if destination is a different resource pool from the
source)
Cold migrate (relocate) a On the virtual machine or folder of virtual machines: Datacenter Administrator or
virtual machine n Resource.Relocate Resource Pool Administrator
n Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
(if destination is a different resource pool from the
source)
On the destination datastore (if different from the source): Datastore Consumer or
Datastore.Allocate Space Virtual Machine
Administrator
Migrate a Virtual Machine On the virtual machine or folder of virtual machines: Datacenter Administrator or
with Storage VMotion Resource.Migrate Resource Pool Administrator
or Virtual Machine
Administrator
In the vSphere Client, for any inventory object except networking, the storage usage data appears in the Storage
Views tab. To view this tab, you must have the vCenter Storage Monitoring plug-in, which is generally installed
and enabled by default.
Reports Reports display relationship tables that provide insight about how an
inventory object is associated with storage entities. They also offer summarized
storage usage data for the object’s virtual and physical storage resources. Use
the Reports view to analyze storage space utilization and availability,
multipathing status, and other storage properties of the selected object and
items related to it.
Maps Maps display storage topology maps that visually represent relationships
between the selected object and its associated virtual and physical storage
entities.
For more information on virtual and phisical storage resources and how virtual mahcines access sotrage, see
ESX Configuration Guide or ESXi Configuration Guide.
You can display and review statistics for different categories depending on the inventory object. For example,
if the inventory object is a datastore, you can display information for all virtual machines that reside on the
datastore, all hosts that have access to the datastore, the LUNs on which the datastore is deployed, and so on.
When you display the report tables, the default column headings depend on the inventory object you select.
You can customize the tables by adding or removing columns. Reports are updated every 30 minutes. You can
manually update the reports by clicking Update.
You can search for specific information you need to see by filtering report tables based on storage attributes
and keywords.
Procedure
1 Display the object, for which you want to view reports, in the inventory.
For example, display virtual machines if you want to review storage information for a specific virtual
machine.
3 To display information for a specific category, click Show all [Category of Items] and select the
appropriate category from the list.
For example, if you want to see all datastores that the virtual machine is using, select Show all
Datastores.
4 To see the description of each column, move the cursor over the column heading.
Procedure
3 To display information for a specific category, click Show all [Category of Items] and select the
appropriate category from the list.
6 Click Save.
Procedure
1 In the inventory, display the object for which to filter the reports.
3 To display information for a specific category, click Show all [Category of Items] and select the
appropriate category from the list.
4 Click the search field arrow and select the attributes to include in the search.
The table is updated based on your search criteria. For example, if you are reviewing reports for datastores in
a datacenter, you can display information for only those datastores that have NFS format by selecting the File
System Type attribute and entering NFS as a key word. Filtering is persistent for the user session.
Procedure
1 Display the object in the inventory for which you want to customize reports.
4 To add a column, right-click any column heading and select an item to display from the list.
5 To hide a column, right-click the column heading and deselect it in the list.
Map views are updated every 30 minutes. You can manually update the maps by clicking the Update link.
You can customize a map view by selecting or deselecting options in the Show area, or by hiding specific items
or changing their position on the map.
You can reposition the map by dragging it, and zoom in or out of the map or its particular section.
Procedure
Procedure
2 Right-click the map and select Export Map from the menu.
4 Click Save.
The image file is saved to the format and directory you specified.
Procedure
2 Right-click the item you want to hide and select Hide Node from the menu.
Procedure
2 Click the item you want to move and drag it to the new location.
Maps are available only when the vSphere Client is connected to a vCenter Server system.
The maps can help you determine such things as which clusters or hosts are most densely populated, which
networks are most critical, and which storage devices are being utilized. vCenter Server provides the following
map views.
You can use a map view to limit or expand the scope of a map. You can customize all map views, except
VMotion Resources maps. If you are accessing map views using the navigation bar, all vCenter Server resources
are available for display. If you are using the Maps tab of a selected inventory item, only items related to that
item are displayed. For virtual machine inventory items, the VMotion Resources view is the only map view
available on the Maps tab.
You can customize a map view by selecting or deselecting objects in the inventory pane or by selecting or
deselecting options in the Map Relationships area.
You can reposition the map by dragging it (click and hold anywhere on the map and drag the map to the new
location). A grey box in the overview area represents the section of the total map that is viewable and moves
as you drag the map. You can resize the grey box to zoom in or out of a section of the map.
You can double-click any object in a map to switch to the Map tab for that item (providing a Map tab is available
for that type of object).
VMotion resource maps also indicate which hosts in the virtual machine’s cluster or datacenter are compatible
with the virtual machine and are potential migration targets. For a host to be compatible, it must meet the
following criteria.
n Connect to all the same datastores as the virtual machine.
n Connect to all the same networks as the virtual machine.
n Have compatible software with the virtual machine.
n Have a compatible CPU with the virtual machine.
NOTE The VMotion map provides information as to whether VMotion might be possible, and if not, what an
administrator might do to remedy the situation. It does not guarantee that a particular VMotion migration will
be successful.
Map Icons
The icons in a resource map represent the objects in the inventory and their current state. Table 20-1 describes
the map icons.
Host icon.
A host that is compatible for VMotion migration. The color of the circle varies in intensity based on the load of
the current host. Heavily used hosts are pale; low-load hosts are saturated green.
Virtual machine icon. When the virtual machine is powered on, the icon contains a green triangle.
Network icon.
Datastore icon.
Map Relationships panel Displayed when more than one map view is available. The Map Relationships panel lets you
customize map relationships for hosts and virtual machines. Use the checkboxes to enable or
disable relationships for the selected object and display them in the current resource map.
Refresh link Maps do not auto-refresh. Click Refresh to synchronize your map with the current state of the
inventory and to center the map view.
Inventory panel When selecting through the Inventory navigation bar, a selected item stays highlighted to
indicate map focus.
When selecting through the Maps navigation bar, all items in the inventory are listed with a
check box. You can select or deselect any inventory items you do not want included in the map.
Procedure
For example, to display the resource map for your entire vCenter Server system, select the vCenter Server
in the inventory panel. To display the resource map for a host, select the host in the inventory panel.
Procedure
Procedure
5 Click Export.
The vCenter Server system is configured with a set of predefined alarms that monitor clusters, hosts,
datacenters, datastores, networks, and virtual machines. it is also configured with alarms that monitor vCenter
Server licensing.
Each predefined alarm monitors a specific object and applies to all objects of that type. For example, by default,
the Host CPU Usage alarm is set automatically on each host in the inventory and triggers automatically when
any host's CPU usage reaches the defined CPU value.
If the predefined vCenter Server alarms do not account for the condition, state, or event you need to monitor,
you can define custom alarms.
When you set an alarm on a parent object, such as a vCenter Server, a datatcenter, or a cluster, all applicable
child objects inherit the alarm. You can also set an alarm on a folder to propagate the same alarm to all objects
contained in that folder. You cannot change or override an alarm that is set on a child object from its parent
object. You must change the alarm on the child object itself.
Trigger A set of conditions that must be met for an alarm warning and alert to occur.
Most triggers consist of a condition value and a length of time that value is true.
For example, the virtual machine memory alarm triggers a warning when
memory usage is over 75% for one hour and over 90% for five minutes.
You can set alarms to trigger when the state changes from green to yellow,
yellow to red, red to yellow, and yellow to green. Triggers are defined for the
default VMware alarms. You can change the trigger conditions (thresholds,
warning values, and alert values) for the default alarms.
Action The operation that occurs in response to the trigger. For example, you can have
an email notification sent to one or more administrators when an alarm is
triggered. The default vCenter Server alarms are not preconfigured with
actions. You must manually set what action occurs when the triggering event,
condition, or state occurs.
NOTE Some alarms contain triggers that are not supported in the vSphere Client and cannot be changed.
However, you can still configure the alarm actions, enable or disable the alarm, and change the alarm name.
If your environment requires changes to these alarm triggers, create custom alarms by using the vSphere Client
or the VMware vSphere APIs.
Alarm Triggers
You configure alarm triggers to generate warnings and alerts when the specified criteria is met. Alarms have
two types of triggers: condition or state triggers, and event triggers.
Condition or State Monitor the current condition or state of virtual machines, hosts, and
Triggers datastores. This includes power states, connection states, and performance
metrics, such as CPU and disk usage. To set alarms on other objects in the
inventory, including datacenters, clusters, resource pools, and networking
objects, use event triggers.
NOTE You can set a condition or state alarm at the datacenter level that
monitors all virtual machines, hosts, or datastores in the datacenter.
Event Triggers Monitors events that occur in response to operations occuring with any
managed object in the inventory, the vCenter Server system, or the license
server. For example, an event is recorded each time a virtual machine is cloned,
created, deleted, deployed, and migrated.
Condition and state triggers use one of the following operator sets to monitor an object:
n Is equal to and Is not equal to
n Is above and Is below
To define a condition or state trigger, you choose the appropriate operator set and enter the values for the
warning and alert status. You can use any number of triggers for an alarm. When you use more than one trigger,
you choose whether to trigger the alarm when any conditions are satisfied or when all conditions are satisfied.
For example, you can create a host alarm that has two condition triggers, one for CPU usage and one for memory
usage:
Warning Alert
If you trigger the alarm when all conditions are satisfied, the alarm will trigger the warning only when both
CPU usage and memory usage values are above 75%. Likewise, it will trigger the alert only when both CPU
usage and memory usage are above 90%.
NOTE Unexpected results might occur when you have an alarm with multiple triggers with opposing warning
and alert conditions, and you set the alarm to trigger when all conditions are satisfied. For example, an alarm
has two triggers that set warnings and alerts for the virtual machine power state.
If you choose to trigger the alarm when all conditions are satisfied, the alarm triggers a warning. This is because
the vServer System uses the AndAlarmExpression operator to validate the condition statuses for each trigger.
When they are all satisfied, the first condition is satisfied, and therefore is used: Warning & Alert = warning.
Trigger type The condition or state to monitor, for example, VM CPU Usage (%).
Condition The qualifier used to set the threshold for the trigger, for example, Is Above and Is
Below.
Warning The value that must be reached for the alarm to transition from a normal state to a
warning state, and to trigger the alarm.
Condition Length For condition triggers, after the warning condition is reached, the amount of time the
warning condition stays true in order for the warning to trigger.
State triggers do not have condition lengths. As soon as the state condition occurs, the
warning is triggered.
Alert The value that must be reached for the alarm to transition from the warning state to an
alert state and to trigger the alarm.
Condition Length For condition triggers, after the alert value is reached, the amount of time the alert
condition stays true in order for the alarm to trigger.
State triggers do not have condition lengths. As soon as the state condition occurs, the
alert is triggered.
For condition triggers to generate a warning or an alert, the value you set must be reached and for the specified
condition length. For example, you can configure a condition trigger to generate a warning and an alert under
the following conditions:
n A virtual machine’s CPU usage must be above 75% for more than 10 minutes to generate a warning.
n A virtual machine’s CPU usage must be above 95% for more than 5 minutes to generate a warning.
The 10 minute and 5 minute time conditions in this example help distinguish an erratic condition from a true
scenario. You set time requisites to ensure that the metric conditions are valid and not caused by incidental
spikes.
Triggered alarms reset when the triggering condition or state is no longer true. For example, if you have an
alarm defined to trigger a warning when host CPU is above 75%, the condition will reset to normal when the
value falls below the 75% and the warning alarm will no longer be triggered. The threshold condition is
dependent on any tolerance range you set for the threshold.
Table 21-3 lists the Condition and State triggers you can set on virtual machines.
Condition CPU Ready Time (ms) The amount of time the virtual machine was ready during the collection
interval, but could not get scheduled to run on the physical CPU. CPU ready
time is dependent on the number of virtual machines on the host and their
CPU loads.
Condition CPU Usage (%) Amount of virtual CPU (MHz) used by the virtual machine. CPU limits are
ignored in the calculation. The calculation is:
VM CPU Usage (%) = VM CPU [MHz] / (# of vCPUs x clock rate of the physical
CPU [MHz]) x 100
Condition Disk Aborts Number of SCSI commands that were not completed on each physical disk
of the virtual machine.
Condition Disk Resets Number of SCSI-bus reset commands issued on each physical disk of the
virtual machine.
Condition Disk Usage (KBps) Sum of the data read and written across all disk instances on the virtual
machine.
Table 21-3. Virtual Machine Condition and State Alarm Triggers (Continued)
Trigger Type Trigger Name Description
Condition Fault Tolerance Amount of wallclock time that the virtual CPU of the secondary virtual
Secondary VM Latency machine is behind the virtual CPU of the primary virtual machine.
Status Changed n Low – 0-2 seconds
n Moderate – 2-6 seconds
n High – More than 6 seconds
Condition Memory Usage (%) Amount of configured RAM (MB) used by the virtual machine. The
calculation is:
VM Memory Usage (%) = Active Memory [MB] / configured RAM of VM [MB]
x 100
Condition Network Usage (Kbps) Sum of data transmitted and received across all virtual NIC instances on the
virtual machine.
Condition Snapshot Size (GB) Aggregate size (KB) of all snapshots taken for the current virtual machine.
Condition Total Disk Latency (ms) Average amount of time taken to process a SCSI command issued by the Guest
OS to the virtual machine. The calculation is:
Total Disk Latency = kernelLatency + deviceLatency
n Low – 0-2 seconds
n Moderate – 2-6 seconds
n High – More than 6 seconds
Condition Total Size on Disk (GB) Aggregate amount of disk space occupied by all virtual machines on the host.
Table 21-4 lists the default Condition and State triggers you can set on hosts.
Console SwapIn Rate Rate at which the service console kernel is swapping in memory. The Condition
(KBps) Console Swapin Rate indicates memory pressure in the service console.
A high value is generally a precursor to timeout operations. To fix the
problem, consider adding more memory or ending the memory-intensive
task.
Console SwapOut Rate Rate at which the service console kernel is swapping out memory. The Condition
(KBps) Console Swapout Rate indicates memory pressure in the service console.
A high value is generally a precursor to timeout operations. To fix the
problem, consider adding more memory or ending the memory-intensive
task.
CPU Usage (%) Amount of physical CPU (MHz) used by the ESX/ESXi host. The Condition
calculation is:
Host CPU Usage (%) = CPU usage [MHz] / (# of physical CPUs x clock
rate [MHz]) x 100
Disk Usage (KBps) Sum of the data read from and written to all disk instances on the host. Condition
Memory Usage (%) Amount of physical RAM (MB) consumed by the ESX/ESXi host. The Condition
calculation is:
Host Memory Usage (%) = Consumed Memory [MB] / physical RAM of
server [MB] x 100
Network Usage (kbps) Sum of data transmitted and received for all the NIC instances of the host. Condition
Swap Pages Write (KBps) Rate at which host memory is swapped out to the disk. Condition
Table 21-5 lists the default Condition and State triggers you can set on datastores.
Condition Datastore Disk Usage Amount of disk space (KB) used by the datastore.
(%)
State Datastore State to All n Connected to all hosts – The datastore is connected to at least one
Hosts host.
n Disconnected from all hosts – The datastore is disconnected from at
least one host.
Event Triggers
Event triggers monitor events that occur in response to actions related to managed objects, the vCenter Server
system, and the License Server.
Event triggers use arguments, operators, and values to monitor operations that occur in the vServer System.
Because the occurrance of the event gives you information about the operation occurring in your environment,
you usually will not need to configure arguments for them. However, some events are general and
configuration might be required to set the alarm on the desired information. For example, the Hardware Health
Changed event occurs for a variety of different subsystems on a host.The preconfigured datacenter alarm Host
Hardware Fan Health uses the Hardware Health Changed event with the following two arguments to set a
warning condition when a fan is not operating:
NOTE Due to the large number of events tracked by vCenter Server, the event table for each object does not
contain definitive lists of events. Instead, it provides a subset of the events available for alarm triggers.
Trigger type Event to monitor. Events can be generated by a user action or the system, for example,
Account Password Change and Alarm Email Sent.
Status The value that must be met for the alarm to trigger:
n Normal
n Warning
n Alert.
For example, you have a subset of hosts in the same datacenter named with the identifying prefix, QA_. To
trigger an alarm when any of these hosts lose network connectivity, create an alarm on the datacenter to monitor
the event Lost Network Connectivity. The trigger conditions are:
n Argument — host.name
n Operator — Starts with
n Value – QA_
When storage connectivity is lost on a host named QA_Host1, the event triggers.
Event triggers do not rely on thresholds or durations. They use the arguments, operators, and values to identify
the triggering condition. When the triggering conditions are no longer true, a triggered alarm resets
automatically, and no longer triggers.
Table 21-8 lists events you can use to trigger alarms on virtual machines.
General messages and information VM error, VM error message, VM information, VM information message, VM
warning, VM warning message, VM migration error, VM migration warning, VM
configuration missing.
Power and connection states VM connected, VM disconnected, VM discovered, VM powered off, VM powered
on, VM starting, VM stopping, VM suspended, VM restarted on alternate host, VM
resuming.
Guest reboot, guest shutdown, guest standby.
Cannot power off, Cannot power on, Cannot reboot guest OS, Cannot reset, Cannot
shut down the guest OS, Cannot standby guest OS, Cannot suspend.
Remote console connected, Remote console disconnected.
Naming and IDs UUID: Assigned, Changed, Conflict. Assign a new instance, Instance changed,
Instance conflict.
MAC: Assigned, Changed, Conflict. VM static MAC conflict.
WWN: Assigned, Changed, Conflict.
DRS DRS entering standby mode, DRS exited standby mode, DRS exiting standby mode. Cannot
complete DRS resource configuration, Resource configuration synchronized.
HA Host HA agent disabled, HA agent enabled, Disabling HA, Enabling HA agent, HA agent
error, HA agent configured.
Host has extra HA networks, Host has no available HA networks, Host is missing HA
networks, N.o redundant management network for host.
IP address Host IP changed, IP inconsistent, IP to short name not completed, Cannot get short host
name, Short name to IP not completed, Duplicate IP detected.
Table 21-10 lists events you can use to trigger alarms on datastores.
VMFS VMFS datastore created, VMFS datastore expanded, VMFS datastore extended.
Alarms Alarm created, reconfigured, removed. Alarm email sent, email send failed. Alarm
script completed, script not completed. Alarm SNMP trap sent, SNMP trap not
completed. Alarm status changed.
Authentication, Permissions, and Already authenticated. Permission added, removed, updated. Profile created,
Roles removed. Role added, created, removed.
Custom Fields Custom field definition added, removed, renamed. Custom field value changed.
cannot complete customization network setup.
HA and DRS HA agent found, DRS invocation not completed, DRS recovered from failure.
Hosts Host add failed, inventory full, short name inconsistent, cannot add host.
Licensing License added, assigned, expired, insufficient, removed, unassigned. License server
available, unavailable. Unlicensed virtual machines, all virtual machines licensed.
Scheduled Tasks Scheduled task created, completed, cannot complete, email sent, email not sent,
reconfigured, removed, started.
User Operations User assigned to group, removed from group, login, logout, upgrade.
Table 21-12 lists events you can use to set alarms on clusters.
Cluster creation, modification, and Cluster created, Cluster deleted, Cluster overcommitted, Cluster reconfigured.
compliance Cluster status changed, Cluster compliance checked.
High Availability (HA) HA agent unavailable, HA disabled, HA enabled, HA host failed, HA host isolated,
All HA hosts isolated.
Distributed Virtual Port Group Distributed virtual group created, Distributed virtual group
deleted, Distributed virtual group reconfigured, Distributed
virtual group renamed.
Table 21-14 lists the events you can use to set alarms on vNetwork distributed switches.
Distributed Virtual Switch creation and modification Distributed Virtual Switch created, Distributed Virtual
Switch deleted, Distributed Virtual Switch reconfigured,
Distributed Virtual Switch upgraded.
Table 21-15 lists the events you can use to trigger alarms on networks.
dvPort group creation and dvPort group created, dvPort group deleted, dvPort group reconfigured, dvPort
modification group renamed.
Alarm Actions
Alarm actions are operations that occur in response to triggered alarms. For example, email notifications are
alarm actions.
VMware provides a list of preconfigured actions you can associate with an alarm. These actions are specific to
the object on which you set the alarm. For example, preconfigured alarm actions for hosts include rebooting
the host and putting the host in maintenance mode. Alarm actions for virtual machines include powering on,
powering off, and suspending the virtual machine.
Although the actions are preconfigured, you must manually set up certain aspects of the action, such as having
the action occur when a warning is triggered or when an alert is triggered, and whether to repeat the action.
You can configure alarm actions to repeat in the following ways:
n At a specified time interval after an alarm triggers. For example, if an alarm triggers because a physical
host is not responding, you can have an email message sent every 10 minutes until the host is returned to
a connected state or until the alarm trigger is suppressed.
n Until the alarm is explicitly acknowledged by an administrator. When you acknowledge an alarm, the
alarm actions are suppressed. The alarm trigger is not reset. It remains in its current state until the
triggering condition, state, or event is no longer valid.
Some alarm actions, such as sending notification emails or traps, and running a script, require additional
configuration.
NOTE The default VMware alarms do not have actions associated with them. You must manually associate
actions with the default alarms.
Send a notification email SMTP sends an email message. The SMTP must be ready datacenter, datastore, cluster,
when the email message is sent. You can set SMTP host, resource pool, virtual
through vCenter Server or through Microsoft Outlook machine, network, vNetwork
Express. distributed switch, dvPort group
Send a notification trap SNMP sends a notification trap. vCenter Server is the datacenter, datastore, cluster,
default SNMP notification receiver. An SNMP trap host, resource pool, virtual
viewer is required to view a sent trap. machine
Run a command Performs the operation defined in the script you specify. datacenter, datastore, cluster,
It runs as separate process and does not block vCenter host, resource pool, virtual
Server processes. machine, network, vNetwork
distributed switch, dvPort group
Enter or exit maintenance Puts the host in and out of maintenance mode. host
mode Maintenance mode restricts virtual machine operations
on the host. You put a host in maintenance mode when
you need to move or service it.
Enter or exit standby Suspends or resumes the guest operating system on the host
virtual machine.
Reboot or shut down host Reboots or shuts down the host. host
Suspend the virtual Suspends the virtual machine when the alarm triggers. virtual machine
machine You can use the suspend feature to make resources
available on a short-term basis or for other situations in
which you want to put a virtual machine on hold without
powering it down.
Power on or power off the Power on starts the virtual machine and boots the guest virtual machine
virtual machine operating system if the guest operating system is
installed.
Power off is analogous to pulling the power cable on a
physical machine. It is not a graceful shutdown of the
guest operating system, but is used when a shut down
might not succeed. For example, a shut down will not
work if the guest operating system is not responding.
Reset the virtual machine Pauses activity on the virtual machine. Transactions are virtual machine
frozen until you issue a Resume command.
Migrate the virtual Powers off the virtual machine and migrates it according virtual machine
machine to the settings you define when you created the alarm
action.
Reboot or shutdown the Reboot shuts down and restarts the guest operating virtual machine
guest system without powering off the virtual machine.
Shutdown shuts down the guest operating system
gracefully.
You disable alarm actions for a selected inventory object. You can also disable alarm actions across multiple
objects at one time from the object tab. For example, to disable the alarm actions for multiple virtual machines
on a host, go to the Virtual Machines tab of the host. When you disable the alarm actions for an object, they
continue to occur on child objects.
When you disable alarm actions, all actions on all alarms for the object are disabled. You cannot disable a subset
of alarm actions.
Table 21-17 describes the trap information provided in the body of an SNMP notification.
Type The state vCenter Server is monitoring for the alarm. Options include Host Processor (or CPU)
usage, Host Memory usage, Host State, Virtual Machine Processor (or CPU) usage, Virtual Machine
Memory usage, Virtual Machine State, Virtual Machine Heartbeat.
Name The name of the host or virtual machine that triggers the alarm.
Old Status The alarm status before the alarm was triggered.
NOTE To use SNMP with vCenter Server, you must configure SNMP settings using the vSphere Client.
However, if you configured SMTP settings in Microsoft Outlook Express, configuring them in vCenter Server
is not required.
Table 21-18 describes the information provided in the body of an SMTP notification.
Metric Value Threshold value that triggered the alarm. Applies only to metric condition triggers.
Alarm Definition Alarm definition in vCenter Server, including the alarm name and status.
If the alarm was triggered by an event, the information in Table 21-19 is also included in the body of the email.
Summary Alarm summary, including the event type, alarm name, and target object.
UserName Person who initiated the action that caused the event to be created. Events caused by an
internal system activity do not have a UserName value.
NOTE If you configured SMTP settings in Microsoft Outlook Express, you do not need to configure them for
vCenter Server.
Use the alarm environment variables to define complex scripts and attach them to multiple alarms or inventory
objects. For example, you can write a script that enters the following trouble ticket information into an external
system when an alarm is triggered:
n Alarm name
n Object on which the alarm was triggered
n Event that triggered the alarm
n Alarm trigger values
When you write the script, include the following environment variables in the script:
n VMWARE_ALARM_NAME
n VMWARE_ALARM_TARGET_NAME
n VMWARE_ALARM_EVENTDESCRIPTION
n VMWARE_ALARM_ALARMVALUE
You can attach the script to any alarm on any object without changing the script.
Table 21-20 lists the default environment variables defined for alarms. Use these variables to define more
complex scripts and attach them to multiple alarms or inventory objects so the action occurs when the alarm
triggers.
The command-line parameters enable you to pass alarm information without having to change an alarm script.
For example, use these parameters when you have an external program for which you do not have the source.
You can pass in the necessary data by using the substitution parameters, which take precedence over the
environment variables. You pass the parameters through the vSphere Client Alarm Actions Configuration
dialog box or on a command line.
Table 21-21 lists the command-line substitution parameters for scripts that run as alarm actions.
Alarm Reporting
Alarm reporting further restricts when a condition or state alarm trigger occurs by adding a tolerance range
and a trigger frequency to the trigger configuration.
Tolerance Range
The tolerance range specifies a percentage above or below the configured threshold point, after which the alarm
triggers or clears. A nonzero value triggers and clears the alarm only after the triggering condition falls above
or below the tolerance range. A 0 (zero) value triggers and clears the alarm at the threshold point you
configured.
For example, an alarm is defined to trigger a warning state when a host’s CPU usage is above 70%. If you set
the tolerance range to 5%, the warning state triggers only when CPU usage is above 75% (70 + 5) and resets to
a normal state only when CPU usage falls below 65% (70 - 5).
The tolerance range ensures you do not transition alarm states based on false changes in a condition.
Trigger Frequency
The trigger frequency is the time period during which a triggered alarm action is not reported again. When
the time period has elapsed, the alarm action occurs again if the condition or state is still true. By default, the
trigger frequency for the default VMware alarms is set to 5 minutes.
For example, if the Host CPU Usage alarm triggers for a warning state at 2 p.m. and an alert state occurs at
2:02 p.m, the alert state is not reported at 2:02 p.m. because the frequency prohibits it. If the warning state is
still true at 2:05 p.m., the alarm is reported. This guards against repeatedly reporting insignificant alarm
transitions.
Creating Alarms
Creating an alarm involves setting up general alarm settings, alarm triggers, trigger reporting, and alarm
actions.
You create an alarm by using the Alarm Settings dialog box. You can open this dialog box by selecting the
object in the inventory and using any of the following methods.
n Select File > New > Alarm.
n Select Inventory > <object_type> > Alarm > Add Alarm.
n Right-click the object and select Alarm > Add Alarm.
n In the Alarms tab, click the Definitions tab, right-click in the pane, and select New > Alarm.
n Select the object in the inventory and press Ctrl+A.
Prerequisites
To set up an alarm on an object, the vSphere Client must be connected to a vCenter Server system. In addition,
you must have proper user permissions on all relevant objects to create alarms. After an alarm is created, it
will be enabled even if the user who created it no longer has permissions.
Procedure
Procedure
a In the Monitor list, select the object on which to create the alarm.
The objects listed are determined by the object selected in the inventory.
b Select how to monitor the object: for specific conditions or states, or for specific events.
This determines which triggers are available for the alarm. You cannot monitor conditions or states
of clusters.
6 (Optional) To save general edits without updating the alarm triggers or alarm actions, click OK.
NOTE You cannot save an alarm if it does not have triggers defined for it.
Procedure
1 If necessary, display the Triggers tab of the Alarm Settings dialog box.
b Select the object and press Ctrl-M to open the Alarm Settings dialog box.
2 Click Add.
b Double-click the Trigger Type list arrow to open the trigger list.
c Select a trigger.
Double-click each attribute field—Condition, Warning, Condition Length, Alert, Condition Length—
and select or enter values. Not all condition triggers have condition lengths.
State triggers occur immediately when the state is reached. You cannot define condition lengths for state
alarms.
a Repeat Step 2 through Step 3, and select the same trigger you just configured.
6 (Optional) To define additional condition or state triggers, repeat Step 2 through Step 5.
NOTE You cannot use the VM Total Size on Disk and VM Snapshot Size triggers in combination with
other triggers.
7 Below the triggers list, select one of the following options to specify how to trigger the alarm.
n If any conditions are satisfied (default).
n If all conditions are satisfied.
8 Click OK.
Procedure
1 If necessary, display the Triggers tab of the Alarm Settings dialog box.
b Select the object and press Ctrl-M to open the Alarm Settings dialog box.
2 Click Add.
3 To replace the default event, double-click the event name and in the Event list, select an event.
If you know the event name, you can type it in the Event field to filter the list.
4 To change the default status for the event trigger, double-click the status name and in the Status list, select
a status.
NOTE To set an alarm to trigger when more than one status has been reached, configure each event status
separately. For example, to trigger a warning when a host's hardware health changes and an alert when
a host's hardware health changes, configure two Hardware Health Changed events, one with a warning
status and one with an alert status.
5 (Optional) To configure custom conditions for the event trigger, in the Condition column, click Advanced
to open the Trigger Conditions dialog box.
a Click Add.
b To replace the default argument, double-click the argument name and in the argument list, select an
argument.
c To replace the default operator, double-click the operator name and select an operator from the list.
e (Optional) To define multiple conditions for the same trigger, repeat Step 5.
f Click OK.
7 Click OK.
Procedure
1 If necessary, display the Reporting tab of the Alarm Settings dialog box.
2 Enter a Tolerance.
A 0 value triggers and clears the alarm at the threshold point you configured. A non-zero value triggers
the alarm only after the condition reaches an additional percentage above or below the threshold point.
Condition threshold + Reporting Tolerance = trigger alarm
Tolerance values ensure you do not transition alarm states based on false changes in a condition.
3 Select a Frequency.
The frequency sets the time period during which a triggered alarm is not reported again. When the time
period has elapsed, the alarm will report again if the condition or state is still true.
4 Click OK.
Managing Alarms
You can change alarms, disable alarms, reset alarms, and acknowledge triggered alarms. In addition, you can
export a list of alarms to a file.
To manage alarms the vSphere Client must be connected to a vCenter Server system.
Procedure
2 If necessary, select View > Status Bar to display the status pane.
3 In the status bar, click Alarms to display the Triggered Alarms panel.
5 (Optional) To acknowledge multiple alarms at one time, shift-click each alarm to select it, right-click the
selection, and select Acknowledge Alarm.
Procedure
3 Click Definitions.
The Defined in column lists the object on which the alarm is defined. If the value is not This object, click
the object name. The alarms list for the object opens in the Alarms tab.
For help on how to configure the values on each tab, click Help.
6 Click OK.
vCenter Server verifies the configuration of the alarm and updates the alarm for the selected object.
Disable Alarms
You disable alarms from the object on which they were defined. You can enable a disabled alarm at any time.
Procedure
3 Click Definitions.
If the Defined in column does not contain This object for the alarm to disable, it was not defined on the
object selected in the inventory. To open the alarm definitions for that object, click the linked object in the
Defined in column.
6 Click OK.
Procedure
3 Click Definitions.
5 In the Save As dialog box, specify the directory, file name, and file type for the exported file.
6 Click Save.
Inventory panel An icon on the object where the alarm was triggered.
Status bar, Triggered Alarms panel A list of alarms triggered on all inventory objects. Double-
click an alarm to select the object in the inventory on which
the alarm was triggered.
Remove Alarms
You remove alarms from the object on which they were defined. You cannot remove an alarm from a child
object that inherited the alarm and you cannot remove the default VMware alarms.
When an alarm is removed, it is removed from vCenter Server and cannot be retrieved.
Procedure
3 Click Definitions.
If the Defined in column does not contain This object for the alarm to disable, it was not defined on the
object selected in the inventory. To open the alarm definitions for that object, click the linked object in the
Defined in column.
5 Click Yes.
Procedure
1 Locate the triggered alarm in the Triggered Alarms panel or on the Alarms tab for the object.
View Alarms
You view alarms that have been triggered on objects and those that have been defined on objects in the vSphere
Client Alarms tab.
The Alarms tab is available only when the vSphere Client is connected to a vCenter Server system. It has two
views, Triggered Alarms and Definitions.
Triggered Alarms Lists the alarms triggered on the selected object, including the status of the
alarm, the date and time it was last triggered, and if the alarm was
acknowledged.
Definitions Lists the alarms associated with the selected object, including the alarm
description and the object on which the alarm was defined.
There vSphere Client offers several different options for viewing alarms.
n View Alarms Defined on an Object on page 258
The vSphere Client Alarms tab contains a list of alarms definitions for the object selected in the inventory.
n View Alarms Triggered on an Object on page 258
You view triggered alarms on an object on the object’s Alarms tab.
n View All Alarms Triggered in vCenter Server on page 258
You view triggered alarms in the Alarms tab of the Status bar.
Procedure
3 Click Definitions.
The Defined In column displays the object on which the alarm was created.
Procedure
Procedure
2 If necessary, select View > Status Bar to display the status pane at the bottom of the vSphere Client.
What to do next
You can also view alarms for a selected inventory object in the Triggered Alarms pane of the Alarms tab.
When you disable alarm actions on a selected inventory object, all actions for all alarms are disabled on that
object. You cannot disable a subset of alarm actions. The alarm actions will continue to fire on the child objects.
Procedure
2 Right-click the object and select Alarm > Disable Alarm Actions.
The actions defined for the alarm will not occur on the object until they are enabled.
Procedure
2 Right-click the object and select Alarm > Enable Alarm Actions.
When an object is selected in the inventory, you can identify its disabled alarm actions in the following areas
of the vSphere user interface:
n In the General pane of the object's Summary tab.
n In the Alarm Actions Disabled pane of the Alarms tab.
n In the Alarm Actions column of the object's child object tabs. For example, if you select a host in the
inventory, the Virtual Machines tab displays whether alarm actions are enabled or disabled for each
virtual machine on the host.
Remove an alarm action if you are certain you will not use again. If you are not sure, disable the alarm action
instead.
Procedure
3 Click Definitions.
4 Right-click the alarm and select Edit Settings from the context menu.
If the Edit Settings option is not available, the object you selected is not the owner of the alarm. To open
the correct object, click the object link in the Defined In column for the alarm. Then repeat this step.
7 Click OK.
NOTE Alarm commands run in other processes and do not block vCenter Server from running. They do,
however, consume server resources such as processor and memory.This procedure assumes you are adding
the alarm action to an existing alarm.
This procedure assumes you are adding the alarm action to an existing alarm.
Procedure
c Click Definitions.
3 Click Add.
5 Double-click the Configuration field and do one of the following, depending on the command file type:
n If the command is a .exe file, enter the full pathname of the command. For example, to run the cmd.exe
command in the C:\tools directory, type:c:\tools\cmd.exe.
n If the command is a .bat file, enter the full pathname of the command as an argument to the c:
\windows\system32\cmd.exe command. For example, to run the cmd.bat command in the C:\tools
directory, type:c:\windows\system32\cmd.exe /c c:\tools\cmd.bat.
If your script does not make use of the alarm environment variables, include any necessary parameters
in the configuration field. For example:
c:\tools\cmd.exe AlarmName targetName
c:\windows\system32\cmd.exe /c c:\tools\cmd.bat alarmName targetName
For .bat files, the command and its parameters must be formatted into one string.
6 Click OK.
When the alarm triggers, the action defined in the script is performed.
Prerequisites
To complete the following task, the vSphere Client must be connected to a vCenter Server. In addition, you
need the DNS name and IP address of the SNMP receiver, the port number of the receiver, and the community
identifier.
Procedure
2 If the vCenter Server is part of a connected group, in Current vCenter Server, select the appropriate server.
4 Enter the following information for the Primary Receiver of the SNMP traps.
Option Description
Receiver URL The DNS name and IP address of the SNMP receiver.
Receiver port The port number of the receiver to which the SNMP agent sends traps.
If the port value is empty, vCenter Server uses the default port, 162.
Community The community identifier.
5 (Optional) Enable additional receivers in the Enable Receiver 2, Enable Receiver 3, and Enable Receiver 4
options.
6 Click OK.
The vCenter Server system is now ready to send traps to the management system you have specified.
What to do next
Configure your SNMP management software to receive and interpret data from the vCenter Server SNMP
agent. See “Configure SNMP Management Client Software,” on page 53.
Prerequisites
Before vCenter Server can send email, you must perform the following tasks:
n Configure the SMTP server settings for vCenter Server or Microsoft Outlook Express.
n Specify email recipients through the Alarm Settings dialog box when you configure alarm actions.
To perform this task, the vSphere Client must be connected to a vCenter Server.
Procedure
2 If the vCenter Server system is part of a connected group, in Current vCenter Server, select the vCenter
Server system to configure.
4 For email message notification, set the SMTP server and SMTP port:
Option Description
SMTP Server The DNS name or IP address of the SMTP gateway to use for sending email
messages.
Sender Account The email address of the sender, for example, notifications@example.com.
5 Click OK.
Table 21-23 lists the preconfigured alarms available for the vCenter Server system.
Exit Standby Error Monitors whether a host cannot exit standby mode.
Health Status Changed Monitors changes to service and extension health status.
Host Connection and Power State Monitors host connection and power state.
Host Service Console SwapIn Rate Monitors host service console memory swapin rate.
Host Service Console SwapOut Rate Monitors host service console memory swapout rate.
Host Status for Hardware Objects Monitors the status of host hardware objects.
Migration Error Monitors whether a virtual machine cannot migrate or relocate, or is orphaned.
No Compatible Host For Secondary Monitors whether there are no compatible hosts available to place a secondary virtual
Virtual Machine machine.
Timed Out Starting Secondary Monitors timeouts when starting a Secondary virtual machine.
Virtual Machine
Virtual Machine CPU Ready Monitors virtual machine CPU ready time.
Virtual machine disk commands Monitors the number of virtual machine disk commands that are canceled.
canceled
Virtual machine disk reset Monitors the number of virtual machine bus resets.
Virtual Machine Error Monitors virtual machine error and warning events.
Virtual Machine Fault Tolerance Monitors changes in latency status of a fault tolerance secondary virtual machine.
Secondary Latency Status Changed
Virtual Machine Fault Tolerance Monitors changes in the fault tolerance state of a virtual machine.
State Changed
Virtual Machine High Availability Monitors high availability errors on a virtual machine.
Error
Virtual Machine Total Disk Latency Monitors virtual machine total disk latency.
Table 22-1 lists each metric group and describes the type of data collected.
CPU CPU utilization per host, virtual machine, resource pool, or compute resource.
Memory Memory utilization per host, virtual machine, resource pool, or compute resource. The value obtained is
one of the following:
n For virtual machines, memory refers to guest physical memory. Guest physical memory is the amount
of physical memory presented as a virtual-hardware component to the virtual machine, at creation
time, and made available when the virtual machine is running.
n For hosts, memory refers to machine memory. Machine memory is the random-access memory (RAM)
that is installed in the hardware that comprises the ESX/ESXi system.
Disk Disk utilization per host, virtual machine, or datastore. Disk metrics include input/output (I/O)
performance (such as latency and read/write speeds), and utilization metrics for storage as a finite
resource.
Network Network utilization for both physical and virtual network interface controllers (NICs) and other network
devices, such as the virtual switches (vSwitch) that support connectivity among all components (hosts,
virtual machines, VMkernel, and so on).
System Overall system availability, such as system heartbeat and uptime. These counters are available directly
from ESX and from vCenter Server.
For a complete list of all statistics available for ESX/ESXi hosts and collected by vCenter Server, see the
PerformanceManager API documentation pages in the vSphere API Reference.
Data Counters
vCenter Server and ESX/ESXi hosts use data counters to query for statistics. A data counter is a unit of
information relevant to a given object.
For example, network metrics for a virtual machine include one counter that tracks the rate at which data is
transmitted and another counter that tracks the rate at which data is received across a NIC instance.
To ensure performance is not impaired when collecting and writing the data to the database, cyclical queries
are used to collect data counter statistics. The queries occur for a specified collection interval. At the end of
each interval, the data calculation occurs.
Each data counter is comprised of several attributes that are used to determine the statistical value collected.
Table 22-2 lists data counter attributes.
Statistics Type Measurement used during the statistics interval. The statistics type is related to the unit of
measurement. One of:
n Rate – Value over the current statistics interval
n Delta – Change from previous statistics interval.
n Absolute – Absolute value (independent of the statistics interval).
Rollup Type Calculation method used during the statistics interval to roll up data. This determines the type of
statistical values that are returned for the counter. One of:
n Average – Data collected during the interval is aggregated and averaged.
n Minimum – The minimum value is rolled up.
n Maximum – The maximum value is rolled up.
The Minimum and Maximum values are collected and displayed only in collection level 4.
Minimum and maximum rollup types are used to capture peaks in data during the interval. For
real-time data, the value is the current minimum or current maximum. For historical data, the
value is the average minimum or average maximum.
For example, the following information for the CPU usage chart shows that the average is
collected at collection level 1 and the minimum and maximum values are collected at collection
level 4.
n Counter: usage
n Unit: Percentage (%)
n Rollup Type: Average (Minimum/Maximum)
n Collection Level: 1 (4)
n Summation – Data collected is summed. The measurement displayed in the chart represents the
sum of data collected during the interval.
n Latest – Data collected during the interval is a set value. The value displayed in the performance
charts represents the current value.
Collection level Number of data counters used to collect statistics. Collection levels range from 1 to 4, with 4 having
the most counters.
Collection Intervals
Collection intervals determine the time period during which statistics are aggregated and rolled up, and the
length of time the statistics are archived in the vCenter database.
By default, vCenter Server has four collection intervals: Day, Week, Month, and Year. Each interval specifies
a length of a time statistics are archived in the vCenter database. You can configure which intervals are enabled
and for what period of time. You can also configure the number of data counters used during a collection
interval by setting the collection level. Together, the collection interval and collection level determine how
much statistical data is collected and stored in your vCenter Server database.
Real-time statistics are not stored in the database. They are stored in a flat file on ESX/ESXi hosts and in memory
on the vCenter Server systems. ESX/ESXi hosts collect real-time statistics only for the host or the virtual
machines available on the host. Real-time statistics are collected directly on an ESX/ESXi host every 20 seconds
(60 seconds for ESX Server 2.x hosts). If you query for real-time statistics in the vSphere Client for performance
charts, vCenter Server queries each host directly for the data. It does not process the data at this point. It only
passes the data to the vSphere Client. The processing occurs in a separate operation, depending on the host
type.
n On ESX hosts, the statistics are kept for one hour, after which 180 data points (15 -20 second samples) will
have been collected. The data points are aggregated, processed, and returned to vCenter Server. At this
point, vCenter Server archives the data in the database as a data point for the Day collection interval.
n On ESXi hosts, the statistics are kept for 30 minutes, after which 90 data points will have been collected.
The data points are aggregated, processed, and returned to vCenter Server. At this point, vCenter Server
archives the data in the database as a data point for the Day collection interval.
To ensure performance is not impaired when collecting and writing the data to the database, cyclical queries
are used to collect data counter statistics. The queries occur for a specified collection interval. At the end of
each interval, the data calculation occurs.
Table 22-3 lists the default collection intervals available for the vCenter Server.
1 Day 5 Minutes Real-time statistics are rolled up to create one data point every 5 minutes. The
result is 12 data points every hour and 288 data points every day. After 30
minutes, the six data points collected are aggregated and rolled up as a data
point for the 1 Week time range.
You can change the interval duration and archive length of the 1 Day
collection interval by configuring the statistics settings.
1 Week 30 Minutes 1 Day statistics are rolled up to create one data point every 30 minutes. The
result is 48 data points every day and 336 data points every week. Every 2
hours, the 12 data points collected are aggregated and rolled up as a data point
for the 1 Month time range.
You cannot change the default settings of the 1 Week collection interval.
1 Month 2 Hours 1 Week statistics are rolled up to create one data point every 2 hours. The
result is 12 data points every day and 360 data points every month (assuming
a 30-day month). After 24 hours, the 12 data points collected are aggregated
and rolled up as a data point for the 1 Year time range.
You cannot change the default settings of the 1 Month collection interval.
1 Year 1 Day 1 Month statistics are rolled up to create one data point every day. The result
is 365 data points each year.
You can change the interval duration and archive length of the 1 Year
collection interval by configuring the statistics settings.
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
NOTE Not all attributes are configurable for each collection interval.
Procedure
2 If your environment uses multiple vCenter Servers, in Current vCenter Server, select the server.
4 In the Statistics Intervals section, select or deselect a collection interval to enable or disable it.
Enabling a longer interval automatically enables all shorter intervals. If you disable all collection levels,
statistical data is not archived in the vCenter Server database.
5 (Optional) To change a collection interval attribute, select its row in the Statistics Interval section and click
Edit to open the Edit Collection Interval dialog box.
This option is configurable only for the Day and Year intervals.
The statistics level must be less than or equal to the statistics level set for the preceeding statistics
interval. This is a vCenter Server dependency.
6 (Optional) In the Database Size section, estimate the effect of the statistics settings on the database.
The estimated space required and number of database rows required are calculated and displayed.
7 Click OK.
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
2 If your environment uses multiple vCenter Servers, in Current vCenter Server, select the appropriate
server.
4 In the Statistics Intervals section, select or deselect a collection interval to enable or disable it.
NOTE When you disable a collection interval, all subsequent intervals are automatically disabled.
5 (Optional) In the Database Size section, estimate the effect of the statistics settings on the database.
The estimated space required and number of database rows required are calculated and displayed.
6 Click OK.
Collection Levels
Each collection interval has a default collection level that determines how many data counters are used when
collecting statistics data.
The collection level establishes which metrics are retrieved and recorded in the vCenter Server database. You
can assign a collection level of 1- 4 to each collection interval, with level 4 having the largest number of counters.
By default, all collection intervals use collection level 1.
The collection level for an interval cannot be greater than the collection level set for the preceding collection
interval. For example, if the Month interval is set to collection level 3, the Year interval can be set to collection
level 1, 2, or 3, but not to collection level 4. This is a vCenter Server dependency.
Table 22-4 describes each collection level and provides recommendations on when to use them.
Level 1 n Cluster Services (VMware Distributed Resource Scheduler) – Use for long-term performance
all metrics monitoring when device statistics are
n CPU – cpuentitlement, totalmhz, usage (average), usagemhz not required.
n Disk – capacity, maxTotalLatency, provisioned, unshared, Level 1 is the default Collection Level
usage (average), used for all Collection Intervals.
n Memory – consumed, mementitlement, overhead,
swapinRate, swapoutRate, swapused, totalmb, usage
(average), vmmemctl (balloon)
n Network – usage (average)
n System – heartbeat, uptime
n Virtual Machine Operations – numChangeDS,
numChangeHost, numChangeHostDS
Level 4 All metrics supported by the vCenter Server, including minimum Use for short-term performance
and maximum rollup values. monitoring after encountering
problems or when device statistics are
required.
Due to the large quantity of
troubleshooting data retrieved and
recorded, use level 4 for the shortest
amount of time possible.
Generally, you need to use only collection levels 1 and 2 for performance monitoring and analysis. Levels 3
and 4 provide granularity that is generally useful only for developers. Unless vCenter Server is set to a collection
level that contains a data counter, the data for that counter is not stored in the database nor is it rolled up into
a past-day statistic on the ESX/ESXi host. The counter will not appear in the performance charts.
If you change to collection level 3 or 4 to diagnose problems, reset the collection level to its previous state as
soon as possible. At collection level 4, try to limit the collection period to the Day interval to not have an impact
on the database. If you need to save the data for longer than one day, increase interval to two or three days
rather than using the Week interval. For example, if you need to record data over the weekend, set the interval
to three days. Use a week interval only when you need the duration to be more than three days.
Table 22-5 lists the circumstances in which you might want to increase the collection level for your vCenter
Server.
2 n Identify virtual machines that can be co-located because of complimentary memory sharing.
n Detect the amount of active memory on a host to determine whether it can handle additional virtual
machines.
3 n Compare ready and wait times of virtual CPUs to determine the effectiveness of VSMP.
n Diagnose problems with devices, or compare performance among multiple devices.
NOTE You must manually enable each collection interval to use it again. Also, you can only enable a collection
interval if all previous collection intervals are enabled. For example, to enable the month interval, the day and
week intervals must be enabled.
By default, statistics are stored in the vCenter Server database for one year. You can increase this to three years.
To save statistical data for longer than three years, archive it outside of the vCenter Server database.
Procedure
1 If necessary, open the Statistics tab of the vCenter Server Settings dialog box.
a Select Administration > vCenter Server Settings.
b Click Edit.
c In the Edit Statistics Interval dialog box, change the settings as necessary.
d Click OK.
3 Enter the number of physical hosts and virtual machines in your inventory.
The vCenter Server uses a database calculator to determine the estimated size required for your statistics
configuration. The value appears in the Estimated space required field after you enter values.
4 Click OK.
You view the performance charts for an object that is selected in the inventory on the vSphere Client
Performance tab. You can view overview charts and advanced charts for an object. Both the overview charts
and the advanced charts use the following chart types to display statistics:
Line charts Display metrics for a single inventory object. The data for each performance
counter is plotted on a separate line in the chart. For example, a network chart
for a host can contain two lines: one showing the number of packets received,
and one showing the number of packets transmitted.
Bar charts Display storage metrics for datastores in a selected datacenter. Each datastore
is represented as a bar in the chart, and each bar displays metrics based on file
type (virtual disks, snapshots, swap files, and other files).
Pie charts Display storage metrics for a single datastore or virtual machine. Storage
information is based on file type or virtual machine. For example, a pie chart
for a datastore displays the amount of storage space occupied by the five-
largest virtual machines on that datastore. A pie chart for a virtual machine
displays the amount of storage space occupied by virtual machine files.
Stacked charts Display metrics for children of the selected parent object. For example, a host's
stacked CPU usage chart displays CPU usage metrics for each virtual machine
on the host. The metrics for the host itself are displayed in separate line charts.
Stacked charts are useful in comparing resource allocation and usage across
multiple hosts or virtual machines. Each metric group appears on a separate
chart for a managed entity. For example, hosts have one chart that displays
CPU metrics and one that displays memory metrics.
All overview charts for an object appear in the same panel in the Performance tab. This allows you to do side-
by-side comparisions of resource usage for clusters, datacenters, datastores, hosts, resource pools, and virtual
machines. You can perform the following tasks with the overview performance charts.
n View all charts for an object in one panel. The single-panel view enables you to make side-by-side
comparisons of different resource statistics, for example, CPU usage and memory usage.
n View real-time and historic data.
n View thumbnail charts for child objects. Thumbnail charts provide a quick summary of resource usage
for each child object of a datacenter, datastore, cluster, or host.
n Open the overview charts for a child object by clicking the object name in the thumbnail section.
Prerequisites
Procedure
3 Click Overview.
Procedure
3 Click Overview.
5 To view the Help for a specific chart, click the Help icon for that chart.
NOTE You cannot view datastore metrics in the advanced charts. They are only available in the overview
charts.
Prerequisites
When connected directly to an ESX/ESXi host, the advanced performance charts display only real-time statistics
and past day statistics. To view historical data, the vSphere Client must be connected to a vCenter Server
system.
Procedure
1 Select a host, cluster, resource pool, or virtual machine in the inventory panel.
3 Click Advanced.
Option Description
CPU Shows the CPU usage in MHz. Available for clusters, resource pools, hosts,
and virtual machines.
Memory Shows the amount of memory granted. Available for clusters, resource pools,
hosts, and virtual machines.
Disk Shows the aggregated storage performance statistics. Available for hosts and
virtual machines.
Network Shows the aggregated network performance statistics. Available for hosts
and virtual machines.
System Shows statistics for overall system availability, including CPU usage by the
service console and other aapplications. Available for hosts and virtual
machines.
Cluster Services Shows aggregate CPU, aggregate memory, and failover statistics for DRS
and HA clusters and hosts that are part of DRS clusters.
The amount of historical data displayed in a chart depends on the collection interval and collection level
set for vCenter Server.
Procedure
2 Click Save.
3 In the Save Performance Chart dialog box, navigate to the location to save the file.
6 Click Save.
Prerequisites
Before you view or export performance data, verify that the time is set correctly on the ESX/ESXi host, the
vCenter Server system, and the client machine. Each host and client machine can be in different time zones,
but the times must be correct for their respective time zones.
Procedure
If performance data is not available for the selected inventory object, the Export Performance option is not
available.
You can also specify the objects using the All or None buttons.
7 (Optional) To customize the options, click Advanced, select the objects and counters to include in the chart,
and click OK.
Changes to chart options take effect immediately. New views are added to the Switch to menu.
Procedure
3 Click Advanced.
You can also customize the time range options by customizing the statistics collection interval setting.
You can also specify the objects using the All or None buttons.
You can also specify counters using the All or None buttons.
Click a counter name to display information about the counter in the Counter Description panel.
11 Click OK.
To view the chart in its own window, click the pop-up chart button ( ). This enables you to view
additional charts while keeping this chart open.
Procedure
4 Click Chart Options to open the Customize Performance Charts dialog box.
7 Click OK.
CPU Performance
Use the vSphere Client CPU performance charts to monitor CPU usage for hosts, clusters, resource pools,
virtual machines, and vApps. Use the guidelines below to identify and correct problems with CPU
performance.
A short spike in CPU usage or CPU ready indicates that you are making the best use of the host resources.
However, if both values are constantly high, the hosts are probably overcommitted. Generally, if the CPU
usage value for a virtual machine is above 90% and the CPU ready value is above 20%, performance is impacted.
1 Verify that VMware Tools is installed on every virtual machine on the host.
2 Compare the CPU usage value of a virtual machine with the CPU usage of other virtual machines on the host or in
the resource pool. The stacked bar chart on the host's Virtual Machine view shows the CPU usage for all virtual
machines on the host.
3 Determine whether the high ready time for the virtual machine resulted from its CPU usage time reaching the CPU
limit setting. If so, increase the CPU limit on the virtual machine.
4 Increase the CPU shares to give the virtual machine more opportunities to run. The total ready time on the host might
remain at the same level if the host system is constrained by CPU. If the host ready time doesn't decrease, set the CPU
reservations for high-priority virtual machines to guarantee that they receive the required CPU cycles.
5 Increase the amount of memory allocated to the virtual machine. This decreases disk and or network activity for
applications that cache. This might lower disk I/O and reduce the need for the ESX/ESXi host to virtualize the hardware.
Virtual machines with smaller resource allocations generally accumulate more CPU ready time.
6 Reduce the number of virtual CPUs on a virtual machine to only the number required to execute the workload. For
example, a single-threaded application on a four-way virtual machine only benefits from a single vCPU. But the
hypervisor's maintenance of the three idle vCPUs takes CPU cycles that could be used for other work.
7 If the host is not already in a DRS cluster, add it to one. If the host is in a DRS cluster, increase the number of hosts
and migrate one or more virtual machines onto the new host.
9 Use the newest version of ESX/ESXi, and enable CPU-saving features such as TCP Segmentation Offload, large
memory pages, and jumbo frames.
The virtual machine disk usage (%) and I/O data counters provide information about average disk usage on a
virtual machine. Use these counters to monitor trends in disk usage.
The best ways to determine if your vSphere environment is experiencing disk problems is to monitor the disk
latency data counters. You use the Advanced performance charts to view these statistics.
n The kernelLatency data counter measures the average amount of time, in milliseconds, that the VMkernel
spends processing each SCSI command. For best performance, the value should be 0-1 milliseconds. If the
value is greater than 4ms, the virtual machines on the ESX/ESXi host are trying to send more throughput
to the storage system than the configuration supports. Check the CPU usage, and increase the queue depth
or storage.
n The deviceLatency data counter measures the average amount of time, in milliseconds, to complete a SCSI
command from the physical device. Depending on your hardware, a number greater than 15ms indicates
there are probably problems with the storage array. Move the active VMDK to a volume with more
spindles or add disks to the LUN.
n The queueLatency data counter measures the average amount of time taken per SCSI command in the
VMkernel queue. This value must always be zero. If not, the workload is too high and the array cannot
process the data fast enough.
1 Increase the virtual machine memory. This should allow for more operating system caching, which can reduce I/O
activity. Note that this may require you to also increase the host memory. Increasing memory might reduce the need
to store data because databases can utilize system memory to cache data and avoid disk access.
To verify that virtual machines have adequate memory, check swap statistics in the guest operating system. Increase
the guest memory, but not to an extent that leads to excessive host memory swapping. Install VMware Tools so that
memory ballooning can occur.
4 Use the vendor's array tools to determine the array performance statistics. When too many servers simultaneously
access common elements on an array, the disks might have trouble keeping up. Consider array-side improvements
to increase throughput.
5 Use Storage VMotion to migrate I/O-intensive virtual machines across multiple ESX/ESXi hosts.
6 Balance the disk load across all physical resources available. Spread heavily used storage across LUNs that are
accessed by different adapters. Use separate queues for each adapter to improve disk efficiency.
7 Configure the HBAs and RAID controllers for optimal use. Verify that the queue depths and cache settings on the
RAID controllers are adequate. If not, increase the number of outstanding disk requests for the virtual machine by
adjusting the Disk.SchedNumReqOutstanding parameter. For more information, see the Fibre Channel SAN
Configuration Guide.
8 For resource-intensive virtual machines, separate the virtual machine's physical disk drive from the drive with the
system page file. This alleviates disk spindle contention during periods of high use.
9 On systems with sizable RAM, disable memory trimming by adding the line MemTrimRate=0 to the virtual
machine's .VMX file.
10 If the combined disk I/O is higher than a single HBA capacity, use multipathing or multiple links.
11 For ESXi hosts, create virtual disks as preallocated. When you create a virtual disk for a guest operating system, select
Allocate all disk space now. The performance degradation associated with reassigning additional disk space does
not occur, and the disk is less likely to become fragmented.
Memory Performance
Use the vSphere Client memory performance charts to monitor memory usage of clusters, hosts, virtual
machines, and vApps. Use the guidelines below to identify and correct problems with memory performance.
To ensure best performance, the host memory must be large enough to accommodate the active memory of
the virtual machines. Note that the active memory can be smaller than the virtual machine memory size. This
allows you to over-provision memory, but still ensures that the virtual machine active memory is smaller than
the host memory.
A virtual machine's memory size must be slightly larger than the average guest memory usage. This enables
the host to accommodate workload spikes without swapping memory among guests. Increasing the virtual
machine memory size results in more overhead memory usage.
If a virtual machine has high ballooning or swapping, check the amount of free physical memory on the host.
A free memory value of 6% or less indicates that the host cannot meet the memory requirements. This leads
to memory reclamation which may degrade performance. If the active memory size is the same as the granted
memory size, demand for memory is greater than the memory resources available. If the active memory is
consistently low, the memory size might be too large.
If the host has enough free memory, check the resource shares, reservation, and limit settings of the virtual
machines and resource pools on the host. Verify that the host settings are adequate and not lower than those
set for the virtual machines.
If the memory usage value is high, and the host has high ballooning or swapping, check the amount of free
physical memory on the host. A free memory value of 6% or less indicates that the host cannot handle the
demand for memory. This leads to memory reclamation which may degrade performance.
If memory usage is high or you notice degredation in performance, consider taking the actions listed below.
1 Verify that VMware Tools is installed on each virtual machine. The balloon driver is installed with VMware Tools
and is critical to performance.
2 Verify that the balloon driver is enabled. The VMkernel regularly reclaims unused virtual machine memory by
ballooning and swapping. Generally, this does not impact virtual machine performance.
3 Reduce the memory space on the virtual machine, and correct the cache size if it is too large. This frees up memory
for other virtual machines.
4 If the memory reservation of the virtual machine is set to a value much higher than its active memory, decrease the
reservation setting so that the VMkernel can reclaim the idle memory for other virtual machines on the host.
Network Performance
Use the network performance charts to monitor network usage and bandwidth for clusters, hosts, and virtual
machines. Use the guidelines below to identify and correct problems with networking performance.
Network performance is dependent on application workload and network configuration. Dropped network
packets indicate a bottleneck in the network. To determine whether packets are being dropped, use esxtop or
the advanced performance charts to examine the droppedTx and droppedRx network counter values.
If packets are being dropped, adjust the virtual machine shares. If packets are not being dropped, check the
size of the network packets and the data receive and transfer rates. In general, the larger the network packets,
the faster the network speed. When the packet size is large, fewer packets are transferred, which reduces the
amount of CPU required to process the data. When network packets are small, more packets are transferred
but the network speed is slower because more CPU is required to process the data.
NOTE In some instances, large packets can result in high network latency. To check network latency, use the
VMware AppSpeed performance monitoring application or a third-party application.
If packets are not being dropped and the data receive rate is slow, the host is probably lacking the CPU resources
required to handle the load. Check the number of virtual machines assigned to each physical NIC. If necessary,
perform load balancing by moving virtual machines to different vSwitches or by adding more NICs to the host.
You can also move virtual machines to another host or increase the host CPU or virtual machine CPU.
2 If possible, use vmxnet3 NIC drivers, which are available with VMware Tools. They are optimized for high
performance.
3 If virtual machines running on the same ESX/ESXi host communicate with each other, connect them to the same
vSwitch to avoid the cost of transferring packets over the physical network.
5 Use separate physical NICs to handle the different traffic streams, such as network packets generated by virtual
machines, iSCSI protocols, VMotion tasks, and service console activities.
6 Ensure that the physical NIC capacity is large enough to handle the network traffic on that vSwitch. If the capacity
is not enough, consider using a high-bandwidth physical NIC (10Gbps) or moving some virtual machines to a vSwitch
with a lighter load or to a new vSwitch.
7 If packets are being dropped at the vSwitch port, increase the virtual network driver ring buffers where applicable.
8 Verify that the reported speed and duplex settings for the physical NIC match the hardware expectations and that
the hardware is configured to run at its maximum capability. For example, verify that NICs with 1Gbps are not reset
to 100Mbps because they are connected to an older switch.
9 Verify that all NICs are running in full duplex mode. Hardware connectivity issues might result in a NIC resetting
itself to a lower speed or half duplex mode.
10 Use vNICs that are TSO-capable, and verify that TSO-Jumbo Frames are enabled where possible.
Storage Performance
Use the vSphere Client datastore performance charts to monitor datastore usage. Use the guidelines below to
identify and correct problems with datastore performance.
NOTE The datastore charts are available only in the overview performance charts.
The datastore is at full capacity when the used space is equal to the capacity. Allocated space can be larger
than datastore capacity, for example, when you have snapshots and thin-provisioned disks. You can provision
more space to the datastore if possible, or you can add disks to the datastore or use shared datastores.
If snapshot files are consuming a lot of datastore space, consider consolidating them to the virtual disk when
they are no longer needed. Consolidating the snapshots deletes the redo log files and removes the snapshots
from the vSphere Client user interface. For information on consolidating the datacenter, see the vSphere Client
Help.
Managing Tasks
Tasks represent system activities that do not complete immediately, such as migrating a virtual machine. They
are initiated by high-level activities you perform with the vSphere Client in real-time and those you schedule
to occur at a later time or on a recurring basis.
For example, powering off a virtual machine is a task. You can perform this task manually every evening, or
you can set up a scheduled task to power off the virtual machine every evening for you.
NOTE The functionality available in the vSphere Client depends on whether the vSphere Client is connected
to a vCenter Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to
both kinds of vSphere Client connections. When the vSphere Client is connected to an ESX/ESXi host, the Tasks
option is not available; however, you can view recent tasks in the Status Bar at the bottom of the vSphere Client.
Viewing Tasks
You can view tasks that are associated with a single object or all objects in the vSphere Client inventory. The
Tasks & Events tab lists completed tasks and tasks that are currently running.
By default, the tasks list for an object also includes tasks performed on its child objects. You can filter the list
by removing tasks performed on child objects and by using keywords to search for tasks.
If you are logged in to a vCenter Server system that is part of a Connected Group, a column in the task list
displays the name of the vCenter Server system on which the task was performed.
Procedure
2 Display the tasks for a single object or the entire vCenter Server.
n To display the tasks for an object, select the object.
n To display the tasks in the vCenter Server, select the root folder.
The task list contains tasks performed on the object and its children.
4 (Optional) To view detailed information for a task, select the task in the list.
Procedure
3 If necessary, select View > Status to display the status bar at the bottom of the vSphere Client.
The list of completed tasks appears in the Recent Tasks pane of the Status Bar.
5 If necessary, select View > Status to display the status bar at the bottom of the vSphere Client.
Procedure
u In the navigation bar, select Home > Management > Scheduled Tasks.
Procedure
1 Select the host or datacenter in the inventory and click the Tasks & Events tab.
3 If the Show all entries list and the search field are not displayed under the Tasks and Events buttons, select
View > Filtering.
4 Click Show all entries and select Show host entries or Show datacenter entries, depending on the object
selected.
Procedure
2 Select the object and click the Tasks & Events tab.
3 If the Name, Target or Status contains search field is not displayed, select View > Filtering.
4 Click the search field arrow and select the attributes to include in the search.
Cancel a Task
Canceling a task stops a running task from occurring. Canceling a scheduled task does not cancel subsequent
runs. To cancel a scheduled task that has not run, reschedule it.
NOTE You can only cancel a subset of tasks by using the vSphere Client, and you cannot cancel tasks on an
ESX Server version 2.0.1 host.
Required privileges:
n Manual tasks: Tasks.Update Task
n Scheduled tasks:Scheduled Task.Remove Task
n Appropriate permissions on the host where the task is running
Prerequisites
To cancel a task, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 Locate the task in the Recent Tasks pane of the Status Bar.
By default, the Status Baris displayed at the bottom of the vSphere Client. If it is not visible, select View >
Status Bar.
The vCenter Server system or ESX/ESXi host stops the progress of the task and returns the object to its previous
state. The vSphere Client displays the task with a Canceled status.
Schedule Tasks
You can schedule tasks to run once in the future or multiple times, at a recurring interval.
The vSphere Client must be connected to a vCenter Server system to create and manage scheduled tasks. The
tasks you can schedule are listed in the following table.
Change the power state of a virtual machine Powers on, powers off, suspends, or resets the state of the virtual machine.
Change resource settings of a resource pool Changes the following resource settings:
or virtual machine n CPU – Shares, Reservation, Limit.
n Memory – Shares, Reservation, Limit.
Check compliance of a profile Checks that a host's configuration matches the configuration specified in a
host profile.
Clone a virtual machine Makes a clone of the virtual machine and places it on the specified host or
cluster.
Create a virtual machine Creates a new virtual machine on the specified host.
Deploy a virtual machine Creates a new virtual machine from a template on the specified host or
cluster.
Export a virtual machine Exports virtual machines that vCenter Server manages to managed formats
or hosted formats. The export process converts the source to a virtual
machine in the format you specify.
This scheduled task is available only when VMware vCenter Converter is
installed.
Import a virtual machine Imports a physical machine, virtual machine, or system image into a virtual
machine that vCenter Server manages.
This scheduled task is available only when VMware vCenter Converter is
installed.
Migrate a virtual machine Migrate a virtual machine to the specified host or datastore by using
migration or migration with VMotion.
Make a snapshot of a virtual machine Captures the entire state of the virtual machine at the time the snapshot is
taken.
Scan for Updates Scans templates, virtual machines, and hosts for available updates.
This task is available only when VMware vCenter Update Manager is
installed.
Remediate Downloads any new patches discovered during the scan operation and
applies the newly configured settings.
This task is available only when VMware vCenter Update Manager is
installed.
You create scheduled tasks by using the Scheduled Task wizard. For some scheduled tasks, this wizard opens
the wizard used specifically for that task. For example, if you create a scheduled task that migrates a virtual
machine, the Scheduled Task wizard opens the Migrate Virtual Machine wizard, which you use to set up the
migration details.
Scheduling one task to run on multiple objects is not possible. For example, you cannot create one scheduled
task on a host that powers on all virtual machines on that host. You must create a separate scheduled task for
each virtual machine.
After a scheduled task runs, you can reschedule it to run again at another time.
You can schedule a limited number of tasks by using the vSphere Client. If the task to schedule is not available,
use the VMware Infrastructure API. See the vSphere SDK Programming Guide.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are
unpredictable.
Prerequisites
The vSphere Client must be connected to a vCenter Server system to schedule tasks.
Procedure
1 In the navigation bar, click Home > Management > Scheduled Tasks.
3 In the Select a Task to Schedule dialog box, select a task and click OK to open the wizard for that task.
NOTE For some scheduled tasks, the wizard opens the wizard used specifically for that task. For example,
to migrate a virtual machine, the Scheduled Task wizard opens the Migrate Virtual Machine Wizard,
which you use to set up the migration details.
You can schedule a task to run only once during a day. To set up a task to run multiple times in one day,
set up additional scheduled tasks.
Once n To run the scheduled task immediately, select Now and click Next.
n To run the scheduled task at a later time and date, select Later and enter a Time. Click the
Date arrow to display the calendar and click a date.
After Startup n In Delay, enter the number of minutes to delay the task.
Hourly a In Start Time, enter the number of minutes after the hour to run the task.
b In Interval, enter the number of hours after which to run the task.
For example, to start a task at the half-hour mark of every 5th hour, enter 30 and 5.
last runs the task on the last week in the month that the day occurs. For example, if
you select the last Monday of the month and the month ends on a Sunday, the task
runs six days before the end of the month.
c In Interval, enter the number of months between each task run.
8 Click Next.
10 Click Finish.
The vCenter Server system adds the task to the list in the Scheduled Tasks window.
Tasks that aren’t running can be cleared when they are in a queued or scheduled state. In such cases, because
the cancel operation is not available, either remove the task or reschedule it to run at a different time. Removing
a scheduled task requires that you recreate it to run it in the future, rescheduling does not.
If your vSphere uses virtual services, you can also cancel the following scheduled tasks:
n Change the power state of a virtual machine
n Make a snapshot of a virtual machine
Procedure
1 In the vSphere Client navigation bar, click Home > Management > Scheduled Tasks.
6 Click Finish.
Prerequisites
To remove scheduled tasks, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 In the vSphere Client navigation bar, click Home > Management > Scheduled Tasks.
4 Click OK.
vCenter Server and ESX/ESXi hosts use the following rules to process tasks:
n The user performing the task in the vSphere Client must have the correct permissions on the relevant
objects. After a scheduled task is created, it will be performed even if the user no longer has permission
to perform the task.
n When the operations required by manual tasks and scheduled tasks conflict, the activity due first is started
first.
n When a virtual machine or host is in an incorrect state to perform any activity, manual or scheduled,
vCenter Server or the ESX/ESXi host does not perform the task. A message is recorded in the log.
n When an object is removed from the vCenter Server or the ESX/ESXi host, all associated tasks are also
removed.
n The vSphere Client and vCenter Server system use UTC time to determine the start time of a scheduled
task. This ensures vSphere Client users in different time zones see the task scheduled to run at their local
time.
Events are logged in the event log at start and completion of a task. Any errors that occur during a task are
also recorded in the event log.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are
unpredictable.
Managing Events
An event is an action that occurs on an object in vCenter Server or on a host.
Events include user actions and system actions that occur on managed objects in the vSphere Client inventory.
For example, events are created when a user logs in to a virtual machine and when a host connection is lost.
Each event records an event message. An event message is a predefined description of an event. Event messages
contain information such as the user who generated the event, the time the event occurred, and the type of
event message (information, error, or warning). Event messages are archived in vCenter Server.
Typically, event details include the name of the object on which the event occurred and describes the action
that occurred. The object of the event is a link to the object’s individual event page.
NOTE When actions occur on a folder, for example, when an alarm is created on a folder, the related event (in
this case the AlarmCreatedEvent) is visible only in the parent datacenter.
Viewing Events
You can view events associated with a single object or with all objects in the vSphere Client inventory.
The events listed for a selected object include events associated with the child objects. Detailed information
about a selected event appears in the Event Details panel below the event list.
NOTE When the vSphere Client is connected directly to an ESX/ESXi host, the Tasks & Events tab is labeled
Events.
Procedure
2 Select the object and click the Tasks & Events tab.
3 Click Events.
A list of events appears.
4 (Optional) Select an event in the list to see the Event Details, including a list of related events.
Procedure
2 (Optional) To see details about an event in the list, select the event.
3 (Optional) To see events related to a target object in the list, click the target object’s name.
The Tasks & Events tab for the selected object appears.
Procedure
2 Select the host or datacenter and click the Tasks & Events tab.
3 Click Events to display the events list.
4 If the Show all entries list and search field are not visible under the Tasks and Events buttons, select View
> Filtering.
5 Click Show all entries and select Show host entries or Show datacenter entries, depending on the object
selected.
Procedure
2 If the Name, Target or Status contains search field is not visible, select View > Filtering.
3 Click the search field arrow and select the attributes to include in the search.
The events that match the search are retrieved and displayed in the events list.
Procedure
For example, to create an alarm for all hosts in a cluster, display the cluster. To create an alarm for a single
host, display the host.
2 Select File > New > Alarm.
b In Alarm Type, select the object to monitor and select Monitor for specific events occurring on this
object.
The vCenter Server verifies the configuration of the alarm and adds the alarm to the list of alarms for the
selected object.
Export Events
You can export all or part of the events log file when the vSphere Client is connected to a vCenter Server system.
Procedure
2 If your vSphere environment has multiple vCenter Servers, in thevCenter Server list, select the server
where the events occurred.
NOTE If you do not specify a file extension, the file is saved as a text file.
5 In Time, specify the time range during which the events to export occurred.
n To specify an hour, day, week, or month time period, select Last and set the number and time
increment.
n To specify a calendar time span, select From and set the from and to dates.
7 Click OK.
vCenter Server creates the file in the specified location. The file contains the Type, Time, and Description of
the events.
When setting permissions, verify all the object types are set with appropriate privileges for each particular
action. Some operations require access permission at the root folder or parent folder in addition to access to
the object being manipulated. Some operations require access or performance permission at a parent folder
and a related object.
vCenter Server extensions might define additional privileges not listed here. Refer to the documentation for
the extension for more information on those privileges.
Alarms
Alarms privileges control the ability to set and respond to alarms on inventory objects.
Acknowledge alarm Suppresses all alarm actions from VC only All inventory Object on which
occurring on all triggered alarms. objects an alarm is
User interface element – Triggered defined
Alarms panel
Create alarm Creates a new alarm. VC only All inventory Object on which
When creating alarms with a custom objects an alarm is
action, privilege to perform the action defined
is verified when the user creates the
alarm.
User interface element– Alarms tab
context menu, File > New > Alarm
Disable alarm action Stops the alarm action from occurring VC only All inventory Object on which
after an alarm has been triggered. This objects an alarm is
does not disable the alarm from defined
triggering.
User interface element – Inventory >
object_name > Alarm > Disable All
Alarm Actions
Modify alarm Changes the properties of an existing VC only All inventory Object on which
alarm. objects an alarm is
User interface element – Alarms tab defined
context menu
Remove alarm Deletes an existing alarm. VC only All inventory Object on which
User interface element – Alarms tab objects an alarm is
context menu defined
Set alarm status Changes the status of the configured VC only All inventory Object on which
event alarm. The status can change to objects an alarm is
Normal, Warning, or Alert. defined
User interface element – Alarm
Settings dialog box, Triggers tab
Datacenter
Datacenter privileges control the ability to create and edit datacenters in the vSphere Client inventory.
Datastore
Datastore privileges control the ability to browse, manage, and allocate space on datastores.
Allocate space Allocates space on a datastore for a virtual HC and VC Datastores Datastores
machine, snapshot, clone, or virtual disk.
Low level file Carries out read, write, delete, and rename HC and VC Datastores Datastores
operations operations in the datastore browser.
Policy operation Set the policy of a distributed virtual port HC and VC vNetwork vNetwork
group. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Scope operation Set the scope of a distributed virtual port HC and VC vNetwork vNetwork
group. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Host operation Change the host members of a vNetwork HC and VC vNetwork vNetwork
Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Policy operation Change the policy of a vNetwork Distributed HC and VC vNetwork vNetwork
Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Port setting Change the setting of a port in a vNetwork HC and VC vNetwork vNetwork
operation Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Extensions
Extensions privileges control the ability to install and manage extensions.
Register extension Registers an extension (plug-in) VC only Root vCenter Root vCenter
Server Server
Update extension Updates an extension (plug-in) VC only Root vCenter Root vCenter
Server Server
Folders
Folders privileges control the abililty to create and manage folders.
Global
Global privileges control a number of global tasks related to tasks, scripts, and extensions.
Act as vCenter Prepare or initiate a VMotion send operation VC only Any object Root vCenter
Server or a VMotion receive operation. Server
No user vSphere Client interface elements are
associated with this privilege.
Cancel task Cancel a running or queued task. HC and VC Any object Inventory object
User interface element – Recent tasks pane related to the
context menu, Tasks & Events context menu. task
Can currently cancel clone and clone to
template.
Capacity planning Enable the use of capacity planning for VC only Root vCenter Root vCenter
planning consolidation of physical machines Server Server
to virtual machines.
User interface element - Consolidation button
in toolbar.
Diagnostics Get list of diagnostic files, log header, binary VC only Any object Root vCenter
files, or diagnostic bundle. Server
User interface element – File > Export > Export
Diagnostic Data, Admin System Logs tab
Disable methods Allows servers for vCenter Server extensions VC only Any object Root vCenter
to disable certain operations on objects Server
managed by vCenter Server.
No user vSphere Client interface elements are
associated with this privilege.
Enable methods Allows servers for vCenter Server extensions VC only Any object Root vCenter
to enable certain operations on objects Server
managed by vCenter Server.
No user vSphere Client interface elements are
associated with this privilege.
Global tag Add or remove global tags. HC and VC Any object Root host or
vCenter Server
Health View the health of vCenter Server VC only Root vCenter Root vCenter
components. Server Server
User interface element – vCenter Service
Status on the Home page.
Licenses See what licenses are installed and add or HC and VC Any object Root host or
remove licenses. vCenter Server
User interface element – Licenses tab,
Configuration > Licensed Features
Log Event Log a user-defined event against a particular HC and VC Any object Any object
managed entity.
User interface element – Should ask for a
reason when shutting down or rebooting a
host.
Manage Custom Add, remove, or rename custom field VC only Any object Root vCenter
Attributes definitions. Server
User interface element – Administration >
Custom Attributes
Proxy Allows access to an internal interface for VC only Any object Root vCenter
adding or removing endpoints to or from the Server
proxy.
No user vSphere Client interface elements are
associated with this privilege.
Script Action Schedule a scripted action in conjunction with VC only Any object Any object
an alarm.
User interface element – Alarm Settings dialog
box
Service Managers Allows use of the resxtop command in the HC and VC Root host or Root host or
vSphere CLI. vCenter Server vCenter Server
No user vSphere Client interface elements are
associated with this privilege.
Set Custom View, create, or remove custom attributes for VC only Any object Any object
Attributes a managed object.
User interface element – Any list view shows
the fields defined and allows setting them
Settings Read and modifie runtime VC configuration VC only Any object Root vCenter
settings. Server
User interface element – Administration >
vCenter Server Management Server
Configuration
System tag Add or remove system tag. VC only Root vCenter Root vCenter
Server Server
Host CIM
Host CIM privileges control the use of CIM for host health monitoring.
CIM interaction Allow a client to obtain a ticket to use for CIM HC and VC Hosts Hosts
services.
Host Configuration
Host configuration privileges control the ability to configure hosts.
Change date and time Sets time and date settings on the host. HC and VC Hosts Hosts
settings User interface element – Host
Configuration tab > Time Configuration
Change PciPassthru Change PciPassthru settings for a host. HC and VC Hosts Hosts
settings User interface element – Host
Configuration tab > Advanced Settings,
Inventory hierarchy context menu
Change settings Allows setting of lockdown mode on ESXi HC and VC Hosts Hosts (ESXi only)
hosts only.
User interface element – Host
Configuration tab > Security Profile >
Lockdown Mode > Edit
Change SNMP Configure, restart, and stop SNMP agent. HC and VC Hosts Hosts
settings No user vSphere Client interface elements
are associated with this privilege.
Firmware Update the host firmware on ESXi hosts. HC and VC Hosts Hosts (ESXi only)
No user vSphere Client interface elements
are associated with this privilege.
Maintenance Put the host in and out of maintenance HC and VC Hosts Hosts
mode. Shut down and restart a host.
User interface element– Host context
menu, Inventory > Host > Enter
Maintenance Mode
Memory configuration Set configured service console memory HC and VC Hosts Hosts
reservation. This setting is applicable only
on ESX hosts.
User interface element – Host
Configuration tab > Memory
Query Patch Query for installable patches and install HC and VC Hosts Hosts
patches on the host.
Security profile and Configure internet services, such as SSH, HC and VC Hosts Hosts
firewall Telnet, SNMP, and host firewall.
User interface element– Host
Configuration tab > Security Profile
Storage partition Manages VMFS datastore and diagnostic HC and VC Hosts Hosts
configuration partitions. Scan for new storage devices.
Manage iSCSI.
User interface element– Host
Configuration tab > Storage, Storage
Adapters, Virtual Machine Swapfile
LocationHost Configuration tab
datastore context menu
System Management Allows extensions to manipulate the file HC and VC Hosts Hosts
system on the host.
No user vSphere Client interface elements
are associated with this privilege.
System resources Update the configuration of the system HC and VC Hosts Hosts
resource hierarchy.
User interface element – Host
Configuration tab > System Resource
Allocation
Virtual machine Change auto-start and auto-stop order of HC and VC Hosts Hosts
autostart virtual machines on a single host.
configuration User interface element– Host
Configuration tab > Virtual Machine
Startup or Shutdown
Host Inventory
Host inventory privileges control adding hosts to the inventory, adding hosts to clusters, and moving hosts in
the inventory.
Add host to cluster Add a host to an existing cluster. VC only Datacenters, Clusters
User interface element – Inventory context Clusters, Host
menu, File > New > Add Host folders
Move cluster or Move a cluster or standalone host between VC only Datacenters, Clusters
standalone host folders. Host folders,
Privilege must be present at both the source Clusters
and destination.
User interface element– Inventory hierarchy
Move host Move a set of existing hosts into or out of a VC only Datacenters, Clusters
cluster. Host folders,
Privilege must be present at both the source Clusters
and destination.
User interface element– Inventory hierarchy
drag-and-drop
Remove cluster Delete a cluster or standalone host. VC only Datacenters, Clusters, Hosts
In order to have permission to perform this Host folders,
operation, you must have this privilege Clusters, Hosts
assigned to both the object and its parent
object.
User interface element – Inventory context
menu, Edit > Remove, Inventory > Cluster >
Remove
Add host to Install and uninstall vCenter agents, such as HC only Root host Root host
vCenter vpxa and aam, on a host.
No user vSphere Client interface elements are
associated with this privilege.
Create virtual Create a new virtual machine from scratch on HC only Root host Root host
machine a disk without registering it on the host.
No user vSphere Client interface elements are
associated with this privilege.
Delete virtual Delete a virtual machine on disk, whether HC only Root host Root host
machine registered or not.
No user vSphere Client interface elements are
associated with this privilege.
Manage user Manage local accounts on a host. HC only Root host Root host
groups User interface element – Users & Groups tab
(only present if the vSphere Client logs on to
the host directly)
Host Profile
Host Profile privileges control operations related to creating and modifying host profiles.
Clear Clear profile related HC and VC Root vCenter Server Root vCenter Server
information. Apply a profile to a
host.
User interface element –
Inventory > Host > Host Profile
> Apply Profile
Create Create a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Create
Profilebutton on Profiles tab
Delete Delete a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Delete
host profile button when a
profile is selected
Edit Edit a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Edit
Profile button when a profile is
selected
View View a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Host
Profiles button on vSphere
Client Home page
Network
Network privileges control tasks related to network management.
Performance
Performance privileges control modifying performance statistics settings.
Modify intervals Creates, removes, and updates performance VC only Root vCenter Root vCenter
data collection intervals. Server Server
User interface element– Administration >
vCenter Server Management Server
Configuration > Statistics
Permissions
Permissions privileges control the assigning of roles and permissions.
Modify Define one or more permission rules on an HC and VC All inventory Any object plus
permission entity, or updates rules if already present for objects parent object
the given user or group on the entity.
In order to have permission to perform this
operation, you must have this privilege
assigned to both the object and its parent
object.
User interface element – Permissions tab
context menu, Inventory > Permissions menu
Modify role Update a role's name and its privileges. HC and VC Root vCenter Any object
User interface element – Roles tab context Server
menu, toolbar button, File menu
Reassign role Reassign all permissions of a role to another HC and VC Root vCenter Any object
permissions role. Server
User interface element – Delete Role dialog
box, Reassign affected users radio button and
associated menu
Resource
Resource privileges control the creation and management of resource pools, as well as the migration of virtual
machines.
Apply recommendation Ask the server to go ahead with VC only Datacenters, Clusters
a suggested VMotion. Host folders,
User interface element – Cluster Clusters
DRS tab
Assign vApp to resource Assign a vApp to a resource pool. HC and VC Datacenters, Resource pools
pool User interface element – New Host folders,
vApp wizard Clusters,
Resource pools,
Hosts
Assign virtual machine Assign a virtual machine to a HC and VC Datacenters, Resource pools
to resource pool resource pool. Host folders,
User interface element – New Clusters,
Virtual Machine wizard Resource pools,
Hosts
Create resource pool Create a new resource pool. HC and VC Datacenters, Resource pools,
User interface element – File Host folders, clusters
menu, context menu, Summary Clusters,
tab, Resources tab Resource pools,
Hosts
Modify resource pool Change the allocations of a HC and VC Resource pools Resource pools
resource pool. plus parent
User interface element – object
Inventory > Resource Pool >
Remove, Resources tab
Move resource pool Move a resource pool. HC and VC Resource pools, Resource pools
Privilege must be present at both source and
the source and destination. destination
User interface element – Drag-
and-drop
Query VMotion Query the general VMotion VC only Root folder Root folder
compatibility of a virtual
machine with a set of hosts.
User interface element –
Required when displaying the
migration wizard for a powered-
on VM, to check compatibility
Remove resource pool Delete a resource pool. HC and VC Resource pools Resource pools
In order to have permission to plus parent
perform this operation, you must object
have this privilege assigned to
both the object and its parent
object.
User interface element – Edit >
Remove, Inventory > Resource
Pool > Remove, inventory
context menu, Resources tab
Rename resource pool Rename a resource pool. HC and VC Resource pools Resource pools
User interface element – Edit >
Rename, Inventory > Resource
Pool > Rename, context menu
Scheduled Task
Scheduled task privileges control creation, editing, and removal of scheduled tasks.
Create tasks Schedule a task. Required in addition to the VC only Any object Any object
privileges to perform the scheduled action at
the time of scheduling.
User interface element – Scheduled Tasks
toolbar button and context menu
Modify task Reconfigure the scheduled task properties. VC only Any object Any object
User interface element – Inventory >
Scheduled Tasks > Edit, Scheduled Tasks tab
context menu
Remove task Remove a scheduled task from the queue. VC only Any object Any object
User interface element – Scheduled Tasks
context menu, Inventory > Scheduled Task >
Remove, Edit > Remove
Run task Run the scheduled task immediately. VC only Any object Any object
Creating and running a task also requires
permission to perform the associated action.
User interface element – Scheduled Tasks
context menu, Inventory > Scheduled Task >
Run
Sessions
Sessions privileges control the ability of extensions to open sessions on the vCenter Server.
Impersonate User Impersonate another user. This capability is VC only Root vCenter Root vCenter
used by extensions. Server Server
Message Set the global log in message. VC only Root vCenter Root vCenter
User interface element – Sessions tab, Server Server
Administration > Edit Message of the Day
Validate session Verifies session validity. VC only Root vCenter Root vCenter
Server Server
View and stop View sessions. Force log out of one or more VC only Root vCenter Root vCenter
sessions logged-on users. Server Server
User interface element– Sessions tab
Tasks
Tasks privileges control the ability of extensions to create and update tasks on the vCenter Server.
Create task Allows an extension to create a user-defined VC only Root vCenter Root vCenter
task. Server Server
Update task Allows an extension to updates a user-defined VC only Root vCenter Root vCenter
task. Server Server
vApp
vApp privileges control operations related to deploying and configuring a vApp.
Add virtual machine Add a virtual machine to a HC and VC Datacenters, clusters, vApps
vApp. hosts, virtual
User interface element – drag- machine folders,
and-drop in the Virtual vApps
Machines and Templates or
Hosts and Clusters inventory
view
Assign resource pool Assign a resource pool to a HC and VC Datacenters, clusters, vApps
vApp. hosts, virtual
User interface element – drag- machine folders,
and-drop in the Hosts and vApps
Clusters inventory view
Assign vApp Assign a vApp to another vApp HC and VC Datacenters, clusters, vApps
User interface element – drag- hosts, virtual
and-drop in the Virtual machine folders,
Machines and Templates or vApps
Hosts and Clusters inventory
view
View OVF View the OVF environment of a HC and VC Datacenters, clusters, vApps
Environment powered-on virtual machine hosts, virtual
within a vApp. machine folders,
User interface element – Virtual vApps
Machine Properties dialog box,
Options tab, OVF Settings
option, View button
Add existing disk Add an existing virtual disk to a virtual HC and VC Datacenters, Virtual
machine. Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box Virtual
machine
folders,
Resource
pools, Virtual
machines
Add new disk Create a new virtual disk to add to a virtual HC and VC Datacenters, Virtual
machine. Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box Virtual
machine
folders,
Resource
pools, Virtual
machines
Add or remove Add or removes any non-disk device. HC and VC Datacenters, Virtual
device User interface element – Virtual Machine Hosts, machines
Properties dialog box Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Change CPU count Change the number of virtual CPUs. HC and VC Datacenters, Virtual
User interface element – Virtual Machine Hosts, machines
Properties dialog box Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Disk change Enable or disable change tracking for the HC and VC Datacenters, Virtual
tracking virtual machine's disks. Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Disk lease Leases disks for VMware Consolidated HC and VC Datacenters, Virtual
Backup. Hosts, machines
No user vSphere Client interface elements are Clusters,
associated with this privilege. Virtual
machine
folders,
Resource
pools, Virtual
machines
Extend virtual Expand the size of a virtual disk. HC and VC Datacenters, Virtual
disk Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Host USB device Attach a host-based USB device to a virtual HC and VC Datacenters, Virtual
machine. Hosts, machines
Adding USB devices to virtual machines on Clusters,
ESX/ESXi hosts is not supported. Virtual
machine
folders,
Resource
pools, Virtual
machines
Memory Change the amount of memory allocated to the HC and VC Datacenters, Virtual
virtual machine. Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box > Memory Virtual
machine
folders,
Resource
pools, Virtual
machines
Modify device Change the properties of an existing device. HC and VC Datacenters, Virtual
settings User interface element – Virtual Machine Hosts, machines
Properties dialog box > SCSI/IDE node Clusters,
selection Virtual
machine
folders,
Resource
pools, Virtual
machines
Raw device Add or removes a raw disk mapping or SCSI HC and VC Datacenters, Virtual
pass through device. Hosts, machines
Setting this parameter overrides any other Clusters,
privilege for modifying raw devices, including Virtual
connection states. machine
folders,
User interface element – Virtual Machine
Resource
Properties > Add/Remove raw disk mapping
pools, Virtual
machines
Reset guest Edit the guest operating system information HC and VC Datacenters, Virtual
information for a virtual machine Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box Options tab, Virtual
machine
folders,
Resource
pools, Virtual
machines
Swapfile Change the swapfile placement policy for a HC and VC Datacenters, Virtual
placement virtual machine. Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box Options tab, Swapfile Virtual
Location option machine
folders,
Resource
pools, Virtual
machines
Upgrade virtual Upgrade the virtual machine’s virtual HC and VC Datacenters, Virtual
hardware hardware version from a previous version of Hosts, machines
VMware. Clusters,
User interface element – context menu, File Virtual
menu (appears only if vmx file shows a lower machine
configuration number) folders,
Resource
pools, Virtual
machines
Answer question Resolve issues with VM state transitions or HC and VC Datacenters, Virtual
runtime errors. Hosts, machines
User interface element – Summary tab, Clusters,
Inventory menu, context menu Virtual
machine
folders,
Resource
pools, Virtual
machines
Console Interact with the virtual machine’s virtual HC and VC Datacenters, Virtual
interaction mouse, keyboard, and screen. Hosts, machines
User interface element– Console tab, toolbar Clusters,
button, Inventory > Virtual Machine > Open Virtual
Console, inventory context menu machine
folders,
Resource
pools, Virtual
machines
Defragment all Defragment all disks on the virtual machine. HC and VC. Datacenters, Virtual
disks Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Device connection Change the connected state of a virtual HC and VC Datacenters, Virtual
machine’s disconnectable virtual devices. Hosts, machines
User interface element– Virtual Machine Clusters,
Properties dialog box, Summary tab Edit Virtual
Settings machine
folders,
Resource
pools, Virtual
machines
Disable Fault Disable the Secondary virtual machine for a VC only Datacenters, Virtual
Tolerance virtual machine using Fault Tolerance. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Fault Tolerance > Disable Fault Virtual
Tolerance machine
folders,
Resource
pools, Virtual
machines
Enable Fault Enable the Seocondary virtual machine for a VC only Datacenters, Virtual
Tolerance virtual machine using Fault Tolerance. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Fault Tolerance > Enable Fault Virtual
Tolerance machine
folders,
Resource
pools, Virtual
machines
Power Off Power off a powered-on virtual machine, shuts HC and VC Datacenters, Virtual
down guest. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Power > Power Off, Summary tab, Virtual
toolbar button, virtual machine context menu machine
folders,
Resource
pools, Virtual
machines
Reset Resets virtual machine and reboots the guest HC and VC Datacenters, Virtual
operating system. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Power > Reset, Summary tab, Virtual
toolbar button, virtual machine context menu machine
folders,
Resource
pools, Virtual
machines
Test failover Test Fault Tolerance failover by making the VC only Datacenters, Virtual
Secondary virtual machine the Primary virtual Hosts, machines
machine. Clusters,
User interface element – Inventory > Virtual Virtual
Machine > Fault Tolerance > Test Failover machine
folders,
Resource
pools, Virtual
machines
Test restart Terminate a Secondary virtual machine for a VC only Datacenters, Virtual
Secondary VM virtual machine using Fault Tolerance. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Fault Tolerance > Test Restart Virtual
Secondary machine
folders,
Resource
pools, Virtual
machines
Turn Off Fault Turn off Fault Tolerance for a virtual machine. VC only Datacenters, Virtual
Tolerance User interface element – Inventory > Virtual Hosts, machines
Machine > Fault Tolerance > Turn Off Fault Clusters,
Tolerance Virtual
machine
folders,
Resource
pools, Virtual
machines
Turn On Fault Turn on Fault Tolerance for a virtual machine. VC only Datacenters, Virtual
Tolerance User interface element – Inventory > Virtual Hosts, machines
Machine > Fault Tolerance > Turn On Fault Clusters,
Tolerance Virtual
machine
folders,
Resource
pools, Virtual
machines
VMware Tools Mounts and unmounts the VMware Tools CD HC and VC Datacenters, Virtual
install installer as a CD-ROM for the guest operating Hosts, machines
system. Clusters,
User interface element– Inventory > Virtual Virtual
Machine > Guest > Install/Upgrade VMware machine
Tools, virtual machine context menu folders,
Resource
pools, Virtual
machines
Create from Create a virtual machine based on an existing HC and VC Datacenters, Clusters, Hosts,
existing virtual machine or template, by cloning or Clusters, Virtual machine
deploying from a template. Hosts, Virtual folders
machine
folders
Create new Create a new virtual machine and allocates HC and VC Datacenters, Clusters, Hosts,
resources for its execution. Clusters, Virtual machine
User interface element– File menu, context Hosts, Virtual folders
menu, Summary tab - New Virtual Machine machine
links folders
Move Relocate a virtual machine in the hierarchy. VC only Datacenters, Virtual machines
Privilege must be present at both the source Clusters,
and destination. Hosts, Virtual
machine
User interface element – Inventory hierarchy
folders,
drag-and-drop in Virtual Machines &
Virtual
Templates view
machines
Register Add an existing virtual machine to a vCenter HC and VC Datacenters, Clusters, Hosts,
Server or host inventory. Clusters, Virtual machine
Hosts, Virtual folders
machine
folders
Remove Delete a virtual machine, removing its HC and VC Datacenters, Virtual machines
underlying files from disk. Clusters,
In order to have permission to perform this Hosts, Virtual
operation, you must have this privilege machine
assigned to both the object and its parent folders,
object. Virtual
machines
User interface element – File menu, context
menu, Summary tab
Unregister Unregister a virtual machine from a vCenter HC and VC Datacenters, Virtual machines
Server or host inventory. Clusters,
In order to have permission to perform this Hosts, Virtual
operation, you must have this privilege machines,
assigned to both the object and its parent virtual
object. machine
folders
Allow disk access Open a disk on a virtual machine for random n/a Datacenters, Virtual
read and write access. Used mostly for remote Hosts, machines
disk mounting. Clusters,
No user vSphere Client interface elements are Resource
associated with this privilege. pools, Virtual
machine
folders, Virtual
machines
Allow read-only disk Open a disk on a virtual machine for random n/a Datacenters, Virtual
access read access. Used mostly for remote disk Hosts, machines
mounting. Clusters,
No user vSphere Client interface elements are Resource
associated with this privilege. pools, Virtual
machine
folders, Virtual
machines
Allow virtual Read files associated with a virtual machine, HC and VC Datacenters, Root folders
machine download including vmx, disks, logs, and nvram. Hosts,
No user vSphere Client interface elements are Clusters,
associated with this privilege. Resource
pools, Virtual
machine
folders, Virtual
machines
Allow virtual Write files associated with a virtual machine, HC and VC Datacenters, Root folders
machine files upload including vmx, disks, logs, and nvram. Hosts,
No user vSphere Client interface elements are Clusters,
associated with this privilege. Resource
pools, Virtual
machine
folders, Virtual
machines
Clone virtual Clone an existing virtual machine and VC only Datacenters, Virtual
machine allocates resources. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Clone, context menu, Summary Resource
tab pools, Virtual
machine
folders, Virtual
machines
Create template from Create a new template from a virtual machine. VC only Datacenters, Virtual
virtual machine User interface element – Inventory > Virtual Hosts, machines
Machine > Template > Clone to Template, Clusters,
context menu, Summary tab items Resource
pools, Virtual
machine
folders, Virtual
machines
Deploy template Deploy a virtual machine from a template. VC only Datacenters, Templates
User interface element – “Deploy to template” Hosts,
File menu, context menu items, Virtual Clusters,
Machines tab Resource
pools, Virtual
machine
folders,
Templates
Mark as template Mark an existing, powered off virtual machine VC only Datacenters, Virtual
as a template. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Template > Convert to Template, Resource
context menu items, Virtual Machines tab, pools, Virtual
Summary tab machine
folders, Virtual
machines
Modify Create, modify, or delete customization VC only Root vCenter Root vCenter
customization specifications. Server Server
specification User interface element – Customization
Specifications Manager
Read customization View the customization specifications defined VC only Root vCenter Root vCenter
specification on the system. Server Server
User interface element – Edit > Customization
Specifications
Create snapshot Create a new snapshot from the virtual HC and VC Datacenters, Virtual machines
machine’s current state. Clusters,
User interface element – virtual machine Hosts,
context menu, toolbar button, Inventory > Resource
Virtual Machine > Snapshot > Take Snapshot pools, Virtual
machine
folders,
Virtual
machines
Remove Snapshot Remove a snapshot from the snapshot history. HC and VC Datacenters, Virtual machines
User interface element – virtual machine Clusters,
context menu, toolbar button, Inventory menu Hosts,
Resource
pools, Virtual
machine
folders,
Virtual
machines
Rename Snapshot Rename this snapshot with either a new name HC and VC Datacenters, Virtual machines
or a new description or both. Clusters,
No user vSphere Client interface elements are Hosts,
associated with this privilege. Resource
pools, Virtual
machine
folders,
Virtual
machines
Revert to snapshot Set the VM to the state it was in at a given HC and VC Datacenters, Virtual machines
snapshot. Clusters,
User interface element – virtual machine Hosts,
context menu, toolbar button, Inventory > Resource
Virtual Machine > Snapshot > Revert to pools, Virtual
Snapshot, Virtual Machines tab machine
folders,
Virtual
machines
NOTE Customization operations will fail if the correct version of sysprep tools is not found.
Ensure you download the correct version for the guest operating system that you want to customize.
Procedure
2 Navigate to the page that contains the download link to the version of the tools you want.
4 Open and expand the .cab file, using a tool such as Winzip.exe or another tool capable of reading Microsoft
CAB files.
The following System Preparation tools support directories were created during vCenter Server
installation:
C:\<ALLUSERSPROFILE>\Application Data\Vmware\VMware VirtualCenter\sysprep
...\1.1\
...\2k\
...\xp\
...\svr2003\
...\xp-64\
...\svr2003-64\
where <ALLUSERSPROFILE> is usually \Documents And Settings\All Users\. This is where vpxd.cfg is
also located.
After you have extracted the files from the .cab file, you should see:
...\<guest>\deptool.chm
...\<guest>\readme.txt
...\<guest>\setupcl.exe
...\<guest>\setupmgr.exe
...\<guest>\setupmgx.dll
...\<guest>\sysprep.exe
...\<guest>\unattend.doc
What to do next
You are now ready to customize a new virtual machine with a supported Windows guest operating system
when you clone an existing virtual machine.
Procedure
1 Insert the Windows operating system CD into the CD-ROM drive (often the D: drive).
3 Open and expand the DEPLOY.CAB file, using a tool such as Winzip.exe or another tool capable of reading
Microsoft CAB files.
4 Extract the files to the directory appropriate to your Sysprep guest operating system.
The following Sysprep support directories were created during vCenter Server installation:
C:\<ALLUSERSPROFILE>\Application Data\Vmware\VMware VirtualCenter\sysprep
...\1.1\
...\2k\
...\xp\
...\svr2003\
...\xp-64\
...\svr2003-64\
where <ALLUSERSPROFILE> is usually \Documents And Settings\All Users\. This is where vpxd.cfg is
also located.
After you have extracted the files from the .cab file, you should see:
...\<guest>\deptool.chm
...\<guest>\readme.txt
...\<guest>\setupcl.exe
...\<guest>\setupmgr.exe
...\<guest>\setupmgx.dll
...\<guest>\sysprep.exe
...\<guest>\unattend.doc
6 Repeat this procedure to extract Sysprep files for each of the Windows guest operating systems (Windows
2000, Windows XP, or Windows 2003) you plan to customize using vCenter Server.
What to do next
You are now ready to customize a new virtual machine with a supported Windows guest operating system
when you clone an existing virtual machine.
The performance metrics for VMware vSphere are organized into tables for each metric group: cluster services,
CPU, disk, management agent, memory, network, system, and virtual machine operations. Each table contains
the following information:
Label Indicates the name of the data counter as displayed in the APIs and advanced
performance charts. In some cases the labels are different in the overview
performance charts.
Stats Type Measurement used during the statistics interval. The Stats Type is related to
the unit of measurement and can be one of the following:
n Rate - Value over the current statistics interval.
n Delta - Change from previous statistics interval.
n Absolute - Absolute value, independent of the statistics interval .
Unit How the statistic quantity is measured across the collection interval, for
example, kiloBytes (KB) and kiloBytesPerSecond (KBps).
NOTE For some statistics, the value is converted before it is displayed in the
overview performance charts. For example, memory usage is displayed in
KiloBytes by the APIs and the advanced performance charts, but it is displayed
in MegaBytes in the overview performance charts.
Rollup Type Indicates the calculation method used during the statistics interval to roll up
data. Determines the type of statistical values that are returned for the counter.
For real-time data, the value shown is the current value. One of:
n Average - Data collected is averaged.
n Minimum - The minimum value collected is rolled up.
n Maximum - The maximum value collected is rolled up.
n Summation - Data collected is summed.
n Latest - Data collected is the most recent value.
Collection Level Indicates the minimum value to which the statistics collection level must be set
for the metric to be gathered during each collection interval. You can assign a
collection level of 1 to 4 to each collection interval enabled on your vCenter
Server, with 4 containing the most data counters.
VHRCD Indicates the entity for which the counter applies. One of:
n V – virtual machines
n H – hosts
n R – resource pools
n C – compute resources
n D – datastores
Calculations for all metrics listed in the data counter tables are for the duration of the data collection cycle.
Collection cycle durations are specified with the Statistics Collection Interval setting.
NOTE The availability of some data counters in the vSphere Client depends on the statistics Collection Level
set for the vCenter Server. The entire set of data counters are collected and available in vCenter Server. You
can use the vShpere Web Services SDK to query vCenter Server and get statistics for all counters. For more
information, see the VMware vSphere API Reference.
NOTE The cluster services metrics appear only in the advanced performance charts.
effectivecpu Effective CPU Total available CPU resources of all hosts within a cluster. ο ο ο •
Resources Effective CPU = Aggregate host CPU capacity – VMkernel CPU + Service
Console CPU + other service CPU)
n Stats Type: rate
n Unit: megaHertz
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/No
effectivemem Effective Total amount of machine memory of all hosts in the cluster that is ο ο ο •
Memory available for virtual machine memory (physical memory for use by the
Resources Guest OS) and virtual machine overhead memory.
Effective Memory = Aggregate host machine memory – (VMkernel
memory + Service Console memory + other service memory)
n Stats Type: absolute
n Unit: megaBytes
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/No
memfairness Memory Aggregate available memory resources of all hosts within a cluster. ο • ο ο
Fairness n Stats Type: absolute
n Unit: number
n Rollup Type: latest
n Collection Level: 1
n VC/ESX: Yes/No
CPU Metrics
The cpu metric group tracks CPU utilization for hosts, virtual machines, resource pools, and compute
resources.
NOTE The performance charts display a subset of the CPU data counters. The entire set is collected and available
in vCenter Server. You can use the vSphere Web Services SDK to query vCenter Server and get statistics for
those counters. For more information, see the VMware vSphere API Reference.
cpuentitlement Worst Case Allocation Amount of CPU resources allocated to the virtual machine • ο • ο
(virtual machine or resource pool based on the total cluster capacity and the
Resource Allocation resource configuration (reservations, shares, and limits) on
tab) the resource hierarchy.
cpuentitlement is computed based on an ideal scenario in
which all virtual machines are completely busy and the load
is perfectly balanced across all hosts.
This counter is for internal use only and is not useful for
performance monitoring.
n Stats Type: absolute
n Unit: megaHertz
n Rollup Type: latest
n Collection Level: 1
n VC/ESX: No/Yes
guaranteed CPU Guaranteed Not supported for ESX 4.x systems, except through vCenter • ο ο ο
Server. CPU time that is reserved for the entity. For virtual
machines, this measures CPU time that is reserved, per
virtual CPU (vCPU).
This counter has been deprecated and should not be used to
monitor performance.
n Stats Type: delta
n Unit: millisecond
n Rollup Type: latest
n Collection Level: 3
n VC/ESX: Yes/No
idle CPU Idle Total time that the CPU spent in an idle state (meaning that • ο ο ο
a virtual machine is not runnable). This counter represents
the variance, in milliseconds, during the interval.
n Stats Type: delta
n Unit: millisecond
n Rollup Type: summation
n Collection Level: 2
n VC/ESX: Yes/Yes
ready CPU Ready Percentage of time that the virtual machine was ready, but • ο ο ο
could not get scheduled to run on the physical CPU. CPU
ready time is dependent on the number of virtual machines
on the host and their CPU loads.
n Stats Type: delta
n Unit: millisecond
n Rollup Type: summation
n Collection Level: 3
n VC/ESX: Yes/Yes
reservedCapacity CPU Reserved Total CPU capacity reserved by the virtual machines. ο • ο •
Capacity n Stats Type: absolute
n Unit: megaHertz
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
system CPU System Amount of time spent on system processes on each virtual • ο ο ο
CPU in the virtual machine. This is the host view of the CPU
usage, not the guest operating system view.
n Stats Type: delta
n Unit: millisecond
n Rollup Type: summation
n Collection Level: 3
n VC/ESX: Yes/Yes
totalmhz CPU Total Total amount of CPU resources of all hosts in the cluster. The ο ο ο •
maximum value is equal to the frequency of the processors
multiplied by the number of cores.
totalmhz = CPU frequency × number of cores
For example, a cluster has two hosts, each of which has four
CPUs that are 3GHz each, and one virtual machine that has
two virtual CPUs.
VM totalmhz = 2 vCPUs × 3000MHz = 6000MHz
Host totalmhz = 4 CPUs × 3000MHz = 12000MHz
Cluster totalmhz = 2 x 4 × 3000MHz = 24000MHz
n Stats Type: rate
n Unit: megaHertz
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/Yes
usagemhz CPU Usage in MHz The amount of CPU used, in megahertz, during the interval. • • • •
Disk Metrics
The disk metric group tracks statistics for disk input/output (I/O) performance.
Disk I/O counters support metrics for both physical devices and virtual devices. A host reads data from a LUN
(logical unit number) associated with the physical storage media. A virtual machine reads data from a virtual
disk, which is the virtual hardware presented to the Guest OS running on the virtual machine. The virtual disk
is a file in VMDK format.
NOTE Some counters listed in Table C-3 subsume other counters. For example, kernelLatency includes both
queueReadLatency and queueWriteLatency and the disk usage statistic include both read and write statistics.
In addition, only a subset of the disk counters appear in the overview performance charts. To view all disk
data counters, use the advanced performance charts.
commands Disk Commands Number of SCSI commands issued during the collection • • ο ο
Issued interval.
n Stats Type: delta
n Unit: number
n Rollup Type: summation
n Collection Level: 2
n VC/ESX: Yes/Yes
commandsAborted Disk Command Number of SCSI commands aborted during the collection • • ο ο
Aborts interval.
n Stats Type: delta
n Unit: number
n Rollup Type: summation
n Collection Level: 2
n VC/ESX: Yes/Yes
deviceReadLatency Physical Device Average amount of time, in milliseconds, to complete read from • • ο ο
Read Latency the physical device.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
kernelReadLatency Kernel Disk Read Average amount of time, in milliseconds, spent by VMKernel • • ο ο
Latency processing each SCSI read command.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
kernelWriteLatency Kernel Disk Write Average amount of time, in milliseconds, spent by VMKernel • • ο ο
Latency processing each SCSI write command.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
maxTotalLatency Highest Disk Highest latency value across all disks used by the host. Latency ο • ο ο
Latency measures the time taken to process a SCSI command issued by
the guest OS to the virtual machine. The kernel latency is the
time VMkernel takes to process an IO request. The device
latency is the time it takes the hardware to handle the request.
Total latency = kernelLatency + deviceLatency
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/Yes
queueLatency Queue Command Average amount of time spent in the VMkernel queue, per SCSI • • ο ο
Latency command, during the collection interval.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
queueReadLatency Queue Read Average amount of time taken during the collection interval per • • ο ο
Latency SCSI read command in the VMKernel queue.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
queueWriteLatency Queue Write Average amount time taken during the collection interval per • • ο ο
Latency SCSI write command in the VMKernel queue.
n Stats Type: absolute
n Unit: millisecond
n Rollup Type: average
n Collection Level: 2
n VC/ESX: Yes/Yes
totalLatency Disk Command Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI command issued by the Guest OS to the virtual
machine. The sum of kernelLatency and deviceLatency.
n Stats Type: absolute
n Unit: millisecond
n Collection Level: 2
n Rollup Type: average
n VC/ESX: Yes/Yes
totalReadLatency Disk Read Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI read command issued from the Guest OS to the
virtual machine. The sum of kernelReadLatency and
deviceReadLatency.
n Stats Type: absolute
n Unit: millisecond
n Collection Level: 2
n Rollup Type: average
n VC/ESX: Yes/Yes
totalWriteLatency Disk Write Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI write command issued by the Guest OS to the
virtual machine. The sum of kernelWriteLatency and
deviceWriteLatency.
n Stats Type: absolute
n Unit: millisecond
n Collection Level: 2
n Rollup Type: average
n VC/ESX: Yes/Yes
usage Disk Usage Aggregated disk I/O rate. For hosts, this metric includes the • • ο ο
rates for all virtual machines running on the host during the
collection interval.
n Stats Type: kiloBytesPerSecond
n Unit: rate
n Collection Level: 1(4)
n Rollup Type: average (min/max)
n VC/ESX: Yes/Yes
NOTE The management agent metrics appear only in the advanced performance charts.
swapUsed Memory Sum of the memory swapped by all powered-on virtual machines on the ο • ο ο
Swap Used host.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average
n Collection Level: 3
swapIn Memory Amount of memory swapped in for the Service Console. Use this counter ο • ο ο
Swap In to determine whether to increase the amount of memory dedicated to the
service console.
n Stats Type: rate
n Unit: kiloBytesPerSecond
n Rollup Type: average
n Collection Level: 3
swapOut Memory Amount of memory swapped out for the Service Console. Use this counter ο • ο ο
Swap Out to determine whether to decrease the amount of memory dedicated to the
service console.
n Stats Type: rate
n Unit: kiloBytesPerSecond
n Rollup Type: average
n Collection Level: 3
Memory Metrics
The memory metric group tracks memory statistics for virtual machines, hosts, resource pools, and compute
resources.
Interpret the data counter definitions in the context of the entity to which it applies, as follows:
n For virtual machines, memory refers to guest physical memory. Guest physical memory is the amount of
physical memory presented as a virtual-hardware component to the virtual machine, at creation time, and
made available when the virtual machine is running.
n For hosts, memory refers to machine memory. Machine memory is the random-access memory (RAM)
that is actually installed in the hardware that comprises the ESX/ESXi host.
NOTE Only a subset of memory counters appear in the overview charts. To view all memory data counters,
use the advanced performance charts.
consumed Memory • • • •
VM Amount of guest physical memory
Consumed
consumed by the virtual machine for guest
memory. Consumed memory does not
include overhead memory. It includes
shared memory and memory that might be
reserved, but not actually used. It does not
include overhead memory.
vm consumed memory = memory granted -
memory saved due to memory sharing
granted Memory • • • •
VM The amount of guest physical memory that
Granted
is mapped to machine memory. Includes
shared memory amount. The amount of
guest physical memory currently mapped
to machine memory, including shared
memory, but excluding overhead.
heap Memory Heap Amount of VMkernel virtual address space dedicated to VMkernel ο • ο ο
main heap and related data.
This counter is for internal use only and is not useful for
performance monitoring.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 2(4)
heapfree Memory Heap Amount of free address space in the VMkernel’s main heap. Heap • ο ο ο
Free Free varies, depending on the number of physical devices and
various configuration options. There is no direct way for the user
to increase or decrease this statistic.
This counter is for internal use only and is not useful for
performance monitoring.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 2(4)
mementitlement Worst Case Memory allocation as calculated by the VMkernel scheduler based ο • ο ο
Allocation on current estimated demand, and the reservation, limit, and
(virtual shares policies set for all virtual machines and resource pools in
machine the host or cluster.
Resource This counter is for internal use only and is not useful for
Allocation tab) performance monitoring.
n Stats Type: absolute
n Unit: megaBytes
n Rollup Type: latest
n Collection Level: 1
memUsed Memory Used Amount of used memory. Sum of the memory used by all powered ο • ο ο
on virtual machines and vSphere services on the host.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 3
shared Memory • • ο ο
VM Amount of guest physical memory that is
Shared
shared with other virtual machines
(through the VMkernel’s transparent page-
sharing mechanism, a RAM de-duplication
technique). The value of shared includes the
size of the zero memory area.
state Memory State Amount of free machine memory on the host. VMkernel has four • • ο ο
free-memory thresholds that affect the mechanisms used for
memory reclamation.
swapin Memory Swap Amount of memory that has been swapped in to memory from • • ο ο
In disk.
swapinRate Memory Swap Rate at which memory is swapped from disk into active memory • • ο ο
In Rate during the current interval. This counter applies to virtual
machines and is generally more useful than the swapin counter to
determine if the virtual machine is running slow due to swapping,
especially when looking at real-time statistics.
n Stats Type: rate
n Unit: kiloBytesPerSecond
n Rollup Type: average (min/max)
n Collection Level: 1(4)
swapout Memory Swap Amount of memory that has been swapped out to disk. • • ο ο
Out
VM Total amount of memory data that has been
written out to the virtual machine’s swap
file from machine memory by the
VMkernel. This statistic refers to VMkernel
swapping and not to guest OS swapping.
swapoutRate Memory Swap Rate at which memory is being swapped from active memory to • • ο ο
Out Rate disk during the current interval. This counter applies to virtual
machines and is generally more useful than the swapout counter
to determine if the virtual machine is running slow due to
swapping, especially when looking at real-time statistics.
n Stats Type: rate
n Unit: kiloBytesPerSecond
n Rollup Type: average (min/max)
n Collection Level: 1(4)
swapped Memory Current amount of guest physical memory swapped out to the • ο ο ο
Swapped virtual machine’s swap file by the VMkernel. Swapped memory
stays on disk until the virtual machine needs it. This statistic refers
to VMkernel swapping and not to guest OS swapping.
swapped = swapin +swapout
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 2(4)
swapused Memory Swap Amount of memory that is used by swap. Sum of Memory ο • • •
Used Swapped of all powered on virtual machines and vSphere services
on the host.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 1(4)
sysUsage Memory Used Amount of memory used by the VMkernel. Amount of machine • • • •
by VMkernel memory used by the VMkernel for “core” functionality (such as its
own internal uses, device drivers, etc). It does not include memory
used by VMs or by vSphere services.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: average (min/max)
n Collection Level: 2(4)
totalmb Memory Total Total amount of machine memory of all hosts in the cluster that is ο ο ο •
available for virtual machine memory (physical memory for use
by the Guest OS) and virtual machine overhead memory.
Memory Total = Aggregate host machine memory - (VMkernel
memory + Service Console memory + other service memory)
n Stats Type: absolute
n Unit: megaBytes
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/No
zero Memory Zero Amount of memory that is zeroed out (contains only 0s). This • • ο ο
statistic is included in Memory Shared.
Network Metrics
The network metric group tracks network utilization for both physical and virtual NICs (network interface
controllers) and other network devices, such as the virtual switches (vSwitch), that support connectivity among
all vSphere components (virtual machines, VMkernel, host, and so on).
droppedRx droppedRx Number of receive packets dropped during the collection interval. • • ο ο
n Stats Type: delta
n Unit: number
n Rollup Type: summation
n Collection Level: 2
droppedTx droppedTx Number of transmit packets dropped during the collection interval. • • ο ο
n Stats Type: delta
n Unit: number
n Rollup Type: summation
n Collection Level: 2
received Network Data Average rate at which data was received during the collection interval. • • ο ο
Receive Rate This represents the bandwidth of the network.
transmitted Network Data Average rate at which data was transmitted during the collection interval. • • ο ο
Transmit Rate This represents the bandwidth of the network.
usage Network Sum of the data transmitted and received during the collection interval. • • ο ο
Usage
VM Sum of data transmitted and received across all
virtual NIC instances connected to the virtual
machine.
A datastore provides an abstraction of the underlying LUNs (logical unit numbers), which provide the actual
physical storage. Storage is made-up of various files on the server, including swapfiles, virtual disk files,
snapshot files, configuration files, and log files. The file type is used for the instance property of the metric ID.
The storage utilization counters measure various aspects of datastore space. Data counters that measure an
aggregate amount take into account the entire datastore.
Legend:
n D = Datastores
n V = Virtual Machines
n F = Filetypes
provisioned Allocated Amount of physical space allocated by an administrator for the datastore. • • ο
Provisioned space is not always in use; it is the storage size up to which
files on a datastore or virtual machine can grow. Files cannot expand
beyond this size.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: latest
n Collection Level: 1
unshared Not-shared Amount of datastore space that belongs only to the virtual machine and is • • ο
not shared with other virtual machines. Only unshared space is guaranteed
to be reclaimed for the virtual machine if, for example, it is moved to a
different datastore and then back again. The value is an aggregate of all
unshared space for the virtual machine, across all datastores.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: latest
n Collection Level: 1
used Used Amount of space actually used by a virtual machine or a datastore. The • • •
used amount can be less than the amount provisioned at any given time,
depending on whether the virtual machine is powered-off, whether
snapshots have been created, and other such factors.
n Stats Type: absolute
n Unit: kiloBytes
n Rollup Type: latest
n Collection Level: 1
System Metrics
The system metric group tracks statistics for overall system availability. These counters are available directly
from ESX and from vCenter Server.
NOTE The system metrics appear only in the advanced performance charts, and only for hosts and virtual
machines.
resourceCpuUsage Resource CPU Usage Amount of CPU used during the interval by the Service • • ο ο
Console and other applications.
n Stats Type: rate
n Unit: megaHertz
n Rollup Type: average
n Collection Level: 3(4)
NOTE The vmops metrics appear only in the advanced performance charts.
numChangeDS VM datastore change Number of datastore change operations for powered-off and suspended
count (non-powered- virtual machines.
on VMs) n Stats Type: absolute
n Unit: number
n Rollup Type: latest
n Collection Level: 1
numChangeHost VM host change count Number of host change operations for powered-off and suspended
(non-powered-on VMs.
VMs) n Stats Type: absolute
n Unit: number
n Rollup Type: latest
n Collection Level: 1
numChangeHostDS VM host and Number of host and datastore change operations for powered-off and
datastore change suspended virtual machines.
count (non-powered- n Stats Type: absolute
on VMs) n Unit: number
n Rollup Type: latest
n Collection Level: 1
numPoweroff VM power off count Number of virtual machine power off operations.
n Stats Type: absolute
n Unit: number
n Rollup Type: latest
n Collection Level: 1
numSVMotion Storage VMotion Number of migrations with Storage VMotion (datastore change
count operations for powered-on virtual machines).
n Stats Type: absolute
n Unit: number
n Collection Level: 1
n Rollup Type: latest
numVMotion VMotion count Number of migrations with VMotion (host change operations for
powered-on virtual machines).
n Stats Type: absolute
n Unit: number
n Collection Level: 1
n Rollup Type: latest
A creating 251
access definition 17
permissions 213 disabling 256
privileges 297 disabling actions 259
access privileges components 21 exporting alarm definitions 256
Active Directory, vCenter Server settings 48 general settings 252
Active Directory Application Mode 31 identifying triggered alarms 257
Active Directory Timeout 223 managing 255
active sessions, send messages 50 managing actions 259
ADAM 31 preconfigured vSphere alarms 262
adapters privileges 298
Ethernet 145, 162 removing 257
paravirtual SCSI 118, 164, 165 reporting settings 255
SCSI 119 resetting triggered event alarms 257
Add Hardware wizard 159 setting up triggers 253
adding, hosts 78, 79 SMTP settings 248
admin option, definition 17
SNMP traps 247
advanced search 42
triggering on events 292
alarm action scripts, environment variables 249
triggers 236
alarm actions
about disabling 247 viewing 40, 258
disabled, identifying 259 viewing triggered alarms 258
analysis
disabling 259
confidence metric 95
email notification 49, 262
guided consolidation 94
enabling 259
annotations 43
removing 260
run a command 260 B
running scripts 249 baselines, security 21
substitution parameters 250 best practices
alarm triggers groups 213
condition-state components 237
permissions 224
condition/state triggers 237
roles 224
datastore conditions/states 240
users 213
event 241
boot settings 152
event trigger components 241
BusLogic 119
host conditions/states 239
setting for conditions/states 253 C
setting for events 254 cable/interconnect, health monitoring 83
virtual machine conditions/states 238 charts
alarms customizing advanced charts 275
about 235 exporting data 275
acknowledging triggered alarms 255 saving data to a file 275
actions 246 clones, concept 167
alarm reporting 251 cloning
changing 255 templates 167, 169
datastores ESX
about 15, 19 configuring SNMP 51
condition/state alarm triggers 240 shut down 26
event triggers 243 ESX/ESXi
performance 281 about 15
privileges 299 adding to vCenter Server 78
relocate virtual machine files 195 diagram 135
select 117 hosts 77
deploying, OVF templates 101 manage 135
DHCP 29 rebooting 25
DHCP settings 112 shutdown 25
diagnostic data syslog service 68
export 66 ESX/ESXi hosts, start 25
exporting 68 ESXi, configuring SNMP 51
diagnostics, SNMP 65 Ethernet adapters 145, 162
Directory Services 34 EVC
disk formats configuring 193
thick provisioned 120 creating a cluster 191
thin provisioned 120 enabling on a cluster 192
disk I/O, performance 278 requirements 190
disk metrics 337 supported processors 190
disk resizing 95 EVC mode 193
disks event triggers
clustering features 120 clusters 244
format 166 datacenters 244
independent 205 datastores 243
modes 163 dvPort groups 245
resources 158 hosts 243
sharing 120 networks 245
thin vs. thick 168 virtual machines 242
think vs. thick 169 vNetwork distributed switch 245
virtual 119, 120 events
distributed virtual port groups, privileges 300 about 290
distribution groups, Active Directory 212 about viewing 290
DNS 35 definition 17
DNS settings, networks, DNS settings 112 exporting 292
Do Not Create A Disk option 121 filtering for hosts and datacenters 291
domain, changing for vCenter Server 34 filtering using keywords 291
domain controller 35 viewing 290
domains, active 94 exporting
DVD/CD-ROM,, See optical drives diagnostic data 68
dvPorts, event triggers 245 lists 43
logs 68
E OVF templates 101, 104
e1000 162 vCenter Server data 46
editing vApp properties 108 extensions
privileges 302
email notification, setting up 49, 262
troubleshooting 46
Enhanced VMotion Compatibility, See EVC
enhanced vmxnet 162
F
environment variables, alarm actions 249 fans, monitoring 83
error logs, VMkernel 70
Fibre Channel NPIV 150, 152
filtering, lists 43
diagram 135 W
logging in 27 watchdog, health monitoring 83
logging out 28 Web Service, vCenter Server settings 48
logs 66 Windows, guest operating system
customization 175
panels 40
WWN 152
printing data 46
WYSE, install 132, 133
sessions 49, 50
WYSE multimedia 132
starting 27
stop 28
X
vSphere Web Access
logging in 28 X terminal 124
logging out 28 XD 189
VWS 34, 35
EN-000128-01
vSphere Web Access Administrator's Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2008, 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 5
VMware, Inc. 3
vSphere Web Access Administrator's Guide
Index 67
4 VMware, Inc.
Updated Information
This vSphere Web Access Administrator's Guide is updated with each release of the product or when necessary.
This table provides the update history of the vSphere Web Access Administrator's Guide.
Revision Description
EN-000128-01 n The topic “Add a USB Controller to the New Virtual Machine,” on page 23 now
states that connected USB devices cannot be used in a virtual machine.
n In topic “Modify a Network Adapter,” on page 39, step 2 now states selecting a
network from the drop-down menu as the only option for configuring a network.
n Minor revisions in topic “Change Virtual Machine Settings Associated with the
Host,” on page 44.
n Topic “Adding a Virtual Hard Disk,” on page 49 now mentions local and remote
VMFS SANs as possible datastore locations.
n The topic “Add a Named Pipe Serial Port,” on page 53 now mentions Windows
and Linux guests.
n The topic “Add a Passthrough SCSI Device,” on page 54 now mentions Windows
and Linux guests.
n The topic “Add a USB Controller,” on page 55 now states that connected USB
devices cannot be used in a virtual machine.
VMware, Inc. 5
vSphere Web Access Administrator's Guide
6 VMware, Inc.
About This Book
This documentation provides information on how to create, configure, and manage virtual machines for
® ® ®
VMware ESX and VMware vCenter Server by using VMware vSphere Web Access.
Intended Audience
This book is intended for anyone who wants to install, upgrade, or use ESX. The information in this book is
written for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
VMware, Inc. 7
vSphere Web Access Administrator's Guide
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
8 VMware, Inc.
Introducing VMware vSphere Web
Access 1
®
VMware vSphere Web Access is a browser-based application. You use it to manage virtual machines on ESX
and vCenter Server deployments. You can use vSphere Web Access to give users access to the settings and
guest operating systems of virtual machines.
vSphere Web Access is intended for anyone who performs the following aspects of virtual machine
management:
n System administrators who need to access virtual machines without a vSphere Client.
n People who use virtual machines as remote desktops.
n vSphere administrators who need to interact with virtual machines remotely.
The vSphere Web Access interface provides an overview of all of the virtual machines on an ESX host and
vCenter Server. To manage virtual machines with vSphere Web Access, you can perform the following tasks:
n Use a browser to view hosts and virtual machine details.
n Perform power operations on virtual machines.
n Edit a virtual machine’s configuration and hardware.
n Generate VMware Remote Console URLs that users can use to access their virtual machines.
n Interact with the guest operating systems that are running on the virtual machines.
n Access ESX hosts and vCenter Servers from Linux systems.
vSphere Web Access focuses on virtual machine management and does not offer the full range of administrative
tasks available through the vSphere Client.
VMware, Inc. 9
vSphere Web Access Administrator's Guide
You can run vSphere Web Access on any system with a basic hardware configuration that has either a Windows
or a Linux operating system installed. You must use Internet Explorer or Mozilla Firefox to run vSphere Web
Access.
Hardware Requirements
You can run vSphere Web Access on any system that meets the minimum hardware requirements.
You must have the following minimum hardware requirements to run vSphere Web Access:
n Standard x86-based computer
n 266MHz processor (500MHz or more recommended)
n 128MB RAM (256MB or more recommended)
n 20MB (for Windows hosts) or 10MB (for Linux hosts) free disk space to install the VMware Remote Console
browser plug-in
Table 1-1 lists the supported Windows versions and Linux requirements.
10 VMware, Inc.
Chapter 1 Introducing VMware vSphere Web Access
Windows n Microsoft Windows 2003 Web Edition Service Pack 1, Windows 2003 Standard Edition
Service Pack 1, or Windows Server 2003 Enterprise Edition Service Pack 1
n Windows XP Professional Service Pack 3 or Windows XP Home Edition Service Pack 2
n Microsoft Windows 2000 Professional Service Pack 4, Windows 2000 Server Service Pack
4, or Windows 2000 Advanced Server Service Pack 4
Browser Requirements
You can use Microsoft Internet Explorer and Mozilla Firefox Web browsers to run vSphere Web Access.
VMware has certified vSphere Web Access with the following browsers. Other browsers are not, however,
actively excluded. For additional requirements, see your browser vendor's documentation. Your browser must
include all security and stability updates that the vendor recommends.
n Internet Explorer 6.0, 7.0, or later for Microsoft Windows
n Mozilla Firefox 2.0, 3.0, or later for Microsoft Windows
n Mozilla Firefox 2.0, 3.0, or later for Linux
VMware, Inc. 11
vSphere Web Access Administrator's Guide
12 VMware, Inc.
Getting Started with vSphere Web
Access 2
The vSphere Web Access service is installed when you install ESX 4.0 or vCenter Server 4.0, but is not running
by default. Before you log in and start managing virtual machines, you must start the vSphere Web Access
service on your ESX or vCenter Server instance.
Prerequisites
You must have root privileges to check the status and run the vSphere Web Access service.
Procedure
2 Type the command to check whether the Web Access service is running.
3 (Optional) If vSphere Web Access is not running, type the command to start Web Access.
What to do next
You can now use vSphere Web Access to log in to the ESX host.
VMware, Inc. 13
vSphere Web Access Administrator's Guide
Prerequisites
Procedure
3 Locate VMware VirtualCenter Management Webservices on the list and check whether the service is
running.
4 If the service is not running, right-click VMware VirtualCenter Management Webservices and select
Start.
What to do next
You can now use vSphere Web Access to log in to vCenter Server.
Prerequisites
Before you connect to vSphere Web Access, make sure that the vSphere Web Access service is running. You
must also have a compatible Web browser as well as access rights to the ESX host or vCenter Server.
Make sure that your Web proxy supports IPv6 addresses before you use vSphere Web Access to connect to an
ESX host or vCenter Server with an IPv6 address.
Procedure
2 Enter the URL of your ESX host or your vCenter Server installation.
3 In the Log In window, enter your user name and password and click Log In.
IMPORTANT If you have a pop-up blocker enabled, a message appears that says a pop-up blocker was
detected. Disable your pop-up blocker to use client devices.
Procedure
u In the window or tab where vSphere Web Access is running, click Log Out in the upper-right corner.
You are logged out and the connection with the ESX host or vCenter Server is closed.
14 VMware, Inc.
Managing Virtual Machines with
vSphere Web Access 3
You can use vSphere Web Access to add, create, and delete virtual machines. You can also install a guest
operating system and VMware Tools, and create virtual machine shortcuts for virtual machine users.
Procedure
1 In the Menu toolbar, select Virtual Machine > Add Virtual Machine To Inventory.
2 Browse for the .vmx file of the virtual machine to add and click OK.
What to do next
You can now power on the virtual machine and use the guest operating system.
VMware, Inc. 15
vSphere Web Access Administrator's Guide
Prerequisites
You must connect to an ESX host to use the Create Virtual Machine wizard.
In the Menu toolbar, select Virtual Machine > Create Virtual Machine to start the Create Virtual Machine
wizard.
Procedure
1 Specify a Name and a Location for the New Virtual Machine on page 17
You can name the new virtual machine. You can also select the datastore in which to save virtual machine
files.
2 Select a Guest Operating System for the New Virtual Machine on page 17
You can select the type of guest operating system to install on the new virtual machine. Examples include
Windows, Novel Netware, Solaris, Linux, and other operating systems.
What to do next
You can now power on the virtual machine and start using the guest operating system by starting the VMware
Remote Console.
16 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Procedure
1 On the Name and Location page, enter the virtual machine name in the Name field.
2 Select the datastore to save the virtual machine files and click Next.
The assigned name of the virtual machine appears in the Inventory panel when you are finished configuring
the machine.
Procedure
1 On the Guest Operating System page, select the type of operating system from the Operating System list.
3 (Optional) Click Product Compatibility and select the hardware version to use for the new virtual
machine.
4 Click Next.
The maximum amount of memory per virtual machine is 255GB for hardware version 7.0.
Procedure
1 In the Processors section on the Memory and Processors page, allocate memory for the virtual machine.
Option Description
Enter Custom Memory Amount Enter an amount of memory in the Size field.
IMPORTANT Do not enter a value lower than the recommended minimum.
This could prevent the guest operating system from running.
VMware, Inc. 17
vSphere Web Access Administrator's Guide
Option Description
Recommended Minimum Allocates the minimum memory size that VMware recommends.
Recommended Maximum Allocates the maximum memory size that VMware recommends.
2 In the Processors section, select the number of processors to use in the Count drop-down menu.
IMPORTANT VMware recommends that you do not reconfigure the number of processors after you install
the guest operating system.
3 Click Next.
Procedure
u On the Hard Disk page, select to create a new virtual disk or use an existing one.
Option Action
Create a New Virtual Disk Adds a blank disk to the virtual machine.
Use an Existing Virtual Disk Reuses or shares a hard disk from another virtual machine.
Don't Add a Hard Disk Skips the step of adding a hard disk.
The Properties page appears. If you selected to not add a hard disk, the Network Adapter page appears.
Procedure
1 On the Hard Disk page, click Create a New Virtual Disk to customize it.
2 On the Properties page, enter the capacity of the new virtual disk in the Capacity text box.
You can specify the capacity in megabytes or gigabytes by selecting MB or GB from the drop-down menu.
NOTE Set the maximum size of the disk to a value between 1MB and 2047GB. You can set the virtual disk
size to 2047GB only when the block size of the file system is set to 8MB. For more information about block
size and maximum file values, see Configuration Maximums for VMware vSphere 4.0.
3 To specify a different location for the new virtual disk, click Browse in the Location field.
18 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
4 To run the disk in independent mode, click Disk Mode, select Independent, and click the appropriate
option.
Option Action
Persistent Disks in persistent mode behave like conventional disks on your physical
computer. All data written to a disk in persistent mode is written
permanently to the disk.
Nonpersistent Changes to disks in nonpersistent mode are discarded when you power off
or reset the virtual machine. Nonpersistent mode enables you to restart the
virtual machine with a virtual disk in the same state every time. Changes to
the disk are written to and read from a redo log file that is deleted when you
power off or reset.
5 To specify the adapter type and a device node for the virtual disk, click Virtual Device Node.
6 To change the write caching policies for the virtual disk, click Policies and select the appropriate option.
Option Action
Optimize for safety Saves all changes to the virtual disk before notifying the system.
Optimize for performance Acknowledges changes to the virtual disk immediately, but saves them at a
later time.
7 Click Next.
The virtual disk is now configured and added to the hardware of the virtual machine.
Procedure
1 On the Hard Disk page, click Use an Existing Virtual Disk to customize it.
3 To run the disk in independent mode, click Disk Mode, select Independent, and click the appropriate
option.
Option Action
Persistent Disks in persistent mode behave like conventional disks on your physical
computer. All data written to a disk in persistent mode is written
permanently to the disk.
Nonpersistent Changes to disks in nonpersistent mode are discarded when you power off
or reset the virtual machine. Nonpersistent mode enables you to restart the
virtual machine with a virtual disk in the same state every time. Changes to
the disk are written to and read from a redo log file that is deleted when you
power off or reset.
4 To specify the adapter type and a device node for the virtual disk, click Virtual Device Node.
VMware, Inc. 19
vSphere Web Access Administrator's Guide
5 To change the write caching policies for the virtual disk, click Policies and select the appropriate option.
Option Action
Optimize for safety Saves all changes to the virtual disk before notifying the system.
Optimize for performance Acknowledges changes to the virtual disk immediately, but saves them at a
later time.
6 Click Next.
Prerequisites
Before you add a network adapter, make sure that your ESX host has port groups configured to which the
virtual machine can connect.
Procedure
2 On the Properties page, select the virtual network to connect to from the Network Connection drop-down
menu.
3 To connect the network adapter to the network when you power on the virtual machine, select the Connect
at Power On check box.
4 Click Next.
The network adapter is now configured and is added to the virtual machine hardware.
Procedure
u On the CD/DVD Drive page, select to use a physical drive or an ISO image for the new CD or DVD drive.
Option Action
Use a Physical Drive Uses a physical CD or DVD drive on the host system.
Use an ISO Image Uses an ISO image file located on the host file system for the new device.
Don't Add a CD/DVD Drive Skips the step of adding a CD or DVD drive.
The Properties page appears. If you are not adding a CD or DVD drive, the Floppy Drive page appears.
A virtual CD or DVD drive is associated with a specific SCSI or IDE device node. The type of device does not
have to match the type of device on the host. You can configure an IDE CD or DVD drive on the host as a
virtual SCSI CD or DVD drive. You can configure a SCSI CD or DVD drive on the host as a virtual IDE CD or
DVD drive. To burn disks with the drive, match the bus types with the physical drive so that they are both
IDE or SCSI.
To boot from a virtual CD/DVD drive, you must configure it as an IDE drive.
20 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Prerequisites
You must have a disk in the drive that you select to access the media.
Procedure
1 On the CD/DVD Drive page, select Use a Physical Drive to customize the drive.
2 On the Properties page, select the physical CD or DVD drive to use from the Host CD/DVD Drive drop-
down menu.
3 To connect the new virtual CD or DVD drive when you power on the virtual machine, select the Connect
at Power On check box.
This option is selected by default.
4 To specify the adapter type and a device node for the virtual disk, click Virtual Device Node.
5 Click Next.
To boot from a virtual CD/DVD drive, you must configure it as an IDE drive.
Procedure
2 On the Properties page, click Browse to locate the ISO image to use for the virtual CD or DVD drive.
3 To connect the new virtual CD or DVD drive when you power on the virtual machine, select the Connect
at Power On check box.
5 Click Next.
VMware, Inc. 21
vSphere Web Access Administrator's Guide
Procedure
u On the Floppy Drive page, select to use a physical drive or a floppy image for the new floppy drive.
Option Action
Use a Physical Drive Uses a physical floppy drive on the host.
Use a Floppy Image Uses a floppy image stored on the host file system.
Create a New Floppy Image Creates a new floppy image and uses it for the new virtual drive.
Don't Add a Floppy Drive Skips the step of adding a floppy drive.
The Properties page for the new floppy drive appears. If you are not adding a floppy drive, the USB Controller
page appears.
Prerequisites
To access the media, you must have a floppy disk in the drive that you select.
Procedure
1 On the Floppy Drive page, select Use a Physical Drive to customize the drive.
2 On the Properties page, select an available floppy drive from the Host Floppy Drive drop-down menu.
3 To connect the new virtual floppy drive when you power on the virtual machine, select the Connect at
Power On check box.
4 Click Next.
Procedure
1 On the Floppy Drive page, you must select Use a Floppy Image.
3 To mount the floppy drive image when you power on the virtual machine, select the Connect at Power On
check box.
4 Click Next.
The floppy drive image is mounted when you start the guest operating system for the first time.
22 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Procedure
1 On the Floppy Drive page, you must select Create a New Floppy Image.
2 On the Properties page, click Browse to specify a location for the new floppy drive image.
3 To connect the new virtual floppy drive when you power on the virtual machine, select the Connect at
Power On check box.
4 Click Next.
The floppy drive image is mounted when you start the guest operating system for the first time.
Procedure
u On the USB Controller page, select whether to add a USB controller to the virtual machine.
Option Action
Add a USB Controller Adds a USB controller to the hardware configuration of the virtual machine
Don't Add a USB Controller Skips the step of adding a USB controller
Procedure
Option Description
Hard Disk Adds a hard disk.
Network Adapter Adds a network adapter.
CD/DVD Drive Adds a CD or DVD drive.
Floppy Drive Adds a floppy drive.
Serial Port Adds a serial port.
Parallel Port Adds a parallel port.
Passthrough SCSI Device Adds a SCSI device.
USB Controller Unavailable if you already added a USB controller.
3 To power on the virtual machine after you complete the wizard, select the Power on your new virtual
machine now check box.
4 To create the virtual machine with the listed hardware components, click Finish.
The new virtual machine is added to the list of virtual machines on the ESX host.
VMware, Inc. 23
vSphere Web Access Administrator's Guide
IMPORTANT Do not install a 64-bit operating system after you select a 32-bit guest operating system type.
In some host configurations, the virtual machine cannot boot from the installation CD. In this case, you can
create an ISO image from the installation CD and install from the ISO image.
If you are using a PXE server to install the guest operating system over a network connection, you do not need
the operating system installation media. When you power on the virtual machine, the virtual machine detects
the PXE server.
For information about your specific guest operating system, see the Guest Operating System Installation Guide.
Prerequisites
Before you begin, you must add a CD or DVD drive to the virtual machine. The CD or DVD drive must use
the installation CD or an ISO image with the guest operating system.
If you are replacing an operating system, click Configure VM in the Commands section on the Summary tab
to change the guest operating system for the virtual machine.
Procedure
4 Click the Console tab to use the VMware Remote Console to complete the guest operating system
installation.
5 (Optional) To change the boot order of the disk devices in the virtual machine BIOS, press F2 when
prompted during the virtual machine startup.
7 (Optional) If you are using an ISO image that spans multiple files, you are prompted to insert the next
CD.
b In the Hardware section, click the CD/DVD drive’s icon and select Edit.
c In the Connection section, click Browse to locate the next ISO image file and click OK.
e In the guest operating system, click OK or respond to the prompt so that the installation can continue.
What to do next
Install VMware Tools, as described in “Install VMware Tools on the Guest Operating System,” on page 28.
24 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
VMware Remote Console is a browser plug-in that you can use with Microsoft Internet Explorer and Mozilla
Firefox.
VMware Remote Console opens in a separate window. You can keep VMware Remote Console running even
if you close your browser. You can open more than one console to interact with the operating systems of several
virtual machines at the same time.
Prerequisites
To install the plug-in, vSphere Web Access must be running on vCenter Server or on the ESX host to which
you are connecting.
You must have administrator privileges to install the VMware Remote Console plug-in.
Make sure that Mozilla Firefox allows pop-up windows during the installation.
Procedure
https://<vmwarehost.yourdomain.com>/ui
2 Log in to vSphere Web Access using the user name and password for the host to which you are connecting.
What to do next
You can use Mozilla Firefox to open VMware Remote Console and use the guest operating system of a virtual
machine.
Prerequisites
To install the plug-in, vSphere Web Access must be running on vCenter Server or on the ESX host to which
you are connecting.
You must have administrator privileges to install the VMware Remote Console plug-in.
VMware, Inc. 25
vSphere Web Access Administrator's Guide
Procedure
https://<vmwarehost.yourdomain.com>/ui
2 Log in to vSphere Web Access using the user name and password for the host to which you are connecting.
3 Select a virtual machine from the Inventory panel.
The File Download - Security Warning window appears and asks if you want to run or save the file.
6 Click Run and on the Internet Explorer - Security Warning window click Run again.
The VMware Remote Console plug-in for Internet Explorer is now installed.
What to do next
You can use Internet Explorer to open VMware Remote Console to use the guest operating system of a virtual
machine.
Procedure
What to do next
You can now work with the guest operating system of the selected virtual machine by clicking in the VMware
Remote Console window.
Procedure
u Select one of the following options to customize the appearance of the VMware Remote Console.
Option Action
Run Your Virtual Machine in Full On the VMware Remote Console window, click Maximize.
Screen Mode
Hide the VMware Remote Console On the VMware Remote Console toolbar, click the pushpin so that it is in a
Toolbar horizontal position.
26 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Option Action
Make the VMware Remote Console Move the pointer to the top of the screen and click the pushpin at the end of
Toolbar Always Visible the toolbar so that it is in a diagonal position.
Run a Virtual Machine in a Separate While the VMware Remote Console is in full screen mode, press Ctrl+Alt to
Window switch back to a separate window.
Several virtual machines can use a single drive at the same time. To eject the disk from the physical drive, you
must first disconnect the drive from all virtual machines that are using it.
Prerequisites
In Linux, make sure that the device you are connecting to is not mounted or in use.
Procedure
1 In the VMware Remote Console window, select Devices > <Device Name> > Connect to
<path_to_device>.
2 Insert the disk media in the client device and access it from the guest operating system.
Prerequisites
In Linux, make sure that the image device files that you use are not mounted or in use.
Procedure
1 In the VMware Remote Console window, select Devices > <Device Name> > Connect to Disk Image
File.
2 In the Choose Image dialog box, browse for the .iso or .flp file to connect to the virtual machine.
When you quit VMware Remote Console, your virtual machine remains powered-on.
Procedure
u In the VMware Remote Console window, select VMware Remote Console > Disconnect and Exit.
VMware, Inc. 27
vSphere Web Access Administrator's Guide
Procedure
u Select an option to troubleshoot a specific virtual machine issue.
Option Action
View the Virtual Machine Message In the VMware Remote Console window, select VMware Remote Console >
Log Troubleshoot > Message Log.
Send Ctrl+Alt+Delete to the Guest In the VMware Remote Console window, select VMware Remote Console >
Operating System Troubleshoot > Send Ctrl+Alt+Del.
Reset Your Virtual Machine In the VMware Remote Console window, select VMware Remote Console >
Troubleshoot > Reset.
Suspend and Exit Your Virtual In the VMware Remote Console window, select VMware Remote Console >
Machine Troubleshoot > Suspend and Exit.
Power Off and Exit Your Virtual In the VMware Remote Console window, select VMware Remote Console >
Machine Troubleshoot > Power Off and Exit.
Ctrl+Alt n Transfers mouse and keyboard input from the virtual machine to the local machine
n Switches from full screen mode to running the VMware Remote Console in a separate window
Ctrl+G Transfers mouse and keyboard input from the local machine to the virtual machine
Ctrl+Alt+Enter Switches between full screen mode and running VMware Remote Console in a separate window
Procedure
2 In the Status section of the virtual machine’s Summary tab, select Install VMware Tools.
3 (Optional) To automatically check for updates of VMware Tools every time the virtual machine is powered
on, select the Upgrade VMware Tools automatically check box in the Install VMware Tools window.
28 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
vSphere Web Access connects the virtual machine’s CD drive to an installation file on the ESX host machine
or vCenter Server. If autorun is enabled in your guest operating system (the default setting for Windows
operating systems), a dialog box appears asking if you want to install VMware Tools.
5 Click the Console tab and use the guest operating system to complete the installation.
Procedure
1 In the Status section of the virtual machine's Summary tab, click Upgrade VMware Tools.
2 In the Upgrade VMware Tools window, select an option and click Upgrade.
Option Action
Automatic VMware Tools Upgrade Upgrades VMware Tools automatically without user interaction.
Interactive VMware Tools Upgrade Allows you to select the VMware Tools components to install.
n If you selected an automatic upgrade, the installation program installs VMware Tools and might
reboot the guest operating system.
n If you selected an interactive upgrade, the installation program mounts the VMware Tools image file
in the guest operating system virtual CD/DVD drive.
3 (Optional) If you selected Interactive VMware Tools Upgrade, in the guest operating system, open the
CD/DVD drive and follow the VMware Tools installation instructions to complete the upgrade process.
Prerequisites
In Windows Vista, you must log in as an administrator to open the VMware Tools Control Panel.
Procedure
1 In the guest operating system, select Start > Settings > Control Panel.
3 To change the VMware Tools properties, use the tabs in this dialog box.
Prerequisites
You must use the operating system graphical interface mode, to run VMware Tools.
To shrink virtual disks or to change any VMware Tools scripts, you must run VMware Tools as the root user.
VMware, Inc. 29
vSphere Web Access Administrator's Guide
Procedure
1 Boot the guest operating system and launch your graphical environment.
2 Open the command line and start the VMware Tools background application.
vmware-toolbox &
3 To change the VMware Tools properties, use the tabs in the dialog box.
Virtual machine events can be ESX queries, errors, or other events like powering on or powering off the virtual
machine. Events inform you of anything that occurs during the lifetime of a virtual machine.
Virtual machine alarms are notifications that are triggered when specific events happen to a virtual machine.
A virtual machine alarm can be CPU usage that exceeds the designated usage. Depending on the severity of
the alarm, you can make a decision to move a virtual machine to another host or add additional hardware to
the current host.
Tasks are high-level actions, such as powering on a virtual machine, that the user performs manually or that
you schedule to perform at a certain time. You can only view scheduled tasks. You cannot schedule tasks with
vSphere Web Access.
The Alarms tab is available only when you use vSphere Web Access to connect to vCenter Server.
Procedure
Option Action
Triggered Sorts the alarms in chronological order
Status Sorts the alarms by their status
Object Sorts the alarms alphabetically by the name of the object they refer to
Name Sorts the alarms alphabetically by the name of the alarm
Double-click the alarm name in the View more details about a specific alarm
list
30 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Procedure
Option Action
Triggered Sorts the tasks in chronological order
Status Sorts the tasks alphabetically by their status
Object Sorts the tasks alphabetically by the name of the object they are assigned to
Triggered By Sorts the tasks alphabetically by the name of the user that scheduled them
Double-click the task name in the list View more details about a specific task
Procedure
A list of the events of the virtual machine appears in reverse chronological order.
Option Action
Triggered Sorts the events in chronological order
Severity Sorts the events by their severity status
Description Sorts the events alphabetically by their description
Double-click the event name in the Presents more details about a specific events
list
You can create Web and desktop shortcuts by using vSphere Web Access.
Procedure
1 In the Inventory panel, select the virtual machine from which to generate a Web shortcut.
2 In the Commands section of the Summary tab, click Generate Virtual Machine Shortcut.
VMware, Inc. 31
vSphere Web Access Administrator's Guide
3 Click Customize Web Shortcut and select the options for this shortcut.
Option Action
Limit workspace view to the console Provides access to the virtual machine Console tab while hiding other
details, like event logs.
Limit view to a single virtual machine Disables navigation to another machine in the inventory.
Obfuscate this URL Generate a URL that is difficult to read.
5 Click OK.
What to do next
To test a Web shortcut, use a different browser or computer. If you use your active vSphere Web Access browser
session to test the Web shortcut, you must close all instances of that browser before you can log back in to
vSphere Web Access with full user interface capabilities.
NOTE When you use Internet Explorer, you must restart the Web browser after you install VMware Remote
Console and before you create the VMware Remote Console desktop shortcut. If you do not restart Internet
Explorer, you receive a JavaScript error and the shortcut is not created.
Prerequisites
You must install the VMware Remote Console plug-in for your browser.
Procedure
1 In the Inventory panel, select the virtual machine from which to generate a desktop shortcut.
2 In the Commands section of the Summary tab, click Generate Virtual Machine Shortcut.
3 In the Desktop Shortcut section, click Install Desktop Shortcut to <Virtual Machine>.
5 Click OK.
What to do next
You can use the desktop shortcut for quick access to the virtual machine.
Procedure
1 Log in to ESX.
32 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
After the virtual machine version is updated, you can configure it to use the features supported with the new
version.
Procedure
u To change a virtual machine’s power state, click the button in the toolbar for that power state.
Option Action
Powers off the virtual machine.
If you remove the virtual machine from the inventory, the virtual machine files are not deleted from the hard
disk.
Procedure
1 In the Inventory panel, select and power off the virtual machine.
2 Select Virtual Machine > Remove Virtual Machine to remove only the virtual machine from the inventory.
3 Select Delete this virtual machine’s files from the disk to delete all of the virtual machine's files from the
disk.
4 Click OK.
VMware, Inc. 33
vSphere Web Access Administrator's Guide
34 VMware, Inc.
Configuring Virtual Machine Options
and Resources 4
You can use vSphere Web Access to configure a virtual machine's hardware configuration, power options, and
advanced virtual machine settings.
Access to a virtual machine's options and settings depends on the user permissions that you have to the virtual
machine's configuration file. The permissions determine whether you can browse, interact, configure, or
administer a virtual machine.
Depending on your permissions and the state of the virtual machine, you might not be able to configure some
options.
In some cases, the virtual machine must be powered off to configure it.
NOTE Do not edit the virtual machine configuration file directly. Instead, use the Advanced tab of the VM
Configuration dialog box.
CAUTION Changing the number of processors after the guest operating system is installed might make the
virtual machine unstable.
Procedure
1 Shut down the guest operating system and power off the virtual machine to modify.
3 In the Hardware section on the Summary tab, in the Processors drop-down menu, select Edit.
5 Click OK.
VMware, Inc. 35
vSphere Web Access Administrator's Guide
Procedure
1 Shut down the guest operating system and power off the virtual machine to modify.
3 In the Hardware list on the Summary tab, in the Memory drop-down menu, select Edit.
4 To ensure that the virtual machine will boot, allocate at least the recommended minimum memory.
5 Click OK.
Procedure
1 In the Hardware section of the Summary tab, select the CD/DVD drive from the drop-down menu and click
Edit.
3 Make the appropriate changes in the Device Status section to change the status of the CD/DVD drive.
4 Select Physical Drive in the Connection section to make changes to the physical drive
b If you are using a physical drive, select Use ATAPI emulation or Access the drive directly.
Use ATAPI emulation if you cannot access the CD/DVD drive. The emulation mode works only with
data disks.
5 In the Connection section, select ISO image, click Browse and locate the .iso file to use an ISO image.
6 In the Virtual Device Node section, select the adapter type and the appropriate device to change the
adapter type.
This option is available only when the virtual machine is powered off.
7 Click OK.
Procedure
1 In the Hardware section of the Summary tab, select the CD/DVD drive from the drop-down menu and click
Edit.
3 In the Virtual Device Node section, select the adapter type and the appropriate device to change the
adapter type.
You must power off the virtual machine to change the adapter.
4 Click OK.
36 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
Procedure
1 In the Hardware section of the Summary tab, select the floppy drive from the drop-down menu and click
Edit.
Option Description
Physical Drive Allows you to select a physical floppy drive installed on the host system.
Available only when the virtual machine is powered off.
Floppy Image Allows you to use an existing floppy image located on the host.
New Floppy Images Allows you to create a floppy image on the host.
5 Click OK.
Procedure
1 In the Hardware section of the Summary tab, select the floppy drive from the drop-down menu and click
Edit.
3 Click OK.
Procedure
3 In the Hardware section of the Summary tab, click the hard disk to modify and select Edit.
4 To increase capacity on growable disks, click Increase Capacity and enter a new value for the Increase By
or New Capacity option.
If you have a snapshot of the disk, you must delete it to change the disk capacity.
5 In the Virtual Device Node section, select the adapter type and the appropriate device to change the
adapter type.
VMware, Inc. 37
vSphere Web Access Administrator's Guide
6 To run the disk in independent mode, click Disk Mode, select Independent, and click the appropriate
option.
Option Action
Persistent Disks in persistent mode behave like conventional disks on your physical
computer. All data written to a disk in persistent mode is written
permanently to the disk.
Nonpersistent Changes to disks in nonpersistent mode are discarded when you power off
or reset the virtual machine. Nonpersistent mode enables you to restart the
virtual machine with a virtual disk in the same state every time. Changes to
the disk are written to and read from a redo log file that is deleted when you
power off or reset.
7 To change the write caching policies for the virtual disk, click Policies and select the appropriate option.
Option Action
Optimize for safety Saves all changes to the virtual disk before notifying the system.
Optimize for performance Acknowledges changes to the virtual disk immediately, but saves them at a
later time.
Procedure
2 In the Hardware section on the Summary tab, select the SCSI device to modify and click Edit.
4 In the Virtual Device section, specify the adapter type and the device node.
5 Click OK.
The available SCSI controller device types are BusLogic and LSI Logic parallel interfaces.
For hardware version 7.0 virtual machines, you can also select an LSI SAS serial attached storage interface.
Procedure
1 In the Inventory panel, select and power off the virtual machine.
2 In the Hardware section of the Summary tab, click the SCSI controller and select Edit.
3 Click Modify device type to change the SCSI controller device type.
4 Click OK.
38 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
Procedure
2 In the Hardware section of the Summary tab, select the network adapter to modify, and click Edit.
3 Select Connect at power on to connect to this network when the virtual machine is powered on.
5 In the MAC Address section, select how to generate the machine's MAC address.
Option Description
Generated by the host The host generates the MAC address.
Manual Allows you to manually change the MAC address.
What to do next
Make sure that the guest operating system uses an appropriate IP address on the new network. If the guest is
using DHCP, release and renew the IP address. If the IP address is static, verify that the guest has an address
on the correct virtual network.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the parallel port to modify and click Edit.
4 Select the Connect at power on check box to connect the parallel port when the virtual machine is powered
on.
5 In the Connection section, select to use a physical parallel port or to use parallel port data file for tests.
Option Action
Physical Select the available host parallel port from the drop-down menu.
File Select and click Browse to save parallel port data to a new file or to locate an
existing output file.
VMware, Inc. 39
vSphere Web Access Administrator's Guide
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the serial port to modify and click Edit.
4 Select Connect at power on to connect to the serial port when the virtual machine is powered on.
Option Description
Physical Allows you to use a host serial port.
File Allows you to send data to a selected output file.
Named Pipe Allows you to create a pipe.
a Enter the path and file for the pipe.
b In the Near End drop-down menu, select an option.
n To start the far end of the connection first, select Is a client.
n To start the end of the connection first, select Is a server.
c In the Far End drop-down menu, select an option.
n If the application that the virtual machine connects to is located on
another virtual machine on the host, select Is a virtual machine.
n If the application that the virtual machine connects to is running
directly on the host, select Is an application.
6 Select the Yield CPU on poll check box to have the kernel in the target virtual machine use the virtual
serial port in polled mode, not interrupt mode.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, click the CD/DVD drive to remove and select Remove.
The CD/DVD drive is removed from the virtual machine hardware configuration.
40 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, click the floppy drive and select Remove.
The floppy drive is removed from the virtual machine hardware configuration.
Prerequisites
To remove an IDE hard disk, you must power off the virtual machine.
Procedure
2 In the Hardware section of the Summary tab, click the hard disk to remove and select one of the options.
Option Description
Remove Removes the hard disk from the virtual machine.
Keeps the virtual disk files on the host system. You can use the hard disk files
in another virtual machine.
Delete from Disk Removes the hard disk from the virtual machine. Deletes the associated disk
files from the host system.
The hard disk is removed from the virtual machine hardware configuration.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the SCSI device from the drop-down menu and click
Remove.
The SCSI device is removed from the virtual machine hardware configuration.
VMware, Inc. 41
vSphere Web Access Administrator's Guide
Prerequisites
Procedure
3 On the Summary tab, select the network adapter to remove and click Remove.
The network adapter is removed from the virtual machine hardware configuration.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the parallel port to remove and click Remove.
The parallel port is removed from the virtual machine hardware configuration.
Prerequisites
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the serial port and click Remove.
The serial port is removed from the virtual machine hardware configuration.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
42 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
3 In the Hardware section of the Summary tab, select the USB controller and click Remove.
The USB controller is removed from the virtual machine hardware configuration.
Procedure
3 In the Virtual Machine Name field, enter a new name for the virtual machine.
4 In the Guest Operating System section, change the guest operating system for the virtual machine.
NOTE Do not change the guest operating system if you do not plan to install a new guest operating system
on this virtual machine.
5 Click OK.
The name and the guest operating system of the virtual machine are reconfigured.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
3 Select the default power off command for the virtual machine.
Option Description
Power Off Powers off the virtual machine without a clean shutdown of the guest
operating system services.
Shut Down Guest Shuts down the guest before powering off the virtual machine.
When VMware Tools is not installed, the default action is to power off the virtual machine without shutting
down the guest. When VMware Tools is installed, the default action is to shut down the guest before
powering off the virtual machine.
VMware, Inc. 43
vSphere Web Access Administrator's Guide
Option Description
Suspend Suspends the virtual machine without suspending the guest operating
system.
Suspend Guest Suspends the guest before suspending the virtual machine.
When VMware Tools is not installed, the default action is to suspend the virtual machine without
suspending the guest. When VMware Tools is installed, the default action is to suspend the guest before
suspending the virtual machine.
Option Description
Reboot Restarts the virtual machine without rebooting the guest.
Reboot Guest Restarts the guest before rebooting the virtual machine.
When VMware Tools is not installed, the default action is to reset the virtual machine without shutting
down the guest. When VMware Tools is installed, the default action is to shut down the guest before
resetting the virtual machine.
6 In the VMware Tools Scripts section, select one or more of the options for when to run a VMware Tools
script.
7 In the BIOS Setup section, select the Enter the BIOS setup screen the next time the virtual machine boots
check box to go directly to the BIOS setup screen the next time the virtual machine is powered on.
8 In the Advanced section, select one or both of the VMware Tools options.
9 Click OK.
The startup and shutdown settings are associated with the ESX host configuration and can be changed only
when you use vSphere Web Access to connect to an ESX host.
Prerequisites
You must log in to an ESX host to configure the virtual machine startup and shutdown settings.
Procedure
2 Click the Summary tab and click Edit Virtual Machine Startup/Shutdown Settings in the Commands
section.
3 Select the Allow virtual machines to start and stop automatically with the system check box.
4 (Optional) Select the Start next VM immediately if the VMware Tools start check box to have the virtual
machine boot immediately after VMware Tools start.
44 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
5 (Optional) To have the operating system start after a brief delay, enter a Default Startup Delay time.
This delay allows time for VMware Tools or the booting system to run scripts.
7 (Optional) To delay shutdown for each virtual machine by a certain amount of time, enter a Default
Shutdown Delay value.
This shutdown delay applies only if the virtual machine did not already shut down before the delay period
elapses. If the virtual machine shuts down before that delay time is reached, the next virtual machine starts
shutting down.
8 Use Move Up and Move Down to specify the order in which the virtual machines start when the system
starts.
9 To configure user-specified autostartup and autoshutdown behavior for any virtual machine, select the
virtual machine in the list and click Edit.
CAUTION You must enter a value in the Shutdown Delay time text field when you change the
shutdown action. The text field cannot be empty. If you do not enter a delay time, you cannot save
the shutdown action changes. Also, if you change the shutdown action setting when accessing the
setting from outside the vSphere Client, that change is not reflected in the Autostart Settings manager
if you did not also set the shutdown delay to a nonnegative value.
c Click OK to accept the changes to the autostartup and autoshutdown settings of the selected virtual
machine.
10 Click OK again to accept the changes to the startup and shutdown settings of the ESX host.
VMware, Inc. 45
vSphere Web Access Administrator's Guide
NOTE Do not change any configuration file parameters unless you are instructed to do so in the documentation
or by VMware technical support.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
Option Description
Record runtime information Collects debugging and performance information. You can use this
information to troubleshoot problems.
Enable logging Enables event logging.
Disable acceleration Disables acceleration in the virtual machine. You might want to temporarily
disable acceleration if you are installing or starting a program in a virtual
machine and the program stalls, fails, or reports that it is running under a
debugger.
Disabling acceleration slows virtual machine performance, so when you no
longer have a problem, deselect Disable acceleration.
Support VMI Paravirtualization If you have a VMware VMI 3.0-enabled kernel in a Linux guest, VMI
paravirtualization improves virtual machine performance.
For more information about paravirtualization, see
http://www.vmware.com/interfaces/paravirtualization.html.
Available VMI-enabled kernels include Ubuntu 7.04 (Feisty) or later.
Use the standard image for 32-bit Intel x86 systems. VMI currently supports
only 32-bit guests.
NOTE Only hardware version 7.0 virtual machines support VMI.
5 Click OK.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
46 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
3 In the Configuration Parameters section, click Add New Entry and enter information in the fields.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
VMware, Inc. 47
vSphere Web Access Administrator's Guide
48 VMware, Inc.
Adding Hardware to a Virtual Machine 5
You can add different types of virtual devices to a virtual machine and connect them to their physical
counterparts.
Prerequisites
Before you add hardware, power off the virtual machine. If you are adding a SCSI hard disk, you can leave
the virtual machine powered on.
Procedure
You can store virtual disks as files in a datastore, which can be located on the local file system or a remote
VMFS SAN datastore. You can store an IDE virtual disk or a SCSI virtual disk on either an IDE physical hard
disk or on a SCSI physical hard disk.
You can add a SCSI virtual disk to a powered-on virtual machine with hardware versions earlier than 7.0. For
earlier virtual machine hardware versions, you can add a SCSI virtual disk when the virtual machine is
powered on only if a SCSI controller with an available slot already exists. SCSI controllers are created when
you add a SCSI virtual disk or a passthrough SCSI device to the virtual machine. For virtual machines with
hardware versions earlier than 7.0, you cannot create SCSI controllers when the virtual machine is powered
on.
You cannot add an IDE virtual disk when the virtual machine is powered on.
NOTE If you have a Windows NT 4.0 guest with a SCSI virtual disk, you cannot add an additional SCSI disk
and an IDE disk to the configuration.
VMware, Inc. 49
vSphere Web Access Administrator's Guide
Prerequisites
Before you begin, make sure that you understand the hard disk types and properties settings in “Adding a
Virtual Hard Disk,” on page 49.
Procedure
5 On the Properties page, change the default values as needed and click Next.
6 On the Ready to Complete page, review the configuration summary and click Finish.
The virtual disk appears to your guest operating system as a new blank hard disk.
What to do next
If you add a new virtual disk to the virtual machine, you can use the guest operating system’s utilities to
partition and format the disk.
Procedure
4 On the Properties page, select the network connection type for the new network adapter.
5 Select whether to connect the network adapter when the virtual machine is powered on and click Next.
6 On the Ready to Complete page, review the network adapter settings and click Finish.
What to do next
A virtual IDE CD/DVD drive can use a physical IDE drive or a physical SCSI drive.
50 VMware, Inc.
Chapter 5 Adding Hardware to a Virtual Machine
Procedure
4 In the Host Media section, select whether to connect to a physical drive or an ISO image on the host and
click Next.
5 On the Properties page, specify which physical drive or which ISO image to use:
n If you selected Use a Physical Drive, specify the drive to use.
n If you selected Use an ISO Image, click Browse to navigate to a file with the .iso extension in an
existing datastore.
6 (Optional) To connect the drive to the virtual machine when you power on, select Connect at power on
(the default).
7 (Optional) In the Virtual Device Node section, select an adapter and device node from the drop-down
menus.
8 Click Next.
9 In the Ready to Complete page, view the configuration summary and click Finish.
The guest operating system detects the new CD/DVD drive the next time you power on the virtual machine.
Procedure
5 On the Properties page, specify which physical drive or floppy image to use:
n If you selected Use a Physical Drive, select the drive to use.
n If you selected Use a Floppy Image or Create a New Floppy Image, click Browse to select a location
for a new file or navigate to a file with the .flp extension that is located on an existing datastore.
6 (Optional) To connect the drive to the virtual machine when you power on, select Connect at Power On
(the default) and click Next.
7 On the Ready to Complete page, review the configuration summary and click Finish.
The guest operating system detects the new floppy drive the next time you power on the virtual machine.
VMware, Inc. 51
vSphere Web Access Administrator's Guide
Procedure
5 On the Properties page, select a physical port from the drop-down menu.
6 (Optional) To connect this virtual machine to the host’s serial port when the virtual machine is powered
on, select Connect at power on (the default).
The kernel in the target virtual machine uses the virtual serial port in polled mode, not interrupt mode.
8 Click Next.
9 On the Ready to Complete page, review the configuration summary and click Finish.
The operating system recognizes the new serial port the next time you power on the virtual machine.
Procedure
4 Click Use Output File to send the output of an application that is running in the guest operating system
to a file on the host machine.
5 On the Properties page, enter the path and filename for the output file or click Browse to navigate to the
file.
6 (Optional) To connect this virtual machine to the host’s output file when the virtual machine is powered
on, select Connect at power on (the default).
7 (Optional) Expand I/O Mode to select Yield CPU on poll, which is deselected by default.
The kernel in the target virtual machine uses the virtual serial port in polled mode, not interrupt mode.
52 VMware, Inc.
Chapter 5 Adding Hardware to a Virtual Machine
8 Click Next.
9 In the Ready to Complete page, review the configuration summary and click Finish.
The operating system recognizes the new serial port the next time you power on the virtual machine.
Procedure
5 On the Properties page, enter the path and filename for the pipe.
n On Windows guests: The pipe name must be in the format \\.\pipe\<namedpipe>.
n On Linux guests: The pipe name must be in the format /tmp/<socket> or another UNIX socket name.
6 For Near End, select whether the application running in the guest operating system functions as a server
or a client.
n Select Is a server to start this end of the connection first.
n Select Is a client to start the far end of the connection first.
7 For Far End, specify where the application that the virtual machine connects to is located.
n Select Is a virtual machine if the application that the virtual machine connects to is located on another
virtual machine on the host.
n Select Is an application if the application that the virtual machine connects to is running directly on
the host machine.
8 (Optional) To connect to the named pipe when the virtual machine is powered on, select Connect at Power
On (the default).
9 (Optional) Expand I/O Mode to select Yield CPU on poll, which is deselected by default.
The kernel in the target virtual machine uses the virtual serial port in polled mode, not interrupt mode.
10 Click Next.
11 In the Ready to Complete page, review the configuration summary and click Finish.
The operating system recognizes the new serial port the next time you power on the virtual machine.
VMware, Inc. 53
vSphere Web Access Administrator's Guide
Procedure
4 Click Use a physical parallel port to connect to a physical port on the host machine.
5 On the Properties page, select a physical port from the drop-down menu.
6 (Optional) To connect this virtual machine to the host’s serial port when the virtual machine is powered
on, select Connect at power on (the default) and click Next.
7 On the Ready to Complete page, review the configuration summary and click Finish.
The operating system detects the new parallel port the next time you power on the virtual machine.
Procedure
5 On the Properties page, type the path and filename for the output file or click Browse to navigate to the
file.
6 (Optional) To connect this virtual machine to the host’s serial port when the virtual machine is powered
on, select Connect at Power On (the default) and click Next.
7 On the Ready to Complete page, review the configuration summary and click Finish.
The operating system detects the new parallel port the next time you power on the virtual machine.
You can add a SCSI device without powering off the virtual machine.
54 VMware, Inc.
Chapter 5 Adding Hardware to a Virtual Machine
Prerequisites
Procedure
A physical SCSI device must be attached to the device and it must be connected to the virtual machine.
5 (Optional) In the Virtual Device Node section, select a SCSI adapter and device node from the drop-down
menus.
6 Click Next.
7 In the Ready to Complete page, review the configuration summary and click Finish.
The operating system recognizes the new SCSI device the next time you power on the virtual machine.
Procedure
4 On the Ready to Complete page, review the configuration summary and click Finish.
VMware, Inc. 55
vSphere Web Access Administrator's Guide
56 VMware, Inc.
Creating and Managing Snapshots 6
Snapshots preserve the current state of a virtual machine so that you can return to the state as needed. You
can use snapshots as restoration points when you install update packages or different versions of a program.
A snapshot includes:
When you revert to a snapshot, you return these items to the state that they were in at the time you took that
snapshot. Snapshots operate on individual virtual machines.
Snapshots let you revert repeatedly to the same state without creating multiple virtual machines. With
snapshots, you create backup and restore positions in a linear process. You can also preserve a baseline before
diverging a virtual machine in a process tree.
You can take more than one snapshot of the same virtual machine. Using multiple snapshots, you can save
different states for different work processes. You can take snapshots to 32 levels, but each level increases the
time it takes to save or delete a snapshot. The amount of time depends on the amount of data and the RAM
size of the virtual machine.
NOTE Snapshots are not available in versions before ESX 3.0. Snapshots of raw disks or RDM physical mode
disks are not supported.
VMware, Inc. 57
vSphere Web Access Administrator's Guide
VMware recommends that you do not take a snapshot under the following conditions.
n When the virtual machine is downloading a file from a server on the network. After you take the snapshot,
the virtual machine continues downloading the file, transmitting its progress to the server. If you revert
to the snapshot, transmission between the virtual machine and the server is confused, and the file transfer
fails.
n When an application in the virtual machine is sending a transaction to a database on a separate machine.
If you revert to that snapshot, especially if you revert after the transaction starts but before it is committed,
the database might become corrupted.
Take a Snapshot
You can take a snapshot while the virtual machine is powered on, powered off, or suspended.
Do not take a snapshot when the virtual machine is communicating with another computer.
NOTE If you require strong performance from virtual machines, consider defragmenting the guest operating
system’s drives before taking a snapshot. Use the guest operating system’s defragmentation utility.
Prerequisites
To exclude virtual disks from snapshots, change the disk mode. For more information about changing the disk
mode, see “Modify a Hard Disk,” on page 37.
If you are suspending a virtual machine, wait until the suspend operation has finished before taking a snapshot.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, expand the Snapshot command (if it is
not already expanded) and click Take Snapshot.
2 Enter the name of the snapshot and any notes and click OK.
58 VMware, Inc.
Chapter 6 Creating and Managing Snapshots
Revert to a Snapshot
You can restore the virtual machine to the specific time when you took a snapshot. The current disk, settings,
and memory states are discarded, and the virtual machine reverts to the disk, settings, and memory states of
the snapshot.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, expand the Snapshot command (if it is
not already expanded) and click Manage Snapshots.
2 In the Snapshots for <virtual_machine> window, select the snapshot to revert to, and click Revert to
snapshot.
You can also configure a virtual machine to automatically revert to a snapshot or ask you whether to revert to
the snapshot whenever you power off the virtual machine. See “Set Snapshot Power Off Options,” on
page 59.
Remove a Snapshot
Removing a snapshot writes the contents of the snapshot to the virtual disk. This action does not destroy any
data in the virtual machine. Subsequently, any changes that you make when you run the virtual machine are
written to the virtual disk.
Removing a snapshot when the virtual machine is powered off can take a long time, depending on the size of
the snapshot file.
Procedure
2 In the Commands section of the virtual machine’s Summary tab, expand the Snapshot command (if it is
not already expanded) and click Manage Snapshots.
3 In the Snapshots for <virtual_machine> window, select the snapshot and click Delete Snapshot.
Reverting to a snapshot discards all changes. For example, an instructor might discard student answers for a
computer lesson when a virtual machine is powered off at the end of class.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
VMware, Inc. 59
vSphere Web Access Administrator's Guide
3 In the When powering off section, select the snapshot behavior of the virtual machine when you power it
off.
Option Action
Just power off Powers off without making any changes to the snapshot.
Revert to snapshot Reverts to the current snapshot, so that the virtual machine always starts in
the state it was in when the current snapshot was taken.
Ask me When you power off a virtual machine, you are prompted to specify whether
you want to power off or revert to the current snapshot.
4 Click OK.
60 VMware, Inc.
Troubleshooting vSphere Web Access
Errors 7
If you encounter problems when you run vSphere Web Access, you can use a troubleshooting scenario to fix
the problem.
Problem
vSphere Web Access does not open and the browser shows the 503 Service Unavailable error.
Cause
The vSphere Web Access service on the ESX host or vCenter Server is not configured to run automatically or
failed to start properly.
Solution
Start vSphere Web Access service on your ESX host or vCenter Server instance.
VMware, Inc. 61
vSphere Web Access Administrator's Guide
The vSphere Web Access service is now running on the ESX host.
Problem Solution
Old plug-in version 1 In Windows, select Start > Settings > Control Panel > Add or Remove Programs.
2 In the list of programs, click VMware Remote Console Plug-in.
3 Click Click here for support information to see the version of the VMware Remote
Console Plug-in.
The Version column for VMware Remote Console Plug-In should show 2.5.0.x.
62 VMware, Inc.
Chapter 7 Troubleshooting vSphere Web Access Errors
Problem Solution
Guest operating ESX cannot access installation media Make sure that ESX can access the media used for installing
system does not the software. Verify that the virtual machine has access to the
recognize CD-ROM drive, ISO image file, or floppy drive, as needed.
installation media
ESX stops Enabled acceleration in the virtual 1 Click the Summary tab of the virtual machine.
responding when machine causes the application to slow 2 In the Commands section, select Configure VM.
running down. VMware recommends 3 In the VM Configuration window, click the Advanced
applications disabling acceleration only for passing tab and select the Disable acceleration checkbox.
the problem of running the program.
After you pass the point where the
program encountered problems,
enable the acceleration option again.
Software Some applications use a product To minimize the number of significant changes in the virtual
Activation Key is activation feature that creates a key. hardware, set the memory size and install VMware Tools.
invalid The key is based on the virtual
hardware in the virtual machine
where it is installed. Changes in the
configuration of the virtual machine
might require you to reactivate the
software.
Problem
You cannot power on a virtual machine on your ESX host.
VMware, Inc. 63
vSphere Web Access Administrator's Guide
Cause
Libraries are missing in your Linux distribution.
Solution
To troubleshoot the issue, you must install the missing libraries.
1 Make sure that you have a dependency checker, such as ldd against libmks.so, viewer, and remotemks
binaries.
2 Use the following commands to determine the missing libraries.
cd ~/.mozilla/plugins
ldd ./libmks.so | grep not
ldd ./viewer | grep not
ldd ./remotemks | grep not
If these steps produce no output, all of the required libraries are available.
Problem
Firefox does not open vSphere Web Access.
Cause
Several causes might trigger this problem.
n Your Mozilla Firefox version does not support GTK.
n Your Mozilla Firefox browser installation was included in your Linux distribution. Some distributions
package Firefox incorrectly and do not work with vSphere Web Access.
Solution
Download and install the latest version of Firefox from the Mozilla Web site.
Problem
You cannot open vSphere Web Access when your ESX host or vCenter Server has an IPv6 address. The Web
browser might show the message ERROR The requested URL could not be retrieved, While trying to
retrieve the URL: http://<host or server name>:<port>.
64 VMware, Inc.
Chapter 7 Troubleshooting vSphere Web Access Errors
Cause
Your Web proxy does not support IPv6 addresses.
Solution
You can verify whether your Web proxy supports IPv6 addresses or disable the proxy in your Web browser
application. Table 7-1 shows how to stop using a Web proxy in your browser.
Table 7-1. Disable Your Web Proxy in Internet Explorer and Firefox
Browser Action
VMware, Inc. 65
vSphere Web Access Administrator's Guide
66 VMware, Inc.
Index
VMware, Inc. 67
vSphere Web Access Administrator's Guide
68 VMware, Inc.
Index
VMware, Inc. 69
vSphere Web Access Administrator's Guide
70 VMware, Inc.
ESX Configuration Guide
ESX 4.0
vCenter Server 4.0
EN-000106-03
ESX Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 7
Networking
2 Introduction to Networking 15
Networking Concepts Overview 15
Network Services 16
View Networking Information in the vSphere Client 16
View Network Adapter Information in the vSphere Client 17
5 Advanced Networking 41
Internet Protocol Version 6 41
Networking Policies 42
Change the DNS and Routing Configuration 55
MAC Addresses 56
TCP Segmentation Offload and Jumbo Frames 57
NetQueue and Networking Performance 60
VMDirectPath Gen I 61
VMware, Inc. 3
ESX Configuration Guide
Storage
7 Introduction to Storage 71
About ESX Storage 71
Types of Physical Storage 72
Supported Storage Adapters 73
Target and Device Representations 73
About ESX Datastores 76
Comparing Types of Storage 79
Viewing Storage Information in the vSphere Client 80
Security
4 VMware, Inc.
Contents
Host Profiles
Appendixes
Index 235
VMware, Inc. 5
ESX Configuration Guide
6 VMware, Inc.
Updated Information
This ESX Configuration Guide is updated with each release of the product or when necessary.
This table provides the update history of the ESX Configuration Guide.
Revision Description
EN-000106-03 Appendix A, “ESX Technical Support Commands,” on page 219 now correctly lists the
esxcfg-scsidevs command.
EN-000106-02 The topic “Change Default Password Complexity for the pam_cracklib.so Plug-In,” on
page 187 now correctly describes the behavior of the pam_cracklib.so plug-in.
EN-000106-01 The topic “Configure a Password Reuse Rule,” on page 187 now correctly lists the file
where you can set the number of old passwords that are stored for a user. The correct
file is system-auth-generic.
VMware, Inc. 7
ESX Configuration Guide
8 VMware, Inc.
About This Book
This manual, the ESX Configuration Guide, provides information on how to configure networking for ESX,
including how to create virtual switches and ports and how to set up networking for virtual machines,
VMotion, IP storage, and the service console. It also discusses configuring the file system and various types of
storage such as iSCSI, Fibre Channel, and so forth. To help you protect your ESX installation, the guide provides
a discussion of security features built into ESX and the measures you can take to safeguard it from attack. In
addition, it includes a list of ESX technical support commands along with their vSphere Client equivalents and
a description of the vmkfstools utility.
Intended Audience
This manual is intended for anyone who needs to install, upgrade, or use ESX. The information in this manual
is written for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Table 1. Abbreviations
Abbreviation Description
tmplt Template
VMware, Inc. 9
ESX Configuration Guide
VC vCenter Server
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
10 VMware, Inc.
Introduction to ESX Configuration 1
This guide describes the tasks you need to complete to configure ESX host networking, storage, and security.
In addition, it provides overviews, recommendations, and conceptual discussions to help you understand these
tasks and how to deploy a host to meet your needs.
Before you use this information, read the Introduction to vSphere for an overview of system architecture and the
physical and virtual devices that make up a vSphere system.
Networking
The networking information provides you with a conceptual understanding of physical and virtual network
concepts, a description of the basic tasks you need to complete to configure your ESX host’s network
connections, and a discussion of advanced networking topics and tasks.
Storage
The storage information provides you with a basic understanding of storage, a description of the basic tasks
you perform to configure and manage your ESX host’s storage, and a discussion of how to set up raw device
mapping (RDM).
Security
The security information discusses safeguards that VMware has built into ESX and measures that you can take
to protect your host from security threats. These measures include using firewalls, taking advantage of the
security features of virtual switches, and setting up user authentication and permissions.
Host Profiles
This section describes the host profiles feature and how it is used to encapsulate the configuration of a host
into a host profile. This section also describes how to apply this host profile to another host or cluster, edit a
profile, and check a host’s compliance with a profile.
VMware, Inc. 11
ESX Configuration Guide
Appendixes
The appendixes provide specialized information you might find useful when configuring an ESX host.
n ESX Technical Support Commands – Discusses the ESX configuration commands that you can issue
through a command-line shell such as secure shell (SSH). Although these commands are available for your
use, do not consider them to be an API that you can build scripts on. These commands are subject to change
and VMware does not support applications and scripts that rely on ESX configuration commands. This
appendix provides you with vSphere Client equivalents for these commands.
n Using vmkfstools – Discusses the vmkfstools utility, which you can use to perform management and
migration tasks for iSCSI disks.
12 VMware, Inc.
Networking
VMware, Inc. 13
ESX Configuration Guide
14 VMware, Inc.
Introduction to Networking 2
This introduction to networking guides you through the basic concepts of ESX networking and how to set up
and configure a network in a vSphere environment.
A physical network is a network of physical machines that are connected so that they can send data to and
receive data from each other. VMware ESX runs on a physical machine.
A virtual network is a network of virtual machines running on a single physical machine that are connected
logically to each other so that they can send data to and receive data from each other. Virtual machines can be
connected to the virtual networks that you create when you add a network.
A physical Ethernet switch manages network traffic between machines on the physical network. A switch has
multiple ports, each of which can be connected to a single machine or another switch on the network. Each
port can be configured to behave in certain ways depending on the needs of the machine connected to it. The
switch learns which hosts are connected to which of its ports and uses that information to forward traffic to
the correct physical machines. Switches are the core of a physical network. Multiple switches can be connected
together to form larger networks.
A virtual switch, vSwitch, works much like a physical Ethernet switch. It detects which virtual machines are
logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual
machines. A vSwitch can be connected to physical switches by using physical Ethernet adapters, also referred
to as uplink adapters, to join virtual networks with physical networks. This type of connection is similar to
connecting physical switches together to create a larger network. Even though a vSwitch works much like a
physical switch, it does not have some of the advanced functionality of a physical switch.
A vNetwork Distributed Switch acts as a single vSwitch across all associated hosts on a datacenter. This allows
virtual machines to maintain consistent network configuration as they migrate across multiple hosts.
A dvPort is a port on a vNetwork Distributed Switch that connects to a host’s service console or VMkernel or
to a virtual machine’s network adapter.
VMware, Inc. 15
ESX Configuration Guide
A port group specifies port configuration options such as bandwidth limitations and VLAN tagging policies
for each member port. Network services connect to vSwitches through port groups. Port groups define how a
connection is made through the vSwitch to the network. Typically, a single vSwitch is associated with one or
more port groups.
A dvPort group is a port group associated with a vNetwork Distributed Switch and specifies port configuration
options for each member port. dvPort Groups define how a connection is made through the vNetwork
Distributed Switch to the network.
NIC teaming occurs when multiple uplink adapters are associated with a single vSwitch to form a team. A
team can either share the load of traffic between physical and virtual networks among some or all of its
members, or provide passive failover in the event of a hardware failure or a network outage.
VLANs enable a single physical LAN segment to be further segmented so that groups of ports are isolated
from one another as if they were on physically different segments. The standard is 802.1Q.
The VMkernel TCP/IP networking stack supports iSCSI, NFS, and VMotion. Virtual machines run their own
systems’ TCP/IP stacks and connect to the VMkernel at the Ethernet level through virtual switches.
IP storage refers to any form of storage that uses TCP/IP network communication as its foundation. iSCSI can
be used as a virtual machine datastore, and NFS can be used as a virtual machine datastore and for direct
mounting of .ISO files, which are presented as CD-ROMs to virtual machines.
TCP Segmentation Offload, TSO, allows a TCP/IP stack to emit very large frames (up to 64KB) even though
the maximum transmission unit (MTU) of the interface is smaller. The network adapter then separates the
large frame into MTU-sized frames and prepends an adjusted copy of the initial TCP/IP headers.
Migration with VMotion enables a virtual machine that is powered on to be transferred from one ESX host to
another without shutting down the virtual machine. The optional VMotion feature requires its own license
key.
Network Services
A vNetwork provides several different services to the host and virtual machines.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 Click Virtual Switch to view vNetwork Standard Switch networking on the host or Distributed Virtual
Switch to view vNetwork Distributed Switch networking on the host.
The Distributed Virtual Switch option appears only on hosts that are associated with a vNetwork
Distributed Switch.
16 VMware, Inc.
Chapter 2 Introduction to Networking
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
Option Description
Wake on LAN supported Network adapter ability to support Wake on the LAN
VMware, Inc. 17
ESX Configuration Guide
18 VMware, Inc.
Basic Networking with vNetwork
Standard Switches 3
The following topics guide you through basic vNetwork Standard Switch (vSwitch) network setup and
configuration in a vSphere environment.
Use the vSphere Client to add networking based on the categories that reflect the types of network services:
n Virtual machines
n VMkernel
n Service console
You can use vSwitches to combine the bandwidth of multiple network adapters and balance communications
traffic among them. You can also configure a vSwitch to handle physical NIC failover.
A vSwitch models a physical Ethernet switch. The default number of logical ports for a vSwitch is 56, but it
can have up to 1016 ports in ESX. You can connect one network adapter of a virtual machine to each port. Each
uplink adapter associated with a vSwitch uses one port. Each logical port on the vSwitch is a member of a
single port group. Each vSwitch can also have one or more port groups assigned to it. You can create a
maximum of 127 vSwitches on a single host.
When two or more virtual machines are connected to the same vSwitch, network traffic between them is routed
locally. If an uplink adapter is attached to the vSwitch, each virtual machine can access the external network
that the adapter is connected to.
VMware, Inc. 19
ESX Configuration Guide
Port Groups
Port groups aggregate multiple ports under a common configuration and provide a stable anchor point for
virtual machines connecting to labeled networks. You can create a maximum of 512 port groups on a single
host.
Each port group is identified by a network label, which is unique to the current host. Network labels are used
to make virtual machine configuration portable across hosts. All port groups in a datacenter that are physically
connected to the same network (in the sense that each can receive broadcasts from the others) are given the
same label. Conversely, if two port groups cannot receive broadcasts from each other, they have distinct labels.
A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the physical network, is
optional. For a port group to reach port groups located on other VLANs, the VLAN ID must be set to 4095. If
you use VLAN IDs, you must change the port group labels and VLAN IDs together so that the labels properly
represent connectivity.
The vSphere Client Add Network wizard guides you through the tasks to create a virtual network to which
virtual machines can connect, including creating a vSwitch and configuring settings for a network label.
When you set up virtual machine networks, consider whether you want to migrate the virtual machines in the
network between hosts. If so, be sure that both hosts are in the same broadcast domain—that is, the same Layer
2 subnet.
ESX does not support virtual machine migration between hosts in different broadcast domains because the
migrated virtual machine might require systems and resources that it would no longer have access to in the
new network. Even if your network configuration is set up as a high-availability environment or includes
intelligent switches that can resolve the virtual machine’s needs across different networks, you might
experience lag times as the Address Resolution Protocol (ARP) table updates and resumes network traffic for
the virtual machines.
Virtual machines reach physical networks through uplink adapters. A vSwitch can transfer data to external
networks only when one or more network adapters are attached to it. When two or more adapters are attached
to a single vSwitch, they are transparently teamed.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Accept the default connection type, Virtual Machines, and click Next.
20 VMware, Inc.
Chapter 3 Basic Networking with vNetwork Standard Switches
6 Select Create a virtual switch or one of the listed existing vSwitches and the associated physical adapters
to use for this port group.
If you create a vSwitch without physical network adapters, all traffic on that vSwitch is confined to that
vSwitch. No other hosts on the physical network or virtual machines on other vSwitches can send or
receive traffic over this vSwitch. You might create a vSwitch without physical network adapters if you
want a group of virtual machines to be able to communicate with each other, but not with other hosts or
with virtual machines outside the group.
7 Click Next.
8 In the Port Group Properties group, enter a network label that identifies the port group that you are
creating.
Use network labels to identify migration-compatible connections common to two or more hosts.
9 (Optional) If you are using a VLAN, for VLAN ID, enter a number between 1 and 4094. If you are not
using a VLAN, leave this blank.
If you enter 0 or leave the option blank, the port group can see only untagged (non-VLAN) traffic. If you
enter 4095, the port group can see traffic on any VLAN while leaving the VLAN tags intact.
10 Click Next.
11 After you determine that the vSwitch is configured correctly, click Finish.
Moving a virtual machine from one host to another is called migration. Using VMotion, you can migrate
powered on virtual machines with no downtime. Your VMkernel networking stack must be set up properly
to accommodate VMotion.
IP storage refers to any form of storage that uses TCP/IP network communication as its foundation, which
includes iSCSI and NFS for ESX. Because these storage types are network based, they can use the same
VMkernel interface and port group.
The network services that the VMkernel provides (iSCSI, NFS, and VMotion) use a TCP/IP stack in the
VMkernel. This TCP/IP stack is completely separate from the TCP/IP stack used in the service console. Each
of these TCP/IP stacks accesses various networks by attaching to one or more port groups on one or more
vSwitches.
The VMkernel TCP/IP stack handles iSCSI, NFS, and vMotion in the following ways.
n iSCSI as a virtual machine datastore
n iSCSI for the direct mounting of .ISO files, which are presented as CD-ROMs to virtual machines
n NFS as a virtual machine datastore
n NFS for the direct mounting of .ISO files, which are presented as CD-ROMs to virtual machines
n Migration with VMotion
VMware, Inc. 21
ESX Configuration Guide
If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by using
the port binding technique. For more information on port binding, see the iSCSI SAN Configuration Guide.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Select the vSwitch to use, or select Create a virtual switch to create a new vSwitch.
6 Select the check boxes for the network adapters your vSwitch will use.
Select adapters for each vSwitch so that virtual machines or other services that connect through the adapter
can reach the correct Ethernet segment. If no adapters appear under Create a new virtual switch, all the
network adapters in the system are being used by existing vSwitches. You can either create a new vSwitch
without a network adapter, or select a network adapter that an existing vSwitch uses.
7 Click Next.
Option Description
Network Label A name that identifies the port group that you are creating. This is the label
that you specify when configuring a virtual adapter to be attached to this
port group when configuring VMkernel services such as vMotion and IP
storage.
VLAN ID Identifies the VLAN that the port group’s network traffic will use.
9 Select Use this port group for VMotion to enable this port group to advertise itself to another host as the
network connection where vMotion traffic should be sent.
You can enable this property for only one vMotion and IP storage port group for each host. If this property
is not enabled for any port group, migration with vMotion to this host is not possible.
10 Choose whether to use this port group for fault tolerance logging, and click Next.
22 VMware, Inc.
Chapter 3 Basic Networking with vNetwork Standard Switches
11 Select Obtain IP settings automatically to use DHCP to obtain IP settings, or select Use the following IP
settings to specify IP settings manually.
a Enter the IP address and subnet mask for the VMkernel interface.
This address must be different from the IP address set for the service console.
b Click Edit to set the VMkernel Default Gateway for VMkernel services, such as vMotion, NAS, and
iSCSI.
c On the DNS Configuration tab, the name of the host is entered by default.
The DNS server addresses that were specified during installation are also preselected, as is the
domain.
d On the Routing tab, the service console and the VMkernel each need their own gateway information.
A gateway is needed for connectivity to machines not on the same IP subnet as the service console or
VMkernel. The default is static IP settings.
12 On an IPV6-enabled host, select No IPv6 settings to use only IPv4 settings on the VMkernel interface, or
select Use the following IPv6 settings to configure IPv6 for the VMkernel interface.
This screen does not appear when IPv6 is disabled on the host.
13 If you choose to use IPv6 for the VMkernel interface, select one of the following options for obtaining IPv6
addresses.
n Obtain IPv6 addresses automatically through DHCP
n Obtain IPv6 addresses automatically through router advertisement
n Static IPv6 addresses
14 If you choose to use static IPv6 addresses, complete the following steps.
b Enter the IPv6 address and subnet prefix length, and click OK.
15 Click Next.
16 Review the information, click Back to change any entries, and click Finish.
Common service console configuration modifications include changing NICs and changing the settings for a
NIC that is in use.
If there is only one service console connection, changing the service console configuration is not allowed. For
a new connection, change the network settings to use an additional NIC. After you verify that the new
connection is functioning properly, remove the old connection. You are switching over to the new NIC.
VMware, Inc. 23
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Select the vSwitch to use for network access, or select Create a new vSwitch, and click Next.
If no adapters appear in the Create a new virtual switch group, all network adapters in the system are
being used by existing vSwitches.
6 Enter the network label and VLAN ID, and click Next.
7 Enter the IP address and subnet mask, or select Obtain IP setting automatically.
8 Click Edit to set the service console default gateway and click Next.
9 On an IPV6-enabled host, select No IPv6 settings to use only IPv4 settings for the service console, or select
Use the following IPv6 settings to configure IPv6 for the service console.
b Enter the IPv6 address and subnet prefix length, and click OK.
12 Click Next.
13 Review the information, click Back to change any entries, and click Finish.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 On the right side of the page, click Properties for the vSwitch that you want to edit.
6 To continue with the service console configuration, click Continue modifying this connection.
8 Click OK.
24 VMware, Inc.
Chapter 3 Basic Networking with vNetwork Standard Switches
CAUTION Make sure that your network settings are correct before saving your changes. If the network settings
are misconfigured, the UI can lose connectivity to the host, and you must then reconfigure the host from the
command line at the service console.
Procedure
1 Log into the vSphere Client and select the host from the inventory panel.
3 Click Properties.
5 Under Service Console, set the default gateway and gateway device for service console networking.
For the service console, the gateway device is needed only when two or more network adapters are using
the same subnet. The gateway device determines which network adapter is used for the default route.
The service console and VMkernel are often not connected to the same network, so each needs its own
gateway information. A gateway is needed for connectivity to machines not on the same IP subnet as the
service console or VMkernel interfaces.
On an IPv6-enabled host, you can also select a default gateway for IPv6 and a gateway device for IPv6 for
service console networking.
On an IPv6-enabled host, you can also select a default gateway for IPv6 for VMkernel networking.
7 Click OK.
Procedure
1 Click the info icon to the left of the service console port group to display service console information.
2 Click the X to close the information pop-up window.
If your DNS server cannot map the host name to its DHCP-generated IP address, use the service console’s
numeric IP address to access the host. The numeric IP address might change as DHCP leases expire or when
the system is rebooted. For this reason, VMware does not recommend using DHCP for the service console
unless your DNS server can handle the host name translation.
VMware, Inc. 25
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 On the right side of the page, click Properties for the vSwitch that you want to edit.
5 Select the vSwitch item in the Configuration list, and click Edit.
6 Click the General tab.
7 Choose the number of ports that you want to use from the drop-down menu.
8 Click OK.
What to do next
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 To change the configured speed and duplex value of a network adapter, select the network adapter and
click Edit.
6 To select the connection speed manually, select the speed and duplex from the drop-down menu.
Choose the connection speed manually if the NIC and a physical switch might fail to negotiate the proper
connection speed. Symptoms of mismatched speed and duplex include low bandwidth or no link
connectivity.
The adapter and the physical switch port it is connected to must be set to the same value, such as auto and
auto or ND and ND, where ND is some speed and duplex, but not auto and ND.
7 Click OK.
26 VMware, Inc.
Chapter 3 Basic Networking with vNetwork Standard Switches
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
6 Select one or more adapters from the list and click Next.
7 (Optional) To reorder the NICs into a different category, select a NIC and click Move Up and Move
Down.
Option Description
Active Adapters Adapters that the vSwitch uses.
Standby Adapters Adapters that become active if one or more of the active adapters fails.
8 Click Next.
9 Review the information on the Adapter Summary page, click Back to change any entries, and click
Finish.
The list of network adapters reappears, showing the adapters that the vSwitch now claims.
The Networking section in the Configuration tab shows the network adapters in their designated order
and categories.
VMware, Inc. 27
ESX Configuration Guide
Procedure
2 View the current CDP mode for the a vSwitch by entering the esxcfg-vswitch -b <vSwitch> command.
3 Change the CDP mode by entering the esxcfg-vswitch -B <mode> <vSwitch> command.
Mode Description
down CDP is disabled.
listen ESX detects and displays information about the associated Cisco switch port,
but information about the vSwitch is not available to the Cisco switch
administrator.
advertise ESX makes information about the vSwitch available to the Cisco switch
administrator, but does not detect and display information about the Cisco
switch.
both ESX detects and displays information about the associated Cisco switch and
makes information about the vSwitch available to the Cisco switch
administrator.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
NOTE Because the CDP advertisements of Cisco equipment typically occur once a minute, a noticeable
delay might occur between enabling CDP on ESX and the availability of CDP data from the vSphere client.
28 VMware, Inc.
Basic Networking with vNetwork
Distributed Switches 4
These topics guide you through the basic concepts of networking with vNetwork Distributed Switches and
how to set up and configure networking with vNetwork Distributed Switches in a vSphere environment.
Like a vNetwork Standard Switch, each vNetwork Distributed Switch is a network hub that virtual machines
can use. A vNetwork Distributed Switch can forward traffic internally between virtual machines or link to an
external network by connecting to physical Ethernet adapters, also known as uplink adapters.
Each vNetwork Distributed Switch can also have one or more dvPort groups assigned to it. dvPort groups
group multiple ports under a common configuration and provide a stable anchor point for virtual machines
connecting to labeled networks. Each dvPort group is identified by a network label, which is unique to the
current datacenter. A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the
physical network, is optional.
In addition to VMware vNetwork Distributed Switches, vSphere 4 also provides initial support for third-party
virtual switches. For information on configuring these third-party switches, visit
http://www.cisco.com/go/1000vdocs.
VMware, Inc. 29
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and display the datacenter in Networking view.
2 From the Inventory menu, select Datacenter > vNetwork Distributed Switch.
3 Enter a name for the vNetwork Distributed Switch in the Name field.
dvUplink ports connect the vNetwork Distributed Switch to physical NICs on associated ESX hosts. The
number of dvUplink ports is the maximum number of allowed physical connections to the vNetwork
Distributed Switch per host.
5 Click Next.
7 If you chose Add now, select the hosts and physical adapters to use by clicking the check box next to each
host or adapter. You can add only physical adapters that are not already in use during vNetwork
Distributed Switch creation.
8 Click Next.
This option creates an early-binding port group with 128 ports. For systems with complex port group
requirements, skip the default port group and create a new dvPort group after you have finished adding
the vNetwork Distributed Switch.
10 Review the vNetwork Distributed Switch diagram to ensure proper configuration, and click Finish.
What to do next
If you chose to add hosts later, you must add hosts to the vNetwork Distributed Switch before adding network
adapters.
Network adapters can be added from the host configuration page of the vSphere Client or by using Host
Profiles.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Add Host.
30 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
4 Under the selected host, select the physical adapters to add, and click Next.
You may select both free and in use physical adapters. If you select an adapter that is currently in use by
a host, choose whether to move the associated virtual adapters to the vNetwork Distributed Switch.
NOTE Moving a physical adapter to a vNetwork Distributed Switch without moving any associated virtual
adapters will cause those virtual adapters to lose network connectivity.
5 Click Finish.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Edit Settings.
c To edit uplink port names, click Edit uplink port names, enter the new names, and click OK.
4 Click OK.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Edit Settings.
b Select the Enable Cisco Discovery Protocol check box to enable CDP, and set the operation to
Listen, Advertise, or Both.
c Enter the name and other details for the vNetwork Distributed Switch administrator in the Admin
Contact Info section.
4 Click OK.
VMware, Inc. 31
ESX Configuration Guide
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Edit Settings.
3 On the Network Adapters tab, you can view network adapter and uplink assignments for associated hosts.
This tab is read-only. vNetwork Distributed Switch network adapters must be configured at the host level.
4 Click OK.
dvPort Groups
A dvPort group specifies port configuration options for each member port on a vNetwork Distributed Switch.
dvPort groups define how a connection is made to a network.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > New Port Group.
3 Enter a name and the number of ports for the dvPort group.
Option Description
None Do not use VLAN.
VLAN In the VLAN ID field, enter a number between 1 and 4094.
VLAN Trunking Enter a VLAN trunk range.
Private VLAN Select a private VLAN entry. If you have not created any private VLANs,
this menu is empty.
5 Click Next.
6 Click Finish.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
32 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
Option Action
Name Enter the name for the dvPort group.
Description Enter a brief description of the dvPort group.
Number of Ports Enter the number of ports on the dvPort group.
Port binding Choose when ports are assigned to virtual machines connected to this dvPort
group.
n Select Static binding to assign a port to a virtual machine when the
virtual machine is connected to the dvPort group.
n Select Dynamic binding to assign a port to a virtual machine the first
time the virtual machine powers on after it is connected to the dvPort
group.
n Select Ephemeral for no port binding.
4 Click OK.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
a Select Allow port policies to be overridden to allow dvPort group policies to be overridden on a per-
port level.
d Select Config reset at disconnect to discard per-port configurations when a dvPort is disconnected
from a virtual machine.
e Select Binding on host allowed to specify that when vCenter Server is down, ESX can assign a dvPort
to a virtual machine.
f Select Port name format to provide a template for assigning names to the dvPorts in this group.
4 Click OK.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
3 Click General.
5 Click OK.
VMware, Inc. 33
ESX Configuration Guide
Private VLANs
Private VLANs are used to solve VLAN ID limitations and waste of IP addresses for certain network setups.
A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary
VLAN IDs associated with it. Primary VLANs are Promiscuous, so that ports on a private VLAN can
communicate with ports configured as the primary VLAN. Ports on a secondary VLAN can be either
Isolated, communicating only with promiscuous ports, or Community, communicating with both
promiscuous ports and other ports on the same secondary VLAN.
To use private VLANs between an ESX host and the rest of the physical network, the physical switch connected
to the ESX host needs to be private VLAN-capable and configured with the VLAN IDs being used by ESX for
the private VLAN functionality. For physical switches using dynamic MAC+VLAN ID based learning, all
corresponding private VLAN IDs must be first entered into the switch's VLAN database.
In order to configure dvPorts to use Private VLAN functionality, you must first create the necessary Private
VLANs on the vNetwork Distributed Switch that the dvPorts are connected to.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select vNetwork Distributed Switch > Edit Settings.
4 Under Primary Private VLAN ID, click [Enter a Private VLAN ID here], and enter the number of the
primary private VLAN.
5 Click anywhere in the dialog box, and then select the primary private VLAN that you just added.
The primary private VLAN you added appears under Secondary Private VLAN ID.
6 For each new secondary private VLAN, click [Enter a Private VLAN ID here] under Secondary Private
VLAN ID, and enter the number of the secondary private VLAN.
7 Click anywhere in the dialog box, select the secondary private VLAN that you just added, and select either
Isolated or Community for the port type.
8 Click OK.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select vNetwork Distributed Switch > Edit Settings.
34 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
5 Click Remove under Primary Private VLAN ID, and click OK.
Removing a primary private VLAN also removes all associated secondary private VLANs.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select vNetwork Distributed Switch > Edit Settings.
4 Select a primary private VLAN to display its associated secondary private VLANs.
6 Click Remove under Secondary Private VLAN ID, and click OK.
Procedure
1 Log in to the vSphere Client and select a host from the inventory panel.
5 Click Click to Add NIC for the uplink port to add an uplink to.
6 Select the physical adapter to add. If you select an adapter that is attached to another switch, it is removed
from that switch and reassigned to this vNetwork Distributed Switch.
7 Click OK.
VMware, Inc. 35
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and select a host from the inventory panel.
6 Click OK.
You can configure service console and VMkernel virtual adapters for an ESX host through an associated
vNetwork Distributed Switch either by creating new virtual adapters or migrating existing virtual adapters.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Click Add.
9 Select Use this virtual adapter for VMotion to enable this port group to advertise itself to another ESX
host as the network connection where VMotion traffic is sent.
You can enable this property for only one VMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with VMotion to this host is not possible.
10 Choose whether to Use this virtual adapter for fault tolerance logging.
12 Click Edit to set the VMkernel default gateway for VMkernel services, such as VMotion, NAS, and iSCSI.
13 On the DNS Configuration tab, the name of the host is entered by default. The DNS server addresses and
domain that were specified during installation are also preselected.
36 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
14 On the Routing tab, the service console and the VMkernel each need their own gateway information. A
gateway is needed for connectivity to machines not on the same IP subnet as the service console or
VMkernel.
16 Click Finish.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Click Add.
8 Under Network Connection, select the vNetwork Distributed Switch and the associated port group, or
select Standalone Port to which to add this virtual adapter.
9 Enter the IP address and subnet mask, or select Obtain IP setting automatically.
11 Click Next.
12 Click Finish.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 Click Add.
7 In the Select by drop-down menu, choose whether to connect this virtual adapter to a port group or a
standalone dvPort.
9 For each selected adapter, choose a port group or dvPort from the Select a port group or Select a port
drop-down menu.
VMware, Inc. 37
ESX Configuration Guide
10 Click Next.
11 Click Finish.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
The hardware configuration page for this server appears.
5 Select the virtual adapter to migrate, and click Migrate to Virtual Switch.
7 Enter a Network Label and optionally a VLAN ID for the virtual adapter, and click Next.
8 Click Finish to migrate the virtual adapter and complete the wizard.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
6 Under Network Connection, select the vNetwork Distributed Switch and the associated port group, or
select Standalone Port to which to add this virtual adapter.
7 Select Use this virtual adapter for VMotion to enable this port group to advertise itself to another ESX
host as the network connection where VMotion traffic is sent.
You can enable this property for only one VMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with VMotion to this host is not possible.
8 Choose whether to Use this virtual adapter for fault tolerance logging.
9 Under IP Settings, specify the IP address and subnet mask, or select Obtain IP settings automatically.
10 Click Edit to set the VMkernel default gateway for VMkernel services, such as VMotion, NAS, and iSCSI.
11 Click OK.
38 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
6 Under Network Connection, select the vNetwork Distributed Switch and the associated port group, or
select Standalone Port to which to add this virtual adapter.
7 Enter the IP address and subnet mask, or select Obtain IP setting automatically.
9 Click OK.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
A dialog box appears with the message, Are you sure you want to remove <adapter name>?
6 Click Yes.
Virtual machines are connected to vNetwork Distributed Switches by connecting their associated virtual
network adapters to dvPort groups. This can be done either for an individual virtual machine by modifying
the virtual machine’s network adapter configuration, or for a group of virtual machines by migrating virtual
machines from an existing virtual network to a vNetwork Distributed Switch.
VMware, Inc. 39
ESX Configuration Guide
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Migrate Virtual Machine Networking.
The Migrate Virtual Machine Networking wizard appears.
3 In the Select Source Network drop-down menu, select the virtual network to migrate from.
4 Select the virtual network to migrate to from the Select Destination Network drop-down menu.
Virtual machines associated with the virtual network you are migrating from are displayed in the Select
Virtual Machines field.
6 Select virtual machines to migrate to the destination virtual network, and click OK.
Procedure
1 Log in to the vSphere Client and select the virtual machine from the inventory panel.
4 Select the dvPort group to migrate to from the Network Label drop-down menu, and click OK.
40 VMware, Inc.
Advanced Networking 5
The following topics guide you through advanced networking in an ESX environment, and how to set up and
change advanced networking configuration options.
The Internet Engineering Task Force has designated IPv6 as the successor to IPv4. The adoption of IPv6, both
as a standalone protocol and in a mixed environment with IPv4, is rapidly increasing. With IPv6, you can use
vSphere features such as NFS in an IPv6 environment.
A major difference between IPv4 and IPv6 is address length. IPv6 uses a 128-bit address rather than the 32-bit
addresses used by IPv4. This helps alleviate the problem of address exhaustion that is present with IPv4 and
eliminates the need for network address translation (NAT). Other notable differences include link-local
addresses that appear as the interface is initialized, addresses that are set by router advertisements, and the
ability to have multiple IPv6 addresses on an interface.
An IPv6-specific configuration in vSphere involves providing IPv6 addresses, either by entering static
addresses or by using DHCP for all relevant vSphere networking interfaces. IPv6 addresses can also be
configured using stateless autoconfiguration sent by router advertisement.
Procedure
1 Click the arrow next to the Inventory button in the navigation bar and select Hosts and Clusters.
VMware, Inc. 41
ESX Configuration Guide
Networking Policies
Any policies set at the vSwitch or dvPort group level are applied to all of the port groups on that vSwitch or
dvPorts in the dvPort group, except for the configuration options that are overridden at the port group or
dvPort level.
You can edit your load balancing and failover policy by configuring the following parameters:
n Load Balancing policy determines how outgoing traffic is distributed among the network adapters
assigned to a vSwitch.
NOTE Incoming traffic is controlled by the load balancing policy on the physical switch.
n Failover Detection controls the link status and beacon probing. Beaconing is not supported with guest
VLAN tagging.
n Network Adapter Order can be active or standby.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 To edit the failover and load balancing values for the vSwitch, select the vSwitch item and click
Properties.
You can override the failover order at the port group level. By default, new adapters are active for all
policies. New adapters carry traffic for the vSwitch and its port group unless you specify otherwise.
42 VMware, Inc.
Chapter 5 Advanced Networking
Option Description
Load Balancing Specify how to choose an uplink.
n Route based on the originating port ID — Choose an uplink based on
the virtual port where the traffic entered the virtual switch.
n Route based on ip hash — Choose an uplink based on a hash of the
source and destination IP addresses of each packet. For non-IP packets,
whatever is at those offsets is used to compute the hash.
n Route based on source MAC hash — Choose an uplink based on a hash
of the source Ethernet.
n Use explicit failover order — Always use the highest order uplink from
the list of Active adapters which passes failover detection criteria.
NOTE IP-based teaming requires that the physical switch be configured with
etherchannel. For all other options, etherchannel should be disabled.
Network Failover Detection Specify the method to use for failover detection.
n Link Status only – Relies solely on the link status that the network
adapter provides. This option detects failures, such as cable pulls and
physical switch power failures, but not configuration errors, such as a
physical switch port being blocked by spanning tree or that is
misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch.
n Beacon Probing – Sends out and listens for beacon probes on all NICs
in the team and uses this information, in addition to link status, to
determine link failure. This detects many of the failures previously
mentioned that are not detected by link status alone.
Notify Switches Select Yes or No to notify switches in the case of failover.
If you select Yes, whenever a virtual NIC is connected to the vSwitch or
whenever that virtual NIC’s traffic would be routed over a different physical
NIC in the team because of a failover event, a notification is sent out over the
network to update the lookup tables on physical switches. In almost all cases,
this process is desirable for the lowest latency of failover occurrences and
migrations with VMotion.
NOTE Do not use this option when the virtual machines using the port group
are using Microsoft Network Load Balancing in unicast mode. No such issue
exists with NLB running in multicast mode.
Failback Select Yes or No to disable or enable failback.
This option determines how a physical adapter is returned to active duty
after recovering from a failure. If failback is set to Yes (default), the adapter
is returned to active duty immediately upon recovery, displacing the standby
adapter that took over its slot, if any. If failback is set to No, a failed adapter
is left inactive even after recovery until another currently active adapter fails,
requiring its replacement.
Failover Order Specify how to distribute the work load for uplinks. If you want to use some
uplinks but reserve others for emergencies in case the uplinks in use fail, set
this condition by moving them into different groups:
n Active Uplinks — Continue to use the uplink when the network adapter
connectivity is up and active.
n Standby Uplinks — Use this uplink if one of the active adapter’s
connectivity is down.
n Unused Uplinks — Do not use this uplink.
8 Click OK.
VMware, Inc. 43
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
5 To edit the Failover and Load Balancing values for the vSwitch, select the vSwitch item and click
Properties.
You can override the failover order at the port-group level. By default, new adapters are active for all
policies. New adapters carry traffic for the vSwitch and its port group unless you specify otherwise.
Option Description
Load Balancing Specify how to choose an uplink.
n Route based on the originating port ID — Choose an uplink based on
the virtual port where the traffic entered the virtual switch.
n Route based on ip hash — Choose an uplink based on a hash of the
source and destination IP addresses of each packet. For non-IP packets,
whatever is at those offsets is used to compute the hash.
n Route based on source MAC hash — Choose an uplink based on a hash
of the source Ethernet.
n Use explicit failover order — Always use the highest order uplink from
the list of Active adapters which passes failover detection criteria.
NOTE IP-based teaming requires that the physical switch be configured with
etherchannel. For all other options, etherchannel should be disabled.
Network Failover Detection Specify the method to use for failover detection.
n Link Status only – Relies solely on the link status that the network
adapter provides. This option detects failures, such as cable pulls and
physical switch power failures, but not configuration errors, such as a
physical switch port being blocked by spanning tree or that is
misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch.
n Beacon Probing – Sends out and listens for beacon probes on all NICs
in the team and uses this information, in addition to link status, to
determine link failure. This detects many of the failures previously
mentioned that are not detected by link status alone.
Notify Switches Select Yes or No to notify switches in the case of failover.
If you select Yes, whenever a virtual NIC is connected to the vSwitch or
whenever that virtual NIC’s traffic would be routed over a different physical
NIC in the team because of a failover event, a notification is sent out over the
network to update the lookup tables on physical switches. In almost all cases,
this process is desirable for the lowest latency of failover occurrences and
migrations with VMotion.
NOTE Do not use this option when the virtual machines using the port group
are using Microsoft Network Load Balancing in unicast mode. No such issue
exists with NLB running in multicast mode.
44 VMware, Inc.
Chapter 5 Advanced Networking
Option Description
Failback Select Yes or No to disable or enable failback.
This option determines how a physical adapter is returned to active duty
after recovering from a failure. If failback is set to Yes (default), the adapter
is returned to active duty immediately upon recovery, displacing the standby
adapter that took over its slot, if any. If failback is set to No, a failed adapter
is left inactive even after recovery until another currently active adapter fails,
requiring its replacement.
Failover Order Specify how to distribute the work load for uplinks. If you want to use some
uplinks but reserve others for emergencies in case the uplinks in use fail, set
this condition by moving them into different groups:
n Active Uplinks — Continue to use the uplink when the network adapter
connectivity is up and active.
n Standby Uplinks — Use this uplink if one of the active adapter’s
connectivity is down.
n Unused Uplinks — Do not use this uplink.
8 Click OK.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
3 Select Policies.
Option Description
Load Balancing Specify how to choose an uplink.
n Route based on the originating port ID — Choose an uplink based on
the virtual port where the traffic entered the virtual switch.
n Route based on ip hash — Choose an uplink based on a hash of the
source and destination IP addresses of each packet. For non-IP packets,
whatever is at those offsets is used to compute the hash.
n Route based on source MAC hash — Choose an uplink based on a hash
of the source Ethernet.
n Use explicit failover order — Always use the highest order uplink from
the list of Active adapters which passes failover detection criteria.
NOTE IP-based teaming requires that the physical switch be configured with
etherchannel. For all other options, etherchannel should be disabled.
Network Failover Detection Specify the method to use for failover detection.
n Link Status only – Relies solely on the link status that the network
adapter provides. This option detects failures, such as cable pulls and
physical switch power failures, but not configuration errors, such as a
physical switch port being blocked by spanning tree or that is
misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch.
n Beacon Probing – Sends out and listens for beacon probes on all NICs
in the team and uses this information, in addition to link status, to
determine link failure. This detects many of the failures previously
mentioned that are not detected by link status alone.
NOTE Do not use beacon probing with IP-has load balancing.
VMware, Inc. 45
ESX Configuration Guide
Option Description
Notify Switches Select Yes or No to notify switches in the case of failover.
If you select Yes, whenever a virtual NIC is connected to the vSwitch or
whenever that virtual NIC’s traffic would be routed over a different physical
NIC in the team because of a failover event, a notification is sent out over the
network to update the lookup tables on physical switches. In almost all cases,
this process is desirable for the lowest latency of failover occurrences and
migrations with VMotion.
NOTE Do not use this option when the virtual machines using the port group
are using Microsoft Network Load Balancing in unicast mode. No such issue
exists with NLB running in multicast mode.
Failback Select Yes or No to disable or enable failback.
This option determines how a physical adapter is returned to active duty
after recovering from a failure. If failback is set to Yes (default), the adapter
is returned to active duty immediately upon recovery, displacing the standby
adapter that took over its slot, if any. If failback is set to No, a failed adapter
is left inactive even after recovery until another currently active adapter fails,
requiring its replacement.
Failover Order Specify how to distribute the work load for uplinks. If you want to use some
uplinks but reserve others for emergencies in case the uplinks in use fail, set
this condition by moving them into different groups:
n Active Uplinks — Continue to use the uplink when the network adapter
connectivity is up and active.
n Standby Uplinks — Use this uplink if one of the active adapter’s
connectivity is down.
n Unused Uplinks — Do not use this uplink.
NOTE When using IP-has load balancing, do not configure standby uplinks.
5 Click OK.
Prerequisites
To edit the teaming and failover policies on an individual dvPort, the associated dvPort group must be set to
allow policy overrides.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
46 VMware, Inc.
Chapter 5 Advanced Networking
Option Description
Load Balancing Specify how to choose an uplink.
n Route based on the originating port ID — Choose an uplink based on
the virtual port where the traffic entered the virtual switch.
n Route based on ip hash — Choose an uplink based on a hash of the
source and destination IP addresses of each packet. For non-IP packets,
whatever is at those offsets is used to compute the hash.
n Route based on source MAC hash — Choose an uplink based on a hash
of the source Ethernet.
n Use explicit failover order — Always use the highest order uplink from
the list of Active adapters which passes failover detection criteria.
NOTE IP-based teaming requires that the physical switch be configured with
etherchannel. For all other options, etherchannel should be disabled.
Network Failover Detection Specify the method to use for failover detection.
n Link Status only – Relies solely on the link status that the network
adapter provides. This option detects failures, such as cable pulls and
physical switch power failures, but not configuration errors, such as a
physical switch port being blocked by spanning tree or that is
misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch.
n Beacon Probing – Sends out and listens for beacon probes on all NICs
in the team and uses this information, in addition to link status, to
determine link failure. This detects many of the failures previously
mentioned that are not detected by link status alone.
NOTE Do not use beacon probing with IP-has load balancing.
Notify Switches Select Yes or No to notify switches in the case of failover.
If you select Yes, whenever a virtual NIC is connected to the vSwitch or
whenever that virtual NIC’s traffic would be routed over a different physical
NIC in the team because of a failover event, a notification is sent out over the
network to update the lookup tables on physical switches. In almost all cases,
this process is desirable for the lowest latency of failover occurrences and
migrations with VMotion.
NOTE Do not use this option when the virtual machines using the port group
are using Microsoft Network Load Balancing in unicast mode. No such issue
exists with NLB running in multicast mode.
Failback Select Yes or No to disable or enable failback.
This option determines how a physical adapter is returned to active duty
after recovering from a failure. If failback is set to Yes (default), the adapter
is returned to active duty immediately upon recovery, displacing the standby
adapter that took over its slot, if any. If failback is set to No, a failed adapter
is left inactive even after recovery until another currently active adapter fails,
requiring its replacement.
Failover Order Specify how to distribute the work load for uplinks. If you want to use some
uplinks but reserve others for emergencies in case the uplinks in use fail, set
this condition by moving them into different groups:
n Active Uplinks — Continue to use the uplink when the network adapter
connectivity is up and active.
n Standby Uplinks — Use this uplink if one of the active adapter’s
connectivity is down.
n Unused Uplinks — Do not use this uplink.
NOTE When using IP-has load balancing, do not configure standby uplinks.
5 Click OK.
VMware, Inc. 47
ESX Configuration Guide
VLAN Policy
The VLAN policy allows virtual networks to join physical VLANs.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
2 From the Inventory menu, select Network > Edit Settings.
3 Select VLAN.
Option Description
None Do not use VLAN.
VLAN In the VLAN ID field, enter a number between 1 and 4094.
VLAN Trunking Enter a VLAN trunk range.
Private VLAN Select an available private VLAN to use.
Prerequisites
To edit the VLAN policies on an individual dvPort, the associated dvPort group must be set to allow policy
overrides.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
3 Click Policies.
4 Select the VLAN type to use.
Option Action
None Do not use a VLAN.
VLAN For the VLAN ID, enter a number between 1 and 4095.
VLAN Trunking Enter a VLAN trunk range.
Private VLAN Select an available private VLAN to use.
5 Click OK.
Security Policy
Networking security policies determine how the adapter filters inbound and outbound frames.
Layer 2 is the Data Link Layer. The three elements of the security policy are promiscuous mode, MAC address
changes, and forged transmits.
48 VMware, Inc.
Chapter 5 Advanced Networking
In nonpromiscuous mode, a guest adapter listens only to traffic forwarded to own MAC address. In
promiscuous mode, it can listen to all the frames. By default, guest adapters are set to nonpromiscuous mode.
Procedure
1 Log in to the VMware vSphere Client and select the host from the inventory panel.
By default, Promiscuous Mode is set to Reject, and MAC Address Changes and Forged Transmits are
set to Accept.
The policy applies to all virtual adapters on the vSwitch, unless the port group for the virtual adapter
specifies a policy exception.
7 In the Policy Exceptions pane, select whether to reject or accept the security policy exceptions.
Promiscuous Mode Placing a guest adapter in Placing a guest adapter in promiscuous mode
promiscuous mode has no causes it to detect all frames passed on the
effect on which frames are vSwitch that are allowed under the VLAN policy
received by the adapter. for the port group that the adapter is connected
to.
MAC Address Changes If the guest OS changes the If the MAC address from the guest OS changes,
MAC address of the adapter to frames to the new MAC address are received.
anything other than what is in
the .vmx configuration file, all
inbound frames are dropped.
If the guest OS changes the
MAC address back to match
the MAC address in the .vmx
configuration file, inbound
frames are sent again.
Forged Transmits Outbound frames with a No filtering is performed, and all outbound
source MAC address that is frames are passed.
different from the one set on
the adapter are dropped.
8 Click OK.
Procedure
1 Log in to the VMware vSphere Client and select the host from the inventory panel.
VMware, Inc. 49
ESX Configuration Guide
6 In the Properties dialog box for the port group, click the Security tab.
By default, Promiscuous Mode is set to Reject. MAC Address Changes and Forged Transmits are set to
Accept.
The policy exception overrides any policy set at the vSwitch level.
7 In the Policy Exceptions pane, select whether to reject or accept the security policy exceptions.
Promiscuous Mode Placing a guest adapter in Placing a guest adapter in promiscuous mode
promiscuous mode has no causes it to detect all frames passed on the
effect on which frames are vSwitch that are allowed under the VLAN policy
received by the adapter. for the port group that the adapter is connected
to.
MAC Address Changes If the guest OS changes the If the MAC address from the guest OS changes,
MAC address of the adapter to frames to the new MAC address are received.
anything other than what is in
the .vmx configuration file, all
inbound frames are dropped.
If the guest OS changes the
MAC address back to match
the MAC address in the .vmx
configuration file, inbound
frames are sent again.
Forged Transmits Outbound frames with a No filtering is performed, and all outbound
source MAC address that is frames are passed.
different from the one set on
the adapter are dropped.
8 Click OK.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
3 In the Properties dialog box for the port group, click the Security tab.
By default, Promiscuous Mode is set to Reject. MAC Address Changes and Forged Transmits are set to
Accept.
The policy exception overrides any policy set at the vSwitch level.
50 VMware, Inc.
Chapter 5 Advanced Networking
4 In the Policy Exceptions pane, select whether to reject or accept the security policy exceptions.
Promiscuous Mode Placing a guest adapter in Placing a guest adapter in promiscuous mode
promiscuous mode has no causes it to detect all frames passed on the
effect on which frames are vSwitch that are allowed under the VLAN policy
received by the adapter. for the port group that the adapter is connected
to.
MAC Address Changes If the guest OS changes the If the MAC address from the guest OS changes,
MAC address of the adapter to frames to the new MAC address are received.
anything other than what is in
the .vmx configuration file, all
inbound frames are dropped.
If the guest OS changes the
MAC address back to match
the MAC address in the .vmx
configuration file, inbound
frames are sent again.
Forged Transmits Outbound frames with a No filtering is performed, and all outbound
source MAC address that is frames are passed.
different from the one set on
the adapter are dropped.
5 Click OK.
Prerequisites
To edit the Security policies on an individual dvPort, the associated dvPort group must be set to allow policy
overrides.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
3 Click Policies.
By default, Promiscuous Mode is set to Reject, and MAC Address Changes and Forged Transmits are
set to Accept.
VMware, Inc. 51
ESX Configuration Guide
4 In the Security group, select whether to reject or accept the security policy exceptions:
Promiscuous Mode Placing a guest adapter in Placing a guest adapter in promiscuous mode
promiscuous mode has no causes it to detect all frames passed on the
effect on which frames are vSwitch that are allowed under the VLAN policy
received by the adapter. for the port group that the adapter is connected
to.
MAC Address Changes If the guest OS changes the If the MAC address from the guest OS changes,
MAC address of the adapter to frames to the new MAC address are received.
anything other than what is in
the .vmx configuration file, all
inbound frames are dropped.
If the guest OS changes the
MAC address back to match
the MAC address in the .vmx
configuration file, inbound
frames are sent again.
Forged Transmits Outbound frames with a No filtering is performed, and all outbound
source MAC address that is frames are passed.
different from the one set on
the adapter are dropped.
5 Click OK.
ESX shapes outbound network traffic on vSwitches and both inbound and outbound traffic on a vNetwork
Distributed Switch. Traffic shaping restricts the network bandwidth available on a port, but can also be
configured to allow “bursts” of traffic to flow through at higher speeds.
Average Bandwidth Establishes the number of bits per second to allow across a port, averaged over
time—the allowed average load.
Peak Bandwidth The maximum number of bits per second to allow across a port when it is
sending or receiving a burst of traffic. This tops the bandwidth used by a port
whenever it is using its burst bonus.
Burst Size The maximum number of bytes to allow in a burst. If this parameter is set, a
port might gain a burst bonus if it does not use all its allocated bandwidth.
Whenever the port needs more bandwidth than specified by Average
Bandwidth, it might be allowed to temporarily transmit data at a higher speed
if a burst bonus is available. This parameter tops the number of bytes that have
accumulated in the burst bonus and thus transfers at a higher speed.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
52 VMware, Inc.
Chapter 5 Advanced Networking
When traffic shaping is disabled, the options are dimmed. You can selectively override all traffic-shaping
features at the port group level if traffic shaping is enabled.
This policy is applied to each individual virtual adapter attached to the port group, not to the vSwitch as
a whole.
NOTE Peak bandwidth cannot be less than the specified average bandwidth.
Option Description
Status If you enable the policy exception in the Status field, you are setting limits
on the amount of networking bandwidth allocated for each virtual adapter
associated with this particular port group. If you disable the policy, services
have a free and clear connection to the physical network.
Average Bandwidth A value measured over a particular period of time.
Peak Bandwidth Limits the maximum bandwidth during a burst. It can never be smaller than
the average bandwidth.
Burst Size Specifies how large a burst can be in kilobytes (KB).
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
6 In the Properties dialog box for the port group, click the Traffic Shaping tab.
Option Description
Status If you enable the policy exception in the Status field, you are setting limits
on the amount of networking bandwidth allocated for each virtual adapter
associated with this particular port group. If you disable the policy, services
have a free and clear connection to the physical network.
Average Bandwidth A value measured over a particular period of time.
Peak Bandwidth Limits the maximum bandwidth during a burst. It can never be smaller than
the average bandwidth.
Burst Size Specifies how large a burst can be in kilobytes (KB).
VMware, Inc. 53
ESX Configuration Guide
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
4 In the Properties dialog box for the port group, click the Traffic Shaping tab.
You can configure both inbound traffic shaping and outbound traffic shaping. When traffic shaping is
disabled, the options are dimmed.
NOTE Peak bandwidth cannot be less than the specified average bandwidth.
Option Description
Status If you enable the policy exception in the Status field, you are setting limits
on the amount of networking bandwidth allocated for each virtual adapter
associated with this particular port group. If you disable the policy, services
have a free and clear connection to the physical network.
Average Bandwidth A value measured over a particular period of time.
Peak Bandwidth Limits the maximum bandwidth during a burst. It can never be smaller than
the average bandwidth.
Burst Size Specifies how large a burst can be in kilobytes (KB).
A traffic shaping policy is defined by three characteristics: average bandwidth, peak bandwidth, and burst
size.
Prerequisites
To edit the traffic shaping policies on an individual dvPort, the associated dvPort group must be set to allow
policy overrides.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify, and select Edit Settings.
3 Click Policies.
54 VMware, Inc.
Chapter 5 Advanced Networking
4 In the Traffic Shaping group, you can configure both inbound traffic shaping and outbound traffic shaping.
Option Description
Status If you enable the policy exception in the Status field, you are setting limits
on the amount of networking bandwidth allocated for each virtual adapter
associated with this particular port group. If you disable the policy, services
have a free and clear connection to the physical network.
Average Bandwidth A value measured over a particular period of time.
Peak Bandwidth Limits the maximum bandwidth during a burst. It can never be smaller than
the average bandwidth.
Burst Size Specifies how large a burst can be in kilobytes (KB).
5 Click OK.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
3 Select Miscellaneous.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
3 Click Policies.
5 Click OK.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
VMware, Inc. 55
ESX Configuration Guide
5 Choose whether to obtain the DNS server address automatically or use a DNS server address.
NOTE DHCP is supported only if the DHCP server is accessible to the service console. The service console
must have a virtual interface (vswif) configured and attached to the network where the DHCP server
resides.
Select a gateway device only if you have configured the service console to connect to more than one subnet.
8 Click OK.
MAC Addresses
MAC addresses are generated for virtual network adapters that the service console, the VMkernel, and virtual
machines use.
In most cases, the generated MAC addresses are appropriate. However, you might need to set a MAC address
for a virtual network adapter, as in the following cases:
n Virtual network adapters on different physical hosts share the same subnet and are assigned the same
MAC address, causing a conflict.
n To ensure that a virtual network adapter always has the same MAC address.
To circumvent the limit of 256 virtual network adapters per physical machine and possible MAC address
conflicts between virtual machines, system administrators can manually assign MAC addresses. VMware uses
the Organizationally Unique Identifier (OUI) 00:50:56 for manually generated addresses.
You can set the addresses by adding the following line to a virtual machine‘s configuration file:
ethernet<number>.address = 00:50:56:XX:YY:ZZ
where <number> refers to the number of the Ethernet adapter, XX is a valid hexadecimal number between 00
and 3F, and YY and ZZ are valid hexadecimal numbers between 00 and FF. The value for XX must not be greater
than 3F to avoid conflict with MAC addresses that are generated by the VMware Workstation and VMware
Server products. The maximum value for a manually generated MAC address is:
ethernet<number>.address = 00:50:56:3F:FF:FF
You must also set the option in a virtual machine’s configuration file:
ethernet<number>.addressType="static"
Because VMware ESX virtual machines do not support arbitrary MAC addresses, you must use the above
format. As long as you choose a unique value for XX:YY:ZZ among your hard-coded addresses, conflicts
between the automatically assigned MAC addresses and the manually assigned ones should never occur.
56 VMware, Inc.
Chapter 5 Advanced Networking
The first three bytes of the MAC address that is generated for each virtual network adapter consists of the OUI.
The MAC address-generation algorithm produces the other three bytes. The algorithm guarantees unique
MAC addresses within a machine and attempts to provide unique MAC addresses across machines.
The network adapters for each virtual machine on the same subnet should have unique MAC addresses.
Otherwise, they can behave unpredictably. The algorithm puts a limit on the number of running and suspended
virtual machines at any one time on any given host. It also does not handle all cases when virtual machines on
distinct physical machines share a subnet.
The VMware Universally Unique Identifier (UUID) generates MAC addresses that are checked for conflicts.
The generated MAC addresses are created by using three parts: the VMware OUI, the SMBIOS UUID for the
physical ESX machine, and a hash based on the name of the entity that the MAC address is being generated
for.
After the MAC address has been generated, it does not change unless the virtual machine is moved to a different
location, for example, to a different path on the same server. The MAC address in the configuration file of the
virtual machine is saved. All MAC addresses that have been assigned to network adapters of running and
suspended virtual machines on a given physical machine are tracked.
The MAC address of a powered off virtual machine is not checked against those of running or suspended
virtual machines. It is possible that when a virtual machine is powered on again, it can acquire a different MAC
address. This acquisition is caused by a conflict with a virtual machine that was powered on when this virtual
machine was powered off.
Procedure
1 Log in to the vSphere Client and select the virtual machine from the inventory panel.
Enabling TSO
To enable TSO at the virtual machine level, you must replace the existing vmxnet or flexible virtual network
adapters with enhanced vmxnet virtual network adapters. This might result in a change in the MAC address
of the virtual network adapter.
TSO support through the enhanced vmxnet network adapter is available for virtual machines running the
following guest operating systems:
n Microsoft Windows 2003 Enterprise Edition with Service Pack 2 (32 bit and 64 bit)
n Red Hat Enterprise Linux 4 (64 bit)
n Red Hat Enterprise Linux 5 (32 bit and 64 bit)
n SuSE Linux Enterprise Server 10 (32 bit and 64 bit)
VMware, Inc. 57
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client and select the virtual machine from the inventory panel.
4 Record the network settings and MAC address that the network adapter is using.
5 Click Remove to remove the network adapter from the virtual machine.
6 Click Add.
9 Select the network setting and MAC address that the old network adapter was using and click Next.
TSO is enabled on a VMkernel interface. If TSO becomes disabled for a particular VMkernel interface, the only
way to enable TSO is to delete that VMkernel interface and recreate it with TSO enabled.
Procedure
The list shows each TSO-enabled VMkernel interface with TSO MSS set to 65535.
What to do next
If TSO is not enabled for a particular VMkernel interface, the only way to enable it is to delete the VMkernel
interface and recreate the interface.
Jumbo frames must be enabled for each vSwitch or VMkernel interface through the command-line interface
on your ESX host. Before enabling jumbo frames, check with your hardware vendor to ensure that your physical
network adapter supports jumbo frames.
58 VMware, Inc.
Chapter 5 Advanced Networking
Procedure
1 Use the vicfg-vswitch -m <MTU> <vSwitch> command in the VMware vSphere CLI to set the MTU size
for the vSwitch.
This command sets the MTU for all uplinks on that vSwitch. Set the MTU size to the largest MTU size
among all the virtual network adapters connected to the vSwitch.
2 Use the vicfg-vswitch -l command to display a list of vSwitches on the host and check that the
configuration of the vSwitch is correct.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Edit Settings.
4 Set the Maximum MTU to the largest MTU size among all the virtual network adapters connected to the
vNetwork Distributed Switch, and click OK.
Procedure
1 Log in to the vSphere Client and select the virtual machine from the inventory panel.
5 Click Remove to remove the network adapter from the virtual machine.
6 Click Add.
9 Select the network that the old network adapter was using and click Next.
10 Click Finish.
12 Under MAC Address, select Manual, and enter the MAC address that the old network adapter was using.
13 Click OK.
14 Check that the Enhanced vmxnet adapter is connected to a vSwitch with jumbo frames enabled.
VMware, Inc. 59
ESX Configuration Guide
15 Inside the guest operating system, configure the network adapter to allow jumbo frames.
16 Configure all physical switches and any physical or virtual machines to which this virtual machine
connects to support jumbo frames.
Procedure
2 Use the esxcfg-vmknic -a -I <ip address> -n <netmask> -m <MTU> <port group name> command to
create a VMkernel connection with jumbo frame support.
3 Use the esxcfg-vmknic -l command to display a list of VMkernel interfaces and check that the
configuration of the jumbo frame-enabled interface is correct.
4 Check that the VMkernel interface is connected to a vSwitch with jumbo frames enabled.
5 Configure all physical switches and any physical or virtual machines to which this VMkernel interface
connects to support jumbo frames.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
2 Click the Configuration tab, and click Advanced Settings from the Software menu.
3 Select VMkernel.
5 Use the VMware vSphere CLI to configure the NIC driver to use NetQueue.
See the VMware vSphere Command-Line Interface Installation and Reference guide.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
60 VMware, Inc.
Chapter 5 Advanced Networking
4 To disable NetQueue on the NIC driver, use the vicfg-module -s "" [module name] command.
For example, if you are using the s2io NIC driver, use vicfg-module -s "" s2io.
For information on the VMware vSphere CLI, see the VMware vSphere Command-Line Interface Installation
and Reference guide.
5 Reboot the host.
VMDirectPath Gen I
With vSphere 4, ESX supports a direct PCI device connection for virtual machines running on Intel Nehalem
platforms. Each virtual machine can connect to up to two passthrough devices.
The following features are unavailable for virtual machines configured with VMDirectPath:
n VMotion
n Hot adding and removing of virtual devices
n Suspend and resume
n Record and replay
n Fault tolerance
n High availability
n DRS (limited availability; the virtual machine can be part of a cluster, but cannot migrate across hosts)
Procedure
The Passthrough Configuration page appears, listing all available passthrough devices. A green icon
indicates that a device is enabled and active. An orange icon indicates that the state of the device has
changed and the host must be rebooted before the device can be used.
3 Click Edit.
Procedure
1 Select a virtual machine from the inventory panel of the vSphere Client.
2 From the Inventory menu, select Virtual Machine > Edit Settings.
6 Click Finish.
VMware, Inc. 61
ESX Configuration Guide
Adding a VMDirectPath device to a virtual machine sets memory reservation to the memory size of the virtual
machine.
62 VMware, Inc.
Networking Best Practices, Scenarios,
and Troubleshooting 6
These topics describe networking best practices and common networking configuration and troubleshooting
scenarios.
To have a particular set of virtual machines function at the highest performance levels, put them on a
separate physical NIC. This separation allows for a portion of the total networking workload to be more
evenly shared across multiple CPUs. The isolated virtual machines can then better serve traffic from a
Web client, for instance.
n You can satisfy the following recommendations either by using VLANs to segment a single physical
network or separate physical networks (the latter is preferable).
n Keeping the service console on its own network is an important part of securing the ESX system.
Consider the service console network connectivity in the same light as any remote access device in a
host, because compromising the service console gives an attacker full control of all virtual machines
running on the system.
n Keeping the VMotion connection on a separate network devoted to VMotion is important because
when migration with VMotion occurs, the contents of the guest operating system’s memory is
transmitted over the network.
n When using passthrough devices with a Linux kernel version 2.6.20 or earlier, avoid MSI and MSI-X modes
because these modes have significant performance impact.
n To physically separate network services and to dedicate a particular set of NICs to a specific network
service, create a vSwitch for each service. If this is not possible, separate them on a single vSwitch by
attaching them to port groups with different VLAN IDs. In either case, confirm with your network
administrator that the networks or VLANs you choose are isolated in the rest of your environment and
that no routers connect them.
VMware, Inc. 63
ESX Configuration Guide
n You can add and remove NICs from the vSwitch without affecting the virtual machines or the network
service that is running behind that vSwitch. If you remove all the running hardware, the virtual machines
can still communicate among themselves. Moreover, if you leave one NIC intact, all the virtual machines
can still connect with the physical network.
n To protect your most sensitive virtual machines, deploy firewalls in virtual machines that route between
virtual networks with uplinks to physical networks and pure virtual networks with no uplinks.
ESX has support for VMkernel-based NFS mounts. The new model is to mount your NFS volume with the ISO
images through the VMkernel NFS functionality. All NFS volumes mounted in this way appear as datastores
in the vSphere Client. The virtual machine configuration editor allows you to browse the service console file
system for ISO images to be used as virtual CD-ROM devices.
In iSCSI transactions, blocks of raw SCSI data are encapsulated in iSCSI records and transmitted to the
requesting device or user.
NOTE Software-initiated iSCSI is not available over 10GigE network adapters in ESX.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
On the Network Access page, you connect the physical network to the VMkernel, which runs services for
iSCSI storage.
6 Select the check boxes for the network adapters for the vSwitch.
Select adapters for each vSwitch so that virtual machines or other services that connect through the adapter
can reach the correct Ethernet segment. If no adapters appear in the Create a virtual switch group, existing
vSwitches are using all the adapters.
7 Click Next.
64 VMware, Inc.
Chapter 6 Networking Best Practices, Scenarios, and Troubleshooting
8 In the Port Group Properties group, select or enter a network label and, optionally, a VLAN ID.
Enter a network label to identify the port group that you are creating. When you configure iSCSI storage,
specify this label.
Enter a VLAN ID to identify the VLAN that the port group’s network traffic will use. VLAN IDs are not
required. If you are not sure whether you need them, ask your network administrator.
9 In the IP Settings group, click Edit to set the VMkernel default gateway for iSCSI.
On the Routing tab, the service console and the VMkernel each need their own gateway information.
NOTE Set a default gateway for the port that you created. You must use a valid static IP address to configure
the VMkernel stack.
12 Review your changes on the Ready to Complete page and click Finish.
VMware best practices recommend that the service console and vMotion have their own networks for security
reasons. If you dedicate physical adapters to separate vSwitches for this purpose, you might need to relinquish
redundant (teamed) connections, stop isolating the various networking clients, or both. VLANs allow you to
achieve network segmentation without having to use multiple physical adapters.
For the network blade of a blade server to support an ESX port group with VLAN tagged traffic, you must
configure the blade to support 802.1Q and configure the port as a tagged port.
The method for configuring a port as a tagged port differs from server to server. The list describes how to
configure a tagged port on three of the most commonly used blade servers.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 On the right side of the page, click Properties for the vSwitch associated with the service console.
6 Click Next.
VMware, Inc. 65
ESX Configuration Guide
7 In the Port Group Properties group, enter a network label that identifies the port group that you are
creating.
Use network labels to identify migration-compatible connections common to two or more hosts.
If you are unsure what to enter, leave this blank or ask your network administrator.
9 Click Next.
10 After you determine that the vSwitch is configured correctly, click Finish.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 On the right side of the page, click Properties for the vSwitch associated with the service console.
This option lets you connect the physical network to the VMkernel, which runs services for vMotion and
IP storage (NFS or iSCSI).
6 In the Port Group Properties group, select or enter a network label and a VLAN ID.
Enter a network label to identify the port group that you are creating. This is the label that you specify
when configuring a virtual adapter to be attached to this port group, when configuring VMkernel services,
such as VMotion and IP storage.
Enter a VLAN ID to identify the VLAN that the port group’s network traffic will use.
7 Select Use this port group for VMotion to enable this port group to advertise itself to another ESX host
as the network connection where vMotion traffic should be sent.
You can enable this property for only one vMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with vMotion to this host is not possible.
8 In the IP Settings group, click Edit to set the VMkernel default gateway for VMkernel services, such as
vMotion, NAS, and iSCSI.
Under the DNS Configuration tab, the name of the host is entered into the name field by default. The
DNS server addresses and the domain that were specified during installation are also preselected.
On the Routing tab, the service console and the VMkernel each need their own gateway information. A
gateway is needed if connectivity to machines not on the same IP subnet as the service console or
VMkernel.
11 Review your changes on the Ready to Complete page and click Finish.
66 VMware, Inc.
Chapter 6 Networking Best Practices, Scenarios, and Troubleshooting
Troubleshooting
The following topics guide you through troubleshooting common networking issues that you might encounter
in an ESX environment.
Provides a list of the service console’s current network interfaces. Check that vswif0 is present and that
the current IP address and netmask are correct.
n esxcfg-vswitch -l
Provides a list of the current virtual switch configurations. Check that the uplink adapter configured for
the service console is connected to the appropriate physical network.
n exscfg-nics -l
Provides a list of the current network adapters. Check that the uplink adapter configured for the service
console is up and that the speed and duplex are both correct.
n esxcfg-nics -s <speed> <nic>
If you encounter long waits when using esxcfg-* commands, DNS might be misconfigured. The esxcfg-*
commands require that DNS be configured so that localhost name resolution works properly. This requires
that the /etc/hosts file contain an entry for the configured IP address and the 127.0.0.1 localhost address.
VMware, Inc. 67
ESX Configuration Guide
Procedure
2 Use the esxcfg-nics -l command to see which names are assigned to the network adapters.
3 Use the esxcfg-vswitch -l command to see which vSwitches are now associated with device names no
longer shown by esxcfg-nics.
4 Use the esxcfg-vswitch -U <old vmnic name> <vswitch> command to remove any network adapters that
were renamed.
5 Use the esxcfg-vswitch -L <new vmnic name> <vswitch> command to add the network adapters again,
giving them the correct names.
To avoid this problem, put your physical switch in PortFast or PortFast trunk mode.
The connection from virtual network adapters to port groups is made by name, and the name is what is stored
in the virtual machine configuration. Changing the name of a port group does not cause a mass reconfiguration
of all the virtual machines connected to that port group. Virtual machines that are already powered on continue
to function until they are powered off, because their connections to the network are already established.
Avoid renaming networks after they are in use. After you rename a port group, you must reconfigure each
associated virtual machine by using the service console to reflect the new port group name.
68 VMware, Inc.
Storage
VMware, Inc. 69
ESX Configuration Guide
70 VMware, Inc.
Introduction to Storage 7
This introduction describes available storage options for ESX and explains how to configure your ESX system
so that it can use and manage different types of storage.
A virtual machine uses a virtual hard disk to store its operating system, program files, and other data associated
with its activities. A virtual disk is a large physical file, or a set of files, that can be copied, moved, archived,
and backed up as easily as any other file. To store virtual disk files and manipulate the files, a host requires
dedicated storage space.
The host uses storage space on a variety of physical storage systems, including your host’s internal and external
devices, or networked storage, dedicated to the specific tasks of storing and protecting data.
The host can discover storage devices to which it has access and format them as datastores. The datastore is a
special logical container, analogous to a file system on a logical volume, where ESX places virtual disk files
and other files that encapsulate essential components of a virtual machine. Deployed on different devices, the
datastores hide specifics of each storage product and provide a uniform model for storing virtual machine
files.
Using the vSphere Client, you can set up datastores on any storage device that your host discovers. In addition,
you can use folders to create logical groups of datastores for organizational purposes, and for setting
permissions and alarms across the datastore group.
VMware, Inc. 71
ESX Configuration Guide
Local Storage Stores virtual machine files on internal or external storage disks or arrays
attached to your host through a direct connection.
Networked Storage Stores virtual machine files on external shared storage systems located outside
of your host. The host communicates with the networked devices through a
high-speed network.
Local Storage
Local storage can be internal hard disks located inside your ESX host, or external storage systems located
outside and connected to the host directly.
Local storage does not require a storage network to communicate with your host. All you need is a cable
connected to the storage unit and, when required, a compatible HBA in your host.
Generally, you can connect multiple hosts to a single local storage system. The actual number of hosts you
connect varies depending on the type of storage device and topology you use.
Many local storage systems support redundant connection paths to ensure fault tolerance.
When multiple hosts connect to the local storage unit, they access storage devices in the unshared mode. The
unshared mode does not permit several hosts to access the same VMFS datastore concurrently. However, a
few SAS storage systems offer shared access to multiple hosts. This type of access permits multiple hosts to
access the same VMFS datastore on a LUN.
ESX supports a variety of internal or external local storage devices, including SCSI, IDE, SATA, USB, and SAS
storage systems. No matter which type of storage you use, your host hides a physical storage layer from virtual
machines.
When you set up your local storage, keep in mind the following:
n You cannot use IDE/ATA drives to store virtual machines.
n Use local SATA storage, internal and external, in unshared mode only. SATA storage does not support
sharing the same LUNs and, therefore, the same VMFS datastore across multiple hosts.
n Some SAS storage systems can offer shared access to the same LUNs (and, therefore, the same VMFS
datastores) to multiple hosts.
Networked Storage
Networked storage consists of external storage systems that your ESX host uses to store virtual machine files
remotely. The host accesses these systems over a high-speed storage network.
NOTE Accessing the same storage through different transport protocols, such as iSCSI and Fibre Channel, at
the same time is not supported.
Fibre Channel (FC) Stores virtual machine files remotely on an FC storage area network (SAN). FC
SAN is a specialized high-speed network that connects your hosts to high-
performance storage devices. The network uses Fibre Channel protocol to
transport SCSI traffic from virtual machines to the FC SAN devices.
72 VMware, Inc.
Chapter 7 Introduction to Storage
To connect to the FC SAN, your host should be equipped with Fibre Channel
host bus adapters (HBAs) and, unless you use Fibre Channel direct connect
storage, with Fibre Channel switches that help route storage traffic.
Internet SCSI (iSCSI) Stores virtual machine files on remote iSCSI storage devices. iSCSI packages
SCSI storage traffic into the TCP/IP protocol so that it can travel through
standard TCP/IP networks instead of the specialized FC network. With an iSCSI
connection, your host serves as the initiator that communicates with a target,
located in remote iSCSI storage systems.
Network-attached Stores virtual machine files on remote file servers accessed over a standard
Storage (NAS) TCP/IP network. The NFS client built into ESX uses Network File System (NFS)
protocol version 3 to communicate with the NAS/NFS servers. For network
connectivity, the host requires a standard network adapter.
Depending on the type of storage you use, you might need to install or enable a storage adapter on your host.
ESX supports different classes of adapters, including SCSI, iSCSI, RAID, Fibre Channel, and Ethernet. ESX
accesses the adapters directly through device drivers in the VMkernel.
Different storage vendors present the storage systems to ESX hosts in different ways. Some vendors present a
single target with multiple storage devices or LUNs on it, while others present multiple targets with one LUN
each.
Figure 7-1. Target and LUN Representations
In this illustration, three LUNs are available in each configuration. In one case, the host sees one target, but
that target has three LUNs that can be used. Each LUN represents an individual storage volume. In the other
example, the host sees three different targets, each having one LUN.
VMware, Inc. 73
ESX Configuration Guide
Targets that are accessed through the network have unique names that are provided by the storage systems.
The iSCSI targets use iSCSI names, while Fibre Channel targets use World Wide Names (WWNs).
NOTE ESX does not support accessing the same LUN through different transport protocols, such as iSCSI and
Fibre Channel.
The WWN is a 64-bit address that consists of 16 hexadecimal numbers and might look like this:
20:00:00:e0:8b:8b:38:77 21:00:00:e0:8b:8b:38:77
The WWN is assigned to every Fibre Channel SAN element by its manufacturer.
74 VMware, Inc.
Chapter 7 Introduction to Storage
iSCSI Name Identifies a particular iSCSI element, regardless of its physical location. The
iSCSI name can use IQN or EUI format.
n IQN (iSCSI qualified name). Can be up to 255 characters long and has the
following format:
iqn.yyyy-mm.naming-authority:unique name
n yyyy-mm is the year and month when the naming authority was
established.
n naming-authority is usually reverse syntax of the Internet domain
name of the naming authority. For example, the iscsi.vmware.com
naming authority could have the iSCSI qualified name form of iqn.
1998-01.com.vmware.iscsi. The name indicates that the vmware.com
domain name was registered in January of 1998, and iscsi is a
subdomain, maintained by vmware.com.
n unique nameis any name you want to use, for example, the name of
your host. The naming authority must make sure that any names
assigned following the colon are unique, such as:
n iqn.1998-01.com.vmware.iscsi:name1
n iqn.1998-01.com.vmware.iscsi:name2
n iqn.1998-01.com.vmware.iscsi:name999
n EUI (extended unique identifier). Includes the eui. prefix, followed by the
16-character name. The name includes 24 bits for the company name
assigned by the IEEE and 40 bits for a unique ID, such as a serial number.
For example,
eui.0123456789ABCDEF
iSCSI Alias A more manageable, easy-to-remember name to use instead of the iSCSI name.
iSCSI aliases are not unique, and are intended to be just a friendly name to
associate with the node.
IP Address An address associated with each iSCSI element so that routing and switching
equipment on the network can establish the connection between different
elements, such as the host and storage. This is just like the IP address you assign
to a computer to get access to your company's network or the Internet.
VMware, Inc. 75
ESX Configuration Guide
Name A friendly name that the ESX host assigns to a device based on the storage type
and manufacturer. You can modify the name using the vSphere Client. When
you modify the name of the device on one host, the change takes affect across
all hosts that have access to this device.
Runtime Name The name of the first path to the device. The runtime name is created by the
host, is not a reliable identifier for the device, and is not persistent.
Software iSCSI initiators use the channel number to show multiple paths
to the same target.
n T# is the target number. Target numbering is decided by the host and might
change if there is a change in the mappings of targets visible to the host.
Targets that are shared by different ESX hosts might not have the same
target number.
n L# is the LUN number that shows the position of the LUN within the target.
The LUN number is provided by the storage system. If a target has only
one LUN, the LUN number is always zero (0).
You use the vSphere Client to access different types of storage devices that your ESX host discovers and to
deploy datastores on them.
76 VMware, Inc.
Chapter 7 Introduction to Storage
Depending on the type of storage you use, datastores can be backed by the following file system formats:
Virtual Machine File High-performance file system optimized for storing virtual machines. Your
System (VMFS) host can deploy a VMFS datastore on any SCSI-based local or networked
storage device, including Fibre Channel and iSCSI SAN equipment.
As an alternative to using the VMFS datastore, your virtual machine can have
direct access to raw devices and use a mapping file (RDM) as a proxy.
Network File System File system on a NAS storage device. ESX supports NFS version 3 over TCP/
(NFS) IP. The host can access a designated NFS volume located on an NFS server,
mount the volume, and use it for any storage needs.
If you use the service console to access your ESX host, you can see the VMFS and NFS datastores as separate
subdirectories in the /vmfs/volumes directory.
VMFS Datastores
ESX can format SCSI-based storage devices as VMFS datastores. VMFS datastores primarily serve as
repositories for virtual machines.
You can store multiple virtual machines on the same VMFS volume. Each virtual machine, encapsulated in a
set of files, occupies a separate single directory. For the operating system inside the virtual machine, VMFS
preserves the internal file system semantics, which ensures correct application behavior and data integrity for
applications running in virtual machines.
In addition, you can use the VMFS datastores to store other files, such as virtual machine templates and ISO
images.
VMFS supports the following file and block sizes, enabling your virtual machines to run even the most data-
intensive applications, including databases, ERP, and CRM, in virtual machines:
n Maximum virtual disk size: 2TB with 8MB block size
n Maximum file size: 2TB with 8MB block size
n Block size: 1MB (default), 2MB, 4MB, and 8MB
You can have up to 256 VMFS datastores per system, with a minimum volume size of 1.2GB.
NOTE Always have only one VMFS datastore for each LUN.
If your VMFS datastore requires more space, you can increase the VMFS volume. You can dynamically add
new extents to any VMFS datastore and grow the datastore up to 64TB. An extent is a LUN or partition on a
physical storage device. The datastore can stretch over multiple extents, yet appear as a single volume.
Another option is to grow the existing datastore extent if the storage device where your datastore resides has
free space. You can grow the extent up to 2 TB.
VMware, Inc. 77
ESX Configuration Guide
VMFS volume
disk1
virtual
disk2 disk
files
disk3
To ensure that the same virtual machine is not accessed by multiple servers at the same time, VMFS provides
on-disk locking.
Sharing the same VMFS volume across multiple hosts offers the following advantages:
n You can use VMware Distributed Resource Scheduling and VMware High Availability.
You can distribute virtual machines across different physical servers. That means you run a mix of virtual
machines on each server so that not all experience high demand in the same area at the same time. If a
server fails, you can restart virtual machines on another physical server. In case of a failure, the on-disk
lock for each virtual machine is released.
n You can use vMotion to migrate running virtual machines from one physical server to another.
n You can use VMware Consolidated Backup, which lets a proxy server, called VCB proxy, back up a
snapshot of a virtual machine while the virtual machine is powered on and is reading and writing to its
storage.
NFS Datastore
ESX can access a designated NFS volume located on a NAS server, mount the volume, and use it for its storage
needs. You can use NFS volumes to store and boot virtual machines in the same way that you use VMFS
datastores.
78 VMware, Inc.
Chapter 7 Introduction to Storage
ESX supports Fibre Channel (FC), Internet SCSI (iSCSI), and NFS protocols. Regardless of the type of storage
device your host uses, the virtual disk always appears to the virtual machine as a mounted SCSI device. The
virtual disk hides a physical storage layer from the virtual machine’s operating system. This allows you to run
operating systems that are not certified for specific storage equipment, such as SAN, inside the virtual machine.
Figure 7-3 depicts five virtual machines using different types of storage to illustrate the differences between
each type.
Figure 7-3. Virtual machines accessing different types of storage
Host
requires TCP/IP connectivity
local
ethernet
SCSI
software
initiator
fibre iSCSI
channel hardware ethernet ethernet
VMFS
HBA initiator NIC NIC
physical
disk
datastore
NOTE This diagram is for conceptual purposes only. It is not a recommended configuration.
Table 7-2 compares the vSphere features that different types of storage support.
VMware, Inc. 79
ESX Configuration Guide
Table 7-3 lists information that you can see when you display details for each adapter. Certain adapters, for
example iSCSI, need to be configured or enabled before you can view their information.
Targets (Fibre Channel and Number of targets accessed through the adapter.
SCSI)
WWN (Fibre Channel) World Wide Name formed according to Fibre Channel standards that uniquely identifies
the FC adapter.
iSCSI Name (iSCSI) Unique name formed according to iSCSI standards that identifies the iSCSI adapter.
iSCSI Alias (iSCSI) A friendly name used instead of the iSCSI name.
Discovery Methods (iSCSI) Discovery methods the iSCSI adapter uses to access iSCSI targets.
Procedure
4 To view details for a specific adapter, select the adapter from the Storage Adapters list.
5 To list all storage devices the adapter can access, click Devices.
80 VMware, Inc.
Chapter 7 Introduction to Storage
Procedure
5 In the Details panel, right-click the value in the name field, and select Copy.
For each storage adapter, you can display a separate list of storage devices available just for this adapter.
Generally, when you review a list of storage devices, you see the following information.
Name A friendly name that the ESX host assigns to the device based on the storage type and
manufacturer. You can change this name to a name of your choice.
LUN The LUN number that shows the position of the LUN within the target.
Owner The plug-in, such as the NMP or a third-party plug-in, that the host uses to manage the
storage device.
Procedure
VMware, Inc. 81
ESX Configuration Guide
4 Click Devices.
5 To view additional details about a specific device, select the device from the list.
Procedure
5 Click Devices.
Procedure
Displaying Datastores
You can display all datastores available to your hosts and analyze their properties.
If your vSphere Client is connected to a vCenter Server system, you can see datastore information in the
Datastores view. This view displays all datastores in the inventory, arranged by a datacenter. Through this
view, you can organize datastores into folder hierarchies, create new datastores, edit their properties, or remove
existing datastores.
This view is comprehensive and shows all information for your datastores including hosts and virtual machines
using the datastores, storage reporting information, permissions, alarms, tasks and events, storage topology,
and storage reports. Configuration details for each datastore on all hosts connected to this datastore are
provided on the Configuration tab of the Datastores view.
NOTE The Datastores view is not available when the vSphere client connects directly to your host. In this case,
review datastore information through the host storage configuration tab.
82 VMware, Inc.
Chapter 7 Introduction to Storage
n Individual extents that the datastore spans and their capacity (VMFS datastores only)
n Paths used to access the storage device (VMFS datastores only)
Procedure
5 To display details for a particular datastore, select the datastore from the list.
VMware, Inc. 83
ESX Configuration Guide
84 VMware, Inc.
Configuring ESX Storage 8
The following topics contain information about configuring local SCSI storage devices, Fibre Channel SAN
storage, iSCSI storage, and NFS storage.
Host
virtual
machine
local
ethernet
SCSI
VMFS
In this example of a local storage topology, the ESX host uses a single connection to plug into a disk. On that
disk, you can create a VMFS datastore, which you use to store virtual machine disk files.
VMware, Inc. 85
ESX Configuration Guide
Although this storage configuration is possible, it is not a recommended topology. Using single connections
between storage arrays and hosts creates single points of failure (SPOF) that can cause interruptions when a
connection becomes unreliable or fails.
To ensure fault tolerance, some DAS systems support redundant connection paths.
Host
virtual
machine
fibre
channel
HBA
SAN
VMFS
fibre array
In this configuration, an ESX host connects to SAN fabric, which consists of Fibre Channel switches and storage
arrays, using a Fibre Channel adapter. LUNs from a storage array become available to the host. You can access
the LUNs and create a datastore for your storage needs. The datastore uses the VMFS format.
For specific information on setting up the FC SAN fabric and storage arrays to work with ESX, see the Fibre
Channel SAN Configuration Guide.
iSCSI Storage
ESX supports iSCSI technology that allows your host to use an IP network while accessing remote storage.
With iSCSI, SCSI storage commands that your virtual machine issues to its virtual disk are converted into TCP/
IP packets and transmitted to a remote device, or target, that stores the virtual disk.
To access remote targets, the host uses iSCSI initiators. Initiators transport SCSI requests and responses between
the host and the target storage device on the IP network. ESX supports hardware-based and software-based
iSCSI initiators.
You must configure iSCSI initiators for the host to access and display iSCSI storage devices.
Figure 8-3 depicts two virtual machines that use different types of iSCSI initiators.
86 VMware, Inc.
Chapter 8 Configuring ESX Storage
Host
virtual virtual
machine machine
software
initiator
iSCSI
hardware ethernet
initiator NIC
LAN LAN
VMFS
iSCSI array
In the left example, the host uses the hardware iSCSI adapter to connect to the iSCSI storage system.
In the right example, the host is configured with the software iSCSI initiator. Using the software initiator, the
host connects to the iSCSI storage through an existing network adapter.
iSCSI storage devices from the storage system become available to the host. You can access the storage devices
and create VMFS datastores for your storage needs.
For specific information on setting up the iSCSI SAN fabric to work with ESX, see the iSCSI SAN Configuration
Guide.
You must install and configure the hardware iSCSI adapter for your host to be able to access the iSCSI storage
device. For installation information, see vendor documentation.
Prerequisites
Before you begin configuring the hardware iSCSI initiator, make sure that the iSCSI HBA is successfully
installed and appears on the list of initiators available for configuration. If the initiator is installed, you can
view its properties.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
VMware, Inc. 87
ESX Configuration Guide
The default details for the initiator appear, including the model, iSCSI name, iSCSI alias, IP address, and
target and paths information.
4 Click Properties.
The iSCSI Initiator Properties dialog box appears. The General tab displays additional characteristics of
the initiator.
You can now configure your hardware initiator or change its default characteristics.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 To change the default iSCSI name for your initiator, enter the new name.
Make sure the name you enter is worldwide unique and properly formatted or some storage devices might
not recognize the hardware iSCSI initiator.
The alias is a name that you use to identify the hardware iSCSI initiator.
You must change the default IP settings so that they are configured properly for the IP SAN. Work with
your network administrator to determine the IP setting for the HBA.
If you change the iSCSI name, it is used for new iSCSI sessions. For existing sessions, new settings are not used
until logout and re-login.
Before you configure the software iSCSI initiator, you must perform the following tasks:
3 If you use multiple network adapters, activate multipathing on your host using the port binding technique.
For more information on port binding, see the iSCSI SAN Configuration Guide.
4 If needed, enable Jumbo Frames. Jumbo Frames must be enabled for each vSwitch through the vSphere
CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo
Frames.
88 VMware, Inc.
Chapter 8 Configuring ESX Storage
For information on creating a port, see “Create a VMkernel Port for Software iSCSI,” on page 89.
n If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by
using the port binding technique.
For more information on port binding, see the iSCSI SAN Configuration Guide.
This procedure lets you connect the VMkernel, which runs services for iSCSI storage, to the physical network
adapter.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
If no adapters appear under Create a virtual switch, existing vSwitches are using all of the network
adapters in the system. You can use an existing vSwitch for your iSCSI traffic.
7 Click Next.
8 Under Port Group Properties, enter a network label. Network label is a friendly name that identifies the
VMkernel port that you are creating.
9 Click Next.
What to do next
VMware, Inc. 89
ESX Configuration Guide
Procedure
1 Log in to the vSphere Client, and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 Click Configure.
The General Properties dialog box displays the initiator’s status, default name, and alias.
6 To change the default iSCSI name for your initiator, enter the new name.
Make sure the name you enter is worldwide unique and properly formatted or some storage devices might
not recognize the software iSCSI initiator.
Dynamic Discovery Also known as Send Targets discovery. Each time the initiator contacts a
specified iSCSI server, the initiator sends the Send Targets request to the server.
The server responds by supplying a list of available targets to the initiator. The
names and IP addresses of these targets appear on the Static Discovery tab. If
you remove a static target added by dynamic discovery, the target might be
returned to the list the next time a rescan happens, the HBA is reset, or the host
is rebooted.
Static Discovery The initiator does not have to perform any discovery. The initiator has a list of
targets it can contact and uses their IP addresses and target names to
communicate with them.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
90 VMware, Inc.
Chapter 8 Configuring ESX Storage
4 In the iSCSI Initiator Properties dialog box, click the Dynamic Discovery tab.
6 Enter the IP address or DNS name of the storage system and click OK.
After your host establishes the Send Targets session with this system, any newly discovered targets appear
in the Static Discovery list.
NOTE You cannot change the IP address, DNS name, or port number of an existing Send Targets server. To
make changes, delete the existing server and add a new one.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 In the iSCSI Initiator Properties dialog box, click the Static Discovery tab.
The tab displays all dynamically discovered targets and any static targets already entered.
NOTE You cannot change the IP address, DNS name, iSCSI target name, or port number of an existing target.
To make changes, remove the existing target and add a new one.
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
target when the host and target establish a connection. The verification is based on a predefined private value,
or CHAP secret, that the initiator and target share.
ESX supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name
and secret from the iSCSI initiator. For software iSCSI, ESX also supports per-target CHAP authentication,
which allows you to configure different credentials for each target to achieve greater level of security.
VMware, Inc. 91
ESX Configuration Guide
For software iSCSI only, you can set one-way CHAP and mutual CHAP for each initiator or at the target level.
Hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
Do not use CHAP The host does not use CHAP authentication. Select this Software iSCSI
option to disable authentication if it is currently enabled. Hardware iSCSI
Do not use CHAP unless The host prefers a non-CHAP connection, but can use a Software iSCSI
required by target CHAP connection if required by the target.
Use CHAP unless prohibited by The host prefers CHAP, but can use non-CHAP Software iSCSI
target connections if the target does not support CHAP. Hardware iSCSI
Use CHAP The host requires successful CHAP authentication. The Software iSCSI
connection fails if CHAP negotiation fails.
Prerequisites
Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual
CHAP. Hardware iSCSI does not support mutual CHAP.
n In one-way CHAP, the target authenticates the initiator.
n In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
for CHAP and mutual CHAP.
When configuring CHAP parameters, make sure that they match the parameters on the storage side.
For software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
For hardware iSCSI, the CHAP name should not exceed 255 and the CHAP secret 100 alphanumeric characters.
92 VMware, Inc.
Chapter 8 Configuring ESX Storage
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
Make sure that the name you specify matches the name configured on the storage side.
n To set the CHAP name to the iSCSI initiator name, select Use initiator name.
n To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator
name and enter a name in the Name field.
c Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
that you enter on the storage side.
6 To configure mutual CHAP, first configure one-way CHAP by following directions in Step 5.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual
CHAP:
c Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
7 Click OK.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing
sessions, new settings are not used until you log out and login again.
When configuring CHAP parameters, make sure that they match the parameters on the storage side. For
software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
VMware, Inc. 93
ESX Configuration Guide
Prerequisites
Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual
CHAP.
n In one-way CHAP, the target authenticates the initiator.
n In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
for CHAP and mutual CHAP.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
5 From the list of available targets, select a target you want to configure and click Settings > CHAP.
Make sure that the name you specify matches the name configured on the storage side.
n To set the CHAP name to the iSCSI initiator name, select Use initiator name.
n To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator
name and enter a name in the Name field.
d Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
that you enter on the storage side.
7 To configure mutual CHAP, first configure one-way CHAP by following directions in Step 6.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual
CHAP:
d Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
8 Click OK.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing
sessions, new settings are not used until you log out and login again.
94 VMware, Inc.
Chapter 8 Configuring ESX Storage
Disable CHAP
You can disable CHAP if your storage system does not require it.
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active
until you reboot your ESX host or the storage system forces a logout. After the session ends, you can no longer
connect to targets that require CHAP.
Procedure
2 For software iSCSI, to disable just the mutual CHAP, select Do not use CHAP under Mutual CHAP.
The mutual CHAP, if set up, automatically turns to Do not use CHAP when you disable the one-way
CHAP.
4 Click OK.
Do not make any changes to the advanced iSCSI settings unless you are working with the VMware support
team or otherwise have thorough information about the values to provide for the settings.
Table 8-2 lists advanced iSCSI parameters that you can configure using the vSphere Client. In addition, you
can use the vicfg-iscsi vSphere CLI command to configure some of the advanced parameters. For
information, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Header Digest Increases data integrity. When header digest is enabled, the system Software iSCSI
performs a checksum over each iSCSI Protocol Data Unit’s (PDU’s)
header part and verifies using the CRC32C algorithm.
Data Digest Increases data integrity. When data digest is enabled, the system Software iSCSI
performs a checksum over each PDU's data part and verifies using
the CRC32C algorithm.
NOTE Systems that use Intel Nehalem processors offload the iSCSI
digest calculations for software iSCSI, thus reducing the impact on
performance.
Maximum Defines the R2T (Ready to Transfer) PDUs that can be in transition Software iSCSI
Outstanding R2T before an acknowledge PDU is received.
First Burst Length Specifies the maximum amount of unsolicited data an iSCSI initiator Software iSCSI
can send to the target during the execution of a single SCSI command,
in bytes.
Maximum Burst Maximum SCSI data payload in a Data-In or a solicited Data-Out Software iSCSI
Length iSCSI sequence, in bytes.
Maximum Receive Maximum data segment length, in bytes, that can be received in an Software iSCSI
Data Segment Length iSCSI PDU.
VMware, Inc. 95
ESX Configuration Guide
ARP Redirect Allows storage systems to move iSCSI traffic dynamically from one Hardware iSCSI
port to another. ARP is required by storage systems that do array- (Configurable through
based failover. vSphere CLI)
Delayed ACK Allows systems to delay acknowledgment of received data packets. Software iSCSI
CAUTION Do not make any changes to the advanced iSCSI settings unless you are working with the VMware
support team or otherwise have thorough information about the values to provide for the settings.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
4 To configure advanced parameters at the initiator level, on the General tab, click Advanced. Proceed to
Step 6.
At the target level, advanced parpameters can be configured only for software iSCSI.
b From the list of available targets, select a target to configure and click Settings > Advanced.
6 Enter any required values for the advanced parameters you want to modify and click OK to save your
changes.
You can rescan all adapters on your host. If the changes you make are isolated to a specific adapter, rescan
only this adapter. If your vSphere Client is connected to a vCenter Server system, you can rescan adapters on
all hosts managed by the vCenter Server system.
Perform a rescan each time you make one of the following changes.
n Create new LUNs on a SAN.
n Change the path masking on a host.
96 VMware, Inc.
Chapter 8 Configuring ESX Storage
n Reconnect a cable.
n Make a change to a host in a cluster.
IMPORTANT Do not rescan when a path is unavailable. If one path fails, another takes over and your system
continues to be fully functional. If, however, you rescan at a time when a path is not available, the host removes
the path from its list of paths to the device. The path cannot be used by the host until the next time a rescan is
performed while the path is active.
Use this procedure if you want to limit the rescan to a particular host or an adapter on the host. If you want to
rescan adapters on all hosts managed by your vCenter Server system, you can do so by right-clicking a
datacenter, cluster, or folder that contains the hosts and selecting Rescan for Datastores.
Procedure
1 In the vSphere Client, select a host and click the Configuration tab.
2 In the Hardware panel, select Storage Adapters, and click Rescan above the Storage Adapters panel.
You can also right-click an individual adapter and click Rescan to rescan just that adapter.
3 To discover new disks or LUNs, select Scan for New Storage Devices.
4 To discover new datastores or update a datastore after its configuration has been changed, select Scan for
New VMFS Volumes.
If new datastores or VMFS volumes are discovered, they appear in the datastore list.
Prerequisites
Before creating datastores, you must install and configure any adapters that your storage requires. Rescan the
adapters to discover newly added storage devices.
Procedure
1 Log in to the vSphere Client and select the host from the Inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
NOTE Select the device that does not have a datastore name displayed in the VMFS Label column. If a
name is present, the device contains a copy of an existing VMFS datastore.
If the disk you are formatting is blank, the Current Disk Layout page automatically presents the entire
disk space for storage configuration.
VMware, Inc. 97
ESX Configuration Guide
6 If the disk is not blank, review the current disk layout in the top panel of the Current Disk Layout page
and select a configuration option from the bottom panel.
Option Description
Use all available partitions Dedicates the entire disk or LUN to a single VMFS datastore. If you select
this option, all file systems and data currently stored on this device is
destroyed.
Use free space Deploys a VMFS datastore in the remaining free space of the disk.
7 Click Next.
10 Click Next.
11 In the Ready to Complete page, review the datastore configuration information and click Finish.
A datastore on the SCSI-based storage device is created. If you use the vCenter Server system to manage your
hosts, the newly created datastore is automatically added to all hosts.
The NFS client built into ESX lets you access the NFS server and use NFS volumes for storage. ESX supports
only NFS Version 3 over TCP.
You use the vSphere Client to configure NFS volumes as datastores. Configured NFS datastores appear in the
vSphere Client, and you can use them to store virtual disk files in the same way that you use VMFS-based
datastores.
NOTE ESX does not support the delegate user functionality that enables access to NFS volumes using non-
root credentials.
Figure 8-4 depicts a virtual machine using the NFS volume to store its files. In this configuration, the host
connects to the NFS server, which stores the virtual disk files, through a regular network adapter.
98 VMware, Inc.
Chapter 8 Configuring ESX Storage
Host
virtual
machine
ethernet
NIC
LAN
NFS
NAS appliance
The virtual disks that you create on NFS-based datastores use a disk format dictated by the NFS server, typically
a thin format that requires on-demand space allocation. If the virtual machine runs out of space while writing
to this disk, the vSphere Client notifies you that more space is needed. You have the following options:
n Free up additional space on the volume so that the virtual machine continues writing to the disk.
n Terminate the virtual machine session. Terminating the session shuts down the virtual machine.
CAUTION When your host accesses a virtual machine disk file on an NFS-based datastore, a .lck-XXX lock file
is generated in the same directory where the disk file resides to prevent other hosts from accessing this virtual
disk file. Do not remove the .lck-XXX lock file, because without it, the running virtual machine cannot access
its virtual disk file.
To use NFS as a shared repository, you create a directory on the NFS server and then mount it as a datastore
on all hosts. If you use the datastore for ISO images, you can connect the virtual machine's CD-ROM device to
an ISO file on the datastore and install a guest operating system from the ISO file.
NOTE If the underlying NFS volume, on which the files are stored, is read-only, make sure that the volume is
exported as a read-only share by the NFS server, or configure it as a read-only datastore on the ESX host.
Otherwise, the host considers the datastore to be read-write and might not be able to open the files.
VMware, Inc. 99
ESX Configuration Guide
Prerequisites
Because NFS requires network connectivity to access data stored on remote servers, before configuring NFS,
you must first configure VMkernel networking.
Procedure
1 Log in to the vSphere Client and select the host from the Inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
4 Select Network File System as the storage type and click Next.
5 Enter the server name, the mount point folder name, and the datastore name.
NOTE When you mount the same NFS volume on different hosts, make sure that the server and folder
names are identical across the hosts. If the names do not match exactly, for example, if you enter share as
the folder name on one host and /share on the other, the hosts see the same NFS volume as two different
datastores. This might result in a failure of such features as vMotion.
6 (Optional) Select Mount NFS read only if the volume is exported as read only by the NFS server.
7 Click Next.
8 In the Network File System Summary page, review the configuration options and click Finish.
A diagnostic partition cannot be located on an iSCSI LUN accessed through a software iSCSI initiator.
Each host must have a diagnostic partition of 100MB. If multiple hosts share a SAN, configure a diagnostic
partition with 100MB for each host.
CAUTION If two hosts that share a diagnostic partition fail and save core dumps to the same slot, the core
dumps might be lost. To collect core dump data, reboot a host and extract log files immediately after the host
fails. However, if another host fails before you collect the diagnostic data of the first host, the second host will
fail to save the core dump.
With the ESX host, you typically create a diagnostic partition when installing ESX by selecting Recommended
Partitioning. The installer automatically creates a diagnostic partition for your host. If you select Advanced
Partitioning and choose not to specify the diagnostic partition during installation, you can configure it using
the Add Storage wizard.
Procedure
1 Log in to the vSphere Client and select the host from the Inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
If you do not see Diagnostic as an option, the host already has a diagnostic partition.
You can query and scan the host’s diagnostic partition using the vicfg-dumppart -l command on the
vSphere CLI.
Option Description
Private Local Creates the diagnostic partition on a local disk. This partition stores fault
information only for your host.
Private SAN Storage Creates the diagnostic partition on a non-shared SAN LUN. This partition
stores fault information only for your host.
Shared SAN Storage Creates the diagnostic partition on a shared SAN LUN. This partition is
accessed by multiple hosts and can store fault information for more than one
host.
6 Click Next.
7 Select the device to use for the diagnostic partition and click Next.
8 Review the partition configuration information and click Finish.
Managing Datastores
An ESX system uses datastores to store all files associated with its virtual machines. After you create datastores,
you can manage them by performing a number of tasks.
A datastore is a logical storage unit that can use disk space on one physical device, one disk partition, or span
several physical devices. The datastore can exist on different types of physical devices, including SCSI, iSCSI,
Fibre Channel SAN, or NFS.
Datastores are added to the vSphere Client in one of the following ways:
n Discovered when a host is added to the inventory. The vSphere Client displays any datastores that the
host can recognize.
n Created on an available storage device using the Add Storage command.
After the datastores are created, you can use them to store virtual machine files. You can manage them by
renaming, removing, and setting access control permissions. In addition, you can group datastores to organize
them and set the same permissions across the group at one time.
For information on setting access control permissions on a datastore, see the vSphere Client Help.
Rename Datastores
You can change the name of an existing datastore.
Procedure
Group Datastores
If you use the vCenter Server system to manage your hosts, group datastores into folders. This allows you to
organize your datastores according to business practices and to assign the same permissions and alarms on
the datastores in the group at one time.
Procedure
Delete Datastores
You can delete any type of VMFS datastore, including copies that you have mounted without resignaturing.
When you delete a datastore, it is destroyed and disappears from all hosts that have access to the datastore.
Prerequisites
Before deleting a datastore, remove all virtual machines from the datastore. Make sure that no other host is
accessing the datastore.
Procedure
Unmount Datastores
When you unmount a datastore, it remains intact, but can no longer be seen from the hosts that you specify.
It continues to appear on other hosts, where it remains mounted.
Procedure
3 If the datastore is shared, specify which hosts should no longer access the datastore.
a If needed, deselect the hosts where you want to keep the datastore mounted.
b Click Next.
c Review the list of hosts from which to unmount the datastore, and click Finish.
Datastores that use the VMFS format are deployed on SCSI-based storage devices.
You cannot reformat a VMFS datastore that a remote host is using. If you attempt to, a warning appears that
specifies the name of the datastore in use and the host that is using it. This warning also appears in the VMkernel
and vmkwarning log files.
Depending on whether your vSphere Client is connected to a vCenter Server system or directly to a host,
different ways to access the Datastore Properties dialog box exist.
n vCenter Server only. To access the Datastore Properties dialog box, select the datastore form the inventory,
click the Configuration tab, and click Properties.
n vCenter Server and ESX/ESXi host. To access the Datastore Properties dialog box, select a host from the
inventory, click the Configuration tab and click Storage. From the Datastores view, select the datastore
to modify and click Properties.
NOTE You cannot add a local extent to a datastore located on a SAN LUN.
n Grow an extent in an existing VMFS datastore. Only extents with free space immediately after them are
expandable. As a result, rather than adding the new extent, you can grow the existing extent so that it fills
the available adjacent capacity.
NOTE If a shared datastore has powered on virtual machines and becomes 100% full, you can increase the
datastore's capacity only from the host, with which the powered on virtual machines are registered.
Procedure
1 Log in to the vSphere Client and select a host from the Inventory panel.
3 From the Datastores view, select the datastore to increase and click Properties.
4 Click Increase.
5 Select a device from the list of storage devices and click Next.
n If you want to add a new extent, select the device for which the Expandable column reads No.
n If you want to expand an existing extent, select the device for which the Expandable column reads
Yes.
Depending on the current layout of the disk and on your previous selections, the options you see might
vary.
Option Description
Use free space to add new extent Adds the free space on this disk as a new datastore extent.
Use free space to expand existing Grows an existing extent to a required capacity.
extent
Use free space Deploys an extent in the remaining free space of the disk. This option is
available only when adding an extent.
Use all available partitions Dedicates the entire disk to a single datastore extent. This option is available
only when adding an extent and when the disk you are formatting is not
blank. The disk is reformatted, and the datastores and any data that it
contains are erased.
8 Click Next.
9 Review the proposed layout and the new configuration of your datastore, and click Finish.
What to do next
After you grow an extent in a shared VMFS datastore, refresh the datastore on each host that can access this
datastore, so that the vSphere Client can display the correct datastore capacity for all hosts.
Upgrade Datastores
ESX includes VMFS version 3 (VMFS-3). If your datastore was formatted with VMFS-2, you can read files
stored on VMFS-2, but you cannot write to them. To have complete access to the files, upgrade VMFS-2 to
VMFS-3.
When you upgrade VMFS-2 to VMFS-3, the ESX file-locking mechanism ensures that no remote host or local
process is accessing the VMFS datastore being converted. Your host preserves all files on the datastore.
As a precaution, before you use the upgrade option, consider the following:
n Commit or discard any changes to virtual disks in the VMFS-2 volume that you plan to upgrade.
n Back up the VMFS-2 volume.
n Be sure that no powered on virtual machines are using the VMFS-2 volume.
n Be sure that no other ESX host is accessing the VMFS-2 volume.
The VMFS-2 to VMFS-3 conversion is a one-way process. After you convert the VMFS-based datastore to
VMFS-3, you cannot revert it back to VMFS-2.
To upgrade the VMFS-2 file system, its file block size must not exceed 8MB.
Procedure
1 Log in to the vSphere Client and select a host from the Inventory panel.
ESX can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore copy
with its original UUID or change the UUID, thus resignaturing the datastore.
For example, you can maintain synchronized copies of virtual machines at a secondary site as part of a disaster
recovery plan. In the event of a disaster at the primary site, you can mount the datastore copy and power on
the virtual machines at the secondary site.
IMPORTANT You can mount a VMFS datastore only if it does not collide with an already mounted VMFS
datastore that has the same UUID.
When you mount the VMFS datastore, ESX allows both reads and writes to the datastore residing on the LUN
copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system reboots.
Because ESX does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.
Prerequisites
Before you mount a VMFS datastore, perform a storage rescan on your host so that it updates its view of LUNs
presented to it.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
If you later want to resignature the mounted datastore, you must unmount it first.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID> is
an integer and <oldLabel> is the label of the original datastore.
Prerequisites
Before you resignature a VMFS datastore, perform a storage rescan on your host so that the host updates its
view of LUNs presented to it and discovers any LUN copies.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
6 Under Mount Options, select Assign a New Signature and click Next.
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
In case of a failure of an element in the SAN network, such as an HBA, switch, or cable, ESX can fail over to
another physical path. In addition to path failover, multipathing offers load balancing, which redistributes I/
O loads between multiple paths, thus reducing or removing potential bottlenecks.
The VMkernel multipathing plugin that ESX provides by default is the VMware Native Multipathing Plugin
(NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP subplugins,
Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be built-in and
provided by VMware, or can be provided by a third party.
If more multipathing functionality is required, a third party can also provide an MPP to run in addition to, or
as a replacement for, the default NMP.
When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the following
tasks:
n Loads and unloads multipathing plugins.
n Hides virtual machine specifics from a particular plugin.
n Routes I/O requests for a specific logical device to the MPP managing that device.
n Handles I/O queuing to the logical devices.
n Implements logical device bandwidth sharing between virtual machines.
n Handles I/O queueing to the physical storage HBAs.
n Handles physical path discovery and removal.
n Provides logical device and physical path I/O statistics.
As Figure 9-1 illustrates, multiple third-party MPPs can run in parallel with the VMware NMP. The third-party
MPPs can replace the behavior of the NMP and take complete control of the path failover and the load-
balancing operations for specified storage devices.
Figure 9-1. Pluggable Storage Architecture
VMkernel
VMware SATP
Generally, the VMware NMP supports all storage arrays listed on the VMware storage HCL and provides a
default path selection algorithm based on the array type. The NMP associates a set of physical paths with a
specific storage device, or LUN. The specific details of handling path failover for a given storage array are
delegated to a Storage Array Type Plugin (SATP). The specific details for determining which physical path is
used to issue an I/O request to a storage device are handled by a Path Selection Plugin (PSP). SATPs and PSPs
are sub-plugins within the NMP module.
VMware SATPs
Storage Array Type Plugins (SATPs) run in conjunction with the VMware NMP and are responsible for array-
specific operations.
ESX offers an SATP for every type of array that VMware supports. These SATPs include an active/active SATP
and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage. Each
SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
specific operations required to detect path state and to activate an inactive path. As a result, the NMP module
can work with multiple storage arrays without having to be aware of the storage device specifics.
After the NMP determines which SATP to call for a specific storage device and associates the SATP with the
physical paths for that storage device, the SATP implements the tasks that include the following:
n Monitors health of each physical path.
n Reports changes in the state of each physical path.
n Performs array-specific actions necessary for storage fail-over. For example, for active/passive devices, it
can activate passive paths.
VMware PSPs
Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a
physical path for I/O requests.
The VMware NMP assigns a default PSP for every logical device based on the SATP associated with the physical
paths for that device. You can override the default PSP.
Most Recently Used Selects the path the ESX host used most recently to access the given device. If
(MRU) this path becomes unavailable, the host switches to an alternative path and
continues to use the new path while it is available.
Fixed Uses the designated preferred path, if it has been configured. Otherwise, it uses
the first working path discovered at system boot time. If the host cannot use
the preferred path, it selects a random alternative available path. The host
automatically reverts back to the preferred path as soon as that path becomes
available.
NOTE With active-passive arrays that have a Fixed path policy, path thrashing
might be a problem.
Round Robin (RR) Uses a path selection algorithm that rotates through all available paths enabling
load balancing across the paths.
When a virtual machine issues an I/O request to a storage device managed by the NMP, the following process
takes place.
2 The PSP selects an appropriate physical path on which to issue the I/O.
4 If the I/O operation reports an error, the NMP calls an appropriate SATP.
5 The SATP interprets the I/O command errors and, when appropriate, activates inactive paths.
6 The PSP is called to select a new path on which to issue the I/O.
To support path switching with FC SAN, the ESX host typically has two or more HBAs available from which
the storage array can be reached using one or more switches. Alternatively, the setup can include one HBA
and two storage processors so that the HBA can use a different path to reach the disk array.
In Figure 9-2, multiple paths connect each server with the storage device. For example, if HBA1 or the link
between HBA1 and the switch fails, HBA2 takes over and provides the connection between the server and the
switch. The process of one HBA taking over for another is called HBA failover.
switch switch
SP1 SP2
storage array
Similarly, if SP1 or the link between SP1 and the switch breaks, SP2 takes over and provides the connection
between the switch and the storage device. This process is called SP failover. ESX supports HBA and SP failover
with its multipathing capability.
ESX can use multipathing support built into the IP network, which allows the network to perform routing.
Through dynamic discovery, iSCSI initiators obtain a list of target addresses that the initiators can use as
multiple paths to iSCSI LUNs for failover purposes.
With the hardware iSCSI, the host can have two or more hardware iSCSI adapters and use them as different
paths to reach the storage system.
As Figure 9-3 illustrates, the host has two hardware iSCSI adapters, HBA1 and HBA2, that provide two physical
paths to the storage system. Multipathing plugins on the host, whether the VMkernel NMP or any third-party
MPPs, have access to the paths by default and can monitor the health of each physical path. If, for example,
HBA1 or the link between HBA1 and the network fails, the multipathing plugins can switch the path over to
HBA2.
HBA2 HBA1
IP network
SP
iSCSI storage
With the software iSCSI, as Figure 9-4 shows, you can use multiple NICs that provide failover and load-
balancing capabilities for iSCSI connections between the host and storage systems.
For this setup, because multipathing plugins do not have direct access to the physical NICs on your host, you
must first connect each physical NIC to a separate VMkernel port. You then associate all VMkernel ports with
the software iSCSI initiator using a port binding technique. As a result, each VMkernel port connected to a
separate NIC becomes a different path that the iSCSI storage stack and its storage-aware multipathing plugins
can use.
For more information on this setup, see the iSCSI SAN Configuration Guide.
software initiator
NIC2 NIC1
IP network
SP
iSCSI storage
By default, the host performs a periodic path evaluation every 5 minutes causing any unclaimed paths to be
claimed by the appropriate MPP.
The claim rules are numbered. For each physical path, the host runs through the claim rules starting with the
lowest number first. The attributes of the physical path are compared to the path specification in the claim rule.
If there is a match, the host assigns the MPP specified in the claim rule to manage the physical path. This
continues until all physical paths are claimed by corresponding MPPs, either third-party multipathing plugins
or the native multipathing plugin (NMP).
For the paths managed by the NMP module, a second set of claim rules is applied. These rules determine which
SATP should be used to manage the paths from a specific array type, and which PSP is to be used for each
storage device. For example, for a storage device that belongs to the EMC CLARiiON CX storage family, the
default SATP is VMW_SATP_CX and the default PSP is Most Recently Used.
Use the vSphere Client to view which SATP and PSP the host is using for a specific storage device and the
status of all available paths for this storage device. If needed, you can change the default VMware PSP using
the vSphere Client. To change the default SATP, you need to modify claim rules using the vSphere CLI.
For detailed descriptions of the commands available to manage PSA, see the vSphere Command-Line Interface
Installation and Reference Guide.
The path information includes the SATP assigned to manage the device, the path selection policy (PSP), and
a list of paths with their physical characteristics, such as an adapter and target each path uses, and the status
of each path. The following path status information can appear:
Active Paths available for issuing I/O to a LUN. A single or multiple working paths
currently used for transferring data are marked as Active (I/O).
NOTE For hosts that run ESX 3.5 or earlier, the term active means the only path
that the host is using to issue I/O to a LUN.
Standby The path is operational and can be used for I/O if active paths fail.
Broken The software cannot connect to the disk through this path.
If you are using the Fixed path policy, you can see which path is the preferred path. The preferred path is
marked with an asterisk (*) in the Preferred column.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
4 From the list of configured datastores, select the datastore whose paths you want to view or configure.
The Details panel shows the total number of paths being used to access the device and whether any of
them are broken or disabled.
5 Click Properties > Manage Paths to open the Manage Paths dialog box.
You can use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and
specify the preferred path.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed on
your host, its policy also appears on the list.
Fixed (VMware) The host always uses the preferred path to the disk when that path is available.
If the host cannot access the disk through the preferred path, it tries the
alternative paths. The default policy for active-active storage devices is Fixed.
Most Recently Used The host uses a path to the disk until the path becomes unavailable. When the
(VMware) path becomes unavailable, the host selects one of the alternative paths. The host
does not revert back to the original path when that path becomes available
again. There is no preferred path setting with the MRU policy. MRU is the
default policy for active-passive storage devices and is required for those
devices.
Round Robin (VMware) The host uses an automatic path selection algorithm rotating through all
available paths. This implements load balancing across all the available
physical paths.
Load balancing is the process of spreading server I/O requests across all
available host paths. The goal is to optimize performance in terms of
throughput (I/O per second, megabytes per second, or response times).
Table 9-1 summarizes how the behavior of host changes, depending on the type of array and the failover policy.
Most Recently Used Administrator action is required to fail back Administrator action is required to fail back
after path failure. after path failure.
Fixed VMkernel resumes using the preferred path VMkernel attempts to resume using the
when connectivity is restored. preferred path. This can cause path thrashing
or failure when another SP now owns the
LUN.
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed
on your host, its policy also appears on the list.
n Fixed (VMware)
n Most Recently Used (VMware)
n Round Robin (VMware)
3 For the fixed policy, specify the preferred path by right-clicking the path you want to assign as the
preferred path, and selecting Preferred.
Disable Paths
You can temporarily disable paths for maintenance or other reasons. You can do so using the vSphere Client.
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
2 In the Paths panel, right-click the path to disable, and select Disable.
You can also disable a path from the adapter’s Paths view by right-clicking the path in the list and selecting
Disable.
Thin Provisioning
When you create a virtual machine, a certain amount of storage space on a datastore is provisioned or allocated
to the virtual disk files.
By default, ESX offers a traditional storage provisioning method during creation in which you estimate how
much storage the virtual machine will need for its entire life cycle, provision a fixed amount of storage space
to its virtual disk, and have the entire provisioned space committed to the virtual disk. A virtual disk that
immediately occupies the entire provisioned space is called a thick disk. Creating virtual disks in thick format
can lead to underutilization of datastore capacity, because large amounts of storage space, pre-allocated to
individual virtual machines, might remain unused.
To help avoid over-allocating storage space and save storage, ESX supports thin provisioning, which lets you,
in the beginning, use just as much storage capacity as currently needed and then add the required amount of
storage space at a later time. Using the ESX thin provisioning feature, you can create virtual disks in a thin
format. For a thin virtual disk, ESX provisions the entire space required for the disk’s current and future
activities, but commits only as much storage space as the disk needs for its initial operations.
The following disk formats are supported. You cannot specify the disk format if the disk resides on an NFS
datastore. The NFS server determines the allocation policy for the disk.
Thin Provisioned Format Use this format to save storage space. For the thin disk, you provision as much
datastore space as the disk would require based on the value you enter for the
disk size. However, the thin disk starts small and at first, uses only as much
datastore space as the disk actually needs for its initial operations.
If the thin disk needs more space later, it can grow to its maximum capacity
and occupy the entire datastore space provisioned to it. Also, you can manually
convert the thin disk into thick.
Thick Format This is the default virtual disk format. The thick virtual disk does not change
its size and from the very beginning occupies the entire datastore space
provisioned to it. Thick format does not zero out the blocks in the allocated
space. It is not possible to convert the thick disk into thin.
This procedure assumes that you are creating a typical or custom virtual machine using the New Virtual
Machine wizard.
Prerequisites
You can create thin disks only on the datastores that support thin provisioning. If a disk resides on an NFS
datastore, you cannot specify the disk format because the NFS server determines the allocation policy for the
disk.
Procedure
u In the Create a Disk dialog box, select Allocate and commit space on demand (Thin Provisioning).
A virtual disk in thin format is created. If you do not select the Thin Provisioning option, your virtual disk will
have the default thick format.
What to do next
If you created a virtual disk in the thin format, you can later inflate it to its full size.
Procedure
Procedure
2 Click Edit Settings to display the Virtual Machine Properties dialog box.
3 Click the Hardware tab and select the appropriate hard disk in the Hardware list.
The Disk Provisioning section on the right shows the type of your virtual disk, either Thin or Thick.
4 Click OK.
What to do next
If your virtual disk is in the thin format, you can inflate it to its full size.
Procedure
2 Click the Summary tab and, under Resources, double-click the datastore for the virtual machine to open
the Datastore Browser dialog box.
3 Click the virtual machine folder to find the virtual disk file you want to convert. The file has the .vmdk
extension.
The virtual disk in thick format occupies the entire datastore space originally provisioned to it.
Over-subscription can be possible because usually not all virtual machines with thin disks need the entire
provisioned datastore space simultaneously. However, if you want to avoid over-subscribing the datastore,
you can set up an alarm that notifies you when the provisioned space reaches a certain threshold.
To turn off the filters, you use the Advanced Settings page to modify the vCenter Server configuration file,
vpxd.cfg. This page can be used to add entries to the file, but not to edit or delete them.
As with any advanced configuration settings, consult with the VMware support team before making any
changes to the LUN filters. Do not turn the filters off unless you have other methods to prevent LUN corruption.
Procedure
1 Select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.
Key Description
config.vpxd.filter.vmfsFilter VMFS Filter
config.vpxd.filter.rdmFilter RDM Filter
config.vpxd.filter.SameHostAndTra Same Host and Transports Filter
nsportsFilter
config.vpxd.filter.hostRescanFilter Host Rescan Filter
5 Click Add.
6 Click OK.
What to do next
VMFS Filter Filters out any storage devices, or LUNs, that are config.vpxd.filter.vmfsFilter
already used by another VMFS datastore on any
host managed by the vCenter Server. Prevents
LUN sharing by multiple datastores or a datastore
and RDM combination.
RDM Filter Filters out any LUNs that are already referenced config.vpxd.filter.rdmFilter
by another RDM on any host managed by the
vCenter Server. Prevents LUN sharing by a
datastore and RDM combination. In addition, the
filter prevents virtual machines from accessing
the same LUN through different RDM mapping
files.
If you need virtual machines to access the same
raw LUN, they must share the same RDM
mapping file. For details on this type of
configuration, see Setup for Failover Clustering and
Microsoft Cluster Service.
Same Host and Filters out LUNs ineligible for use as VMFS config.vpxd.filter.SameHostAndTransportsFi
Transports Filter datastore extents due a host or storage type lter
incompatibility. Prevents you from adding the
following LUNs as extents:
n LUNs not exposed to all hosts that share the
original VMFS datastore.
n LUNs that use a storage type different from
the one the original VMFS datastore uses. For
example, you cannot add a Fibre Channel
extent to a VMFS datastore on a local storage
device.
The following topics contain information about RDMs and provide instructions on how to create and manage
RDMs.
The file gives you some of the advantages of direct access to a physical device while keeping some advantages
of a virtual disk in VMFS. As a result, it merges VMFS manageability with raw device access.
RDMs can be described in terms such as mapping a raw device into a datastore, mapping a system LUN, or
mapping a disk file to a physical disk volume. All these terms refer to RDMs.
Figure 10-1. Raw Device Mapping
Virtual
machine
opens reads,
writes
VMFS volume
address
mapping file mapped device
resolution
Although VMware recommends that you use VMFS datastores for most virtual disk storage, on certain
occasions, you might need to use raw LUNs or logical disks located in a SAN.
For example, you need to use raw LUNs with RDMs in the following situations:
n When SAN snapshot or other layered applications are run in the virtual machine. The RDM better enables
scalable backup offloading systems by using features inherent to the SAN.
n In any MSCS clustering scenario that spans physical hosts — virtual-to-virtual clusters as well as physical-
to-virtual clusters. In this case, cluster data and quorum disks should be configured as RDMs rather than
as files on a shared VMFS.
Think of an RDM as a symbolic link from a VMFS volume to a raw LUN. The mapping makes LUNs appear
as files in a VMFS volume. The RDM, not the raw LUN, is referenced in the virtual machine configuration. The
RDM contains a reference to the raw LUN.
Using RDMs, you can:
n Use vMotion to migrate virtual machines using raw LUNs.
n Add raw LUNs to virtual machines using the vSphere Client.
n Use file system features such as distributed file locking, permissions, and naming.
User-Friendly Persistent Provides a user-friendly name for a mapped device. When you use an RDM,
Names you do not need to refer to the device by its device name. You refer to it by the
name of the mapping file, for example:
/vmfs/volumes/myVolume/myVMDirectory/myRawDisk.vmdk
Dynamic Name Stores unique identification information for each mapped device. VMFS
Resolution associates each RDM with its current SCSI device, regardless of changes in the
physical configuration of the server because of adapter hardware changes, path
changes, device relocation, and so on.
Distributed File Locking Makes it possible to use VMFS distributed locking for raw SCSI devices.
Distributed locking on an RDM makes it safe to use a shared raw LUN without
losing data when two virtual machines on different servers try to access the
same LUN.
File Permissions Makes file permissions possible. The permissions of the mapping file are
enforced at file-open time to protect the mapped volume.
File System Operations Makes it possible to use file system utilities to work with a mapped volume,
using the mapping file as a proxy. Most operations that are valid for an ordinary
file can be applied to the mapping file and are redirected to operate on the
mapped device.
vMotion Lets you migrate a virtual machine with vMotion. The mapping file acts as a
proxy to allow vCenter Server to migrate the virtual machine by using the same
mechanism that exists for migrating virtual disk files.
Figure 10-2. vMotion of a Virtual Machine Using Raw Device Mapping
Host 1 Host 2
VMotion
VM1 VM2
VMFS volume
mapping file
address
resolution
mapped device
SAN Management Makes it possible to run some SAN management agents inside a virtual
Agents machine. Similarly, any software that needs to access a device by using
hardware-specific SCSI commands can be run in a virtual machine. This kind
of software is called SCSI target-based software. When you use SAN
management agents, select a physical compatibility mode for the RDM.
N-Port ID Virtualization Makes it possible to use the NPIV technology that allows a single Fibre Channel
(NPIV) HBA port to register with the Fibre Channel fabric using several worldwide
port names (WWPNs). This ability makes the HBA port appear as multiple
virtual ports, each having its own ID and virtual port name. Virtual machines
can then claim each of these virtual ports and use them for all RDM traffic.
NOTE You can use NPIV only for virtual machines with RDM disks.
VMware works with vendors of storage management software to ensure that their software functions correctly
in environments that include ESX. Some applications of this kind are:
n SAN management software
n Storage resource management (SRM) software
n Snapshot software
n Replication software
Such software uses a physical compatibility mode for RDMs so that the software can access SCSI devices
directly.
Various management products are best run centrally (not on the ESX machine), while others run well on the
service console or on the virtual machines. VMware does not certify these applications or provide a
compatibility matrix. To find out whether a SAN management application is supported in an ESX environment,
contact the SAN management software provider.
Key contents of the metadata in the mapping file include the location of the mapped device (name resolution),
the locking state of the mapped device, permissions, and so on.
In virtual mode, the mapped device appears to the guest operating system exactly the same as a virtual disk
file in a VMFS volume. The real hardware characteristics are hidden. If you are using a raw disk in virtual
mode, you can realize the benefits of VMFS such as advanced file locking for data protection and snapshots
for streamlining development processes. Virtual mode is also more portable across storage hardware than
physical mode, presenting the same behavior as a virtual disk file.
In physical mode, the VMkernel passes all SCSI commands to the device, with one exception: the REPORT
LUNs command is virtualized so that the VMkernel can isolate the LUN for the owning virtual machine.
Otherwise, all physical characteristics of the underlying hardware are exposed. Physical mode is useful to run
SAN management agents or other SCSI target-based software in the virtual machine. Physical mode also allows
virtual-to-physical clustering for cost-effective high availability.
virtual machine 1
VMFS
virtual machine 1
VMFS
The example in Figure 10-4 shows three LUNs. LUN 1 is accessed by its device name, which is relative to the
first visible LUN. LUN 2 is a mapped device, managed by an RDM on LUN 3. The RDM is accessed by its path
name in the /vmfs subtree, which is fixed.
HBA 0 HBA 1
(/vmfs/volumes/myVolume
(vmhba0:0:1:0)
/myVMDirectory/mymapfile)
)
:0
LUN 3
:1
:0
a1
hb
m
(v
mapping file
VMFS
LUN 1
vmhba0:0:3:0
LUN 2
vmhba0:0:2:0
VMFS uniquely identifies all mapped LUNs, and the identification is stored in its internal data structures. Any
change in the SCSI path, such as a Fibre Channel switch failure or the addition of a new host bus adapter, can
change the device name. Dynamic name resolution compensates for these changes by adjusting the data
structures to retarget LUNs to their new device names.
Host 3 Host 4
VM3 VM4
“shared” access
address
mapping file mapped
resolutiion device
VMFS volume
To help you choose among the available access modes for SCSI devices, Table 10-1 provides a quick comparison
of features available with the different modes.
Table 10-1. Features Available with Virtual Disks and Raw Device Mappings
ESX Features Virtual Disk File Virtual Mode RDM Physical Mode RDM
VMware recommends that you use virtual disk files for the cluster-in-a-box type of clustering. If you plan to
reconfigure your cluster-in-a-box clusters as cluster-across-boxes clusters, use virtual mode RDMs for the
cluster-in-a-box clusters.
Additional tools available to manage mapped LUNs and their RDMs include the vmkfstools utility and other
commands used with the vSphere CLI. You can use the vmkfstools utility to perform many of the same
operations available through the vSphere Client.
You can also use common file system commands in the service console.
You can create the RDM as an initial disk for a new virtual machine or add it to an existing virtual machine.
When creating the RDM, you specify the LUN to be mapped and the datastore on which to put the RDM.
Procedure
2 In the Select a Disk page, select Raw Device Mapping, and click Next.
3 From the list of SAN disks or LUNs, select a raw LUN for your virtual machine to access directly.
You can place the RDM file on the same datastore where your virtual machine configuration file resides,
or select a different datastore.
NOTE To use vMotion for virtual machines with enabled NPIV, make sure that the RDM files of the virtual
machines are located on the same datastore. You cannot perform Storage vMotion or VMotion between
datastores when NPIV is enabled.
Option Description
Physical Allows the guest operating system to access the hardware directly. Physical
compatibility is useful if you are using SAN-aware applications on the virtual
machine. However, a virtual machine with a physical compatibility RDM
cannot be cloned, made into a template, or migrated if the migration involves
copying the disk.
Virtual Allows the RDM to behave as if it were a virtual disk, so you can use such
features as snapshotting, cloning, and so on.
Option Description
Persistent Changes are immediately and permanently written to the disk.
Nonpersistent Changes to the disk are discarded when you power off or revert to the
snapshot.
8 Click Next.
9 In the Ready to Complete New Virtual Machine page, review your selections.
Procedure
1 Log in as administrator or as the owner of the virtual machine to which the mapped disk belongs.
2 Select the virtual machine from the Inventory panel.
4 On the Hardware tab, select Hard Disk, then click Manage Paths.
5 Use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and specify the
preferred path.
For information on managing paths, see “Using Multipathing with ESX,” on page 109.
VMware
Virtualization
Layer (VMkernel) Virtual
Networking
Layer
Memory Hardening The ESX kernel, user-mode applications, and executable components such as
drivers and libraries are located at random, non-predictable memory
addresses. Combined with the non-executable memory protections made
available by microprocessors, this provides protection that makes it difficult
for malicious code to use memory exploits to take advantage of vulnerabilities.
Kernel Module Integrity Digital signing ensures the integrity and authenticity of modules, drivers and
applications as they are loaded by the VMkernel. Module signing allows ESX
to identify the providers of modules, drivers, or applications and whether they
are VMware-certified.
Even a user with system administrator privileges on a virtual machine’s guest operating system cannot breach
this layer of isolation to access another virtual machine without privileges explicitly granted by the ESX system
administrator. As a result of virtual machine isolation, if a guest operating system running in a virtual machine
fails, other virtual machines on the same host continue to run. The guest operating system failure has no effect
on:
n The ability of users to access the other virtual machines
n The ability of the operational virtual machines to access the resources they need
n The performance of the other virtual machines
Each virtual machine is isolated from other virtual machines running on the same hardware. Although virtual
machines share physical resources such as CPU, memory, and I/O devices, a guest operating system on an
individual virtual machine cannot detect any device other than the virtual devices made available to it, as
shown in Figure 11-2.
Operating System
Because the VMkernel mediates the physical resources and all physical hardware access takes place through
the VMkernel, virtual machines cannot circumvent this level of isolation.
Just as a physical machine communicates with other machines in a network through a network card, a virtual
machine communicates with other virtual machines running in the same host through a virtual switch. Further,
a virtual machine communicates with the physical network, including virtual machines on other ESX hosts,
through a physical network adapter, as shown in Figure 11-3.
Figure 11-3. Virtual Networking Through Virtual Switches
ESX
virtual virtual
network network
adapter adapter
VMkernel
You can further protect virtual machines by setting up resource reservations and limits on the host. For
example, through the detailed resource controls available in ESX, you can configure a virtual machine so that
it always receives at least 10 percent of the host’s CPU resources, but never more than 20 percent.
Resource reservations and limits protect virtual machines from performance degradation that would result if
another virtual machine consumed excessive shared hardware resources. For example, if one of the virtual
machines on a host is incapacitated by a denial-of-service (DoS) attack, a resource limit on that machine
prevents the attack from taking up so much of the hardware resources that the other virtual machines are also
affected. Similarly, a resource reservation on each of the virtual machines ensures that, in the event of high
resource demands by the virtual machine targeted by the DoS attack, all the other virtual machines still have
enough resources to operate.
By default, ESX imposes a form of resource reservation by applying a distribution algorithm that divides the
available host resources equally among the virtual machines while keeping a certain percentage of resources
for use by other system components. This default behavior provides a degree of natural protection from DoS
and distributed denial-of-service (DDoS) attacks. You set specific resource reservations and limits on an
individual basis to customize the default behavior so that the distribution is not equal across the virtual machine
configuration.
The methods you use to secure a virtual machine network depend on which guest operating system is installed,
whether the virtual machines operate in a trusted environment, and a variety of other factors. Virtual switches
provide a substantial degree of protection when used with other common security practices, such as installing
firewalls.
ESX also supports IEEE 802.1q VLANs, which you can use to further protect the virtual machine network,
service console, or storage configuration. VLANs let you segment a physical network so that two machines on
the same physical network cannot send packets to or receive packets from each other unless they are on the
same VLAN.
ESX
In this example, four virtual machines are configured to create a virtual DMZ on Virtual Switch 2:
n Virtual Machine 1 and Virtual Machine 4 run firewalls and are connected to virtual adapters through
virtual switches. Both of these virtual machines are multi homed.
n Virtual Machine 2 runs a Web server, and Virtual Machine 3 runs as an application server. Both of these
virtual machines are single-homed.
The Web server and application server occupy the DMZ between the two firewalls. The conduit between these
elements is Virtual Switch 2, which connects the firewalls with the servers. This switch has no direct connection
with any elements outside the DMZ and is isolated from external traffic by the two firewalls.
From an operational viewpoint, external traffic from the Internet enters Virtual Machine 1 through Hardware
Network Adapter 1 (routed by Virtual Switch 1) and is verified by the firewall installed on this machine. If the
firewall authorizes the traffic, it is routed to the virtual switch in the DMZ, Virtual Switch 2. Because the Web
server and application server are also connected to this switch, they can serve external requests.
Virtual Switch 2 is also connected to Virtual Machine 4. This virtual machine provides a firewall between the
DMZ and the internal corporate network. This firewall filters packets from the Web server and application
server. If a packet is verified, it is routed to Hardware Network Adapter 2 through Virtual Switch 3. Hardware
Network Adapter 2 is connected to the internal corporate network.
When creating a DMZ on a single host, you can use fairly lightweight firewalls. Although a virtual machine
in this configuration cannot exert direct control over another virtual machine or access its memory, all the
virtual machines are still connected through a virtual network. This network could be used for virus
propagation or targeted for other types of attacks. The security of the virtual machines in the DMZ is equivalent
to separate physical machines connected to the same network.
ESX
VM 2
internal
user
VM 3 VM 6
internal firewall
user server
VM 4 VM 7
internal Web
user server
VM 1 VM 5 VM 8
physical network
adapters
In Figure 11-5 the system administrator configured a host into three distinct virtual machine zones: FTP server,
internal virtual machines, and DMZ. Each zone serves a unique function.
FTP server Virtual Machine 1 is configured with FTP software and acts as a holding area
for data sent to and from outside resources such as forms and collateral
localized by a vendor.
This virtual machine is associated with an external network only. It has its own
virtual switch and physical network adapter that connect it to External
Network 1. This network is dedicated to servers that the company uses to
receive data from outside sources. For example, the company uses External
Network 1 to receive FTP traffic from vendors and allow vendors access to data
stored on externally available servers though FTP. In addition to servicing
Virtual Machine 1, External Network 1 services FTP servers configured on
different ESX hosts throughout the site.
Because Virtual Machine 1 does not share a virtual switch or physical network
adapter with any virtual machines in the host, the other resident virtual
machines cannot transmit packets to or receive packets from the Virtual
Machine 1 network. This restriction prevents sniffing attacks, which require
sending network traffic to the victim. More importantly, an attacker cannot use
the natural vulnerability of FTP to access any of the host’s other virtual
machines.
Internal virtual machines Virtual Machines 2 through 5 are reserved for internal use. These virtual
machines process and store company-private data such as medical records,
legal settlements, and fraud investigations. As a result, the system
administrators must ensure the highest level of protection for these virtual
machines.
These virtual machines connect to Internal Network 2 through their own virtual
switch and network adapter. Internal Network 2 is reserved for internal use by
personnel such as claims processors, in-house lawyers, or adjustors.
Virtual Machines 2 through 5 can communicate with one another through the
virtual switch and with internal virtual machines elsewhere on Internal
Network 2 through the physical network adapter. They cannot communicate
with externally facing machines. As with the FTP server, these virtual machines
cannot send packets to or receive packets from the other virtual machines’
networks. Similarly, the host’s other virtual machines cannot send packets to
or receive packets from Virtual Machines 2 through 5.
DMZ Virtual Machines 6 through 8 are configured as a DMZ that the marketing
group uses to publish the company’s external Web site.
This group of virtual machines is associated with External Network 2 and
Internal Network 1. The company uses External Network 2 to support the Web
servers that use the marketing and financial department to host the corporate
Web site and other Web facilities that it hosts to outside users. Internal Network
1 is the conduit that the marketing department uses to publish content to the
corporate Web site, post downloads, and maintain services like user forums.
Because these networks are separate from External Network 1 and Internal
Network 2, and the virtual machines have no shared points of contact (switches
or adapters), there is no risk of attack to or from the FTP server or the internal
virtual machine group.
By capitalizing on virtual machine isolation, correctly configuring virtual switches, and maintaining network
separation, the system administrator can house all three virtual machine zones in the same ESX host and be
confident that there will be no data or resource breaches.
The company enforces isolation among the virtual machine groups by using multiple internal and external
networks and making sure that the virtual switches and physical network adapters for each group are
completely separate from those of other groups.
Because none of the virtual switches straddle virtual machine zones, the system administrator succeeds in
eliminating the risk of packet leakage from one zone to another. A virtual switch, by design, cannot leak packets
directly to another virtual switch. The only way for packets to travel from one virtual switch to another is under
the following circumstances:
n The virtual switches are connected to the same physical LAN.
n The virtual switches connect to a common virtual machine, which could be used to transmit packets.
Neither of these conditions occur in the sample configuration. If system administrators want to verify that no
common virtual switch paths exist, they can check for possible shared points of contact by reviewing the
network switch layout in the vSphere Client or vSphere Web Access.
To safeguard the virtual machines’ resources, the system administrator lowers the risk of DoS and DDoS attacks
by configuring a resource reservation and a limit for each virtual machine. The system administrator further
protects the ESX host and virtual machines by installing software firewalls at the front and back ends of the
DMZ, ensuring that the host is behind a physical firewall, and configuring the service console and networked
storage resources so that each has its own virtual switch.
In addition to implementing the service console firewall, VMware mitigates risks to the service console using
other methods.
n ESX runs only services essential to managing its functions, and the distribution is limited to the features
required to run ESX.
n By default, ESX is installed with a high-security setting. All outbound ports are closed, and the only
inbound ports that are open are those required for interactions with clients such as the vSphere Client.
Keep this security setting, unless the service console is connected to a trusted network.
n By default, all ports not specifically required for management access to the service console are closed. You
must specifically open ports if you need additional services.
n By default, weak ciphers are disabled and all communications from clients are secured by SSL. The exact
algorithms used for securing the channel depend on the SSL handshake. Default certificates created on
ESX use SHA-1 with RSA encryption as the signature algorithm.
n The Tomcat Web service, used internally by ESX to support access to the service console by Web clients
like vSphere Web Access, has been modified to run only those functions required for administration and
monitoring by a Web client. As a result, ESX is not vulnerable to the Tomcat security issues reported in
broader use.
n VMware monitors all security alerts that could affect service console security and, if needed, issues a
security patch, as it would for any other security vulnerability that could affect ESX hosts. VMware
provides security patches for RHEL 5 and later as they become available.
n Insecure services such as FTP and Telnet are not installed, and the ports for these services are closed by
default. Because more secure services such as SSH and SFTP are easily available, always avoid using these
insecure services in favor of their safer alternatives. If you must use insecure services and have
implemented sufficient protection for the service console, you must explicitly open ports to support them.
n The number of applications that use a setuid or setgid flag is minimized. You can disable any setuid or
setgid application that is optional to ESX operation.
Although you can install and run certain types of programs designed for RHEL 5 in the service console, this
use is not supported unless VMware explicitly states that it is. If a security vulnerability is discovered in a
supported configuration, VMware proactively notifies all customers with valid support and subscription
contracts and provides all necessary patches.
NOTE Follow only VMware security advisories, found at http://www.vmware.com/security/. Do not follow
security advisories issued by Red Hat.
Table 11-1 lists security topics and the location of additional information about these topics.
Firewalls control access to devices within their perimeter by closing all communication pathways, except for
those that the administrator explicitly or implicitly designates as authorized. The pathways, or ports, that
administrators open in the firewall allow traffic between devices on different sides of the firewall.
In a virtual machine environment, you can plan your layout for firewalls between components.
n Physical machines such as vCenter Server hosts and ESX hosts.
n One virtual machine and another—for example, between a virtual machine acting as an external Web
server and a virtual machine connected to your company’s internal network.
n A physical machine and a virtual machine, such as when you place a firewall between a physical network
adapter card and a virtual machine.
How you use firewalls in an ESX configuration is based on how you plan to use the network and how secure
any given component needs to be. For example, if you create a virtual network where each virtual machine is
dedicated to running a different benchmark test suite for the same department, the risk of unwanted access
from one virtual machine to the next is minimal. Therefore, a configuration where firewalls are present between
the virtual machines is not necessary. However, to prevent interruption of a test run from an outside host, you
might set up the configuration so that a firewall is present at the entry point of the virtual network to protect
the entire set of virtual machines.
A firewall might lie between the clients and vCenter Server. Alternatively, vCenter Server and the clients can
be behind the firewall, depending on your deployment. The main point is to ensure that a firewall is present
at what you consider to be an entry point for the system.
If you use vCenter Server, you can install firewalls at any of the locations shown in Figure 12-1. Depending on
your configuration, you might not need all the firewalls in the illustration, or you might need firewalls in other
locations. In addition, your configuration might include optional modules, such as VMware vCenter Update
Manager, that are not shown. Refer to the documentation for information about firewall setups specific to
products like Update Manager.
For a comprehensive list of TCP and UDP ports, including those for VMware VMotion™ and VMware Fault
Tolerance, see “TCP and UDP Ports for Management Access,” on page 153.
Figure 12-1. Sample vSphere Network Configuration and Traffic Flow
22 SSH
427 SLPv2
443 HTTPS third-party network
902 xinetd/vmware-authd management tool
902 (UDP) ESX/ESXi status update
903 xinetd/vmware-authd-mks
2050 - 2250 HA
5989 CIM transactions
8042 - 8045 HA vSphere
Web Access
vSphere
Client
Port 443
firewall
vCenter Server
ESXi ESX
storage
Networks configured with vCenter Server can receive communications through several types of clients: the
vSphere Client, vSphere Web Access, or third-party network management clients that use the SDK to interface
with the host. During normal operation, vCenter Server listens for data from its managed hosts and clients on
designated ports. vCenter Server also assumes that its managed hosts listen for data from vCenter Server on
designated ports. If a firewall is present between any of these elements, you must ensure that the firewall has
open ports to support data transfer.
You might also include firewalls at a variety of other access points in the network, depending on how you plan
to use the network and the level of security various devices require. Select the locations for your firewalls based
on the security risks that you have identified for your network configuration. The following is a list of firewall
locations common to ESX implementations. Many of the firewall locations in the list and shown in Figure 12-1
are optional.
n Between your Web browser and the vSphere Web Access HTTP and HTTPS proxy server.
n Between the vSphere Client, vSphere Web Access Client, or a third-party network-management client and
vCenter Server.
n If your users access virtual machines through the vSphere Client, between the vSphere Client and the ESX
host. This connection is in addition to the connection between the vSphere Client and vCenter Server, and
it requires a different port.
n If your users access virtual machines through a Web browser, between the Web browser and the ESX host.
This connection is in addition to the connection between the vSphere Web Access Client and vCenter
Server, and it requires different ports.
n Between vCenter Server and the ESX hosts.
n Between the ESX hosts in your network. Although traffic between hosts is usually considered trusted, you
can add firewalls between them if you are concerned about security breaches from machine to machine.
If you add firewalls between ESX hosts and plan to migrate virtual machines between the servers, perform
cloning, or use VMotion, you must also open ports in any firewall that divides the source host from the
target hosts so that the source and targets can communicate.
n Between the ESX hosts and network storage such as NFS or iSCSI storage. These ports are not specific to
VMware, and you configure them according to the specifications for your network.
You might install firewalls at any of the locations shown in Figure 12-2.
NOTE Depending on your configuration, you might not need all the firewalls in the illustration, or you might
need firewalls in locations not shown.
Figure 12-2. Firewall Configuration for ESX Networks that a Client Manages Directly
vSphere Web Access
third-party network
vSphere Client management tool
ESXi ESX
storage
Networks configured without vCenter Server receive communications through the same types of clients as
they do if vCenter Server were present: vSphere Clients, third-party network management clients, or vSphere
Web Access Clients. For the most part, the firewall needs are the same, but there are several key differences.
n As you would for configurations that include vCenter Server, be sure a firewall is present to protect your
ESX layer or, depending on your configuration, your clients and ESX layer. This firewall provides basic
protection for your network. The firewall ports you use are the same as those you use if vCenter Server is
in place.
n Licensing in this type of configuration is part of the ESX package that you install on each of the hosts.
Because licensing is resident to the server, a separate license server is not required. This eliminates the
need for a firewall between the license server and the ESX network.
To enable vCenter Server to receive data from the vSphere Client, open port 443 in the firewall to allow data
transfer from the vSphere Client to vCenter Server. Contact the firewall system administrator for additional
information on configuring ports in a firewall.
If you are using the vSphere Client and do not want to use port 443 as the port for vSphere Client-to-vCenter
Server communication, you can switch to another port by changing the vCenter Server settings in the vSphere
Client. To learn how to change these settings, see the Basic System Administration Guide.
Port 902 vCenter Server uses this port to send data to vCenter Server managed hosts.
Port 902 is the port that vCenter Server assumes is available when sending data
to an ESX host.
Port 902 connects vCenter Server to the host through the VMware
Authorization Daemon (vmware-authd). This daemon multiplexes port 902 data
to the appropriate recipient for processing. VMware does not support
configuring a different port for this connection.
Port 443 The vSphere Client, vSphere Web Access Client, and SDK use this port to send
data to vCenter Server managed hosts. Also, the vSphere Client, vSphere Web
Access Client, and SDK, when connected directly to an ESX host, use this port
to support any management functions related to the server and its virtual
machines. Port 443 is the port that clients assume is available when sending
data to the ESX host. VMware does not support configuring a different port for
these connections.
Port 443 connects clients to the ESX host through the Tomcat Web service or
the SDK. The vmware-hostd multiplexes port 443 data to the appropriate
recipient for processing.
Port 903 The vSphere Client and vSphere Web Access use this port to provide a
connection for guest operating system MKS activities on virtual machines. It is
through this port that users interact with the guest operating systems and
applications of the virtual machine. Port 903 is the port that the vSphere Client
and vSphere Web Access assume is available when interacting with virtual
machines. VMware does not support configuring a different port for this
function.
Port 903 connects the vSphere Client to a specified virtual machine configured
on the ESX host.
Figure 12-3 shows the relationships between vSphere Client functions, ports, and ESX processes.
The vSphere Web Access Client uses the same basic mapping for its interactions with the ESX host.
Figure 12-3. Port Use for vSphere Client Communications with ESX
vSphere Client
virtual machine
management functions
virtual machine
console
ESX
vmware-authd vmkauthd
If you have a firewall between your vCenter Server system and vCenter Server managed host, open Ports 443
and 903 in the firewall to allow data transfer to ESX hosts from vCenter Server and ESX hosts directly from the
vSphere Client and vSphere Web Access.
For additional information on configuring the ports, see the firewall system administrator.
To configure a connection for receiving data, open ports in the following ranges:
n 443 (server-to-server migration and provisioning traffic)
n 2050–2250 (for HA traffic)
n 8000 (for VMotion)
n 8042–8045 (for HA traffic)
Refer to the firewall system administrator for additional information on configuring the ports.
Use the vSphere Client to configure the service console firewall. When you configure the ESX host security
profile in vCenter Server, you add or remove these services or agents, automatically opening or closing
predetermined ports in the firewall to allow communication with the service or agent.
The following services and agents are commonly present in a vSphere environment:
n NFS client (insecure service)
n NTP client
n iSCSI software client
n CIM HTTP server (insecure service)
n CIM HTTPS server
n Syslog client
n NFS server (insecure service)
n NIS client
n SMB client (insecure service)
n FTP client (insecure service)
n SSH client
n Telnet client (insecure service)
n SSH server
n Telnet server (insecure service)
n FTP server (insecure service)
n SNMP server
n Other supported management agents that you install
NOTE This list can change, so you might find that the vSphere Client provides services and agents not
mentioned in the list. Also, not all services on the list are installed by default. You might be required to perform
additional tasks to configure and enable these services.
If you are installing a device, service, or agent not on this list, open ports in the service console firewall from
a command line.
Procedure
The vSphere Client displays a list of active incoming and outgoing connections with the corresponding
firewall ports.
The Firewall Properties dialog box lists all the services and management agents that you can configure
for the host.
The Incoming Ports and Outgoing Ports columns indicate the ports that the vSphere Client opens for the
service. The Protocol column indicates the protocol that the service uses. The Daemon column indicates
the status of daemons associated with the service.
6 Click OK.
Automation helps ensure that services start if the environment is configured to enable their function. For
example, starting a network service only if some ports are open can help avoid the situation where services
are started, but are unable to complete the communications required to complete their intended purpose.
In addition, having accurate information about the current time is a requirement for some protocols, such as
Kerberos. The NTP service is a way of getting accurate time information, but this service only works when
required ports are opened in the firewall. The service cannot achieve its goal if all ports are closed. The NTP
services provide an option to configure the conditions when the service starts or stops. This configuration
includes options that account for whether firewall ports are opened, and then start or stop the NTP service
based on those conditions. Several possible configuration options exist, all of which are also applicable to the
SSH server.
NOTE The settings described in this section only apply to service settings configured through the vSphere
Client or applications created with the vSphere Web services SDK. Configurations made through other means,
such as the esxcfg-firewall utility or configuration files in /etc/init.d/, are not affected by these settings.
n Start automatically if any ports are open, and stop when all ports are closed – The default setting for
these services that VMware recommends. If any port is open, the client attempts to contact the network
resources pertinent to the service in question. If some ports are open, but the port for a particular service
is closed, the attempt fails, but there is little drawback to such a case. If and when the applicable outgoing
port is opened, the service begins completing its tasks.
n Start and stop with host– The service starts shortly after the host starts and closes shortly before the host
shuts down. Much like Start automatically if any ports are open, and stop when all ports are closed, this
option means that the service regularly attempts to complete its tasks, such as contacting the specified
NTP server. If the port was closed but is subsequently opened, the client begins completing its tasks shortly
thereafter.
n Start and stop manually – The host preserves the user-determined service settings, regardless of whether
ports are open or not. When a user starts the NTP service, that service is kept running as long as the host
is powered on. If the service is started and the host is powered off, the service is stopped as part of the
shutdown process, but as soon as the host is powered on, the service is started again, preserving the user-
determined state.
The Startup Policy determines when a service starts. You can configure how service startup relates to a firewall
configuration by editing the Startup Policy.
Procedure
The vSphere Client displays a list of active incoming and outgoing connections with the corresponding
firewall ports.
4 Click Properties.
The Firewall Properties dialog box lists all the services and management agents you can configure for the
host.
The Startup Policy dialog box determines when the service starts. This dialog box also provides
information about the current state of the service and provides an interface for manually starting, stopping,
or restarting the service.
Table 12-1 lists TCP and UDP ports, and the purpose and the type of each.
The ports are connected through the service console interface, unless otherwise indicated.
427 The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM Incoming and
servers. outgoing UDP
902 Host access to other hosts for migration and provisioning Incoming TCP,
Authentication traffic for ESX (xinetd/vmware-authd) outgoing UDP
vSphere Client access to virtual machine consoles
(UDP) Status update (heartbeat) connection from ESX to vCenter Server
903 Remote console traffic that user access to virtual machines generates on a specific Incoming TCP
ESX host.
vSphere Client access to virtual machine consoles
vSphere Web Access Client access to virtual machine consoles
MKS transactions (xinetd/vmware-authd-mks)
2050–2250 Traffic between ESX hosts for VMware High Availability (HA) and EMC Outgoing TCP,
Autostart Manager incoming and
outgoing UDP
5900-5964 RFB protocol, which is used by management tools such as VNC Incoming and
outgoing TCP
8042–8045 Traffic between ESX hosts for HA and EMC Autostart Manager Outgoing TCP,
incoming and
outgoing UDP
8100, 8200 Traffic between ESX hosts for VMware Fault Tolerance Outgoing TCP,
incoming and
outgoing UDP
In addition to the TCP and UDP ports listed in Table 12-1, you can configure other ports depending on your
needs:
n You can use vSphere Client to open ports for installed management agents and supported services such
as NFS.
n You can open ports in the service console firewall for other services and agents required for your network
by running command-line scripts.
If your virtual machine network is connected to a physical network, it can be subject to breaches to the same
degree that a network made up of physical machines is. Even if the virtual machine network is isolated from
any physical network, virtual machines in the network can be subject to attacks from other virtual machines
in the network. The requirements for securing virtual machines are often the same as those for physical
machines.
Virtual machines are isolated from each other. One virtual machine cannot read or write another virtual
machine’s memory, access its data, use its applications, and so forth. However, within the network, any virtual
machine or group of virtual machines can still be the target of unauthorized access from other virtual machines
and might require further protection by external means.
For efficiency, you can set up private virtual machine Ethernet networks or virtual networks. With virtual
networks, you install a software firewall on a virtual machine at the head of the virtual network. This
serves as a protective buffer between the physical network adapter and the remaining virtual machines
in the virtual network.
Installing a software firewall on virtual machines at the head of virtual networks is a good security practice.
However, because software firewalls can slow performance, balance your security needs against
performance before you decide to install software firewalls on virtual machines elsewhere in the virtual
network.
n Keeping different virtual machine zones within a host on different network segments. If you isolate virtual
machine zones on their own network segments, you minimize the risks of data leakage from one virtual
machine zone to the next. Segmentation prevents various threats, including Address Resolution Protocol
(ARP) spoofing, in which an attacker manipulates the ARP table to remap MAC and IP addresses, thereby
gaining access to network traffic to and from a host. Attackers use ARP spoofing to generate denials of
service, hijack the target system, and otherwise disrupt the virtual network.
Planning segmentation carefully lowers the chances of packet transmissions between virtual machine
zones, which prevents sniffing attacks that require sending network traffic to the victim. Also, an attacker
cannot use an insecure service in one virtual machine zone to access other virtual machine zones in the
host. You can implement segmentation by using either of two approaches, each of which has different
benefits.
n Use separate physical network adapters for virtual machine zones to ensure that the zones are isolated.
Maintaining separate physical network adapters for virtual machine zones is probably the most secure
method and is less prone to misconfiguration after the initial segment creation.
n Set up virtual local area networks (VLANs) to help safeguard your network. Because VLANs provide
almost all of the security benefits inherent in implementing physically separate networks without the
hardware overhead, they offer a viable solution that can save you the cost of deploying and
maintaining additional devices, cabling, and so forth.
VLANs are an IEEE standard networking scheme with specific tagging methods that allow routing of packets
to only those ports that are part of the VLAN. When properly configured, VLANs provide a dependable means
for you to protect a set of virtual machines from accidental or malicious intrusions.
VLANs let you segment a physical network so that two machines in the network are unable to transmit packets
back and forth unless they are part of the same VLAN. For example, accounting records and transactions are
among a company’s most sensitive internal information. In a company whose sales, shipping, and accounting
employees all use virtual machines in the same physical network, you might protect the virtual machines for
the accounting department by setting up VLANs as shown in Figure 12-4.
Router Broadcast
Host 2
VM3 VM4 VM5 Domain A
vSwitch
vSwitch
Switch 1
VM6 VM7 VM8 VLAN B
Broadcast
Host 3 Domain B
vSwitch
Switch 2 Host 4
Multiple VLANs
vSwitch
on the same
virtual switch
VM12 VM13 VM14
VLAN VLAN VLAN
B A B Broadcast
Domains A and B
In this configuration, all employees in the accounting department use virtual machines in VLAN A and the
employees in sales use virtual machines in VLAN B.
The router forwards packets containing accounting data to the switches. These packets are tagged for
distribution to VLAN A only. Therefore, the data is confined to Broadcast Domain A and cannot be routed to
Broadcast Domain B unless the router is configured to do so.
This VLAN configuration prevents the sales force from intercepting packets destined for the accounting
department. It also prevents the accounting department from receiving packets intended for the sales group.
The virtual machines serviced by a single virtual switch can be in different VLANs.
ESX features a complete IEEE 802.1q-compliant VLAN implementation. VMware cannot make specific
recommendations on how to set up VLANs, but there are factors to consider when using a VLAN deployment
as part of your security enforcement policy.
VLANs provide protection only in that they control how data is routed and contained after it passes through
the switches and enters the network. You can use VLANs to help secure Layer 2 of your network architecture
—the data link layer. However, configuring VLANs does not protect the physical layer of your network model
or any of the other layers. Even if you create VLANs, provide additional protection by securing your hardware
(routers, hubs, and so forth) and encrypting data transmissions.
VLANs are not a substitute for firewalls in your virtual machine configurations. Most network configurations
that include VLANs also include software firewalls. If you include VLANs in your virtual network, be sure
that the firewalls that you install are VLAN-aware.
VLAN hopping occurs when an attacker with authorized access to one VLAN creates packets that trick physical
switches into transmitting the packets to another VLAN that the attacker is not authorized to access.
Vulnerability to this type of attack usually results from a switch being misconfigured for native VLAN
operation, in which the switch can receive and transmit untagged packets.
To help prevent VLAN hopping, keep your equipment up to date by installing hardware and firmware updates
as they become available. Also, follow your vendor’s best practice guidelines when you configure your
equipment.
VMware virtual switches do not support the concept of a native VLAN. All data passed on these switches is
appropriately tagged. However, because other switches in the network might be configured for native VLAN
operation, VLANs configured with virtual switches can still be vulnerable to VLAN hopping.
If you plan to use VLANs to enforce network security, disable the native VLAN feature for all switches unless
you have a compelling reason to operate some of your VLANs in native mode. If you must use native VLAN,
see your switch vendor’s configuration guidelines for this feature.
Create Separate Communications Between Management Tools and the Service Console
Whether you use a management client or the command line, all configuration tasks for ESX are performed
through the service console, including configuring storage, controlling aspects of virtual machine behavior,
and setting up virtual switches or virtual networks. Because the service console is the point of control for ESX,
safeguarding it from misuse is crucial.
VMware ESX management clients use authentication and encryption to prevent unauthorized access to the
service console. Other services might not offer the same protection. If attackers gain access to the service
console, they are free to reconfigure many attributes of the ESX host. For example, they can change the entire
virtual switch configuration or change authorization methods.
Network connectivity for the service console is established through virtual switches. To provide better
protection for this critical ESX component, isolate the service console by using one of the following methods:
n Create a separate VLAN for management tool communication with the service console.
n Configure network access for management tool connections with the service console through a single
virtual switch and one or more uplink ports.
Both methods prevent anyone without access to the service console VLAN or virtual switch from seeing traffic
to and from the service console. They also prevent attackers from sending any packets to the service console.
As an alternative, you can choose to configure the service console on a separate physical network segment
instead. Physical segmentation provides a degree of additional security because it is less prone to later
misconfiguration
Set up a separate VLAN or virtual switch for VMotion and network attached storage.
Having this protection does not guarantee that your virtual machine configuration is invulnerable to other
types of attacks. For example, virtual switches do not protect the physical network against these attacks; they
protect only the virtual network.
Virtual switches and VLANs can protect against the following types of attacks.
MAC flooding Floods a switch with packets that contain MAC addresses tagged as having
come from different sources. Many switches use a content-addressable
memory (CAM) table to learn and store the source address for each packet.
When the table is full, the switch can enter a fully open state in which every
incoming packet is broadcast on all ports, letting the attacker see all of the
switch’s traffic. This state might result in packet leakage across VLANs.
Although VMware virtual switches store a MAC address table, they do not get
the MAC addresses from observable traffic and are not vulnerable to this type
of attack.
802.1q and ISL tagging Force a switch to redirect frames from one VLAN to another by tricking the
attacks switch into acting as a trunk and broadcasting the traffic to other VLANs.
VMware virtual switches do not perform the dynamic trunking required for
this type of attack and, therefore, are not vulnerable.
Multicast brute-force Involve sending large numbers of multicast frames to a known VLAN almost
attacks simultaneously to overload the switch so that it mistakenly allows some of the
frames to broadcast to other VLANs.
VMware virtual switches do not allow frames to leave their correct broadcast
domain (VLAN) and are not vulnerable to this type of attack.
Spanning-tree attacks Target Spanning-Tree Protocol (STP), which is used to control bridging
between parts of the LAN. The attacker sends Bridge Protocol Data Unit
(BPDU) packets that attempt to change the network topology, establishing
themselves as the root bridge. As the root bridge, the attacker can sniff the
contents of transmitted frames.
VMware virtual switches do not support STP and are not vulnerable to this
type of attack.
Random frame attacks Involve sending large numbers of packets in which the source and destination
addresses stay the same, but in which fields are randomly changed in length,
type, or content. The goal of this attack is to force packets to be mistakenly
rerouted to a different VLAN.
Because new security threats develop over time, do not consider this an exhaustive list of attacks. Regularly
check VMware security resources on the Web to learn about security, recent security alerts, and VMware
security tactics.
When you create a virtual switch for your network, you add port groups to impose a policy configuration for
the virtual machines and storage systems attached to the switch. You create virtual ports through the vSphere
Client.
As part of adding a port or port group to a virtual switch, the vSphere Client configures a security profile for
the port. You can use this security profile to ensure that ESX prevents the guest operating systems for its virtual
machines from impersonating other machines on the network. This security feature is implemented so that the
guest operating system responsible for the impersonation does not detect that the impersonation was
prevented.
The security profile determines how strongly you enforce protection against impersonation and interception
attacks on virtual machines. To correctly use the settings in the security profile, you must understand the basics
of how virtual network adapters control transmissions and how attacks are staged at this level.
Each virtual network adapter has its own MAC address assigned when the adapter is created. This address is
called the initial MAC address. Although the initial MAC address can be reconfigured from outside the guest
operating system, it cannot be changed by the guest operating system. In addition, each adapter has an effective
MAC address that filters out incoming network traffic with a destination MAC address different from the
effective MAC address. The guest operating system is responsible for setting the effective MAC address and
typically matches the effective MAC address to the initial MAC address.
When sending packets, an operating system typically places its own network adapter’s effective MAC address
in the source MAC address field of the Ethernet frame. It also places the MAC address for the receiving network
adapter in the destination MAC address field. The receiving adapter accepts packets only when the destination
MAC address in the packet matches its own effective MAC address.
Upon creation, a network adapter’s effective MAC address and initial MAC address are the same. The virtual
machine’s operating system can alter the effective MAC address to another value at any time. If an operating
system changes the effective MAC address, its network adapter receives network traffic destined for the new
MAC address. The operating system can send frames with an impersonated source MAC address at any time.
This means an operating system can stage malicious attacks on the devices in a network by impersonating a
network adapter that the receiving network authorizes.
You can use virtual switch security profiles on ESX hosts to protect against this type of attack by setting three
options. If you change any default settings for a port, you must modify the security profile by editing virtual
switch settings in the vSphere Client.
When the option is set to Accept, ESX accepts requests to change the effective MAC address to other than the
initial MAC address.
When the option is set to Reject, ESX does not honor requests to change the effective MAC address to anything
other than the initial MAC address, which protects the host against MAC impersonation. The port that the
virtual adapter used to send the request is disabled and the virtual adapter does not receive any more frames
until it changes the effective MAC address to match the initial MAC address. The guest operating system does
not detect that the MAC address change was not honored.
NOTE The iSCSI initiator relies on being able to get MAC address changes from certain types of storage. If you
are using ESX iSCSI and have iSCSI storage, set the MAC Address Changes option to Accept.
In some situations, you might have a legitimate need for more than one adapter to have the same MAC address
on a network—for example, if you are using Microsoft Network Load Balancing in unicast mode. When
Microsoft Network Load Balancing is used in the standard multicast mode, adapters do not share MAC
addresses.
Forged Transmissions
The setting for the Forged Transmits option affects traffic that is transmitted from a virtual machine.
When the option is set to Accept, ESX does not compare source and effective MAC addresses.
To protect against MAC impersonation, you can set this option to Reject. If you do, the host compares the
source MAC address being transmitted by the operating system with the effective MAC address for its adapter
to see if they match. If the addresses do not match, ESX drops the packet.
The guest operating system does not detect that its virtual network adapter cannot send packets by using the
impersonated MAC address. The ESX host intercepts any packets with impersonated addresses before they
are delivered, and the guest operating system might assume that the packets are dropped.
Although promiscuous mode can be useful for tracking network activity, it is an insecure mode of operation,
because any adapter in promiscuous mode has access to the packets regardless of whether some of the packets
are received only by a particular network adapter. This means that an administrator or root user within a
virtual machine can potentially view traffic destined for other guest or host operating systems.
NOTE In some situations, you might have a legitimate reason to configure a virtual switch to operate in
promiscuous mode—for example, if you are running network intrusion detection software or a packet sniffer.
iSCSI is a means of accessing SCSI devices and exchanging data records by using TCP/IP over a network port
rather than through a direct connection to a SCSI device. In iSCSI transactions, blocks of raw SCSI data are
encapsulated in iSCSI records and transmitted to the requesting device or user.
iSCSI SANs let you make efficient use of existing Ethernet infrastructures to provide ESX hosts access to storage
resources that they can dynamically share. iSCSI SANs provide an economical storage solution for
environments that rely on a common storage pool to serve numerous users. As with any networked system,
your iSCSI SANs can be subject to security breaches.
NOTE The requirements and procedures for securing an iSCSI SAN are similar for the hardware iSCSI adapters
you can use with ESX hosts and for iSCSI configured directly through the ESX host.
The goal of authentication is to prove that the initiator has the right to access a target, a right granted when
you configure authentication.
ESX does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI.
Additionally, it does not support IPsec authentication and encryption.
Use the vSphere Client to determine whether authentication is being performed and to configure the
authentication method.
In CHAP authentication, when the initiator contacts an iSCSI target, the target sends a predefined ID value
and a random value, or key, to the initiator. The initiator creates a one-way hash value that it sends to the
target. The hash contains three elements: a predefined ID value, the random value that the target sends, and
a private value, or CHAP secret, that the initiator and target share. When the target receives the hash from the
initiator, it creates its own hash value by using the same elements and compares it to the initiator’s hash. If the
results match, the target authenticates the initiator.
ESX supports unidirectional and bidirectional CHAP authentication for iSCSI. In unidirectional CHAP
authentication, the target authenticates the initiator, but the initiator does not authenticate the target. In
bidirectional CHAP authentication, an additional level of security enables the initiator to authenticate the
target.
ESX supports CHAP authentication at the adapter level, when only one set of authentication credentials can
be sent from the host to all targets. It also supports per-target CHAP authentication, which enables you to
configure different credentials for each target to achieve greater target refinement.
See “Configuring CHAP Parameters for iSCSI Initiators,” on page 91 for information about how to work with
CHAP.
Choosing not to enforce more stringent authentication can make sense if your iSCSI storage is housed in one
location and you create a dedicated network or VLAN to service all your iSCSI devices. The iSCSI configuration
is secure because it is isolated from any unwanted access, much as a Fibre Channel SAN is.
As a basic rule, disable authentication only if you are willing to risk an attack to the iSCSI SAN or cope with
problems that result from human error.
ESX does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI.
Additionally, it does not support IPsec authentication and encryption.
Use the vSphere Client to determine whether authentication is being performed and to configure the
authentication method.
See “Configuring CHAP Parameters for iSCSI Initiators,” on page 91 for information about how to work with
CHAP.
The following are some specific suggestions for enforcing good security standards.
Take additional measures to prevent attackers from easily seeing iSCSI data. Neither the hardware iSCSI
adapter nor the ESX host iSCSI initiator encrypts the data that they transmit to and from the targets, making
the data more vulnerable to sniffing attacks.
Allowing your virtual machines to share virtual switches and VLANs with your iSCSI configuration potentially
exposes iSCSI traffic to misuse by a virtual machine attacker. To help ensure that intruders cannot listen to
iSCSI transmissions, make sure that none of your virtual machines can see the iSCSI storage network.
If you use a hardware iSCSI adapter, you can accomplish this by making sure that the iSCSI adapter and ESX
physical network adapter are not inadvertently connected outside the host by virtue of sharing a switch or
some other means. If you configure iSCSI directly through the ESX host, you can accomplish this by configuring
iSCSI storage through a different virtual switch than the one used by your virtual machines, as shown in
Figure 12-5.
In addition to protecting the iSCSI SAN by giving it a dedicated virtual switch, you can configure your iSCSI
SAN on its own VLAN to improve performance and security. Placing your iSCSI configuration on a separate
VLAN ensures that no devices other than the iSCSI adapter have visibility into transmissions within the iSCSI
SAN. Also, network congestion from other sources cannot interfere with iSCSI traffic.
Any iSCSI target device that you run must have one or more open TCP ports to listen for iSCSI connections.
If any security vulnerabilities exist in the iSCSI device software, your data can be at risk through no fault of
ESX. To lower this risk, install all security patches that your storage equipment manufacturer provides and
limit the devices connected to the iSCSI network.
ESX uses the Pluggable Authentication Modules (PAM) structure for authentication when users access the ESX
host using the vSphere Client, vSphere Web Access, or the service console. The PAM configuration for VMware
services is located in /etc/pam.d/vmware-authd, which stores paths to authentication modules.
The default installation of ESX uses /etc/passwd authentication as Linux does, but you can configure ESX to
use another distributed authentication mechanism. If you plan to use a third-party authentication tool instead
of the ESX default implementation, see the vendor documentation for instructions. As part of setting up third-
party authentication, you might be required to update the files in /etc/pam.d folder with new module
information.
The reverse proxy in the VMware Host Agent (vmware-hostd) process listens on ports 80 and 443. vSphere
Client or vCenter Server users connect to the host agent through these ports. The vmware-hostd process receives
the user name and password from the client and forwards them to the PAM module to perform the
authentication.
Figure 13-1 shows a basic example of how ESX authenticates transactions from the vSphere Client.
NOTE CIM transactions also use ticket-based authentication in connecting with the vmware-hostd process.
management functions
console
ESX
vmkauthd
ESX authentication transactions with vSphere Web Access and third-party network management clients are
also direct interactions with the vmware-hostd process.
To make sure that authentication works efficiently for your site, perform basic tasks such as setting up users,
groups, permissions, and roles, configuring user attributes, adding your own certificates, and determining
whether you want to use SSL.
Access to an ESX host and its resources is granted when a known user with appropriate permissions logs in
to the host with a correct password. vCenter Server uses a similar approach when determining whether to
grant access to a user.
vCenter Server and ESX hosts deny access under the following circumstances:
n A user not in the user list attempts to log in.
n A user enters the wrong password.
n A user is in the list but was not assigned permissions.
n A user who successfully logged in attempts operations that they do not have permission to perform.
As part of managing ESX hosts and vCenter Server, you must plan how to handle particular types of users and
permissions. ESX and vCenter Server use sets of privileges, or roles, to control which operations individual
users or groups can perform. Predefined roles are provided, but you can also create new ones. You can manage
users more easily by assigning them to groups. When you apply a role to the group, all users in the group
inherit the role.
Understanding Users
A user is an individual authorized to log in to either an ESX host or vCenter Server.
ESX users fall into two categories: those who can access the host through vCenter Server and those who can
access by directly logging in to the host from the vSphere Client, vSphere Web Access, a third-party client, or
a command shell.
Authorized vCenter Authorized users for vCenter Server are those included in the Windows
Server users domain list that vCenter Server references or are local Windows users on the
vCenter Server host.
You cannot use vCenter Server to manually create, remove, or otherwise
change users. You must use the tools for managing your Windows domain.
Any changes you make are reflected in vCenter Server. However, the user
interface does not provide a user list for you to review.
Direct-access users Users authorized to work directly on an ESX host are those added to the internal
user list by a system administrator.
An administrator can perform a variety of management activities for these
users, such as changing passwords, group memberships, and permissions as
well as adding and removing users.
The user list that vCenter Server maintains is separate from the user list that the host maintains. Even if the
lists appear to have common users (for instance, a user called devuser), treat these users separately. If you log
in to vCenter Server as devuser, you might have permission to view and delete files from a datastore, whereas
if you log in to an ESX host as devuser, you might not.
Because of the confusion that duplicate naming can cause, check the vCenter Server user list before you create
ESX host users to avoid duplicating names. To check for vCenter Server users, review the Windows domain
list.
Understanding Groups
A group is a set of users that share a common set of rules and permissions. When you assign permissions to a
group, all users in the group inherit them, and you do not have to work with the user profiles individually.
As an administrator, decide how to structure groups to achieve your security and usage goals. For example,
three part-time sales team members work different days, and you want them to share a single virtual machine
but not use the virtual machines belonging to sales managers. In this case, you might create a group called
SalesShare that includes the three sales people and give the group permission to interact with only one object,
the shared virtual machine. They cannot perform any actions on the sales managers’ virtual machines.
The group lists in vCenter Server and an ESX host are drawn from the same sources as their respective user
lists. If you are working through vCenter Server, the group list is called from the Windows domain. If you are
logged in to an ESX host directly, the group list is called from a table that the host maintains.
Understanding Permissions
For ESX and vCenter Server, permissions are defined as access roles that consist of a user and the user’s assigned
role for an object such as a virtual machine or ESX host.
Most vCenter Server and ESX users have limited ability to manipulate the objects associated with the host.
Users with the Administrator role have full access rights and permissions on all virtual objects such as
datastores, hosts, virtual machines, and resource pools. By default, the Administrator role is granted to the
root user. If vCenter Server manages the host, vpxuser is also an Administrator user.
The list of privileges is the same for both ESX and vCenter Server, and you use the same method to configure
permissions.
You can create roles and set permissions through a direct connection to the ESX host. Because these tasks are
widely performed in vCenter Server, see Basic System Administration for information on working with
permissions and roles.
Root users can only perform activities on the specific ESX host that they are logged in to.
For security reasons, you might not want to use the root user in the Administrator role. In this case, you can
change permissions after installation so that the root user no longer has administrative privileges or you can
delete the root user’s access permissions altogether through the vSphere Client as described in the “Managing
Users, Groups, Permissions, and Roles” chapter of Basic System Administration. If you do so, you must first
create another permission at the root level that has a different user assigned to the Administrator role.
Assigning the Administrator role to a different user helps you maintain security through traceability. The
vSphere Client logs all actions that the Administrator role user initiates as events, providing you with an audit
trail. If all administrators log in as the root user, you cannot tell which administrator performed an action. If
you create multiple permissions at the root level—each associated with a different user or user group—you
can track the actions of each administrator or administrative group.
After you create an alternative Administrator user, you can delete the root user’s permissions or change the
role to limit its privileges. You must then use the new user you created as the host authentication point when
you bring the host under vCenter Server management.
NOTE vicfg commands do not perform an access check. Therefore, even if you limit the root user’s privileges,
it does not affect what that user can do using the command-line interface commands.
The vpxuser permission is used for vCenter Server when managing activities for the host. The vpxuser is
created when an ESX host is attached to vCenter Server.
vCenter Server has Administrator privileges on the host that it manages. For example, vCenter Server can
move virtual machines to and from hosts and perform configuration changes needed to support virtual
machines.
The vCenter Server administrator can perform most of the same tasks on the host as the root user and also
schedule tasks, work with templates, and so forth. However, the vCenter Server administrator cannot directly
create, delete, or edit users and groups for ESX hosts. These tasks can only be performed by a user with
Administrator permissions directly on each ESX host.
CAUTION Do not change vpxuser in any way and do not change its permissions. If you do so, you might
experience problems in working with ESX hosts through vCenter Server.
Understanding Roles
vCenter Server and ESX grant access to objects only to users who are assigned permissions for the object. When
you assign a user or group permissions for the object, you do so by pairing the user or group with a role. A
role is a predefined set of privileges.
ESX hosts provide three default roles, and you cannot change the privileges associated with these roles. Each
subsequent default role includes the privileges of the previous role. For example, the Administrator role
inherits the privileges of the Read Only role. Roles you create yourself do not inherit privileges from any of
the default roles.
You can create custom roles by using the role-editing facilities in the vSphere Client to create privilege sets
that match your user needs. If you use the vSphere Client connected to vCenter Server to manage your ESX
hosts, you have additional roles to choose from in vCenter Server. Also, the roles you create directly on an ESX
host are not accessible within vCenter Server. You can work with these roles only if you log in to the host
directly from the vSphere Client.
If you manage ESX hosts through vCenter Server, maintaining custom roles in the host and vCenter Server
can result in confusion and misuse. In this type of configuration, maintain custom roles only in vCenter Server.
You can create roles and set permissions through a direct connection to the ESX host. Because most users create
roles and set permissions in vCenter Server, see Basic System Administration for information on working with
permissions and roles.
Users assigned the No Access role for an object cannot view or change the object in any way. New users and
groups are assigned this role by default. You can change the role on an object-by-object basis.
A user with a No Access role for a particular object can select the vSphere Client tabs associated with the object,
but the tab displays no content.
The root user and vpxuser permissions are the only users not assigned the No Access role by default. Instead,
they are assigned the Administrator role. You can delete the root user’s permissions altogether or change its
role to No Access as long as you first create a replacement permission at the root level with the Administrator
role and associate this role with a different user.
Users assigned the Read Only role for an object are allowed to view the state of the object and details about
the object.
With this role, a user can view virtual machine, host, and resource pool attributes. The user cannot view the
remote console for a host. All actions through the menus and toolbars are disallowed.
Users assigned the Administrator role for an object are allowed to view and perform all actions on the object.
This role also includes all permissions inherent in the Read Only role.
If you are acting in the Administrator role on an ESX host, you can grant permissions to individual users and
groups on that host. If you are acting in the Administrator role in vCenter Server, you can grant permissions
to any user or group included in the Windows domain list that vCenter Server references.
vCenter Server registers any selected Windows domain user or group through the process of assigning
permissions. By default, all users who are members of the local Windows Administrators group on vCenter
Server are granted the same access rights as any user assigned to the Administrator role. Users who are
members of the Administrators group can log in as individuals and have full access.
For security reasons, consider removing the Windows Administrators group from the Administrator role. You
can change permissions after installation. Alternately, you can use the vSphere Client to delete the Windows
Administrators group access permissions, but you must first create another permission at the root level that
has a different user assigned to the Administrator role.
Procedure
2 Click the Users & Groups tab and click Users or Groups.
3 Determine how to sort the table, and hide or show columns according to the information you want to see
in the exported file.
n To sort the table by any of the columns, click the column heading.
n To show or hide columns, right-click any of the column headings and select or deselect the name of
the column to hide.
n To show or hide columns, right-click any of the column headings and select or deselect the name of
the column to hide.
4 Right-click anywhere in the table and click Export List to open the Save As dialog box.
Procedure
3 Right-click anywhere in the Users table and click Add to open the Add New User dialog box.
Specifying the user name and UID are optional. If you do not specify the UID, the vSphere Client assigns
the next available UID.
Create a password that meets the length and complexity requirements. However, the ESX host checks for
password compliance only if you have switched to the pam_passwdqc.so plug-in for authentication. The
password settings in the default authentication plug-in, pam_cracklib.so, are not enforced.
5 To allow a user to access the ESX host through a command shell, select Grant shell access to this user.
In general, do not grant shell access unless the user has a justifiable need. Users that access the host only
through the vSphere Client do not need shell access.
6 To add the user to a group, select the group name from the Group drop-down menu and click Add.
7 Click OK.
Procedure
3 Right-click the user and click Edit to open the Edit User dialog box.
4 To change the user ID, enter a numeric user UID in the UID text box.
The vSphere Client assigns the UID when you first create the user. In most cases, you do not have to change
this assignment.
6 To change the user’s password, select Change Password and enter the new password.
7 To change the user’s ability to access the ESX host through a command shell, select or deselect Grant shell
access to this user.
8 To add the user to a group, select the group name from the Group drop-down menu and click Add.
9 To remove the user from a group, select the group name from the Group membership box and click
Remove.
10 Click OK.
Procedure
2 Click the Users & Groups tab and click Users or Groups.
Procedure
3 Right-click anywhere in the Groups table and click Add to open the Create New Group dialog box.
4 Enter a group name and numeric group ID (GID) in the Group ID text box.
Specifying the GID is optional. If you do not specify a GID, the vSphere Client assigns the next available
group ID.
5 For each user that you want to add as a group member, select the user name from the list and click Add.
6 Click OK.
Procedure
4 To add the user to a group, select the group name from the Group drop-down menu and click Add.
5 To remove the user from a group, select the group name from the Group membership box and click
Remove.
6 Click OK.
All network traffic is encrypted as long as the following conditions are true:
n You did not change the Web proxy service to allow unencrypted traffic for the port.
n Your service console firewall is configured for medium or high security.
Host certificate checking is enabled by default and SSL certificates are used to encrypt network traffic.
However, ESX uses automatically generated certificates that are created as part of the installation process and
stored on the host. These certificates are unique and make it possible to begin using the server, but they are
not verifiable and are not signed by a trusted-well-known certificate authority (CA). These default certificates
are vulnerable to possible man-in-the-middle attacks.
To receive the full benefit of certificate checking, particularly if you intend to use encrypted remote connections
externally, install new certificates that are signed by a valid internal certificate authority or purchase a certificate
from a trusted security authority.
NOTE If the self-signed certificate is used, clients receive a warning about the certificate. To address this issue,
install a certificate that is signed by a recognized certificate authority. If CA-signed certificates are not installed,
all communication between vCenter Server and vSphere Clients is encrypted using a self-signed certificate.
These certificates do not provide the authentication security you might need in a production environment.
The default location for your certificate is /etc/vmware/ssl/ on the ESX host. The certificate consists of two
files: the certificate itself (rui.crt) and the private-key file (rui.key).
Procedure
3 Click SSL Settings in the left pane and verify that Check host certificates is selected.
4 If there are hosts that require manual validation, compare the thumbprints listed for the hosts to the
thumbprints in the host console.
To obtain the host thumbprint, run the following command on the ESX host:
openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
5 If the thumbprint matches, select the Verify check box next to the host.
Hosts that are not selected will be disconnected after you click OK.
6 Click OK.
Procedure
1 In the directory /etc/vmware/ssl, back up any existing certificates by renaming them using the following
commands.
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key
NOTE If you are regenerating certificates because you accidentally deleted them, you are not required to
rename them.
3 Confirm that the ESX host successfully generated new certificates by using the following command and
comparing the time stamps of the new certificate files with orig.rui.crt and orig.rui.key.
ls -la
Procedure
2 In the directory /etc/vmware/ssl, rename the existing certificates using the following commands.
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key
Idle connections are disconnected after the timeout period. By default, fully established SSL connections have
a timeout of infinity.
Procedure
For example, to set the Read Timeout to 20 seconds, enter the following command.
<readTimeoutMs>20000</readTimeoutMs>
For example, to set the Handshake Timeout to 20 seconds, enter the following command.
<handshakeTimeoutMs>20000</handshakeTimeoutMs>
NOTE Restart the vmware-hostd process after making any changes to host directories or authentication
mechanisms by entering the command service mgmt-vmware restart.
n Do not set up certificates using pass phrases. ESX does not support pass phrases, also known as encrypted
keys. If you set up a pass phrase, ESX processes cannot start correctly.
n You can configure the Web proxy so that it searches for certificates in a location other than the default
location. This capability proves useful for companies that prefer to centralize their certificates on a single
machine so that multiple hosts can use the certificates.
CAUTION If certificates are not stored locally on the host—for example, if they are stored on an NFS share
—the host cannot access those certificates if ESX loses network connectivity. As a result, a client connecting
to the host cannot successfully participate in a secure SSL handshake with the host.
n To support encryption for user names, passwords, and packets, SSL is enabled by default for vSphere Web
Access and vSphere Web services SDK connections. To configure these connections so that they do not
encrypt transmissions, disable SSL for your vSphere Web Access connection or vSphere Web Services SDK
connection by switching the connection from HTTPS to HTTP.
Consider disabling SSL only if you created a fully trusted environment for these clients, where firewalls
are in place and transmissions to and from the host are fully isolated. Disabling SSL can improve
performance, because you avoid the overhead required to perform encryption.
n To protect against misuse of ESX services, such as the internal Web server that hosts vSphere Web Access,
most internal ESX services are accessible only through port 443, the port used for HTTPS transmission.
Port 443 acts as a reverse proxy for ESX. You can see a list of services on ESX through an HTTP welcome
page, but you cannot directly access these services without proper authorization.
You can change this configuration so that individual services are directly accessible through HTTP
connections. Do not make this change unless you are using ESX in a fully trusted environment.
n When you upgrade vCenter Server and vSphere Web Access, the certificate remains in place. If you remove
vCenter Server and vSphere Web Access, the certificate directory is not removed from the service console.
Procedure
3 Use a text editor to open the proxy.xml file and find the following XML segment.
<ssl>
<!-- The server private key file -->
<privateKey>/etc/vmware/ssl/rui.key</privateKey>
<!-- The server side certificate file -->
<certificate>/etc/vmware/ssl/rui.crt</certificate>
</ssl>
4 Replace /etc/vmware/ssl/rui.key with the absolute path to the private key file that you received from
your trusted certificate authority.
This path can be on the ESX host or on a centralized machine on which you store certificates and keys for
your company.
5 Replace /etc/vmware/ssl/rui.crt with the absolute path to the certificate file that you received from your
trusted certificate authority.
CAUTION Do not delete the original rui.key and rui.crt files. The ESX host uses these files.
Procedure
For example, you might want to modify entries for services that use HTTPS to add the option of HTTP
access.
n <e id> is an ID number for the server ID XML tag. ID numbers must be unique within the HTTP area.
n <_type> is the name of the service you are moving.
n <accessmode> is the forms of communication the service permits. Acceptable values include:
n httpOnly – The service is accessible only over plain-text HTTP connections.
n httpsOnly – The service is accessible only over HTTPS connections.
n httpsWithRedirect – The service is accessible only over HTTPS connections. Requests over HTTP
are redirected to the appropriate HTTPS URL.
n httpAndHttps – The service is accessible both over HTTP and HTTPS connections.
n <port> is the port number assigned to the service. You can assign a different port number to the service.
n <serverNamespace> is the namespace for the server that provides this service, for example /sdk or /
mob.
Example 13-2. Setting Up vSphere Web Access to Communicate Through an Insecure Port
vSphere Web Access normally communicates with an ESX host through a secure port (HTTPS, 443). If you are
in a fully trusted environment, you might decide that you can almost permit an insecure port (for example,
HTTP, 80). To do so, change the accessMode attribute for the Web server in proxy.xml file. In the following
result, the access mode is changed from httpsWithRedirect to httpAndHttps.
<_type>vim.ProxyService.LocalServiceSpec</_type>
<accessMode>httpAndHttps</accessMode>
<port>8080</port>
<serverNamespace>/ui</serverNamespace>
Consider the following recommendations when evaluating service console security and administering the
service console.
n Limit user access.
To improve security, restrict user access to the service console and enforce access security policies like
setting up password restrictions—for example, character length, password aging limits, and using a grub
password for booting the host.
The service console has privileged access to certain parts of ESX. Therefore, provide only trusted users
with login access. By default, root access is limited by not allowing secure shell (SSH) login as the root
user. Strongly consider keeping this default. Require ESX system administrators to log in as regular users
and then use the sudo command to perform specific tasks that require root privileges.
Also, try to run as few processes on the service console as possible. Ideally, strive to run only the essential
processes, services, and agents such as virus checkers, virtual machine backups, and so forth.
n Use vSphere Client to administer your ESX hosts.
Whenever possible, use vSphere Client, vSphere Web Access, or a third-party network management tool
to administer your ESX hosts instead of working though the command-line interface as the root user.
Using vSphere Client lets you limit the accounts with access to the service console, safely delegate
responsibilities, and set up roles that prevent administrators and users from using capabilities they do not
need.
n Use only VMware sources to upgrade ESX components that you run on the service console.
The service console runs a variety of third-party packages, such as the Tomcat Web service, to support
management interfaces or tasks that you must perform. VMware does not support upgrading these
packages from anything other than a VMware source. If you use a download or patch from another source,
you might compromise service console security or functions. Regularly check third-party vendor sites and
the VMware knowledge base for security alerts.
Procedure
If you are performing activities that require root privileges, log in to the service console as a recognized
user and acquire root privileges through the sudo command, which provides enhanced security compared
to the su command.
What to do next
In addition to ESX-specific commands, you can use the service console command-line interface to run many
Linux and UNIX commands. For more information about service console commands, use the man
<command_name> command to check for man pages.
At installation time, the service console firewall is configured to block all incoming and outgoing traffic, except
for ports 22, 123, 427, 443, 902, 5989, 5988, which are used for basic communication with ESX. This setting
enforces a high level of security for the host.
NOTE The firewall also allows Internet Control Message Protocol (ICMP) pings and communication with
DHCP and DNS (UDP only) clients.
In trusted environments, you might decide that a lower security level is acceptable. If so, you can set the firewall
for either medium or low security.
Medium security All incoming traffic is blocked, except on the default ports and any ports you
specifically open. Outgoing traffic is not blocked.
Low security There are no blocks on either incoming or outgoing traffic. This setting is
equivalent to removing the firewall.
Because the ports open by default are strictly limited, you might be required to open additional ports after
installation. For a list of commonly used ports that you might open, see “TCP and UDP Ports for Management
Access,” on page 153.
As you add the supported services and management agents required to operate ESX effectively, you open
other ports in the service console firewall. You add services and management agents through vCenter Server
as described in “Configuring Firewall Ports for Supported Services and Management Agents,” on page 150.
In addition to the ports you open for these services and agents, you might open other ports when you configure
certain devices, services, or agents such as storage devices, backup agents, and management agents. For
example, if you are using Veritas NetBackup™ 4.5 as a backup agent, open ports 13720, 13724, 13782, and
13783, which NetBackup uses for client-media transactions, database backups, user backups or restores, and
so forth. To determine which ports to open, see vendor specifications for the device, service, or agent.
Procedure
2 Use the following two commands to determine whether incoming and outgoing traffic is blocked or
allowed.
esxcfg-firewall -q incoming
esxcfg-firewall -q outgoing
Procedure
2 Run one of the following commands to set the service console firewall security level.
n To set the service console firewall to medium security:
esxcfg-firewall --allowOutgoing --blockIncoming
Changing the service console firewall security level does not affect existing connections. For example, if the
firewall is set to low security and a backup is running on a port you did not explicitly open, raising the firewall
setting to high does not terminate the backup. The backup completes, releases the connection, and no further
connections are accepted for the port.
Prerequisites
Use this procedure only to open ports for services or agents that are not configurable through the vSphere
Client.
CAUTION VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-
firewall command. Using any other methods or scripts to open firewall ports can lead to unexpected behavior.
Procedure
For example:
esxcfg-firewall --openPort 6380,tcp,in,Navisphere
You can use the -closePort option to close only those ports that you opened with the -openPort option. If you
used a different method to open the port, use an equivalent method to close it. For example, you can close the
SSH port (22) only by disabling the SSH server incoming connection and SSH client outgoing connection in
the vSphere Client.
Prerequisites
Use this procedure only to close ports for services or agents not specifically configurable through the vSphere
Client.
CAUTION VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-
firewall command. Using any other methods or scripts to open and close firewall ports can lead to unexpected
behavior.
Procedure
For example:
esxcfg-firewall --closePort 6380,tcp,in
Password Restrictions
The ease with which an attacker can log in to an ESX host depends on finding a legitimate user name and
password combination. You can set password restrictions to help prevent attackers from obtaining user
passwords.
A malicious user can obtain a password in a number of ways. For example, an attacker can sniff insecure
network traffic, such as Telnet or FTP transmissions, for successful login attempts. Another common method
is to crack the password by running a password generator to try every character combination up to a certain
length or use real words and simple mutations of real words.
Implementing restrictions that govern the length, character sets, and duration of passwords can make attacks
that a password generator initiates more difficult. The longer and more complex the password, the harder it
is for an attacker to discover. The more often users have to change passwords, the more difficult it is to find a
password that works repeatedly.
NOTE Always consider the human factor when you decide how to implement password restrictions. If you
make passwords too hard to remember or enforce frequent password changes, your users might be inclined
to write down their passwords, which eliminates any benefit.
To help protect your password database from misuse, password shadowing is enabled so that password hashes
are hidden from access. Also, ESX uses MD5 password hashes, which provide stronger password security and
lets you set minimum length requirements to more than eight characters.
Password Aging
You can impose password aging restrictions to ensure that user passwords do not stay active for long periods.
ESX imposes the following password aging restrictions for user logins by default.
Maximum days The number of days that a user can keep a password. By default, passwords
are set to never expire.
Minimum days The minimum number of days between password changes. The default is 0,
meaning that the users can change their passwords any time.
Warning time The number of days in advance of password expiration that a reminder is sent.
The default is seven days. Warnings are only displayed when logging directly
in to the service console or when using SSH.
You can tighten or loosen any of these settings. You can also override the default password aging settings for
an individual user or group.
Procedure
2 To change the maximum number of days a user can keep a password, use the following command.
esxcfg-auth --passmaxdays=<number_of_days>
3 To change the minimum number of days between password changes, use the following command.
esxcfg-auth --passmindays=<number_of_days>
4 To change the warning time before a password change, use the following command.
esxcfg-auth --passwarnage=<number_of_days>
Procedure
Password Complexity
By default, ESX uses the pam_cracklib.so plug-in to set the rules that users must observe when creating
passwords and to check password strength during the creation process.
The pam_cracklib.so plug-in lets you determine the basic standards that all passwords must meet. By default,
ESX imposes no restrictions on the root password. However, when nonroot users attempt to change their
passwords, the passwords they choose must meet the basic standards that pam_cracklib.so sets. In addition,
nonroot users can make only a certain number of password change attempts before pam_cracklib.so begins
issuing messages and eventually closes the password change page. ESX has defaults for password standards
and retry restrictions.
Minimum length The minimum password length is set to nine. This means that the user must
enter at least eight characters if they use only one character class (lowercase,
uppercase, digit, or other).
The password length algorithm allows shorter passwords if the user enters a
mix of character classes. To calculate the actual character length a user needs
to enter to form a valid password for a given minimum length setting, apply
the password length algorithm as follows:
M – CC = E
where:
n M is the minimum length parameter.
n CC is the number of character classes the user includes in the password.
n E is the number of characters the user must enter.
Table 14-2 shows how the algorithm works, assuming the user enters at least
one lowercase character as part of the password. The pam_cracklib.so plug-in
does not allow passwords of fewer than six characters, so although the
mathematically accurate character requirement for a four character-class
password is five characters, the effective requirement is six.
8 yes
Retries The pam_cracklib.so retries parameter for ESX systems is set to three. If the
user does not enter a strong enough password in three attempts,
pam_cracklib.so closes the password change dialog box. The user must open
a new password change session to try again.
The pam_cracklib.so plug-in checks all password change attempts to ensure that passwords meet the following
strength criteria:
n The new password must not be a palindrome—a password where the characters mirror each other around
a central letter, as in radar or civic.
n The new password must not be the reverse of the old password.
n The new password must not be a rotation—a version of the old password in which one or more characters
have been rotated to the front or back of the password string.
n The new password must differ from the old password by more than a change of case.
n The new password must differ from the old password by more than a few characters.
n The new password must not have been used in the past. The pam_cracklib.so plug-in applies this criterion
only if you have configured a password reuse rule.
By default, ESX does not enforce any password reuse rules, so ordinarily the pam_cracklib.so plug-in
never rejects a password change attempt on these grounds. However, you can configure a reuse rule to
ensure that your users do not alternate between a few passwords.
If you configure a reuse rule, old passwords are stored in a file that the pam_cracklib.so plug-in references
during each password change attempt. The reuse rules determine the number of old passwords that ESX
retains. When a user creates enough passwords to reach the value specified in the reuse rule, old passwords
are removed from the file in age order.
n The new password must be long enough and complex enough. You configure these requirements by
changing the pam_cracklib.so complexity parameters with the esxcfg-auth command, which lets you set
the number of retries, the minimum password length, and a variety of character credits. Character credits
let the user enter shorter passwords if they include more character types in the password.
For more information on the pam_cracklib.so plug-in, see your Linux documentation.
NOTE The pam_cracklib.so plug-in used in Linux provides more parameters than the parameters supported
for ESX. You cannot specify these additional parameters in esxcfg-auth.
Procedure
5 Add the following parameter to the end of the line, where X is the number of old passwords to store for
each user.
remember=X
7 Change to the directory /etc/security/ and use the following command to make a zero (0) length file with
opasswd as the filename.
touch opasswd
To make a password more complex, you can assign values to the credit parameters for each of the following
character classes:
n <lc_credit> represents lowercase letters
n <uc_credit> represents uppercase letters
n <d_credit> represents digits
n <oc_credit> represents special characters, such as underscore or dash
Credits add to a password's complexity score. A user's password must meet or exceed the minimum score,
which you define using the <minimum_length> parameter.
NOTE The pam_cracklib.so plug-in does not accept passwords that are less than six characters, regardless of
credits used and regardless of the value you assign to <minimum_length>. In other words, if <minimum_length>
is 5, users must still enter no fewer than six characters.
To determine whether or not a password is acceptable, the pam_cracklib.so plug-in uses several rules to
calculate the password score.
n Each character in the password, regardless of type, counts as one against <minimum_length>.
n Nonzero values in the credit parameters affect password complexity differently depending on whether
negative or positive values are used.
n For positive values, add one credit for the character class, up to the maximum number of credits
specified by the credit parameter.
For example, if <lc_credit> is 1, add one credit for using a lowercase letter in the password. In this case,
one is the maximum number of credits allowed for lowercase letters, regardless of how many are
used.
n For negative values, do not add credit for the character class, but require that the character class is
used a minimum number of times. The minimum number is specified by the credit parameter.
For example, if <uc_credit> is -1, passwords must contain at least one uppercase character. In this case,
no extra credit is given for using uppercase letters, regardless of how many are used.
n Character classes with a value of zero count toward the total length of the password, but do not receive
extra credit, nor are they required. You can set all character classes to zero to enforce password length
without considering complexity.
For example, the passwords xyzpqets and Xyzpq3#s would each have a password score of eight.
The plug-in then compares the total score, or effective length, of the password to the value of
<minimum_length>.
Procedure
<retries> is the number of retries users are allowed before they are locked out.
esxcfg-auth --usecrack=3 9 1 -1 -1 1
n Users are allowed three attempts to enter their password before they are locked out.
n The password score must be 9.
n Up to one credit is given for using lowercase letters.
n At least one uppercase letter is required. No extra credit is given for this character class.
n At least one digit is required. No extra credit is given for this character class.
n Up to one credit is given for using special characters.
Using these sample values, the password candidate xyzpqe# would fail:
(x + y + z + p +q + e + #) + (lc_credit + oc_credit) = 9
While the password score is 9, it does not contain the required uppercase letter and digit.
The password candidate Xyzpq3# would be accepted:
(X + y + z + p +q + 3 + #) + (lc_credit + oc_credit) = 9
The password score for this example is also 9, but this password includes the required uppercase letter and
digit. The uppercase letter and digit do not add extra credit.
The pam_passwdqc.so provides a greater number of options for fine-tuning password strength and performs
password strength tests for all users, including the root user. The pam_passwdqc.so plug-in is also somewhat
more difficult to use than the pam_cracklib.so plug-in.
NOTE The pam_passwdqc.so plug-in used in Linux provides more parameters than the parameters supported
for ESX. You cannot specify these additional parameters in esxcfg-auth. For more information on this plug-
in, see your Linux documentation.
Procedure
n <N0> is the number of characters required for a password that uses characters from only one character
class.
n <N1> is the number of characters required for a password that uses characters from two character
classes.
n <N2> is used for passphrases. ESX requires three words for a passphrase.
n <N3> is the number of characters required for a password that uses characters from three character
classes.
n <N4> is the number of characters required for a password that uses characters from all four character
classes.
n <match> is the number of characters allowed in a string that is reused from the old password. If the
pam_passwdqc.so plug-in finds a reused string of this length or longer, it disqualifies the string from
the strength test and uses only the remaining characters.
Setting any of these options to -1 directs the pam_passwdqc.so plug-in to ignore the requirement. Setting
any of these options to disabled directs the pam_passwdqc.so plug-in to disqualify passwords with the
associated characteristic. The values used must be in descending order except for -1 and disabled.
With this setting in effect, a user creating a password would never be able to set passwords that contain
only one character class. The user needs to use at least 18 characters for a password with a two-character
class, 12 characters for a three-character class password, and eight characters for four-character class
passwords. Attempts to create passphrases are ignored.
Cipher Strength
Transmitting data over insecure connections presents a security risk because malicious users might be able to
scan data as it travels through the network. As a safeguard, network components commonly encrypt the data
so that it cannot be easily read.
To encrypt data, the sending component, such as a gateway or redirector, applies algorithms, or ciphers, to
alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its
original form. Several ciphers are in use, and the level of security that each provides is different. One measure
of a cipher’s ability to protect data is its cipher strength—the number of bits in the encryption key. The larger
the number, the more secure the cipher.
To ensure the protection of the data transmitted to and from external network connections, ESX uses one of
the strongest block ciphers available—256-bit AES block encryption. ESX also uses 1024-bit RSA for key
exchange. These encryption algorithms are the default for the following connections.
n vSphere Client connections to vCenter Server and to the ESX host through the service console.
n vSphere Web Access connections to the ESX host through the service console.
NOTE Because use of vSphere Web Access ciphers is determined by the Web browser you are using, this
management tool might use other ciphers.
setuid A flag that allows an application to temporarily change the permissions of the
user running the application by setting the effective user ID to the program
owner’s user ID.
setgid A flag that allows an application to temporarily change the permissions of the
group running the application by setting the effective group ID to the program
owner’s group ID.
Procedure
Table 14-3 lists the default setuid applications and indicates whether the application is required or optional.
ping Sends and listens for control packets on the network interface. Optional
Useful for debugging networks.
Path: /bin/ping
sudo Lets a general user act as the root user only for specific Optional
operations.
Path: /usr/bin/sudo
vmkload_app Performs tasks required to run virtual machines. This Required in both paths
application is installed in two locations: one for standard use
and one for debugging.
Path for standard use: /usr/lib/vmware/bin/vmkload_app
Path for debugging: /usr/lib/vmware/bin-debug/
vmkload_app
vmware-vmx Performs tasks required to run virtual machines. This Required in both paths
application is installed in two locations: one for standard use
and one for debugging.
Path for standard use: /usr/lib/vmware/bin/vmware-vmx
Path for debugging: /usr/lib/vmware/bin-debug/vmware-
vmk
Table 14-4 lists the default setgid applications and indicates whether the application is required or optional.
wall Alerts all terminals that an action is about to occur. This Optional
application is called by shutdown and other commands.
Path: /usr/bin/wall
lockfile Performs locking for the Dell OM management agent. Required for Dell OM
Path: /usr/bin/lockfile but optional otherwise
SSH Security
SSH is a commonly used Unix and Linux command shell that lets you remotely log in to the service console
and perform certain management and configuration tasks for the host. SSH is used for secure logins and data
transfers because it offers stronger protection than other command shells.
In this ESX release, the SSH configuration is enhanced to provide a higher security level. This enhancement
includes the following key features.
n Version 1 SSH protocol disabled – VMware no longer supports Version 1 SSH protocol and uses Version
2 protocol exclusively. Version 2 eliminates certain security issues present in Version 1 and provides you
with a safer communications interface to the service console.
n Improved cipher strength – SSH now supports only 256-bit and 128-bit AES ciphers for your connections.
n Limits on remote logins as root – You can no longer remotely log in as root. Instead, you log in as an
identifiable user and either use the sudo command to run specific operations that require root privileges
or enter the su command to become the root user.
NOTE The sudo command provides security benefits in that it limits root activities and helps you check
for possible misuse of root privileges by generating an audit trail of any root activities that the user
performs.
These settings are designed to provide solid protection for the data you transmit to the service console through
SSH. If this configuration is too rigid for your needs, you can lower security parameters.
Procedure
3 Use a text editor to perform any of the following actions in the sshd_config file.
n To allow remote root login, change the setting to yes in the following line.
PermitRootLogin no
n To revert to the default SSH protocol (Version 1 and 2), comment out the following line.
Protocol 2
n To revert to the 3DES cipher and other ciphers, comment out the following line.
Ciphers aes256-cbc,aes128-cbc
n To disable Secure FTP (SFTP) on SSH, comment out the following line.
Subsystem ftp /usr/libexec/openssh/sftp-server
This problem is common to the industry and not specific to VMware. Some security scanners can handle this
situation correctly, but they typically lag by a version or more. For example, the version of Nessus released
after a Red Hat patch often does not report these false positives.
If a fix for a particular Linux-supported software package that VMware provides as a service console
component becomes available—for example, a service, facility, or protocol—VMware provides a bulletin that
contains a list of vSphere Installation Bundles (VIBs) that you use to update the software on ESX. Although
these fixes might be available from other sources, always use bulletins that VMware generates instead of using
third-party RPM Package Manager packages.
When providing patches for a software package, the VMware policy is to backport the fix to a version of the
software known to be stable. This approach reduces the chance of introducing new problems and instability
in the software. Because the patch is added to an existing version of the software, the version number of the
software stays the same, but a patch number is added as a suffix.
1 You initially install ESX with OpenSSL version 0.9.7a (where 0.9.7a is the original version with no patches).
2 OpenSSL releases a patch that fixes a security hole in version 0.9.7. This version is called 0.9.7x.
3 VMware backports the OpenSSL 0.9.7x fix to the original version, updates the patch number, and creates
a VIB. The OpenSSL version in the VIB is 0.9.7a-1, indicating that the original version (0.9.7a) now contains
patch 1.
5 The security scanner fails to note the -1 suffix and erroneously reports that security for OpenSSL is not up
to date.
If your scanner reports that security for a package is down-level, perform the following checks.
n Look at the patch suffix to determine if you require an update.
n Read the VMware VIB documentation for information on the patch contents.
n Look for the Common Vulnerabilities and Exposures (CVE) number from the security alert in the software
update change log.
If the CVE number is there, the specified package addresses that vulnerability.
The complexity of ESX deployments can vary significantly depending on the size of your company, the way
that data and resources are shared with the outside world, whether there are multiple datacenters or only one,
and so forth. Inherent in the following deployments are policies for user access, resource sharing, and security
level.
Single-Customer Deployment
In a single-customer deployment, ESX hosts are owned and maintained within a single corporation and single
datacenter. Host resources are not shared with outside users. One site administrator maintains the hosts, which
are run on a number of virtual machines.
The single-customer deployment does not allow customer administrators, and the site administrator is solely
responsible for maintaining the various virtual machines. The corporation staffs a set of system administrators
who do not have accounts on the host and cannot access any of the ESX tools such as vCenter Server or
command line shells for the host. These system administrators have access to virtual machines through the
virtual machine console so that they can load software and perform other maintenance tasks inside the virtual
machines.
Table 15-1 shows how you might handle sharing for the components that you use and configure for the host.
Service console shares the same No Isolate the service console by configuring it on its own
physical network as the virtual physical network.
machines?
Service console shares the same No Isolate the service console by configuring it on its own VLAN.
VLAN as the virtual machines? No virtual machine or other system facility such as VMotion
must use this VLAN.
Virtual machines share the same Yes Configure your virtual machines on the same physical
physical network? network.
Network adapter sharing? Partial Isolate the service console by configuring it on its own virtual
switch and virtual network adapter. No virtual machine or
other system facility must use this switch or adapter.
You can configure your virtual machines on the same virtual
switch and network adapter.
VMFS sharing? Yes All .vmdk files reside in the same VMFS partition.
Security level High Open ports for needed services like FTP on an individual
basis. See “Service Console Firewall Configuration,” on
page 180 for information on security levels.
Virtual machine memory Yes Configure the total memory for the virtual machines as
overcommitment? greater than the total physical memory.
Table 15-2 shows how you might set up user accounts for the host.
Site administrators 1
Customer administrators 0
System administrators 0
Business users 0
Although there is only one site administrator, several customer administrators maintain the virtual machines
assigned to their customers. This deployment also includes customer system administrators who do not have
ESX accounts but have access to the virtual machines through the virtual machine console so that they can load
software and perform other maintenance tasks inside the virtual machines.
Table 15-4 shows how you might handle sharing for the components you use and configure for the host.
Service console shares the same No Isolate the service console by configuring it on its own physical
physical network as the virtual network.
machines?
Service console shares the same No Isolate the service console by configuring it on its own VLAN.
VLAN as the virtual machines? No virtual machine or other system facility such as VMotion
must use this VLAN.
Virtual machines share the same Partial Put the virtual machines for each customer on a different
physical network? physical network. All physical networks are independent of
each other.
Network adapter sharing? Partial Isolate the service console by configuring it on its own virtual
switch and virtual network adapter. No virtual machine or
other system facility must use this switch or adapter.
You configure virtual machines for one customer so that they
all share the same virtual switch and network adapter. They do
not share the switch and adapter with any other customers.
VMFS sharing? No Each customer has its own VMFS partition, and the virtual
machine .vmdk files reside exclusively on that partition. The
partition can span multiple LUNs.
Security level High Open ports for services like FTP as needed.
Virtual machine memory Yes Configure the total memory for the virtual machines as greater
overcommitment? than the total physical memory.
Table 15-5 shows how you might set up user accounts for the ESX host.
Site administrators 1
Customer administrators 10
System administrators 0
Business users 0
Although there is only one site administrator in a multiple-customer open deployment, several customer
administrators maintain the virtual machines assigned to their customers. The deployment also includes
customer system administrators who do not have ESX accounts but have access to the virtual machines through
the virtual machine console so that they can load software and perform other maintenance tasks inside the
virtual machines. Lastly, a group of business users who do not have accounts can use virtual machines to run
their applications.
Table 15-7 shows how you might handle sharing for the components that you use and configure for the host.
Service console shares the same No Isolate the service console by configuring it on its own
physical network as the virtual physical network.
machines?
Service console shares the same VLAN No Isolate the service console by configuring it on its own
as the virtual machines? VLAN. No virtual machine or other system facility such as
VMotion must use this VLAN.
Virtual machines share the same Yes Configure your virtual machines on the same physical
physical network? network.
Network adapter sharing? Partial Isolate the service console by configuring it on its own
virtual switch and virtual network adapter. No virtual
machine or other system facility must use this switch or
adapter.
You configure all virtual machines on the same virtual
switch and network adapter.
VMFS sharing? Yes Virtual machines can share VMFS partitions, and their
virtual machine .vmdk files can reside on shared partitions.
Virtual machines do not share .vmdk files.
Security level High Open ports for services like FTP as needed.
Virtual machine memory Yes Configure the total memory for the virtual machines as
overcommitment? greater than the total physical memory.
Table 15-8 shows how you might set up user accounts for the host.
Site administrators 1
Customer administrators 10
System administrators 0
Business users 0
Stagger the schedule for virus scans, particularly in deployments with a large number of virtual machines.
Performance of systems in your environment will degrade significantly if you scan all virtual machines
simultaneously.
Because software firewalls and antivirus software can be virtualization-intensive, you can balance the need
for these two security measures against virtual machine performance, especially if you are confident that your
virtual machines are in a fully trusted environment.
Disable Copy and Paste Operations Between the Guest Operating System and
Remote Console
You can disable copy and paste operations to prevent exposing sensitive data that has been copied to the
clipboard.
When VMware Tools runs on a virtual machine, you can copy and paste between the guest operating system
and remote console. As soon as the console window gains focus, non-privileged users and processes running
in the virtual machine can access the clipboard for the virtual machine console. If a user copies sensitive
information to the clipboard before using the console, the user—perhaps unknowingly—exposes sensitive data
to the virtual machine. To prevent this problem, consider disabling copy and paste operations for the guest
operating system.
Procedure
3 Select Options > Advanced > General and click Configuration Parameters.
4 Click Add Row and type the following values in the Name and Value columns.
Name Value
isolation.tools.copy.disable true
isolation.tools.paste.disable true
isolation.tools.setGUIOptions.enable false
NOTE These options override any settings made in the guest operating system’s VMware Tools control
panel.
sched.mem.max unlimited
scsi0:0.redo true
vmware.tools.installstate none
vmware.tools.lastInstallStatus.result unknown
isolation.tools.copy.disable true
isolation.tools.paste.disable true
isolation.tools.setGUIOptions.enable false
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine
Properties dialog box.
Attackers can use this capability to breach virtual machine security in several ways. For example, an attacker
with access to a virtual machine can connect a disconnected CD-ROM drive and access sensitive information
on the media left in the drive, or disconnect a network adapter to isolate the virtual machine from its network,
resulting in a denial of service.
As a general security precaution, use commands on the vSphere Client Configuration tab to remove any
unneeded or unused hardware devices. Although this measure tightens virtual machine security, it is not a
good solution in situations where you might bring an unused device back into service at a later time.
Procedure
4 Select Options > General Options and make a record of the path displayed in the Virtual Machine
Configuration File text box.
6 Change directories to access the virtual machine configuration file whose path you recorded in Step 4.
Virtual machine configuration files are located in the /vmfs/volumes/<datastore> directory, where
<datastore> is the name of the storage device on which the virtual machine files reside. For example, if the
virtual machine configuration file you obtained from the Virtual Machine Properties dialog box is
[vol1]vm-finance/vm-finance.vmx, you would change to the following directory.
/vmfs/volumes/vol1/vm-finance/
7 Use a text editor to add the following line to the .vmx file, where <device_name> is the name of the device
you want to protect (for example, ethernet1).
<device_name>.allowGuestConnectionControl = "false"
NOTE By default, Ethernet 0 is configured to disallow device disconnection. The only reason you might
change this is if a prior administrator set <device_name>.allowGuestConnectionControl to true.
9 In the vSphere Client, right-click the virtual machine and select Power Off.
The informational messages sent by guest operating processes are known as setinfo messages and typically
contain name-value pairs that define virtual machine characteristics or identifiers that the host stores—for
example, ipaddress=10.17.87.224. The configuration file containing these name-value pairs is limited to a size
of 1MB, which prevents attackers from staging a DoS attack by writing software that mimics VMware Tools
and filling the host's memory with arbitrary configuration data, which consumes space needed by the virtual
machines.
If you require more than 1MB of storage for name-value pairs, you can change the value as required. You can
also prevent the guest operating system processes from writing any name-value pairs to the configuration file.
Procedure
4 Select Options > Advanced > General and click Configuration Parameters.
5 If the size limit attribute is not present, you must add it.
If the size limit attribute exists, modify it to reflect the appropriate limits.
6 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine
Properties dialog box.
Prevent the Guest Operating System Processes from Sending Configuration Messages to
the Host
You can prevent guests from writing any name-value pairs to the configuration file. This is appropriate when
guest operating systems must be prevented from modifying configuration settings.
Procedure
4 Select Options > Advanced > General and click Configuration Parameters.
5 Click Add Row and type the following values in the Name and Value columns.
n In the Name column: isolation.tools.setinfo.disable
n In the Value column: true
6 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine
Properties dialog box.
To prevent this problem, consider modifying logging settings for virtual machine guest operating systems.
These settings can limit the total size and number of log files. Normally, a new log file is created each time you
reboot a host, so the file can grow to be quite large. You can ensure new log file creation happens more
frequently by limiting the maximum size of the log files. VMware recommends saving 10 log files, each one
limited to 100KB. These values are large enough to capture sufficient information to debug most problems that
might occur.
Each time an entry is written to the log, the size of the log is checked. If it is over the limit, the next entry is
written to a new log. If the maximum number of log files exists, the oldest log file is deleted. A DoS attack that
avoids these limits could be attempted by writing an enormous log entry, but each log entry is limited in size
to 4KB, so no log files are ever more than 4KB larger than the configured limit.
Procedure
3 Select Options > General Options and make a record of the path displayed in the Virtual Machine
Configuration File text box.
5 Change directories to access the virtual machine configuration file whose path you recorded in Step 3.
Virtual machine configuration files are located in the /vmfs/volumes/<datastore> directory, where
<datastore> is the name of the storage device on which the virtual machine files reside. For example, if the
virtual machine configuration file you obtained from the Virtual Machine Properties dialog box is
[vol1]vm-finance/vm-finance.vmx, you would change to the following directory.
/vmfs/volumes/vol1/vm-finance/
6 To limit the log size, use a text editor to add or edit the following line to the .vmx file, where <maximum_size>
is the maximum file size in bytes.
log.rotateSize=<maximum_size>
7 To keep a limited number of log files, use a text editor to add or edit the following line to the .vmx file, where
<number_of_files_to_keep> is the number of files the server keeps.
log.keepOld=<number_of_files_to_keep>
For example, to keep 10 log files and begin deleting the oldest ones as new ones are created, enter 10.
If you disable logging for the guest operating system, be aware that you might not be able to gather adequate
logs to allow troubleshooting. Further, VMware does not offer technical support for virtual machine problems
if logging has been disabled.
Procedure
1 Log in to a vCenter Server system using the vSphere Client and select the virtual machine in the inventory.
3 Click the Options tab and in the options list under Advanced, select General.
Host profiles eliminates per-host, manual, or UI-based host configuration and maintain configuration
consistency and correctness across the datacenter by using host profile policies. These policies capture the
blueprint of a known, validated reference host configuration and use this to configure networking, storage,
security, and other settings on multiple hosts or clusters. You can then check a host or cluster against a profile’s
configuration for any deviations.
You must have an existing vSphere installation with at least one properly configured host.
1 Set up and configure the host that will be used as the reference host.
4 Check the host's compliance against a profile. This ensures that the host continues to be correctly
configured.
5 Apply the host profile of the reference host to other hosts or clusters of hosts.
NOTE Host profiles is only supported for VMware vSphere 4.0 hosts. This feature is not supported for VI 3.5
or earlier hosts. If you have VI 3.5 or earlier hosts managed by your vCenter Server 4.0, the following can occur
if you try to use host profiles for those hosts:
n You cannot create a host profile that uses a VMware Infrastructure 3.5 or earlier host as a reference host.
n You cannot apply a host profile to any VI 3.5 or earlier hosts. The compliance check fails.
n While you can attach a host profile to a mixed cluster that contains VI 3.5 or earlier hosts, the compliance
check for those hosts fails.
As a licensed feature of vSphere, Host Profiles are only available when the appropriate licensing is in place. If
you see errors, please ensure that you have the appropriate vSphere licensing for your hosts.
The Host Profiles main view should be used by experienced administrators who wish to perform host profile
operations and configure advanced options and policies. Most operations such as creating new profiles,
attaching entities, and applying profiles can be performed from the Hosts and Clusters view.
Procedure
u Select View > Management > Host Profiles.
Any existing profiles are listed on the left side in the profiles list. When a profile is selected from the profile
list, the details of that profile are displayed on the right side.
A host profile can be created from the Host Profiles main view or the host's context menu in the Hosts and
Clusters.
Prerequisites
You must have a vSphere installation and at least one properly configured host in the inventory.
Procedure
3 Select the host to use to create the profile and click Next.
4 Type the name and enter a description for the new profile and click Next.
5 Review the summary information for the new profile and click Finish to complete creating the profile.
Prerequisites
You must have a vSphere installation and at least one properly configured host in the inventory.
Procedure
1 In the Hosts and Clusters view, select the host that you want to designate as the reference host for the new
host profile.
2 Right-click the host and select Host Profile > Create Profile from Host.
3 Type the name and enter a description for the new profile and click Next.
4 Review the summary information for the new profile and click Finish to complete creating the profile.
Procedure
1 In the Host Profiles main page, select the profile to export from the profile list.
3 Select the location and type the name of the file to export the profile.
4 Click Save.
Procedure
1 In the Host Profiles main page, click the Create Profile icon.
3 Enter or browse for the VMware Profile Format file to import and click Next.
4 Type the name and enter a description for the imported profile and click Next.
5 Review the summary information for the imported profile and click Finish to complete importing the
profile.
Procedure
1 In the Host Profiles main view, select the profile to edit from the profile list.
Edit a Policy
A policy describes how a specific configuration setting should be applied. The Profile Editor allows you to edit
policies belonging to a specific host profile.
On the left side of the Profile Editor, you can expand the host profile. Each host profile is composed of several
sub-profiles that are designated by functional group to represent configuration instances. Each sub-profile
contains many policies that describe the configuration that is relevant to the profile.
The sub-profiles (and example policies and compliance checks) that may be configured are:
Procedure
1 Open the Profile Editor for the profile you wish to edit.
2 On the left side of the Profile Editor, expand a sub-profile until you reach the policy you want to edit.
On the right side of the Profile Editor, the policy options and parameters are displayed within the
Configuration Details tab.
4 Select a policy option from the drop-down menu and set its parameter.
5 (Optional) If you make a change to a policy, but wish to revert back to the default option, click Revert and
the option is reset.
Procedure
1 Open the Profile Editor for a profile and navigate to the policy you wish to enable for compliance check.
2 On the right-hand side of the Profile Editor, select the Compliance Details tab.
NOTE If you disable the check box so this policy is not checked for compliance, the other policies that are
enabled for compliance check will still be checked.
Manage Profiles
After you create a host profile, you can manage the profile by attaching a profile to a particular host or cluster
and then applying that profile to the host or cluster.
Attaching Entities
Hosts that need to be configured are attached to a profile. Profiles can also be attached to a cluster. In order to
be compliant, all hosts within an attached cluster must be configured according to the profile.
You can attach a host or cluster to a profile from the Host Profiles main view.
Procedure
1 In the Host Profiles main view, select the profile to which you want to add the attachment from the profile
list.
3 Select the host or cluster from the expanded list and click Attach.
You can attach a profile to a host from the host's context menu in the Hosts and Clusters inventory view.
Procedure
1 In the Hosts and Clusters view, select the host to which you want to attach a profile.
2 Right-click the host and select Host Profile > Manage Profile.
NOTE If no host profiles exist in your inventory, a dialog appears asking if you want to create and attach
the host to this profile.
3 In the Change Attached Profile dialog, select the profile to attach to the host and click OK.
Applying Profiles
To bring a host to the desired state as specified in the profile, apply the profile to the host.
Prerequisites
Procedure
1 In the Host Profiles main view, select the profile you want to apply to the host .
In the Profile Editor, you might be prompted to enter the required parameters needed to apply the profile.
6 Click Finish.
Prerequisites
Procedure
1 In the Hosts and Clusters view, select the host to which you want to apply a profile.
2 Right-click the host and select Host Profile > Apply Profile.
5 Click Finish.
You can perform this task from the Host Profiles main view.
Prerequisites
Procedure
1 You can perform this task either from the Host Profiles main view or from the host.
u In the Host Profiles main view, right-click the profile you wish to change the reference host and select
Change Reference Host.
u In the Hosts and Clusters view, right-click the host to which you want to update references and select
Manage Profiles.
2 Determine if you want to detatch the profile from the host or cluster or change the profile's reference host.
u Click Detach to remove the association between the host and the profile.
u Click Change to continue with updating the profile's reference host.
If you selected Change, the Change Reference Host dialog opens. The current host that the profile
references is displayed as Reference Host.
3 Expand the inventory list and select the host to which you want the profile attached.
4 Click Update.
5 Click OK.
The Summary tab for the host profile lists the updated reference host.
Procedure
u In the Hosts and Clusters view, right-click a cluster and select Host Profile > Manage Profile. Depending
on your host profile setup, one of the following occurs:
If the cluster is not attached to a host profile and no profile a A dialog opens asking if you would like to create a
exist in your inventory. profile and attach it to the cluster.
b If you select Yes, the Create Profile wizard opens.
If the cluster is not attached to a host profile and one or a The Attach Profile dialog opens.
more profiles exist in your inventory. b Select the profile you wish to attach to the cluster and
click OK.
If the cluster is already attached to a host profile. In the dialog, click Detach to detach the profile from the
cluster or Change to attach a different profile to the cluster.
Checking Compliance
Checking compliance ensures that the host or cluster continues to be correctly configured.
After a host or cluster is configured with the reference host profile, a manual change, for example, can occur,
making the configuration incorrect. Checking compliance on a regular basis ensures that the host or cluster
continues to be correctly configured.
Procedure
1 From the Host Profiles list, select the profile that you want to check.
2 In the Hosts and Clusters tab, select the host or cluster from the list under Entity Name.
If the compliance status is Non-compliant, you can apply the host to the profile.
Procedure
1 In the Hosts and Clusters view, select the host on which you want to run the compliance check.
2 Right-click the host and select Host Profile > Check Compliance
If the host is not compliant, you must apply the profile to the host.
Procedure
1 In the Hosts and Clusters view, select the cluster on which you want to run the compliance check.
2 In the Profile Compliance tab, click Check Compliance Now to check the cluster's compliance with both
the host profile that is attached to this cluster and the cluster requirements, if any.
n The cluster is checked for compliance with specific settings for hosts in the cluster, such as DRS, HA,
and DPM. For example, it may check if VMotion is enabled. The compliance status for the cluster
requirements is updated. This check is performed even if a host profile is not attached to the cluster.
n If a host profile is attached to the cluster, the cluster is checked for compliance with the host profile.
The compliance status for the host profile is updated.
3 (Optional) Click Description next to the Cluster Requirements for a list of the specific cluster requirements.
4 (Optional) Click Description next to Host Profiles for a list of the specific host profile compliance checks.
5 (Optional) Click Change to change the host profile that is attached to the cluster.
6 (Optional) Click Remove to detach the host profile that is attached to the cluster.
If the cluster is not compliant, the profile must be applied separately to each host within the cluster.
NOTE If you use the commands in this appendix, you must execute the service mgmt-vmware restart
command to restart the vmware-hostd process and alert the vSphere Client and other management tools that
the configuration has changed. In general, avoid executing the commands in this appendix if the host is
currently under the vSphere Client or vCenter Server management.
The vSphere Client graphical user interface provides the preferred means of performing the configuration
tasks described in this topic. You can use this topic to learn which vSphere Client commands to use in place
of the service console commands. This topic provides a summary of the actions you take in vSphere Client but
does not give complete instructions. For details on using commands and performing configuration tasks
through vSphere Client, see the online help.
You can find additional information on a number of ESX commands by logging in to the service console and
using the man <esxcfg_command_name> command to display man pages.
Appendix A, “ESX Technical Support Commands,” on page 219 lists the Technical Support commands
provided for ESX, summarizes the purpose of each command, and provides a vSphere Client alternative. You
can perform most of the vSphere Client actions listed in the table only after you have selected an ESX host from
the inventory panel and clicked the Configuration tab. These actions are preliminary to any procedure
discussed below unless otherwise stated.
esxcfg-boot Configures bootstrap settings. This command is used for the bootstrap
process and is intended for VMware Technical Support use only. You
should not issue this command unless instructed to do so by a VMware
Technical Support representative.
There is no means of configuring these functions in vSphere Client.
esxcfg-dumppart Configures a diagnostic partition or searches for existing diagnostic
partitions.
When you install ESX, a diagnostic partition is created to store debugging
information in the event of a system fault. You don’t need to create this
partition manually unless you determine that there is no diagnostic
partition for the host.
You can perform the following management activities for diagnostic
partitions in vSphere Client:
n Determine whether there is a diagnostic partition — Click
Storage>AddStorage and check the first page of the Add Storage
Wizard to see whether it includes the Diagnostic option. If Diagnostic
is not one of the options, ESX already has a diagnostic partition.
n Configure a diagnostic partition — Click Storage>Add
Storage>Diagnostic and step through the wizard.
esxcfg-firewall Configures the service console firewall ports.
To configure firewall ports for supported services and agents in vSphere
Client, you select the Internet services that will be allowed to access the
ESX host. Click Security Profile>Firewall>Properties and use the
Firewall Properties dialog box to add services.
You cannot configure unsupported services through the vSphere Client.
For these services, use the esxcfg-firewall.
esxcfg-info Prints information about the state of the service console, VMkernel,
various subsystems in the virtual network, and storage resource
hardware.
vSphere Client doesn’t provide a method for printing this information,
but you can obtain much of it through different tabs and functions in the
user interface. For example, you can check the status of your virtual
machines by reviewing the information on the Virtual Machines tab.
esxcfg-init Performs internal initialization routines. This command is used for the
bootstrap process you should not use it under any circumstances. Using
this command can cause problems for your ESX host.
There is no vSphere Client equivalent for this command.
esxcfg-module Sets driver parameters and modifies which drivers are loaded during
startup. This command is used for the bootstrap process and is intended
for VMware Technical Support use only. You should not issue this
command unless instructed to do so by a VMware Technical Support
representative.
There is no vSphere Client equivalent for this command.
esxcfg-mpath Configures multipath settings for your Fibre Channel or iSCSI disks.
To configure multipath settings for your storage in vSphere Client, click
Storage. Select a datastore or mapped LUN and click Properties. When the
Properties dialog box opens, select the desired extent if necessary. Then,
click Extent Device>Manage Paths and use the Manage Path dialog box
to configure the paths.
esxcfg-nas Manages NFS mounts. You use this command to create or unmount an
NFS datastore.
To view NFS datastores in vSphere Client, click Storage > Datastores and
scroll through the datastores list. You can also perform the following
activities from the Storage > Datastores view:
n Display the attributes of an NFS datastore – Click the datastore and
review the information under Details.
n Create an NFS datastore – Click Add Storage.
n Unmount an NFS datastore – Click Remove, or right-click the
datastore to unmount and select Unmount.
esxcfg-nics Prints a list of physical network adapters along with information on the
driver, PCI device, and link state of each NIC. You can also use this
command to control a physical network adapter’s speed and duplexing.
To view information on the physical network adapters for the host in
vSphere Client, click Network Adapters.
To change the speed and duplexing for a physical network adapter in the
vSphere Client, click Networking>Properties for any of the virtual
switches associated with the physical network adapter. In the Properties
dialog box, click Network Adapters>Edit and select the speed and duplex
combination.
esxcfg-resgrp Restores resource group settings and lets you perform basic resource
group management.
Select a resource pool from the inventory panel and click Edit Settings on
the Summary tab to change the resource group settings.
esxcfg-route Sets or retrieves the default VMkernel gateway route and adds, removes,
or lists static routes.
To view the default VMkernel gateway route in vSphere Client, click DNS
and Routing. To change the default routing, click Properties and update
the information in both tabs of the DNS and Routing Configuration
dialog box.
esxcfg-swiscsi Configures your software iSCSI software adapter.
To configure your software iSCSI system in vSphere Client, click Storage
Adapters, select the iSCSI adapter you want to configure, and click
Properties. Use the iSCSI Initiator Properties dialog box to configure the
adapter.
esxcfg-upgrade Upgrades from ESX Server 2.x to ESX. This command is not for general
use.
You complete the following three tasks when upgrading from 2.x to 3.x.
Some of these can be performed in vSphere Client:
n Upgrade the host — You upgrade the binaries, converting from ESX
Server 2.x to ESX. You cannot perform this step from vSphere Client.
n Upgrade the file system — To upgrade VMFS-2 to VMFS-3, suspend
or power off your virtual machines and then click
Inventory>Host>Enter Maintenance Mode. Click Storage, select a
storage device, and click Upgrade to VMFS-3. You must perform this
step for each storage device you want to upgrade.
n Upgrade the virtual machines — To upgrade a virtual machine from
VMS-2 to VMS-3, right-click the virtual machine in the inventory
panel and choose Upgrade Virtual Machine.
esxcfg-scsidevs Prints a map of VMkernel storage devices to service console devices. There
is no vSphere Client equivalent for this command.
esxcfg-vmknic Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and
iSCSI.
To set up VMotion, NFS, or iSCSI network connections in vSphere Client,
click Networking > Add Networking. Select VMkernel and step through
the Add Network Wizard. Define the IP address subnet mask and
VMkernel default gateway in the Connection Settings step.
To review your settings, click the blue icon to the left of the VMotion,
iSCSI, or NFS port. To edit any of these settings, click Properties for the
switch. Select the port from the list on the switch Properties dialog box
and click Edit to open the port Properties dialog box and change the
settings for the port.
esxcfg-vswif Creates and updates service console network settings. This command is
used if you cannot manage the ESX host through the vSphere Client
because of network configuration issues.
To set up connections for the service console in vSphere Client, click
Networking > Add Networking. Select Service Console and step through
the Add Network Wizard. Define the IP address subnet mask and the
service console default gateway in the Connection Settings step.
To review your settings, click the blue icon to the left of the service console
port. To edit any of these settings, click Properties for the switch. Select
the service console port from the list on the switch Properties dialog box.
Click Edit to open the port Properties dialog box and change the settings
for the port.
esxcfg-vswitch Creates and updates virtual machine network settings.
To set up connections for a virtual machine in vSphere Client, click
Networking > Add Networking. Select Virtual Machine and step
through the Add Network Wizard.
To review your settings, click the speech bubble icon to the left of the
virtual machine port group. To edit any of these settings, click Properties
for the switch. Select the virtual machine port from the list on the switch
Properties dialog box, then click Edit to open the port Properties dialog
box and change the settings for the port.
Always work through the vSphere Client when configuring ESX, unless otherwise instructed in vSphere
documentation or by VMware Technical Support.
Using vmkfstools, you can create and manage virtual machine file system (VMFS) on a physical partition of a
disk. You can also use the command to manipulate files, such as virtual disk files, stored on VMFS-2, VMFS-3,
and NFS.
You can perform most vmkfstools operations using the vSphere Client.
n <device> specifies devices or logical volumes. This argument uses a path name in the ESX device file
system. The path name begins with /vmfs/devices, which is the mount point of the device file system.
Use the following formats when you specify different types of devices:
n /vmfs/devices/disks for local or SAN-based disks.
n <path> specifies a VMFS file system or file. This argument is an absolute or relative path that names a
directory symbolic link, a raw device mapping, or a file under /vmfs.
n To specify a VMFS file system, use this format:
/vmfs/volumes/<file_system_UUID>
or
/vmfs/volumes/<file_system_label>
You do not need to enter the entire path if the current working directory is the parent directory of
myDisk.vmdk.
For example,
/vmfs/volumes/datastore1/rh9.vmdk
vmkfstools Options
The vmkfstools command has several options. Some of the options are suggested for advanced users only.
The long and single-letter forms of the options are equivalent. For example, the following commands are
identical.
vmkfstools --createfs vmfs3 --blocksize 2m vml.<vml_ID>:1
vmkfstools -C vmfs3 -b 2m vml.<vml_ID>:1
-v Suboption
The -v suboption indicates the verbosity level of the command output.
You can specify the -v suboption with any vmkfstools option. If the output of the option is not suitable for use
with the -v suboption, vmkfstools ignores -v.
NOTE Because you can include the -v suboption in any vmkfstools command line, -v is not included as a
suboption in the option descriptions.
This option creates a VMFS-3 file system on the specified SCSI partition, such as vml.<vml_ID>:1. The partition
becomes the file system's head partition.
VMFS-2 file systems are read-only on any ESX host. You cannot create or modify VMFS-2 file systems but you
can read files stored on VMFS-2 file systems. VMFS-3 file systems are not accessible from ESX 2.x hosts.
CAUTION You can have only one VMFS volume for a LUN.
n -S --setfsname – Define the volume label of a VMFS volume for the VMFS-3 file system you are creating.
Use this suboption only in conjunction with the -C option. The label you specify can be up to 128 characters
long and cannot contain any leading or trailing blank spaces.
After you define a volume label, you can use it whenever you specify the VMFS volume for the vmkfstools
command. The volume label appears in listings generated for the Linux ls -l command and as a symbolic
link to the VMFS volume under the /vmfs/volumes directory.
To change the VMFS volume label, use the Linux ln -sf command. Use the following as an example:
ln -sf /vmfs/volumes/<UUID> /vmfs/volumes/<fsName>
<fsName> is the new volume label to use for the <UUID> VMFS.
This option adds another extent to a previously created VMFS volume <existing-VMFS-volume>. You must
specify the full path name, for example /vmfs/devices/disks/vml.<vml_ID>:1, not just the short name
vml.<vml_ID>:1. Each time you use this option, you extend a VMFS-3 volume with a new extent so that the
volume spans multiple partitions. At most, a logical VMFS-3 volume can have 32 physical extents.
CAUTION When you run this option, you lose all data that previously existed on the SCSI device you specified in
<extension-device>.
The extended file system spans two partitions—vml.<vml_ID_1>:1 and vml.<vml_ID_2>:1. In this example,
vml.<vml_ID_1>:1 is the name of the head partition.
When you use this option on any file or directory that resides on a VMFS volume, the option lists the attributes
of the specified volume. The listed attributes include the VMFS version number (VMFS-2 or VMFS-3), the
number of extents comprising the specified VMFS volume, the volume label if any, the UUID, and a listing of
the device names where each extent resides.
NOTE If any device backing VMFS file system goes offline, the number of extents and available space change
accordingly.
You can specify the -h suboption with the -P option. If you do so, vmkfstools lists the capacity of the volume
in a more readable form, for example, 5k, 12.1M, or 2.1G.
CAUTION The VMFS-2 to VMFS-3 conversion is a one-way process. After you have converted a VMFS-2 volume
to VMFS-3, you cannot revert it back to a VMFS-2 volume.
You can upgrade a VMFS-2 file system only if its file block size does not exceed 8 MB.
This option converts a VMFS-2 file system VMFS-3 preserving all files on the file system. Before conversion,
unload the vmfs2 and vmfs3 drivers and load the auxiliary file system driver, fsaux, with a module option
fsauxFunction=upgrade.
You must specify the upgrade type using the -x --upgradetype suboption as one of the following:
n -x zeroedthick (default) – Retains the properties of VMFS-2 thick files. With the zeroedthick file
format, disk space is allocated to the files for future use and the unused data blocks are not zeroed
out.
n -x eagerzeroedthick – Zeroes out unused data blocks in thick files during conversion. If you use this
suboption, the upgrade process might take much longer than with the other options.
n -x thin – Converts the VMFS-2 thick files into thin-provisioned VMFS-3 files. As opposed to thick
file format, the thin-provisioned format doesn't allow files to have extra space allocated for their future
use, but instead provides the space on demand. During this conversion, unused blocks of the thick
files are discarded.
During conversion, the ESX file-locking mechanism ensures that no other local process accesses the VMFS
volume that is being converted, although you need to make sure that no remote ESX host is accessing this
volume. The conversion might take several minutes and returns to the command prompt when complete.
After conversion, unload the fsaux driver and load vmfs3 and vmfs2 drivers to resume normal operations.
n -u --upgradefinish
n 2gbsparse – A sparse disk with 2GB maximum extent size. You can use disks in this format with other
VMware products, however, you cannot power on sparse disk on an ESX host unless you first reimport
the disk with vmkfstools in a compatible format, such as thick or thin.
n monosparse – A monolithic sparse disk. You can use disks in this format with other VMware products.
n monoflat – A monolithic flat disk. You can use disks in this format with other VMware products.
NOTE The only disk formats you can use for NFS are thin, thick, zerodthick and 2gbsparse.
Thick, zeroedthick and thin usually mean the same because the NFS server and not the ESX host decides the
allocation policy. The default allocation policy on most NFS servers is thin.
This option creates a virtual disk at the specified path on a VMFS volume. Specify the size of the virtual disk.
When you enter the value for <size>, you can indicate the unit type by adding a suffix of k (kilobytes), m
(megabytes), or g (gigabytes). The unit type is not case sensitive—vmkfstools interprets either k or K to mean
kilobytes. If you don’t specify a unit type, vmkfstools defaults to bytes.
This option cleans the virtual disk by writing zeros over all its data. Depending on the size of your virtual disk
and the I/O bandwidth to the device hosting the virtual disk, completing this command might take a long time.
CAUTION When you use this command, you lose any existing data on the virtual disk.
This option converts a thin virtual disk to eagerzeroedthick, preserving all existing data. The option allocates
and zeroes out any blocks that are not already allocated.
You can use the -d suboption for the -i option. This suboption specifies the disk format for the copy you create.
A non-root user is not allowed to clone a virtual disk or a raw disk.
NOTE To clone the ESX Redo logs while preserving their hierarchy, use the cp command.
You can configure a virtual machine to use this virtual disk by adding lines to the virtual machine configuration
file, as in the following example:
scsi0:0.present = TRUE
scsi0:0.fileName = /vmfs/volumes/myVMFS/myOS.vmdk
You must import the virtual disk first because you cannot power on disks exported in 2gbsparse format on an
ESX host.
Procedure
1 Import a Workstation or GSX Server disk into your /vmfs/volumes/myVMFS/ directory or any subdirectory.
2 In the vSphere Client, create a new virtual machine using the Custom configuration option.
3 When you configure a disk, select Use an existing virtual disk and attach the Workstation or GSX Server
disk you imported.
You must power off the virtual machine that uses this disk file before you enter this command. You might
have to update the file system on the disk so the guest operating system can recognize and use the new size
of the disk and take advantage of the extra space.
You specify the newSize parameter in kilobytes, megabytes, or gigabytes by adding a k (kilobytes), m
(megabytes), or g (gigabytes) suffix. The unit type is not case sensitive—vmkfstools interprets either k or K to
mean kilobytes. If you don’t specify a unit type, vmkfstools defaults to kilobytes.
The newSize parameter defines the entire new size, not just the increment you add to the disk.
For example, to extend a 4g virtual disk by 1g, enter: vmkfstools -X 5g <disk name>.dsk
NOTE Do not extend the base disk of a virtual machine that has snapshots associated with it. If you do, you
can no longer commit the snapshot or revert the base disk to its original size.
You can configure a virtual machine to use the my_rdm.vmdk mapping file by adding the following lines to the
virtual machine configuration file:
scsi0:0.present = TRUE
scsi0:0.fileName = /vmfs/volumes/myVMFS/my_rdm.vmdk
After you establish this type of mapping, you can use it to access the raw disk just as you would any other
VMFS virtual disk.
This option prints the name of the raw disk RDM. The option also prints other identification information, like
the disk ID, for the raw disk.
The output is in the form: Geometry information C/H/S, where C represents the number of cylinders, H
represents the number of heads, and S represents the number of sectors.
NOTE When you import VMware Workstation virtual disks to an ESX host, you might see a disk geometry
mismatch error message. A disk geometry mismatch might also be the cause of problems loading a guest
operating system or running a newly-created virtual machine.
This option lets you reserve a SCSI LUN for exclusive use by an ESX host, release a reservation so that other
hosts can access the LUN, and reset a reservation, forcing all reservations from the target to be released.
CAUTION Using the -L option can interrupt the operations of other servers on a SAN. Use the -L option only
when troubleshooting clustering setups.
Unless specifically advised by VMware, never use this option on a LUN hosting a VMFS volume.
n -L lunreset – Resets the specified LUN by clearing any reservation on the LUN and making the LUN
available to all servers again. The reset does not affect any of the other LUNs on the device. If another
LUN on the device is reserved, it remains reserved.
n -L targetreset – Resets the entire target. The reset clears any reservations on all the LUNs associated
with that target and makes the LUNs available to all servers again.
n -L busreset – Resets all accessible targets on the bus. The reset clears any reservation on all the LUNs
accessible through the bus and makes them available to all servers again.
Symbols B
* next to path 116 bandwidth
average 52, 53
Numerics peak 52, 53
802.1Q and ISL tagging attacks 158 binding on host, dvPort groups 33
Blade servers
and virtual networking 65
A
configuring a virtual machine port group 65
accessing storage 79
configuring a VMkernel port 66
active adapters 27
block devices 126
active uplinks 42, 45, 46
blocked ports, dvPorts 55
active-active disk arrays 117
burst size 52–54
active-passive disk arrays 117
adapter, virtual 38
C
adding
dvPort groups 32 CA-signed certificates 174
NFS storage 100 CDP 27, 28
adding a VMkernel network adapter 22 certificates
certificate file 172
adding users to groups 172
checking 172
admin contact info 31
configuring host searches 176
Administrator role 168, 169
default 172
aging, password restrictions 184
disabling SSL for vSphere Web Access and
antivirus software, installing 199
SDK 175
applications
default 191, 192 generating new 173
disabling optional 190 key file 172
optional 190–192 location 172
setgid flag 190 SSL 172
setuid flag 190 vCenter Server 172
asterisk next to path 116 vSphere Web Access 172
certification, security 143
attacks
802.1Q and ISL tagging 158 changing host proxy services 176
double-encapsulated 158 CHAP
disabling 95
MAC flooding 158
for discovery targets 93
multicast brute-force 158
for iSCSI initiators 92
random frame 158
for static targets 93
spanning tree 158
authentication mutual 92
groups 167 one-way 92
iSCSI storage 161 CHAP authentication 91, 161, 162
users 165, 167 CHAP authentication methods 92
vSphere Client to ESX 165 CIM and firewall ports 150
authentication daemon 165 cipher strength, connections 190
average bandwidth 54 Cisco Discovery Protocol 28, 31
Cisco switches 27
claim rules 115
command reference for ESX 219 SSL for vSphere Web Access and SDK 175
compatibility modes variable information size 201
physical 126 disabling paths 118
virtual 126 discovery
config reset at disconnect, dvPort groups 33 address 90
configuring dynamic 90
dynamic discovery 90
static 91
RDM 130 disk arrays
SCSI storage 97 active-active 117
static discovery 91 active-passive 117
creating host profile 208, 209 disk formats
creating host profiles 208 NFS 98
current multipathing state 116 thick provisioned 119
cut and paste, disabling for guest operating thin provisioned 119
systems 199 disks, format 120
DMZ 140
D DNS 55
datastore copies, mounting 108 double-encapsulated attacks 158
datastores dvPort group, load balancing 45
adding extents 106 dvPort groups
configuring on NFS volumes 100 binding on host 33
creating on SCSI disk 97 config reset at disconnect 33
displaying 82 description 32
grouping 104 failback 45
increasing capacity 106 failover order 45
managing 103 live port moving 33
managing duplicate 107 name 32
mounting 108 network failover detection 45
NFS 76 notify switches 45
paths 116 number of ports 32
refresh 96 override settings 33
renaming 104 port blocking 55
review properties 83 port group type 32
storage over-subscription 121 port name format 33
unmounting 105 teaming and failover policies 45
viewing in vSphere Client 80 traffic shaping policies 54
VMFS 76 virtual machines 40
default certificates, replacing with CA-signed dvPort Groups, adding 32
certificates 174 dvPorts
delegate user 98 blocked ports 55
deployments for security failback 46
multiple customer open 195, 198 failover order 46
multiple customer restricted 196 load balancing 46
device disconnection, preventing 200 network failover detection 46
DHCP 25 notify switches 46
diagnostic partition, configuring 100 port policies 55
direct access 167 properties 33
disabling teaming and failover policies 46
cut and paste for virtual machines 199
traffic shaping policies 54
iSCSI SAN authentication 162
VLAN policies 48
logging for guest operating systems 202, 203 DVS
setgid applications 190 adding a VMkernel network adapter 36
setuid applications 190 admin contact info 31
EN-000107-00
vSphere Resource Management Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2006–2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
VMware, Inc. 3
vSphere Resource Management Guide
B Advanced Attributes 97
Set Advanced Host Attributes 97
Set Advanced Virtual Machine Attributes 99
Index 101
4 VMware, Inc.
About This Book
®
The vSphere Resource Management Guide describes resource management for vSphere environments. Its focus
is on the following major topics:
n Resource allocation and resource management concepts
n Virtual machine attributes and admission control
n Resource pools and how to manage them
® ®
n Clusters, VMware Distributed Resource Scheduler (DRS), VMware Distributed Power Management
(DPM), and how to work with them
n Advanced resource management options
n Performance considerations
® ®
The vSphere Resource Management Guide covers ESX , ESXi, and vCenter Server.
Intended Audience
This manual is for system administrators who want to understand how the system manages resources and
how they can customize the default behavior. It’s also essential for anyone who wants to understand and use
resource pools, clusters, DRS, or VMware DPM.
This manual assumes you have a working knowledge of VMware ESX and VMware ESXi and of vCenter
Server.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
vSphere Documentation
The vSphere documentation consists of the combined vCenter Server and ESX/ESXi documentation set.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
VMware, Inc. 5
vSphere Resource Management Guide
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
Getting Started with Resource
Management 1
To understand resource management, you must be aware of its components, its goals, and how best to
implement it in a cluster setting.
Resource allocation settings for a virtual machine (shares, reservation, and limit) are discussed, including how
to set them and how to view them. Also, admission control, the process whereby resource allocation settings
are validated against existing resources is explained.
The need for resource management arises from the overcommitment of resources—that is, more demand than
capacity and from the fact that demand and capacity vary over time. Resource management allows you to
dynamically reallocate resources, so that you can more efficiently use available capacity.
Resource Types
Resources include CPU, memory, power, storage, and network resources.
Resource management in this context focuses primarily on CPU and memory resources. Power resource
®
consumption can also be reduced with the VMware Distributed Power Management (DPM) feature.
NOTE ESX/ESXi manages network bandwidth and disk resources on a per-host basis, using network traffic
shaping and a proportional share mechanism, respectively.
Resource Providers
Hosts and clusters are providers of physical resources.
For hosts, available resources are the host’s hardware specification, minus the resources used by the
virtualization software.
VMware, Inc. 7
vSphere Resource Management Guide
®
A cluster is a group of hosts. You can create a cluster using VMware vCenter Server, and add multiple hosts
to the cluster. vCenter Server manages these hosts’ resources jointly: the cluster owns all of the CPU and
memory of all hosts. You can enable the cluster for joint load balancing or failover. See Chapter 5, “Creating a
DRS Cluster,” on page 43 for more information.
Resource Consumers
Virtual machines are resource consumers.
The default resource settings assigned during creation work well for most machines. You can later edit the
virtual machine settings to allocate a share-based percentage of the total CPU and memory of the resource
provider or a guaranteed reservation of CPU and memory. When you power on that virtual machine, the server
checks whether enough unreserved resources are available and allows power on only if there are enough
resources. This process is called admission control.
A resource pool is a logical abstraction for flexible management of resources. Resource pools can be grouped
into hierarchies and used to hierarchically partition available CPU and memory resources. Accordingly,
resource pools can be considered both resource providers and consumers. They provide resources to child
resource pools and virtual machines, but are also resource consumers because they consume their parents’
resources. See Chapter 4, “Managing Resource Pools,” on page 35.
An ESX/ESXi host allocates each virtual machine a portion of the underlying hardware resources based on a
number of factors:
n Total available resources for the ESX/ESXi host (or the cluster).
n Number of virtual machines powered on and resource usage by those virtual machines.
n Overhead required to manage the virtualization.
n Resource limits defined by the user.
In addition to resolving resource overcommitment, resource management can help you accomplish the
following:
n Performance Isolation—prevent virtual machines from monopolizing resources and guarantee
predictable service rates.
n Efficient Utilization—exploit undercommitted resources and overcommit with graceful degradation.
n Easy Administration—control the relative importance of virtual machines, provide flexible dynamic
partitioning, and meet absolute service-level agreements.
Use the resource allocation settings (shares, reservation, and limit) to determine the amount of CPU and
memory resources provided for a virtual machine. In particular, administrators have several options for
allocating resources.
n Reserve the physical resources of the host or cluster.
n Ensure that a certain amount of memory for a virtual machine is provided by the physical memory of the
ESX/ESXi machine.
8 VMware, Inc.
Chapter 1 Getting Started with Resource Management
n Guarantee that a particular virtual machine is always allocated a higher percentage of the physical
resources than other virtual machines.
n Set an upper bound on the resources that can be allocated to a virtual machine.
Shares are typically specified as High, Normal, or Low and these values specify share values with a 4:2:1 ratio,
respectively. You can also select Custom to assign a specific number of shares (which expresses a proportional
weight) to each virtual machine.
Specifying shares makes sense only with regard to sibling virtual machines or resource pools, that is, virtual
machines or resource pools with the same parent in the resource pool hierarchy. Siblings share resources
according to their relative share values, bounded by the reservation and limit. When you assign shares to a
virtual machine, you always specify the priority for that virtual machine relative to other powered-on virtual
machines.
The following table shows the default CPU and memory share values for a virtual machine. For resource pools,
the default CPU and memory share values are the same, but must be multiplied as if the resource pool were
a virtual machine with four VCPUs and 16 GB of memory.
High 2000 shares per virtual CPU 20 shares per megabyte of configured virtual machine
memory.
Normal 1000 shares per virtual CPU 10 shares per megabyte of configured virtual machine
memory.
Low 500 shares per virtual CPU 5 shares per megabyte of configured virtual machine
memory.
For example, an SMP virtual machine with two virtual CPUs and 1GB RAM with CPU and memory shares set to
Normal has 2x1000=2000 shares of CPU and 10x1024=10240 shares of memory.
NOTE Virtual machines with more than one virtual CPU are called SMP (symmetric multiprocessing) virtual
machines. ESX/ESXi supports up to eight virtual CPUs per virtual machine. This is also called eight-way SMP
support.
The relative priority represented by each share changes when a new virtual machine is powered on. This affects
all virtual machines in the same resource pool. All of the virtual machines have the same number of VCPUs.
Consider the following examples.
n Two CPU-bound virtual machines run on a host with 8GHz of aggregate CPU capacity. Their CPU shares
are set to Normal and get 4GHz each.
n A third CPU-bound virtual machine is powered on. Its CPU shares value is set to High, which means it
should have twice as many shares as the machines set to Normal. The new virtual machine receives 4GHz
and the two other machines get only 2GHz each. The same result occurs if the user specifies a custom
share value of 2000 for the third virtual machine.
VMware, Inc. 9
vSphere Resource Management Guide
vCenter Server or ESX/ESXi allows you to power on a virtual machine only if there are enough unreserved
resources to satisfy the reservation of the virtual machine. The server guarantees that amount even when the
physical server is heavily loaded. The reservation is expressed in concrete units (megahertz or megabytes).
For example, assume you have 2GHz available and specify a reservation of 1GHz for VM1 and 1GHz for VM2.
Now each virtual machine is guaranteed to get 1GHz if it needs it. However, if VM1 is using only 500MHz,
VM2 can use 1.5GHz.
Reservation defaults to 0. You can specify a reservation if you need to guarantee that the minimum required
amounts of CPU or memory are always available for the virtual machine.
A server can allocate more than the reservation to a virtual machine, but never allocates more than the limit,
even if there is unutilized CPU or memory on the system. The limit is expressed in concrete units (megahertz
or megabytes).
CPU and memory limit default to unlimited. When the memory limit is unlimited, the amount of memory
configured for the virtual machine when it was created becomes its effective limit in most cases.
In most cases, it is not necessary to specify a limit. There are benefits and drawbacks:
n Benefits — Assigning a limit is useful if you start with a small number of virtual machines and want to
manage user expectations. Performance deteriorates as you add more virtual machines. You can simulate
having fewer resources available by specifying a limit.
n Drawbacks — You might waste idle resources if you specify a limit. The system does not allow virtual
machines to use more resources than the limit, even when the system is underutilized and idle resources
are available. Specify the limit only if you have good reasons for doing so.
The following guidelines can help you achieve better performance for your virtual machines.
n If you expect frequent changes to the total available resources, use Shares to allocate resources fairly across
virtual machines. If you use Shares, and you upgrade the host, for example, each virtual machine stays
at the same priority (keeps the same number of shares) even though each share represents a larger amount
of memory or CPU.
n Use Reservation to specify the minimum acceptable amount of CPU or memory, not the amount you want
to have available. The host assigns additional resources as available based on the number of shares,
estimated demand, and the limit for your virtual machine. The amount of concrete resources represented
by a reservation does not change when you change the environment, such as by adding or removing
virtual machines.
n When specifying the reservations for virtual machines, do not commit all resources (plan to leave at least
10% unreserved.) As you move closer to fully reserving all capacity in the system, it becomes increasingly
difficult to make changes to reservations and to the resource pool hierarchy without violating admission
control. In a DRS-enabled cluster, reservations that fully commit the capacity of the cluster or of individual
hosts in the cluster can prevent DRS from migrating virtual machines between hosts.
10 VMware, Inc.
Chapter 1 Getting Started with Resource Management
Assume that on an ESX/ESXi host, you have created two new virtual machines—one each for your QA (VM-
QA) and Marketing (VM-Marketing) departments.
ESX/ESXi
host
VM-QA VM-Marketing
In the following example, assume that VM-QA is memory intensive and accordingly you want to change the
resource allocation settings for the two virtual machines to:
n Specify that, when system memory is overcommitted, VM-QA can use twice as much memory and CPU
as the Marketing virtual machine. Set the memory shares and CPU shares for VM-QA to High and for
VM-Marketing set them to Normal.
n Ensure that the Marketing virtual machine has a certain amount of guaranteed CPU resources. You can
do so using a reservation setting.
Procedure
2 Right-click VM-QA, the virtual machine for which you want to change shares, and select Edit Settings.
3 Select the Resources and In the CPU panel, select High from the Shares drop-down menu.
4 In the Memory panel, select High from the Shares drop-down menu.
5 Click OK.
6 Right-click the marketing virtual machine (VM-Marketing) and select Edit Settings.
7 In the CPU panel, change the value in the Reservation field to the desired number.
8 Click OK.
If you select the cluster’s Resource Allocation tab and click CPU, you should see that shares for VM-QA are
twice that of the other virtual machine. Also, because the virtual machines have not been powered on, the
Reservation Used fields have not changed.
This information can then be used to help inform your resource management decisions.
The Resource Allocation tab displays information about the CPU and memory resources in the cluster.
VMware, Inc. 11
vSphere Resource Management Guide
CPU Section
The following information about CPU resource allocation is shown:
Total Capacity Guaranteed CPU allocation, in megahertz (MHz), reserved for this object.
Reserved Capacity Number of megahertz (MHz) of the reserved allocation that this object is using.
Memory Section
The following information about memory resource allocation is shown:
Total Capacity Guaranteed memory allocation, in megabytes (MB), for this object.
Reserved Capacity Number of megabytes (MB) of the reserved allocation that this object is using.
Overhead Reservation The amount of the “Reserved Capacity” field that is being reserved for
virtualization overhead.
NOTE Reservations for the root resource pool of a cluster that is enabled for VMware HA might be larger than
the sum of the explicitly-used resources in the cluster. These reservations not only reflect the reservations for
the running virtual machines and the hierarchically-contained (child) resource pools in the cluster, but also
the reservations needed to support VMware HA failover. See the vSphere Availability Guide.
The Resource Allocation tab also displays a chart showing the resource pools and virtual machines in the DRS
cluster with the following CPU or memory usage information. To view CPU or memory information, click the
CPU button or Memory button, respectively.
Reservation - MHz Guaranteed minimum CPU allocation, in megahertz (MHz), reserved for this object.
Reservation - MB Guaranteed minimum memory allocation, in megabytes (MB), for this object.
Shares A relative metric for allocating CPU or memory capacity. The values Low, Normal, High, and
Custom are compared to the sum of all shares of all virtual machines in the enclosing resource
pool.
Worst Case Allocation The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated
resources. The values for this field must be updated manually by pressing the F5 key.
12 VMware, Inc.
Chapter 1 Getting Started with Resource Management
This Resource Allocation tab displays information about the CPU and memory resources for the selected
virtual machine.
CPU Section
These bars display the following information about host CPU usage:
Active Estimated amount of resources consumed by virtual machine if there is no resource contention. If
you have set an explicit limit, this amount does not exceed that limit.
Worst Case The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
Allocation configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated resources.
Memory Section
These bars display the following information about host memory usage:
Consumed Actual consumption of physical memory that has been allocated to the virtual machine.
Overhead Amount of consumed memory being used for virtualization purposes. Overhead Consumption is
Consumption included in the amount shown in Consumed.
These bars display the following information about guest memory usage:
Private Amount of memory backed by host memory and not being shared.
VMware, Inc. 13
vSphere Resource Management Guide
Worst Case The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
Allocation configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated resources.
Overhead The amount of memory that is being reserved for virtualization overhead.
Reservation
Admission Control
When you power on a virtual machine, the system checks the amount of CPU and memory resources that have
not yet been reserved. Based on the available unreserved resources, the system determines whether it can
guarantee the reservation for which the virtual machine is configured (if any). This process is called admission
control.
If enough unreserved CPU and memory are available, or if there is no reservation, the virtual machine is
powered on. Otherwise, an Insufficient Resources warning appears.
NOTE In addition to the user-specified memory reservation, for each virtual machine there is also an amount
of overhead memory. This extra memory commitment is included in the admission control calculation.
When the VMware DPM feature is enabled, hosts might be placed in standby mode (that is, powered off) to
reduce power consumption. The unreserved resources provided by these hosts are considered available for
admission control. If a virtual machine cannot be powered on without these resources, a recommendation to
power on sufficient standby hosts is made.
14 VMware, Inc.
Managing CPU Resources 2
ESX/ESXi hosts support CPU virtualization.
When you utilize CPU virtualization, you should understand how it works, its different types, and processor-
specific behavior. Also, you need to be aware of the performance implications of CPU virtualization.
CPU virtualization is not the same thing as emulation. With emulation, all operations are run in software by
an emulator. A software emulator allows programs to run on a computer system other than the one for which
they were originally written. The emulator does this by emulating, or reproducing, the original computer’s
behavior by accepting the same data or inputs and achieving the same results. Emulation provides portability
and runs software designed for one platform across several platforms.
When CPU resources are overcommitted, the ESX/ESXi host time-slices the physical processors across all
virtual machines so each virtual machine runs as if it has its specified number of virtual processors. When an
ESX/ESXi host runs multiple virtual machines, it allocates to each virtual machine a share of the physical
resources. With the default resource allocation settings, all virtual machines associated with the same host
receive an equal share of CPU per virtual CPU. This means that a single-processor virtual machines is assigned
only half of the resources of a dual-processor virtual machine.
The translated code is slightly larger and usually executes more slowly than the native version. As a result,
guest programs, which have a small privileged code component, run with speeds very close to native. Programs
with a significant privileged code component, such as system calls, traps, or page table updates can run slower
in the virtualized environment.
VMware, Inc. 15
vSphere Resource Management Guide
When using this assistance, the guest can use a separate mode of execution called guest mode. The guest code,
whether application code or privileged code, runs in the guest mode. On certain events, the processor exits
out of guest mode and enters root mode. The hypervisor executes in the root mode, determines the reason for
the exit, takes any required actions, and restarts the guest in guest mode.
When you use hardware assistance for virtualization, there is no need to translate the code. As a result, system
calls or trap-intensive workloads run very close to native speed. Some workloads, such as those involving
updates to page tables, lead to a large number of exits from guest mode to root mode. Depending on the number
of such exits and total time spent in exits, this can slow down execution significantly.
Processor models might differ in the CPU features they offer, and applications running in the virtual machine
®
can make use of these features. Therefore, it is not possible to use VMotion to migrate virtual machines
between systems running on processors with different feature sets. You can avoid this restriction, in some
cases, by using Enhanced VMotion Compatibility (EVC) with processors that support this feature. See Basic
System Administration for more information.
An application is CPU-bound if it spends most of its time executing instructions rather than waiting for external
events such as user interaction, device input, or data retrieval. For such applications, the CPU virtualization
overhead includes the additional instructions that must be executed. This overhead takes CPU processing time
that the application itself can use. CPU virtualization overhead usually translates into a reduction in overall
performance.
For applications that are not CPU-bound, CPU virtualization likely translates into an increase in CPU use. If
spare CPU capacity is available to absorb the overhead, it can still deliver comparable performance in terms
of overall throughput.
ESX/ESXi supports up to eight virtual processors (CPUs) for each virtual machine.
NOTE Deploy single-threaded applications on uniprocessor virtual machines, instead of on SMP virtual
machines, for the best performance and resource use.
Single-threaded applications can take advantage only of a single CPU. Deploying such applications in dual-
processor virtual machines does not speed up the application. Instead, it causes the second virtual CPU to use
physical resources that other virtual machines could otherwise use.
When a virtual machine is scheduled, its virtual processors are scheduled to run on physical processors. The
VMkernel Resource Manager schedules the virtual CPUs on physical CPUs, thereby managing the virtual
machine’s access to physical CPU resources. ESX/ESXi supports virtual machines with up to eight virtual
processors.
16 VMware, Inc.
Chapter 2 Managing CPU Resources
Procedure
1 In the vSphere Client, select the host and click the Configuration tab.
2 Select Processors.
You can view the information about the number and type of physical processors and the number of logical
processors.
NOTE In hyperthreaded systems, each hardware thread is a logical processor. For example, a dual-core
processor with hyperthreading enabled has two cores and four logical processors.
Multicore Processors
Multicore processors provide many advantages for an ESX/ESXi host performing multitasking of virtual
machines.
Intel and AMD have each developed processors which combine two or more processor cores into a single
integrated circuit (often called a package or socket). VMware uses the term socket to describe a single package
which can have one or more processor cores with one or more logical processors in each core.
A dual-core processor, for example, can provide almost double the performance of a single-core processor, by
allowing two virtual CPUs to execute at the same time. Cores within the same processor are typically
configured with a shared last-level cache used by all cores, potentially reducing the need to access slower main
memory. A shared memory bus that connects a physical processor to main memory can limit performance of
its logical processors if the virtual machines running on them are running memory-intensive workloads which
compete for the same memory bus resources.
Each logical processor of each processor core can be used independently by the ESX CPU scheduler to execute
virtual machines, providing capabilities similar to SMP systems. For example, a two-way virtual machine can
have its virtual processors running on logical processors that belong to the same core, or on logical processors
on different physical cores.
The ESX CPU scheduler can detect the processor topology and the relationships between processor cores and
the logical processors on them. It uses this information to schedule virtual machines and optimize performance.
VMware, Inc. 17
vSphere Resource Management Guide
The ESX CPU scheduler can interpret processor topology, including the relationship between sockets, cores,
and logical processors. The scheduler uses topology information to optimize the placement of virtual CPUs
onto different sockets to maximize overall cache utilization, and to improve cache affinity by minimizing
virtual CPU migrations.
In undercommitted systems, the ESX CPU scheduler spreads load across all sockets by default. This improves
performance by maximizing the aggregate amount of cache available to the running virtual CPUs. As a result,
the virtual CPUs of a single SMP virtual machine are spread across multiple sockets (unless each socket is also
a NUMA node, in which case the NUMA scheduler restricts all the virtual CPUs of the virtual machine to
reside on the same socket.)
In some cases, such as when an SMP virtual machine exhibits significant data sharing between its virtual CPUs,
this default behavior might be sub-optimal. For such workloads, it can be beneficial to schedule all of the virtual
CPUs on the same socket, with a shared last-level cache, even when the ESX/ESXi host is undercommitted. In
such scenarios, you can override the default behavior of spreading virtual CPUs across packages by including
the following configuration option in the virtual machine's .vmx configuration file:
sched.cpu.vsmpConsolidate="TRUE".
Hyperthreading
Hyperthreading technology allows a single physical processor core to behave like two logical processors. The
processor can run two independent applications at the same time. To avoid confusion between logical and
physical processors, Intel refers to a physical processor as a socket, and the discussion in this chapter uses that
terminology as well.
Intel Corporation developed hyperthreading technology to enhance the performance of its Pentium IV and
Xeon processor lines. Hyperthreading technology allows a single processor core to execute two independent
threads simultaneously.
While hyperthreading does not double the performance of a system, it can increase performance by better
utilizing idle resources leading to greater throughput for certain important workload types. An application
running on one logical processor of a busy core can expect slightly more than half of the throughput that it
obtains while running alone on a non-hyperthreaded processor. Hyperthreading performance improvements
are highly application-dependent, and some applications might see performance degradation with
hyperthreading because many processor resources (such as the cache) are shared between logical processors.
NOTE On processors with Intel Hyper-Threading technology, each core can have two logical processors which
share most of the core's resources, such as memory caches and functional units. Such logical processors are
usually called threads.
Many processors do not support hyperthreading and as a result have only one thread per core. For such
processors, the number of cores also matches the number of logical processors. The following processors
support hyperthreading and have two threads per core.
n Processors based on the Intel Xeon 5500 processor microarchitecture.
n Intel Pentium 4 (HT-enabled)
n Intel Pentium EE 840 (HT-enabled)
ESX/ESXi hosts manage processor time intelligently to guarantee that load is spread smoothly across processor
cores in the system. Logical processors on the same core have consecutive CPU numbers, so that CPUs 0 and
1 are on the first core together, CPUs 2 and 3 are on the second core, and so on. Virtual machines are
preferentially scheduled on two different cores rather than on two logical processors on the same core.
18 VMware, Inc.
Chapter 2 Managing CPU Resources
If there is no work for a logical processor, it is put into a halted state, which frees its execution resources and
allows the virtual machine running on the other logical processor on the same core to use the full execution
resources of the core. The VMware scheduler properly accounts for this halt time, and charges a virtual machine
running with the full resources of a core more than a virtual machine running on a half core. This approach to
processor management ensures that the server does not violate any of the standard ESX/ESXi resource
allocation rules.
Consider your resource management needs before you enable CPU affinity on hosts using hyperthreading.
For example, if you bind a high priority virtual machine to CPU 0 and another high priority virtual machine
to CPU 1, the two virtual machines have to share the same physical core. In this case, it can be impossible to
meet the resource demands of these virtual machines. Ensure that any custom affinity settings make sense for
a hyperthreaded system.
Enable Hyperthreading
To enable hyperthreading you must first enable it in your system's BIOS settings and then turn it on in the
vSphere Client. Hyperthreading is enabled by default.
Some Intel processors, for example Xeon 5500 processors or those based on the P4 microarchitecture, support
hyperthreading. Consult your system documentation to determine whether your CPU supports
hyperthreading. ESX/ESXi cannot enable hyperthreading on a system with more than 32 physical cores,
because ESX/ESXi has a logical limit of 64 CPUs.
Procedure
Some manufacturers label this option Logical Processor, while others call it Enable Hyperthreading.
3 Make sure that you turn on hyperthreading for your ESX/ESXi host.
a In the vSphere Client, select the host and click the Configuration tab.
c In the dialog box, you can view hyperthreading status and turn hyperthreading off or on (default).
Two virtual CPUs share a core if they are running on logical CPUs of the core at the same time. You can set
this for individual virtual machines.
Procedure
1 In the vSphere Client inventory panel, right-click the virtual machine and select Edit Settings.
3 Select a hyperthreading mode for this virtual machine from the Mode drop-down menu.
You can set the Hyperthreaded Core Sharing Mode for a virtual machine using the vSphere Client.
VMware, Inc. 19
vSphere Resource Management Guide
Any The default for all virtual machines on a hyperthreaded system. The virtual CPUs of a virtual machine
with this setting can freely share cores with other virtual CPUs from this or any other virtual machine at
any time.
None Virtual CPUs of a virtual machine should not share cores with each other or with virtual CPUs from other
virtual machines. That is, each virtual CPU from this virtual machine should always get a whole core to
itself, with the other logical CPU on that core being placed into the halted state.
Internal This option is similar to none. Virtual CPUs from this virtual machine cannot share cores with virtual
CPUs from other virtual machines. They can share cores with the other virtual CPUs from the same virtual
machine.
You can select this option only for SMP virtual machines. If applied to a uniprocessor virtual machine,
the system changes this option to none.
These options have no effect on fairness or CPU time allocation. Regardless of a virtual machine’s
hyperthreading settings, it still receives CPU time proportional to its CPU shares, and constrained by its CPU
reservation and CPU limit values.
For typical workloads, custom hyperthreading settings should not be necessary. The options can help in case
of unusual workloads that interact badly with hyperthreading. For example, an application with cache
thrashing problems might slow down an application sharing its physical core. You can place the virtual
machine running the application in the none or internal hyperthreading status to isolate it from other virtual
machines.
If a virtual CPU has hyperthreading constraints that do not allow it to share a core with another virtual CPU,
the system might deschedule it when other virtual CPUs are entitled to consume processor time. Without the
hyperthreading constraints, you can schedule both virtual CPUs on the same core.
The problem becomes worse on systems with a limited number of cores (per virtual machine). In such cases,
there might be no core to which the virtual machine that is descheduled can be migrated. As a result, virtual
machines with hyperthreading set to none or internal can experience performance degradation, especially on
systems with a limited number of cores.
Quarantining
In certain rare circumstances, an ESX/ESXi host might detect that an application is interacting badly with the
Pentium IV hyperthreading technology (this does not apply to systems based on the Intel Xeon 5500 processor
microarchitecture). In such cases, quarantining, which is transparent to the user, might be necessary.
Certain types of self-modifying code, for example, can disrupt the normal behavior of the Pentium IV trace
cache and can lead to substantial slowdowns (up to 90 percent) for an application sharing a core with the
problematic code. In those cases, the ESX/ESXi host quarantines the virtual CPU running this code and places
its virtual machine in the none or internal mode, as appropriate.
Set the Cpu.MachineClearThreshold advanced setting for the host to 0 to disable quarantining.
In this context, the term CPU refers to a logical processor on a hyperthreaded system, but refers to a core on a
non-hyperthreaded system.
The CPU affinity setting for a virtual machine applies not only to all of the virtual CPUs associated with the
virtual machine, but also to all other threads (also known as worlds) associated with the virtual machine. Such
virtual machine threads perform processing required for emulating mouse, keyboard, screen, CD-ROM and
miscellaneous legacy devices.
20 VMware, Inc.
Chapter 2 Managing CPU Resources
In some cases, such as display-intensive workloads, significant communication might occur between the virtual
CPUs and these other virtual machine threads. Performance might degrade if the virtual machine's affinity
setting prevents these additional threads from being scheduled concurrently with the virtual machine's virtual
CPUs (for example, a uniprocessor virtual machine with affinity to a single CPU, or a two-way SMP virtual
machine with affinity to only two CPUs).
For the best performance, when you use manual affinity settings, VMware recommends that you include at
least one additional physical CPU in the affinity setting to allow at least one of the virtual machine's threads
to be scheduled at the same time as its virtual CPUs (for example, a uniprocessor virtual machine with affinity
to at least two CPUs or a two-way SMP virtual machine with affinity to at least three CPUs).
NOTE CPU affinity specifies virtual machine-to-processor placement constraints and is different from the
affinity based on DRS rules, which specifies virtual machine-to-virtual machine host placement constraints.
Procedure
1 In the vSphere Client inventory panel, select a virtual machine and select Edit Settings.
4 Select the processors on which you want the virtual machine to run and click OK.
Virtual machines that do not have manual affinity settings are not adversely affected by virtual machines
with manual affinity settings.
n When you move a virtual machine from one host to another, affinity might no longer apply because the
new host might have a different number of processors.
n The NUMA scheduler might not be able to manage a virtual machine that is already assigned to certain
processors using affinity.
n Affinity can affect an ESX/ESXi host's ability to schedule virtual machines on multicore or hyperthreaded
processors to take full advantage of resources shared on such processors.
VMware, Inc. 21
vSphere Resource Management Guide
ESX/ESXi supports the Enhanced Intel SpeedStep and Enhanced AMD PowerNow! CPU power management
technologies. For the VMkernel to take advantage of the power management capabilities provided by these
technologies, you might need to first enable power management, sometimes referred to as Demand-Based
Switching (DBS), in the BIOS.
To set the CPU power management policy, use the advanced host attribute Power.CpuPolicy. This attribute
setting is saved in the host configuration and can be used again at boot time, but it can be changed at any time
and does not require a server reboot. You can set this attribute to the following values.
static The default. The VMkernel can detect power management features available
on the host but does not actively use them unless requested by the BIOS for
power capping or thermal events.
dynamic The VMkernel optimizes each CPU's frequency to match demand in order to
improve power efficiency but not affect performance. When CPU demand
increases, this policy setting ensures that CPU frequencies also increase.
22 VMware, Inc.
Managing Memory Resources 3
All modern operating systems provide support for virtual memory, allowing software to use more memory
than the machine physically has. Similarly, the ESX/ESXi hypervisor provides support for overcommitting
virtual machine memory, where the amount of guest memory configured for all virtual machines might be
larger than the amount of physical host memory.
If you intend to use memory virtualization, you should understand how ESX/ESXi hosts allocate, tax, and
reclaim memory. Also, you need to be aware of the memory overhead incurred by virtual machines.
The VMkernel manages all machine memory. (An exception to this is the memory that is allocated to the service
console in ESX.) The VMkernel dedicates part of this managed machine memory for its own use. The rest is
available for use by virtual machines. Virtual machines use machine memory for two purposes: each virtual
machine requires its own memory and the VMM requires some memory and a dynamic overhead memory for
its code and data.
The virtual memory space is divided into blocks, typically 4KB, called pages. The physical memory is also
divided into blocks, also typically 4KB. When physical memory is full, the data for virtual pages that are not
present in physical memory are stored on disk. ESX/ESXi also provides support for large pages (2 MB). See
“Advanced Memory Attributes,” on page 98.
Configured Size
The configured size is a construct maintained by the virtualization layer for the virtual machine. It is the amount
of memory that is presented to the guest operating system, but it is independent of the amount of physical
RAM that is allocated to the virtual machine, which depends on the resource settings (shares, reservation, limit)
explained below.
VMware, Inc. 23
vSphere Resource Management Guide
For example, consider a virtual machine with a configured size of 1GB. When the guest operating system boots,
it detects that it is running on a dedicated machine with 1GB of physical memory. The actual amount of physical
host memory allocated to the virtual machine depends on its memory resource settings and memory contention
on the ESX/ESXi host. In some cases, the virtual machine might be allocated the full 1GB. In other cases, it
might receive a smaller allocation. Regardless of the actual allocation, the guest operating system continues to
behave as though it is running on a dedicated machine with 1GB of physical memory.
Shares Specify the relative priority for a virtual machine if more than the reservation
is available.
Reservation Is a guaranteed lower bound on the amount of physical memory that the host
reserves for the virtual machine, even when memory is overcommitted. Set the
reservation to a level that ensures the virtual machine has sufficient memory
to run efficiently, without excessive paging.
After a virtual machine has accessed its full reservation, it is allowed to retain
that amount of memory and this memory is not reclaimed, even if the virtual
machine becomes idle. For example, some guest operating systems (for
example, Linux) might not access all of the configured memory immediately
after booting. Until the virtual machines accesses its full reservation, VMkernel
can allocate any unused portion of its reservation to other virtual machines.
However, after the guest’s workload increases and it consumes its full
reservation, it is allowed to keep this memory.
Limit Is an upper bound on the amount of physical memory that the host can allocate
to the virtual machine. The virtual machine’s memory allocation is also
implicitly limited by its configured size.
Overhead memory includes space reserved for the virtual machine frame
buffer and various virtualization data structures.
Memory Overcommitment
For each running virtual machine, the system reserves physical memory for the virtual machine’s reservation
(if any) and for its virtualization overhead.
Because of the memory management techniques the ESX/ESXi host uses, your virtual machines can use more
memory than the physical machine (the host) has available. For example, you can have a host with 2GB memory
and run four virtual machines with 1GB memory each. In that case, the memory is overcommitted.
Overcommitment makes sense because, typically, some virtual machines are lightly loaded while others are
more heavily loaded, and relative activity levels vary over time.
To improve memory utilization, the ESX/ESXi host transfers memory from idle virtual machines to virtual
machines that need more memory. Use the Reservation or Shares parameter to preferentially allocate memory
to important virtual machines. This memory remains available to other virtual machines if it is not in use.
Memory Sharing
Many workloads present opportunities for sharing memory across virtual machines.
For example, several virtual machines might be running instances of the same guest operating system, have
the same applications or components loaded, or contain common data. ESX/ESXi systems use a proprietary
page-sharing technique to securely eliminate redundant copies of memory pages.
With memory sharing, a workload consisting of multiple virtual machines often consumes less memory than
it would when running on physical machines. As a result, the system can efficiently support higher levels of
overcommitment.
24 VMware, Inc.
Chapter 3 Managing Memory Resources
The amount of memory saved by memory sharing depends on workload characteristics. A workload of many
nearly identical virtual machines might free up more than thirty percent of memory, while a more diverse
workload might result in savings of less than five percent of memory.
Each virtual machine sees a contiguous, zero-based, addressable physical memory space. The underlying
machine memory on the server used by each virtual machine is not necessarily contiguous.
n The VMM intercepts virtual machine instructions that manipulate guest operating system memory
management structures so that the actual memory management unit (MMU) on the processor is not
updated directly by the virtual machine.
n The ESX/ESXi host maintains the virtual-to-machine page mappings in a shadow page table that is kept
up to date with the physical-to-machine mappings (maintained by the VMM).
n The shadow page tables are used directly by the processor's paging hardware.
This approach to address translation allows normal memory accesses in the virtual machine to execute without
adding address translation overhead, after the shadow page tables are set up. Because the translation look-
aside buffer (TLB) on the processor caches direct virtual-to-machine mappings read from the shadow page
tables, no additional overhead is added by the VMM to access the memory.
Performance Considerations
The use of two-page tables has these performance implications.
n No overhead is incurred for regular guest memory accesses.
n Additional time is required to map memory within a virtual machine, which might mean:
n The virtual machine operating system is setting up or updating virtual address to physical address
mappings.
n The virtual machine operating system is switching from one address space to another (context switch).
n Like CPU virtualization, memory virtualization overhead depends on workload.
The first layer of page tables stores guest virtual-to-physical translations, while the second layer of page tables
stores guest physical-to-machine translation. The TLB (translation look-aside buffer) is a cache of translations
maintained by the processor's memory management unit (MMU) hardware. A TLB miss is a miss in this cache
and the hardware needs to go to memory (possibly many times) to find the required translation. For a TLB
miss to a certain guest virtual address, the hardware looks at both page tables to translate guest virtual address
to host physical address.
The diagram in Figure 3-1 illustrates the ESX/ESXi implementation of memory virtualization.
VMware, Inc. 25
vSphere Resource Management Guide
a b b c machine memory
n The boxes represent pages, and the arrows show the different memory mappings.
n The arrows from guest virtual memory to guest physical memory show the mapping maintained by the
page tables in the guest operating system. (The mapping from virtual memory to linear memory for x86-
architecture processors is not shown.)
n The arrows from guest physical memory to machine memory show the mapping maintained by the VMM.
n The dashed arrows show the mapping from guest virtual memory to machine memory in the shadow
page tables also maintained by the VMM. The underlying processor running the virtual machine uses the
shadow page table mappings.
Because of the extra level of memory mapping introduced by virtualization, ESX/ESXi can effectively manage
memory across all virtual machines. Some of the physical memory of a virtual machine might be mapped to
shared pages or to pages that are unmapped, or swapped out.
An ESX/ESXi host performs virtual memory management without the knowledge of the guest operating system
and without interfering with the guest operating system’s own memory management subsystem.
Performance Considerations
When you use hardware assistance, you eliminate the overhead for software memory virtualization. In
particular, hardware assistance eliminates the overhead required to keep shadow page tables in
synchronization with guest page tables. However, the TLB miss latency when using hardware assistance is
significantly higher. As a result, whether or not a workload benefits by using hardware assistance primarily
depends on the overhead the memory virtualization causes when using software memory virtualization. If a
workload involves a small amount of page table activity (such as process creation, mapping the memory, or
context switches), software virtualization does not cause significant overhead. Conversely, workloads with a
large amount of page table activity are likely to benefit from hardware assistance.
When administering memory resources, you can specify memory allocation. If you do not customize memory
allocation, the ESX/ESXi host uses defaults that work well in most situations.
26 VMware, Inc.
Chapter 3 Managing Memory Resources
You can view the information about the total memory and memory available to virtual machines. In ESX, you
can also view memory assigned to the service console.
Procedure
1 In the vSphere Client, select a host and click the Configuration tab.
2 Click Memory.
You can view the information shown in “Host Memory Information,” on page 27.
Virtual Machines Memory used by virtual machines running on the selected host.
Most of the host’s memory is used for running virtual machines. An ESX/ESXi host manages the
allocation of this memory to virtual machines based on administrative parameters and system
load.
The amount of physical memory the virtual machines can use is always less than what is in the
physical host because the virtualization layer takes up some resources. For example, a host with
a dual 3.2GHz CPU and 2GB of memory might make 6GHz of CPU power and 1.5GB of memory
available for use by virtual machines.
VMware, Inc. 27
vSphere Resource Management Guide
ESX/ESXi memory virtualization adds little time overhead to memory accesses. Because the processor's paging
hardware uses page tables (shadow page tables for software-based approach or nested page tables for
hardware-assisted approach) directly, most memory accesses in the virtual machine can execute without
address translation overhead.
For ESX, the service console typically uses 272MB and the VMkernel uses a smaller amount of memory. The
amount depends on the number and size of the device drivers that are being used.
Overhead memory includes space reserved for the virtual machine frame buffer and various virtualization
data structures, such as shadow page tables. Overhead memory depends on the number of virtual CPUs and
the configured memory for the guest operating system.
ESX/ESXi also provides optimizations such as memory sharing to reduce the amount of physical memory used
on the underlying server. These optimizations can save more memory than is taken up by the overhead.
Table 3-2 lists the overhead memory (in MB) for each number of VCPUs.
For example, a 1GB virtual machine might have the default limit (unlimited) or a user-specified limit (for
example 2GB). In both cases, the ESX/ESXi host never allocates more than 1GB, the physical memory size that
was specified for it.
When memory is overcommitted, each virtual machine is allocated an amount of memory somewhere between
what is specified by Reservation and what is specified by Limit. The amount of memory granted to a virtual
machine above its reservation usually varies with the current memory load.
28 VMware, Inc.
Chapter 3 Managing Memory Resources
An ESX/ESXi host determines allocations for each virtual machine based on the number of shares allocated to
it and an estimate of its recent working set size.
n Shares — ESX/ESXi hosts use a modified proportional-share memory allocation policy. Memory shares
entitle a virtual machine to a fraction of available physical memory.
n Working set size —ESX/ESXi hosts estimate the working set for a virtual machine by monitoring memory
activity over successive periods of virtual machine execution time. Estimates are smoothed over several
time periods using techniques that respond rapidly to increases in working set size and more slowly to
decreases in working set size.
This approach ensures that a virtual machine from which idle memory is reclaimed can ramp up quickly
to its full share-based allocation when it starts using its memory more actively.
Memory activity is monitored to estimate the working set sizes for a default period of 60 seconds. To
modify this default , adjust the Mem.SamplePeriod advanced setting. See “Set Advanced Host Attributes,”
on page 97.
The idle memory tax is applied in a progressive fashion. The effective tax rate increases as the ratio of idle
memory to active memory for the virtual machine rises. (In earlier versions of ESX which did not support
hierarchical resource pools, all idle memory for a virtual machine was taxed equally).
The Mem.IdleTax advanced setting allows you to modify the idle memory tax rate. Use this option, together
with the Mem.SamplePeriod advanced attribute, to control how the system determines target memory
allocations for virtual machines. See “Set Advanced Host Attributes,” on page 97.
NOTE In most cases, changes to Mem.IdleTax are not necessary or even appropriate.
Memory Reclamation
ESX/ESXi hosts can reclaim memory from virtual machines.
An ESX/ESXi host allocates the amount of memory specified by a reservation directly to a virtual machine.
Anything beyond the reservation is allocated using the host's physical resources or, when physical resources
are not available, handled using special techniques such as ballooning or swapping. Hosts can use two
techniques for dynamically expanding or contracting the amount of memory allocated to virtual machines.
n ESX/ESXi systems use a memory balloon driver (vmmemctl), loaded into the guest operating system
running in a virtual machine. See “Memory Balloon Driver,” on page 29.
n ESX/ESXi systems page from a virtual machine to a server swap file without any involvement by the guest
operating system. Each virtual machine has its own swap file.
VMware, Inc. 29
vSphere Resource Management Guide
memory
swap space
memory
swap space
memory
NOTE You must configure the guest operating system with sufficient swap space. Some guest operating
systems have additional limitations.
If necessary, you can limit the amount of memory vmmemctl reclaims by setting the sched.mem.maxmemctl
parameter for a specific virtual machine. This option specifies the maximum amount of memory that can be
reclaimed from a virtual machine in megabytes (MB). See “Set Advanced Virtual Machine Attributes,” on
page 99.
ESX/ESXi hosts use swapping to forcibly reclaim memory from a virtual machine when the vmmemctl driver is
not available or is not responsive.
n It was never installed.
n It is explicitly disabled.
n It is not running (for example, while the guest operating system is booting).
n It is temporarily unable to reclaim memory quickly enough to satisfy current system demands.
n It is functioning properly, but maximum balloon size is reached.
Standard demand-paging techniques swap pages back in when the virtual machine needs them.
NOTE For optimum performance, ESX/ESXi hosts use the ballooning approach (implemented by the vmmemctl
driver) whenever possible. Swapping is a reliable mechanism of last resort that a host uses only when necessary
to reclaim memory.
30 VMware, Inc.
Chapter 3 Managing Memory Resources
By default, the swap file is created in the same location as the virtual machine's configuration file.
A swap file is created by the ESX/ESXi host when a virtual machine is powered on. If this file cannot be created,
the virtual machine cannot power on. Instead of accepting the default, you can also:
n Use per-virtual machine configuration options to change the datastore to another shared storage location.
n Use host-local swap, which allows you to specify a datastore stored locally on the host. This allows you
to swap at a per-host level, saving space on the SAN. However, it can lead to a slight degradation in
performance for VMware VMotion because pages swapped to a local swap file on the source host must
be transferred across the network to the destination host.
Host-local swap allows you to specify a datastore stored locally on the host as the swap file location. You can
enable host-local swap for a DRS cluster.
Procedure
1 Right-click the cluster in the vSphere Client inventory panel and click Edit Settings.
2 In the left pane of the cluster Settings dialog box, click Swapfile Location.
3 Select the Store the swapfile in the datastore specified by the host option and click OK.
4 Select one of the cluster’s hosts in the vSphere Client inventory panel and click the Configuration tab.
7 From the list provided, select the local datastore to use and click OK.
Host-local swap allows you to specify a datastore stored locally on the host as the swap file location. You can
enable host-local swap for a standalone host.
Procedure
1 Select the host in the vSphere Client inventory panel and click the Configuration tab.
3 In the Swapfile location tab of the Virtual Machine Swapfile Location dialog box, select Store the swapfile
in the swapfile datastore.
5 From the list provided, select the local datastore to use and click OK.
You must reserve swap space for any unreserved virtual machine memory (the difference between the
reservation and the configured memory size) on per-virtual machine swap files.
This swap reservation is required to ensure that the ESX/ESXi host is able to preserve virtual machine memory
under any circumstances. In practice, only a small fraction of the host-level swap space might be used.
VMware, Inc. 31
vSphere Resource Management Guide
If you are overcommitting memory with ESX/ESXi, to support the intra-guest swapping induced by ballooning,
ensure that your guest operating systems also have sufficient swap space. This guest-level swap space must
be greater than or equal to the difference between the virtual machine’s configured memory size and its
Reservation.
CAUTION If memory is overcommitted, and the guest operating system is configured with insufficient swap
space, the guest operating system in the virtual machine can fail.
To prevent virtual machine failure, increase the size of the swap space in your virtual machines.
n Windows guest operating systems— Windows operating systems refer to their swap space as paging files.
Some Windows operating systems try to increase the size of paging files automatically, if there is sufficient
free disk space.
See your Microsoft Windows documentation or search the Windows help files for “paging files.” Follow
the instructions for changing the size of the virtual memory paging file.
n Linux guest operating system — Linux operating systems refer to their swap space as swap files. For
information on increasing swap files, see the following Linux man pages:
n mkswap — Sets up a Linux swap area.
Guest operating systems with a lot of memory and small virtual disks (for example, a virtual machine with
8GB RAM and a 2GB virtual disk) are more susceptible to having insufficient swap space.
If an ESX/ESXi host fails, and that host had running virtual machines that were using swap files, those swap
files continue to exist and take up disk space even after the ESX/ESXi host restarts. These swap files can consume
many gigabytes of disk space so ensure that you delete them properly.
Procedure
1 Restart the virtual machine that was on the host that failed.
For example, several virtual machines might be running instances of the same guest operating system, have
the same applications or components loaded, or contain common data. In such cases, an ESX/ESXi host uses a
proprietary transparent page sharing technique to securely eliminate redundant copies of memory pages. With
memory sharing, a workload running in virtual machines often consumes less memory than it would when
running on physical machines. As a result, higher levels of overcommitment can be supported efficiently.
Use the Mem.ShareScanTime and Mem.ShareScanGHz advanced settings to control the rate at which the system
scans memory to identify opportunities for sharing memory.
You can also disable sharing for individual virtual machines by setting the sched.mem.pshare.enable option to
FALSE (this option defaults to TRUE). See “Set Advanced Virtual Machine Attributes,” on page 99.
ESX/ESXi memory sharing runs as a background activity that scans for sharing opportunities over time. The
amount of memory saved varies over time. For a fairly constant workload, the amount generally increases
slowly until all sharing opportunities are exploited.
32 VMware, Inc.
Chapter 3 Managing Memory Resources
To determine the effectiveness of memory sharing for a given workload, try running the workload, and use
resxtop or esxtop to observe the actual savings. Find the information in the PSHARE field of the interactive mode
in the Memory page.
Some of these memory metrics measure guest physical memory while other metrics measure machine memory.
For instance, two types of memory usage that you can examine using performance metrics are guest physical
memory and machine memory. You measure guest physical memory using the Memory Granted metric (for
a virtual machine) or Memory Shared (for an ESX/ESXi host). To measure machine memory, however, use
Memory Consumed (for a virtual machine) or Memory Shared Common (for an ESX/ESXi host). Understanding
the conceptual difference between these types of memory usage is important for knowing what these metrics
are measuring and how to interpret them.
The VMkernel maps guest physical memory to machine memory, but they are not always mapped one-to-one.
Multiple regions of guest physical memory might be mapped to the same region of machine memory (in the
case of memory sharing) or specific regions of guest physical memory might not be mapped to machine
memory (when the VMkernel swaps out or balloons guest physical memory). In these situations, calculations
of guest physical memory usage and machine memory usage for an individual virtual machine or an ESX/ESXi
host differ.
Consider the example in the following figure. Two virtual machines are running on an ESX/ESXi host. Each
block represents 4 KB of memory and each color/letter represents a different set of data on a block.
a b c d e f machine memory
The performance metrics for the virtual machines can be determined as follows:
n To determine Memory Granted (the amount of guest physical memory that is mapped to machine
memory) for virtual machine 1, count the number of blocks in virtual machine 1's guest physical memory
that have arrows to machine memory and multiply by 4 KB. Since there are five blocks with arrows,
Memory Granted would be 20 KB.
n Memory Consumed is the amount of machine memory allocated to the virtual machine, accounting for
savings from shared memory. First, count the number of blocks in machine memory that have arrows
from virtual machine 1's guest physical memory. There are three such blocks, but one block is shared with
virtual machine 2. So count two full blocks plus half of the third and multiply by 4 KB for a total of 10 KB
Memory Consumed.
The important difference between these two metrics is that Memory Granted counts the number of blocks with
arrows at the guest physical memory level and Memory Consumed counts the number of blocks with arrows
at the machine memory level. The number of blocks differs between the two levels due to memory sharing
and so Memory Granted and Memory Consumed differ. This is not problematic and shows that memory is
being saved through sharing or other reclamation techniques.
VMware, Inc. 33
vSphere Resource Management Guide
A similar result is obtained when determining Memory Shared and Memory Shared Common for the ESX/
ESXi host.
n Memory Shared for the host is the sum of each virtual machine's Memory Shared. Calculate this by looking
at each virtual machine's guest physical memory and counting the number of blocks that have arrows to
machine memory blocks that themselves have more than one arrow pointing at them. There are six such
blocks in the example, so Memory Shared for the host is 24 KB.
n Memory Shared Common is the amount of machine memory that is shared by virtual machines. To
determine this, look at the machine memory and count the number of blocks that have more than one
arrow pointing at them. There are three such blocks, so Memory Shared Common is 12 KB.
Memory Shared is concerned with guest physical memory and looks at the origin of the arrows. Memory
Shared Common, however, deals with machine memory and looks at the destination of the arrows.
The memory metrics that measure guest physical memory and machine memory might appear contradictory.
In fact, they are measuring different aspects of a virtual machine's memory usage. By understanding the
differences between these metrics, you can better utilize them to diagnose performance issues.
34 VMware, Inc.
Managing Resource Pools 4
A resource pool is a logical abstraction for flexible management of resources. Resource pools can be grouped
into hierarchies and used to hierarchically partition available CPU and memory resources.
Each standalone host and each DRS cluster has an (invisible) root resource pool that groups the resources of
that host or cluster. The root resource pool is not displayed because the resources of the host (or cluster) and
the root resource pool are always the same.
Users can create child resource pools of the root resource pool or of any user-created child resource pool. Each
child resource pool owns some of the parent’s resources and can, in turn, have a hierarchy of child resource
pools to represent successively smaller units of computational capability.
A resource pool can contain child resource pools, virtual machines, or both. You can create a hierarchy of
shared resources. The resource pools at a higher level are called parent resource pools. Resource pools and
virtual machines that are at the same level are called siblings. The cluster itself represents the root resource
pool. If you do not create child resource pools, only the root resource pools exist.
In Figure 4-1, RP-QA is the parent resource pool for RP-QA-UI. RP-Marketing and RP-QA are siblings. The
three virtual machines immediately below RP-Marketing are also siblings.
siblings
parent resource pool
child resource pool
For each resource pool, you specify reservation, limit, shares, and whether the reservation should be
expandable. The resource pool resources are then available to child resource pools and virtual machines.
VMware, Inc. 35
vSphere Resource Management Guide
This separation allows administrators to think more about aggregate computing capacity and less about
individual hosts.
n Management of sets of virtual machines running a multitier service— Group virtual machines for a
multitier service in a resource pool. You do not need to set resources on each virtual machine. Instead,
you can control the aggregate allocation of resources to the set of virtual machines by changing settings
on their enclosing resource pool.
For example, assume a host has a number of virtual machines. The marketing department uses three of the
virtual machines and the QA department uses two virtual machines. Because the QA department needs larger
amounts of CPU and memory, the administrator creates one resource pool for each group. The administrator
sets CPU Shares to High for the QA department pool and to Normal for the Marketing department pool so
that the QA department users can run automated tests. The second resource pool with fewer CPU and memory
resources is sufficient for the lighter load of the marketing staff. Whenever the QA department is not fully
using its allocation, the marketing department can use the available resources.
This scenario is shown in Figure 4-2. The numbers show the effective allocations to the resource pools.
ESX/ESXi
host
6GHz, 3GB
RP-
RP-QA 4GHz, 2GB Marketing 2GHz, 1GB
36 VMware, Inc.
Chapter 4 Managing Resource Pools
NOTE If a host has been added to a cluster, you cannot create child resource pools of that host. You can create
child resource pools of the cluster if the cluster is enabled for DRS.
When you create a child resource pool, you are prompted for resource pool attribute information. The system
uses admission control to make sure you cannot allocate resources that are not available.
Procedure
1 Select the intended parent and select File > New > Resource Pool (or click New Resource Pool in the
Commands panel of the Summary tab).
2 In the Create Resource Pool dialog box, provide the required information for your resource pool.
vCenter Server creates the resource pool and displays it in the inventory panel. A yellow triangle appears
if any of the selected values are not legal values because of limitations on total available CPU and memory.
After a resource pool has been created, you can add virtual machines to it. A virtual machine’s shares are
relative to other virtual machines (or resource pools) with the same parent resource pool.
Table 4-1 is a summary of the attributes that you can specify for a resource pool.
Shares Number of CPU or memory shares the resource pool has with respect to the parent’s total.
Sibling resource pools share resources according to their relative share values bounded
by the reservation and limit. You can select Low, Normal, or High, or select Custom to
specify a number that assigns a share value.
Reservation Guaranteed CPU or memory allocation for this resource pool. A nonzero reservation is
subtracted from the unreserved resources of the parent (host or resource pool). The
resources are considered reserved, regardless of whether virtual machines are associated
with the resource pool. Defaults to 0.
Expandable Reservation Indicates whether expandable reservations are considered during admission control. If
you power on a virtual machine in this resource pool, and the reservations of the virtual
machines combined are larger than the reservation of the resource pool, the resource pool
can use resources from its parent or ancestors if this check box is selected (the default).
Limit Upper limit for the amount of CPU or memory the host makes available to this resource
pool. Default is Unlimited. To specify a limit, deselect the Unlimited check box.
VMware, Inc. 37
vSphere Resource Management Guide
Assume that you have an ESX/ESXi host that provides 6GHz of CPU and 3GB of memory that must be shared
between your marketing and QA departments. You also want to share the resources unevenly, giving one
department (QA) a higher priority. This can be accomplished by creating a resource pool for each department
and using the Shares attribute to prioritize the allocation of resources.
The example procedure demonstrates how to create a resource pool, with the ESX/ESXi host as the parent
resource.
Procedure
1 In the Create Resource Pool dialog box, type a name for the QA department’s resource pool (for example,
RP-QA).
2 Specify Shares of High for the CPU and memory resources of RP-QA.
4 Click OK to exit.
If there is resource contention, RP-QA receives 4GHz and 2GB of memory, and RP-Marketing 2GHz and 1GB.
Otherwise, they can receive more than this allotment. Those resources are then available to the virtual machines
in the respective resource pools.
Procedure
3 In the Edit Settings dialog box, you can change all attributes of the selected resource pool.
38 VMware, Inc.
Chapter 4 Managing Resource Pools
n If the virtual machine has custom shares assigned, the share value is maintained.
NOTE Because share allocations are relative to a resource pool, you might have to manually change a
virtual machine’s shares when you move it into a resource pool so that the virtual machine’s shares are
consistent with the relative values in the new resource pool. A warning appears if a virtual machine would
receive a very large (or very small) percentage of total shares.
n The information displayed in the Resource Allocation tab about the resource pool’s reserved and
unreserved CPU and memory resources changes to reflect the reservations associated with the virtual
machine (if any).
NOTE If a virtual machine has been powered off or suspended, it can be moved but overall available
resources (such as reserved and unreserved CPU and memory) for the resource pool are not affected.
Procedure
1 Select the preexisting virtual machine from any location in the inventory.
The virtual machine can be associated with a standalone host, a cluster, or a different resource pool.
2 Drag the virtual machine (or machines) to the resource pool object you want.
If a virtual machine is powered on, and the destination resource pool does not have enough CPU or memory
to guarantee the virtual machine’s reservation, the move fails because admission control does not allow it. An
error dialog box explains the situation. The error dialog box compares available and requested resources, so
you can consider whether an adjustment might resolve the issue.
When you remove a virtual machine from a resource pool, the total number of shares associated with the
resource pool decreases, so that each remaining share represents more resources. For example, assume you
have a pool that is entitled to 6GHz, containing three virtual machines with shares set to Normal. Assuming
the virtual machines are CPU-bound, each gets an equal allocation of 2GHz. If one of the virtual machines is
moved to a different resource pool, the two remaining virtual machines each receive an equal allocation of
3GHz.
Removing a Virtual Machine from the Inventory or Deleting it from the Disk
Right-click the virtual machine and click Remove from Inventory or Delete from Disk.
You need to power off the virtual machine before you can completely remove it.
Before you power on a virtual machine or create a resource pool, check the CPU Unreserved and memory
Unreserved fields in the resource pool’s Resource Allocation tab to determine whether sufficient resources
are available.
VMware, Inc. 39
vSphere Resource Management Guide
How Unreserved CPU and memory are computed and whether actions are performed depends on the
Reservation Type.
Fixed The system checks whether the selected resource pool has sufficient unreserved resources.
If it does, the action can be performed. If it does not, a message appears and the action
cannot be performed.
Expandable The system considers the resources available in the selected resource pool and its direct
(default) parent resource pool. If the parent resource pool also has the Expandable Reservation
option selected, it can borrow resources from its parent resource pool. Borrowing resources
occurs recursively from the ancestors of the current resource pool as long as the
Expandable Reservation option is selected. Leaving this option selected offers more
flexibility, but, at the same time provides less protection. A child resource pool owner
might reserve more resources than you anticipate.
The system does not allow you to violate preconfigured Reservation or Limit settings. Each time you
reconfigure a resource pool or power on a virtual machine, the system validates all parameters so all service-
level guarantees can still be met.
Assume an administrator manages pool P, and defines two child resource pools, S1 and S2, for two different
users (or groups).
The administrator knows that users want to power on virtual machines with reservations, but does not know
how much each user will need to reserve. Making the reservations for S1 and S2 expandable allows the
administrator to more flexibly share and inherit the common reservation for pool P.
Without expandable reservations, the administrator needs to explicitly allocate S1 and S2 a specific amount.
Such specific allocations can be inflexible, especially in deep resource pool hierarchies and can complicate
setting reservations in the resource pool hierarchy.
Expandable reservations cause a loss of strict isolation. S1 can start using all of P's reservation, so that no
memory or CPU is directly available to S2.
40 VMware, Inc.
Chapter 4 Managing Resource Pools
Figure 4-3. Admission Control with Expandable Resource Pools: Successful Power-On
6GHz RP-MOM
VM-M1, 1GHz
2GHz RP-KID
Now, consider another scenario with VM-M1 and VM-M2 (shown in Figure 4-4):
n Power on two virtual machines in RP-MOM with a total reservation of 3GHz.
n You can still power on VM-K1 in RP-KID because 2GHz are available locally.
n When you try to power on VM-K2, RP-KID has no unreserved CPU capacity so it checks its parent. RP-
MOM has only 1GHz of unreserved capacity available (5GHz of RP-MOM are already in use—3GHz
reserved by the local virtual machines and 2GHz reserved by RP-KID). As a result, you cannot power on
VM-K2, which requires a 2GHz reservation.
Figure 4-4. Admission Control with Expandable Resource Pools: Power-On Prevented
6GHz RP-MOM
2GHz RP-KID
VMware, Inc. 41
vSphere Resource Management Guide
42 VMware, Inc.
Creating a DRS Cluster 5
A DRS cluster is a collection of ESX/ESXi hosts and associated virtual machines with shared resources and a
shared management interface. Before you can obtain the benefits of cluster-level resource management you
must create a DRS cluster.
When you add a host to a DRS cluster, the host’s resources become part of the cluster’s resources. In addition
to this aggregation of resources, with a DRS cluster you can support cluster-wide resource pools and enforce
cluster-level resource allocation policies. The following cluster-level resource management capabilities are also
available.
n Load Balancing — The distribution and usage of CPU and memory resources for all hosts and virtual
machines in the cluster are continuously monitored. DRS compares these metrics to an ideal resource
utilization given the attributes of the cluster’s resource pools and virtual machines, the current demand,
and the imbalance target. It then performs (or recommends) virtual machine migrations accordingly. See
“Virtual Machine Migration,” on page 45. When you first power on a virtual machine in the cluster, DRS
attempts to maintain proper load balancing by either placing the virtual machine on an appropriate host
or making a recommendation. See “Admission Control and Initial Placement,” on page 44.
n Power management— When the VMware Distributed Power Management feature is enabled, DRS
compares cluster- and host-level capacity to the demands of the cluster’s virtual machines, including recent
historical demand. It places (or recommends placing) hosts in standby power mode if sufficient excess
capacity is found or powering on hosts if capacity is needed. Depending on the resulting host power state
recommendations, virtual machines might need to be migrated to and from the hosts as well. See
“Managing Power Resources,” on page 60.
n DRS Rules—You can control the placement of virtual machines on hosts within a cluster, by assigning
DRS (affinity or anti-affinity) rules. See “Using DRS Rules,” on page 51.
VMware, Inc. 43
vSphere Resource Management Guide
If the cluster does not have sufficient resources to power on a single virtual machine, or any of the virtual
machines in a group power-on attempt, a message appears. Otherwise, for each virtual machine, DRS generates
a recommendation of a host on which to run the virtual machine and takes one of the following actions
n Automatically executes the placement recommendation.
n Displays the placement recommendation, which the user can then choose to accept or override.
NOTE No initial placement recommendations are given for virtual machines on standalone hosts or in
non-DRS clusters. When powered on, they are placed on the host where they currently reside.
For more information about DRS recommendations and applying them, see “DRS Recommendations Page,”
on page 67.
When you power on a single virtual machine, you have two types of initial placement recommendations:
n A single virtual machine is being powered on and no prerequisite steps are needed.
The user is presented with a list of mutually exclusive initial placement recommendations for the virtual
machine. You can select only one.
n A single virtual machine is being powered on, but prerequisite actions are required.
These actions include powering on a host in standby mode or the migration of other virtual machines from
one host to another. In this case, the recommendations provided have multiple lines, showing each of the
prerequisite actions. The user can either accept this entire recommendation or cancel powering on the
virtual machine.
Group Power On
You can attempt to power on multiple virtual machines at the same time (group power on).
Virtual machines selected for a group power-on attempt do not have to be in the same DRS cluster. They can
be selected across clusters but must be within the same datacenter. It is also possible to include virtual machines
located in non-DRS clusters or on standalone hosts. These are powered on automatically and not included in
any initial placement recommendation.
The initial placement recommendations for group power-on attempts are provided on a per-cluster basis. If
all of the placement-related actions for a group power-on attempt are in automatic mode, the virtual machines
are powered on with no initial placement recommendation given. If placement-related actions for any of the
virtual machines are in manual mode, the powering on of all of the virtual machines (including those that are
in automatic mode) is manual and is included in an initial placement recommendation.
For each DRS cluster that the virtual machines being powered on belong to, there is a single recommendation,
which contains all of the prerequisites (or no recommendation). All such cluster-specific recommendations are
presented together under the Power On Recommendations tab.
When a nonautomatic group power-on attempt is made, and virtual machines not subject to an initial
placement recommendation (that is, those on standalone hosts or in non-DRS clusters) are included, vCenter
Server attempts to power them on automatically. If these power ons are successful, they are listed under the
Started Power-Ons tab. Any virtual machines that fail to power on are listed under the Failed Power-Ons tab.
44 VMware, Inc.
Chapter 5 Creating a DRS Cluster
If DRS is enabled on the cluster, load can be distributed more uniformly to reduce the degree of this imbalance.
For example, see Figure 5-1. The three hosts on the left side of this figure are unbalanced. Assume that Host 1,
Host 2, and Host 3 have identical capacity, and all virtual machines have the same configuration and load
(which includes reservation, if set). However, because Host 1 has six virtual machines, its resources might be
overused while ample resources are available on Host 2 and Host 3. DRS migrates (or recommends the
migration of) virtual machines from Host 1 to Host 2 and Host 3. On the right side of the diagram, the properly
load balanced configuration of the hosts that results is displayed.
Host 2 Host 2
Host 3 Host 3
VMware, Inc. 45
vSphere Resource Management Guide
When a cluster becomes unbalanced, DRS makes recommendations or migrates virtual machines, depending
on the default automation level:
n If the cluster or any of the virtual machines involved are manual or partially automated, vCenter Server
does not take automatic actions to balance resources. Instead, the Summary page indicates that migration
recommendations are available and the DRS Recommendations page displays recommendations for
changes that make the most efficient use of resources across the cluster.
n If the cluster and virtual machines involved are all fully automated, vCenter Server migrates running
virtual machines between hosts as needed to ensure efficient use of cluster resources.
NOTE Even in an automatic migration setup, users can explicitly migrate individual virtual machines, but
vCenter Server might move those virtual machines to other hosts to optimize cluster resources.
By default, automation level is specified for the whole cluster. You can also specify a custom automation level
for individual virtual machines.
You can move the threshold slider to use one of five settings, ranging from Conservative to Aggressive. The
five migration settings generate recommendations based on their assigned priority level. Each setting you
move the slider to the right allows the inclusion of one more lower level of priority. The Conservative setting
generates only priority-one recommendations (mandatory recommendations), the next level to the right
generates priority-two recommendations and higher, and so on, down to the Aggressive level which generates
priority-five recommendations and higher (that is, all recommendations.)
A priority level for each migration recommendation is computed using the load imbalance metric of the cluster.
This metric is displayed as Current host load standard deviation in the cluster's Summary tab in the vSphere
Client. A higher load imbalance leads to higher-priority migration recommendations. For more information
about this metric and how a recommendation priority level is calculated, see the VMware Knowledge Base
article "Calculating the priority level of a VMware DRS migration recommendation."
After a recommendation receives a priority level, this level is compared to the migration threshold you set. If
the priority level is less than or equal to the threshold setting, the recommendation is either applied (if the
relevant virtual machines are in fully automated mode) or displayed to the user for confirmation (if in manual
or partially automated mode.)
Migration Recommendations
If you create a cluster with a default manual or partially automated mode, vCenter Server displays migration
recommendations on the DRS Recommendations page.
The system supplies as many recommendations as necessary to enforce rules and balance the resources of the
cluster. Each recommendation includes the virtual machine to be moved, current (source) host and destination
host, and a reason for the recommendation. The reason can be one of the following:
n Balance average CPU loads or reservations.
n Balance average memory loads or reservations.
n Satisfy resource pool reservations.
46 VMware, Inc.
Chapter 5 Creating a DRS Cluster
NOTE If you are using the VMware Distributed Power Management feature, in addition to migration
recommendations, DRS provides host power state recommendations.
Shared Storage
Ensure that the managed hosts use shared storage. Shared storage is typically on a storage area network (SAN)
but can also be implemented using NAS shared storage.
See the iSCSI SAN Configuration Guide and the Fibre Channel SAN Configuration Guide for additional information
on SAN and the ESX Configuration Guide or ESXi Configuration Guide for information on other shared storage.
NOTE Virtual machine swap files also need to be on a VMFS accessible to source and destination hosts (just
like .vmdk virtual disk files). This requirement no longer applies if all source and destination hosts are ESX
Server 3.5 or higher and using host-local swap. In that case, VMotion with swap files on unshared storage is
supported. Swap files are placed on a VMFS by default, but administrators might override the file location
using advanced virtual machine configuration options.
Processor Compatibility
To avoid limiting the capabilities of DRS, you should maximize the processor compatibility of source and
destination hosts in the cluster.
VMotion transfers the running architectural state of a virtual machine between underlying ESX/ESXi hosts.
VMotion compatibility means that the processors of the destination host must be able to resume execution
using the equivalent instructions where the processors of the source host were suspended. Processor clock
speeds and cache sizes might vary, but processors must come from the same vendor class (Intel versus AMD)
and same processor family to be compatible for migration with VMotion.
Processor families such as Xeon MP and Opteron are defined by the processor vendors. You can distinguish
different processor versions within the same family by comparing the processors’ model, stepping level, and
extended features.
In some cases, processor vendors have introduced significant architectural changes within the same processor
family (such as 64-bit extensions and SSE3). VMware identifies these exceptions if it cannot guarantee
successful migration with VMotion.
VMware, Inc. 47
vSphere Resource Management Guide
vCenter Server provides features that help ensure that virtual machines migrated with VMotion meet processor
compatibility requirements. These features include:
n Enhanced VMotion Compatibility (EVC) – You can use EVC to help ensure VMotion compatibility for the
hosts in a cluster. EVC ensures that all hosts in a cluster present the same CPU feature set to virtual
machines, even if the actual CPUs on the hosts differ. This prevents migrations with VMotion from failing
due to incompatible CPUs.
Configure EVC from the Cluster Settings dialog box. The hosts in a cluster must meet certain requirements
for the cluster to use EVC. For more information on EVC and EVC requirements, see Basic System
Administration.
n CPU compatibility masks – vCenter Server compares the CPU features available to a virtual machine with
the CPU features of the destination host to determine whether to allow or disallow migrations with
VMotion. By applying CPU compatibility masks to individual virtual machines, you can hide certain CPU
features from the virtual machine and potentially prevent migrations with VMotion from failing due to
incompatible CPUs.
VMotion Requirements
To enable the use of DRS migration recommendations, the hosts in your cluster must be part of a VMotion
network. If the hosts are not in the VMotion network, DRS can still make initial placement recommendations.
To be configured for VMotion, each host in the cluster must meet the following requirements:
n The virtual machine configuration file for ESX/ESXi hosts must reside on a VMware Virtual Machine File
System (VMFS).
n VMotion does not support raw disks or migration of applications clustered using Microsoft Cluster Service
(MSCS).
n VMotion requires a private Gigabit Ethernet migration network between all of the VMotion enabled
managed hosts. When VMotion is enabled on a managed host, configure a unique network identity object
for the managed host and connect it to the private migration network.
Prerequisites
You can create a cluster without a special license, but you must have a license to enable a cluster for DRS (or
VMware HA).
Procedure
1 Right-click a datacenter or folder in the vSphere Client and select New Cluster.
You can also enable the VMware HA feature by clicking VMware HA.
4 Click Next.
48 VMware, Inc.
Chapter 5 Creating a DRS Cluster
7 Click Next.
9 Click Next.
10 If appropriate, enable Enhanced VMotion Compatibility (EVC) and select the mode it should operate in.
11 Click Next.
You can either store a swapfile in the same directory as the virtual machine itself, or a datastore specified
by the host (host-local swap)
13 Click Next.
14 Review the summary page that lists the options you selected.
15 Click Finish to complete cluster creation, or click Back to go back and make modifications to the cluster
setup.
To add hosts and virtual machines to the cluster see “Adding Hosts to a Cluster,” on page 53 and “Removing
Virtual Machines from a Cluster,” on page 56.
Procedure
3 In the Cluster Settings dialog box, under VMware DRS select Virtual Machine Options.
4 Select the Enable individual virtual machine automation levels check box.
7 Click OK.
NOTE Other VMware products or features, such as VMware vApp and VMware Fault Tolerance, might
override the automation levels of virtual machines in a DRS cluster. Refer to the product-specific
documentation for details.
VMware, Inc. 49
vSphere Resource Management Guide
Disable DRS
You can turn off DRS for a cluster.
When DRS is disabled, the cluster’s resource pool hierarchy and DRS rules (see “Using DRS Rules,” on
page 51) are not reestablished when DRS is turned back on. So if you disable DRS, the resource pools are
removed from the cluster. To avoid losing the resource pools, instead of disabling DRS, you should suspend
it by changing the DRS automation level to manual (and disabling any virtual machine overrides). This
prevents automatic DRS actions, but preserves the resource pool hierarchy.
Procedure
3 In the left panel, select General, and deselect the Turn On VMware DRS check box.
50 VMware, Inc.
Using DRS Clusters to Manage
Resources 6
After you create a DRS cluster, you can customize it and use it to manage resources.
To customize your DRS cluster and the resources it contains you can configure DRS rules and you can add and
remove hosts and virtual machines. When a cluster’s settings and resources have been defined, you should
ensure that it is and remains a valid cluster. You can also use a valid DRS cluster to manage power resources
and interoperate with VMware HA.
If two rules conflict, the older one will take precedence, and the newer rule is disabled. DRS only tries to satisfy
enabled rules, even if they are in violation. Disabled rules are ignored. DRS gives higher precedence to
preventing violations of anti-affinity rules than violations of affinity rules.
To check if any enabled DRS rules are being violated, select the cluster in the inventory panel of the vSphere
Client, select the DRS tab, and click Faults. Any rule currently being violated has a corresponding fault on this
page. Read the fault to determine why DRS is not able to satisfy the particular rule.
NOTE DRS rules are different from an individual host’s CPU affinity rules.
VMware, Inc. 51
vSphere Resource Management Guide
Procedure
4 Click Add.
One virtual machine cannot be part of more than one such rule.
n Separate Virtual Machines
This type of rule cannot contain more than two virtual machines.
Procedure
Procedure
4 Deselect the check box to the left of the rule and click OK.
What to do next
You can later enable the rule by reselecting the check box.
52 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
Procedure
After a host has been added, the virtual machines deployed to the host become part of the cluster and DRS can
recommend migration of some virtual machines to other hosts in the cluster.
You can decide whether you want to associate existing virtual machines and resource pools with the cluster’s
root resource pool or graft the resource pool hierarchy.
NOTE If a host has no child resource pools or virtual machines, the host’s resources are added to the cluster
but no resource pool hierarchy with a top-level resource pool is created.
Procedure
3 Select what to do with the host’s virtual machines and resource pools.
n Put this host’s virtual machines in the cluster’s root resource pool
vCenter Server removes all existing resource pools of the host and the virtual machines in the host’s
hierarchy are all attached to the root. Because share allocations are relative to a resource pool, you
might have to manually change a virtual machine’s shares after selecting this option, which destroys
the resource pool hierarchy.
n Create a resource pool for this host’s virtual machines and resource pools
vCenter Server creates a top-level resource pool that becomes a direct child of the cluster and adds
all children of the host to that new resource pool. You can supply a name for that new top-level
resource pool. The default is Grafted from <host_name>.
VMware, Inc. 53
vSphere Resource Management Guide
Procedure
1 Select the cluster to which to add the host and select Add Host from the right-click menu.
2 Enter the host name, user name, and password, and click Next.
4 Select what to do with the host’s virtual machines and resource pools.
n Put this host’s virtual machines in the cluster’s root resource pool
vCenter Server removes all existing resource pools of the host and the virtual machines in the host’s
hierarchy are all attached to the root. Because share allocations are relative to a resource pool, you
might have to manually change a virtual machine’s shares after selecting this option, which destroys
the resource pool hierarchy.
n Create a resource pool for this host’s virtual machines and resource pools
vCenter Server creates a top-level resource pool that becomes a direct child of the cluster and adds
all children of the host to that new resource pool. You can supply a name for that new top-level
resource pool. The default is Grafted from <host_name>.
NOTE You can drag a virtual machine directly to a resource pool within a cluster. In this case, the Migrate
Virtual Machine wizard is started but the resource pool selection page does not appear. Migrating directly
to a host within a cluster is not allowed because the resource pool controls the resources.
54 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
Prerequisites
Before you remove a host from a DRS cluster, consider the issues involved.
n Resource Pool Hierarchies – When you remove a host from a cluster, the host retains only the root resource
pool, even if you used a DRS cluster and decided to graft the host resource pool when you added the host
to the cluster. In that case, the hierarchy remains with the cluster. You can create a host-specific resource
pool hierarchy.
NOTE Ensure that you remove the host from the cluster by first placing it in maintenance mode. If you
instead disconnect the host before removing it from the cluster, the host retains the resource pool that
reflects the cluster hierarchy.
n Virtual Machines – A host must be in maintenance mode before you can remove it from the cluster and
for a host to enter maintenance mode all powered-on virtual machines must be migrated off that host.
When you request that a host enter maintenance mode, you are also asked whether you want to migrate
all the powered-off virtual machines on that host to other hosts in the cluster.
n Invalid Clusters – When you remove a host from a cluster, the resources available for the cluster decrease.
If the cluster has enough resources to satisfy the reservations of all virtual machines and resource pools
in the cluster, the cluster adjusts resource allocation to reflect the reduced amount of resources. If the
cluster does not have enough resources to satisfy the reservations of all resource pools, but there are
enough resources to satisfy the reservations for all virtual machines, an alarm is issued and the cluster is
marked yellow. DRS continues to run.
Procedure
1 Select the host and select Enter Maintenance Mode from the right-click menu.
2 After the host is in maintenance mode, drag it to a different inventory location, either the top-level
datacenter or a different cluster.
When you move the host, its resources are removed from the cluster. If you grafted the host’s resource
pool hierarchy onto the cluster, that hierarchy remains with the cluster.
Virtual machines that are running on a host entering maintenance mode need to be migrated to another host
(either manually or automatically by DRS) or shut down. The host is in a state of Entering Maintenance Mode
until all running virtual machines are powered down or migrated to different hosts. You cannot power on
virtual machines or migrate virtual machines to a host entering maintenance mode.
VMware, Inc. 55
vSphere Resource Management Guide
When no more running virtual machines are on the host, the host’s icon changes to include under maintenance
and the host’s Summary panel indicates the new state. While in maintenance mode, the host does not allow
you to deploy or power on a virtual machine.
NOTE DRS does not recommend (or perform, in fully automated mode) any virtual machine migrations off
of a host entering maintenance or standby mode if the VMware HA failover level would be violated after the
host enters the requested mode.
Normally, hosts are placed in standby mode by the VMware DPM feature to optimize power usage. You can
also place a host in standby mode manually. However, DRS might undo (or recommend undoing) your change
the next time it runs. To force a host to remain off, place it in maintenance mode and power it off.
If the virtual machine is a member of a DRS cluster rules group, vCenter Server displays a warning before
it allows the migration to proceed. The warning indicates that dependent virtual machines are not
migrated automatically. You have to acknowledge the warning before migration can proceed.
When considering cluster validity scenarios, you should understand these terms.
Reservation A fixed, guaranteed allocation for the resource pool input by the user.
Reservation Used The sum of the reservation or reservation used (whichever is larger) for each
child resource pool, added recursively.
56 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
Expandable resource pools (Reservation minus reservation used) plus any unreserved resources that can be borrowed
from its ancestor resource pools.
Figure 6-1 shows an example of a valid cluster with fixed resource pools and how its CPU and memory
resources are computed.
cluster
Total Capacity: 12G
Reserved Capacity: 11G
Available Capacity: 1G
Figure 6-2 shows an example of a valid cluster with some resource pools (RP1 and RP3) using reservation type
Expandable.
VMware, Inc. 57
vSphere Resource Management Guide
cluster
Total Capacity: 16G
Reserved Capacity: 16G
Available Capacity: 0G
RP3 was created with a reservation of 5GHz. Two virtual machines of 3GHz and 2GHz are powered on.
Even though this resource pool is of type Expandable, no additional 2GHz virtual machine can be powered
on because the parent’s extra resources are already used by RP1.
There will always be enough resources to support all running virtual machines because, when a host becomes
unavailable, all its virtual machines become unavailable. A cluster typically turns yellow when cluster capacity
is suddenly reduced, for example, when a host in the cluster becomes unavailable. VMware recommends that
you leave adequate additional cluster resources to avoid your cluster turning yellow.
58 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
cluster
X
Total Capacity:12G 8G
Reserved Capacity: 12G
Available Capacity: 0G
VM4, 1G VM7, 0G
In this example:
n A cluster with total resources of 12GHz coming from three hosts of 4GHz each.
n Three resource pools reserving a total of 12GHz.
n The total reservation used by the three resource pools combined is 12GHz (4+5+3 GHz). That shows up
as the Reserved Capacity in the cluster.
n One of the 4GHz hosts becomes unavailable, so total resources reduce to 8GHz.
n At the same time, VM4 (1GHz) and VM3 (3GHz), which were running on the host that failed, are no longer
running.
n The cluster is now running virtual machines that require a total of 6GHz. The cluster still has 8GHz
available, which is sufficient to meet virtual machine requirements.
The resource pool reservations of 12GHz can no longer be met, so the cluster is marked as yellow.
The total amount of resources in the cluster does not affect whether the cluster is red. A cluster can be red,
even if enough resources exist at the root level, if there is an inconsistency at a child level.
You can resolve a red DRS cluster problem either by powering off one or more virtual machines, moving virtual
machines to parts of the tree that have sufficient resources, or editing the resource pool settings in the red part.
Adding resources typically helps only when you are in the yellow state.
VMware, Inc. 59
vSphere Resource Management Guide
A cluster can also turn red if you reconfigure a resource pool while a virtual machine is failing over. A virtual
machine that is failing over is disconnected and does not count toward the reservation used by the parent
resource pool. You might reduce the reservation of the parent resource pool before the failover completes.
After the failover is complete, the virtual machine resources are again charged to the parent resource pool. If
the pool’s usage becomes larger than the new reservation, the cluster turns red.
As is shown in the example in Figure 6-4, if a user is able to start a virtual machine (in an unsupported way)
with a reservation of 3GHz under resource pool 2, the cluster would become red.
cluster
Total Capacity:12G
Reserved Capacity: 12G 15G
Available Capacity: 0G
VM7, 3G
VMware DPM monitors the cumulative demand of all virtual machines in the cluster for memory and CPU
resources and compares this to the total available resource capacity of all hosts in the cluster. If sufficient excess
capacity is found, VMware DPM places one or more hosts in standby mode and powers them off after migrating
their virtual machines to other hosts. Conversely, when capacity is deemed to be inadequate, DRS brings hosts
out of standby mode (powers them on) and migrates virtual machines, using VMotion, to them. When making
these calculations, VMware DPM considers not only current demand, but it also honors any user-specified
virtual machine resource reservations.
NOTE ESX/ESXi hosts cannot automatically be brought out of standby mode unless they are running in a
cluster managed by vCenter Server.
60 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
VMware DPM can use one of three power management protocols to bring a host out of standby mode:
Intelligent Platform Management Interface (IPMI), Hewlett-Packard Integrated Lights-Out (iLO), or Wake-On-
LAN (WOL). Each protocol requires its own hardware support and configuration. If a host does not support
any of these protocols it cannot be put into standby mode by VMware DPM. If a host supports multiple
protocols, they are used in the following order: IPMI, iLO, WOL.
NOTE Do not disconnect a host in standby mode or move it out of the DRS cluster without first powering it
on, otherwise vCenter Server is not able to power the host back on.
Prerequisites
Both IPMI and iLO require a hardware Baseboard Management Controller (BMC) to provide a gateway for
accessing hardware control functions, and allow the interface to be accessed from a remote system using serial
or LAN connections. The BMC is powered-on even when the host itself is powered-off. If properly enabled,
the BMC can respond to remote power-on commands.
If you plan to use IPMI or iLO as a wake protocol, you must configure the BMC. BMC configuration steps vary
according to model. See your vendor’s documentation for more information. With IPMI, you must also ensure
that the BMC LAN channel is configured to be always available and to allow operator-privileged commands.
On some IPMI systems, when you enable "IPMI over LAN" you must configure this in the BIOS and specify a
particular IPMI account.
VMware DPM using only IPMI supports MD5- and plaintext-based authentication, but MD2-based
authentication is not supported. vCenter Server uses MD5 if a host's BMC reports that it is supported and
enabled for the Operator role. Otherwise, plaintext-based authentication is used if the BMC reports it is
supported and enabled. If neither MD5 nor plaintext authentication is enabled, IPMI cannot be used with the
host and vCenter Server attempts to use Wake-on-LAN.
Procedure
4 Click Properties.
6 Click OK.
VMware, Inc. 61
vSphere Resource Management Guide
Prerequisites
Before testing WOL, ensure that your cluster meets the prerequisites.
n Your cluster must contain at least two ESX 3.5 (or ESX 3i version 3.5) or later hosts.
n Each host's VMotion networking link must be working correctly. The VMotion network should also be a
single IP subnet, not multiple subnets separated by routers.
n The VMotion NIC on each host must support WOL. To check for WOL support, first determine the name
of the physical network adapter corresponding to the VMkernel port by selecting the host in the inventory
panel of the vSphere Client, selecting the Configuration tab, and clicking Networking. After you have
this information, click on Network Adapters and find the entry corresponding to the network adapter. The
Wake On LAN Supported column for the relevant adapter should show Yes.
n To display the WOL-compatibility status for each NIC on a host, select the host in the inventory panel of
the vSphere Client, select the Configuration tab, and click Network Adapters. The NIC must show Yes
in the Wake On LAN Supported column.
n The switch port that each WOL-supporting VMotion NIC is plugged into should be set to auto negotiate
the link speed, and not set to a fixed speed (for example, 1000 Mb/s). Many NICs support WOL only if
they can switch to 100 Mb/s or less when the host is powered off.
After you verify these prerequisites, test each ESX/ESXi host that is going to use WOL to support VMware
DPM. When you test these hosts, ensure that the VMware DPM feature is disabled for the cluster.
CAUTION Ensure that any host being added to a VMware DPM cluster that uses WOL as a wake protocol is
tested and disabled from using power management if it fails the testing. If this is not done, VMware DPM
might power off hosts that it subsequently cannot power back up.
Procedure
1 Click the Enter Standby Mode command on the host's Summary tab in the vSphere Client.
4 For any host that fails to exit standby mode successfully, select the host in the cluster Settings dialog box’s
Host Options page and change its Power Management setting to Disabled.
After you do this, VMware DPM does not consider that host a candidate for being powered-off.
To do this, configure the power management automation level, threshold, and host-level overrides. These
settings are configured under Power Management in the cluster’s Settings dialog box.
62 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
Automation Level
Whether the host power state and migration recommendations generated by VMware DPM are executed
automatically or not depends upon the power management automation level selected for the feature.
The automation level is configured under Power Management in the cluster’s Settings dialog box. The options
available are:
n Off – The feature is disabled and no recommendations will be made.
n Manual – Host power operation and related virtual machine migration recommendations are made, but
not automatically executed. These recommendations appear on the cluster’s DRS tab in the vSphere Client.
n Automatic – Host power operations are automatically executed if related virtual machine migrations can
all be executed automatically.
NOTE The power management automation level is not the same as the DRS automation level.
The threshold is configured under Power Management in the cluster’s Settings dialog box. Each level you
move the VMware DPM Threshold slider to the right allows the inclusion of one more lower level of priority
in the set of recommendations that are executed automatically or appear as recommendations to be manually
executed. At the Conservative setting, VMware DPM only generates priority-one recommendations, the next
level to the right only priority-two and higher, and so on, down to the Aggressive level which generates
priority-five recommendations and higher (that is, all recommendations.)
NOTE The DRS threshold and the VMware DPM threshold are essentially independent. You can differentiate
the aggressiveness of the migration and host-power-state recommendations they respectively provide.
Host-Level Overrides
When you enable VMware DPM in a DRS cluster, by default all hosts in the cluster inherit its VMware DPM
automation level.
You can override this default for an individual host by selecting the host Host Options page of the cluster's
Settings dialog box and clicking its Power Management setting. You can change this setting to the following
options:
n Disabled
n Manual
n Automatic
NOTE Do not change a host's Power Management setting if it has been set to Disabled due to failed exit standby
mode testing.
VMware, Inc. 63
vSphere Resource Management Guide
After enabling and running VMware DPM, you can verify that it is functioning properly by viewing each host’s
Last Time Exited Standby information displayed on the Host Options page in the cluster Settings dialog box
and on the Hosts tab for each cluster. This field shows a timestamp and whether vCenter Server Succeeded or
Failed the last time it attempted to bring the host out of standby mode. If no such attempt has been made, the
field displays Never.
NOTE Times for the Last Time Exited Standby field are derived from the vCenter Server event log. If this log
is cleared, the times are reset to Never.
The most serious potential error you face when using VMware DPM is the failure of a host to exit standby
mode when its capacity is needed by the DRS cluster. You can monitor for instances when this error occurs by
using the preconfigured Exit Standby Error alarm in vCenter Server. If VMware DPM cannot bring a host out
of standby mode (vCenter Server event DrsExitStandbyModeFailedEvent), you can configure this alarm to send
an alert email to the administrator or to send notification using an SNMP trap. By default, this alarm is cleared
after vCenter Server is able to successfully connect to that host.
To monitor VMware DPM activity, you can also create alarms for the following vCenter Server events.
For more information on creating and editing alarms, see the Basic System Administration guide.
If you use monitoring software other than vCenter Server, and that software triggers alarms when physical
hosts are powered off unexpectedly, you might have a situation where false alarms are generated when
VMware DPM places a host into standby mode. If you do not want to receive such alarms, work with your
vendor to deploy a version of the monitoring software that is integrated with vCenter Server. You could also
use vCenter Server itself as your monitoring solution, because starting with vSphere 4.x, it is inherently aware
of VMware DPM and does not trigger these false alarms.
64 VMware, Inc.
Viewing DRS Cluster Information 7
You can view information about a DRS cluster using the cluster Summary and DRS tabs in the vSphere Client.
You can also apply the DRS recommendations that appear in the DRS tab.
The General, VMware DRS, and VMware DRS Resource Distribution sections of this tab display useful
information about the configuration and operation of your cluster. The following sections describe the fields
that appear in those sections.
VMware EVC Mode Indicates whether Enhanced VMotion Compatibility is enabled or disabled.
VMware, Inc. 65
vSphere Resource Management Guide
DRS Recommendations Number of DRS migration recommendations awaiting user confirmation. If the
value is nonzero, opens the Recommendations page of the cluster’s DRS tab.
DRS Faults Number of DRS faults currently outstanding. If the value is nonzero, opens the
Faults page of the cluster’s DRS tab.
Migration Threshold Indicates the priority level of migration recommendations to apply or generate.
Target host load standard deviation A value derived from the migration threshold setting that indicates the value
under which load imbalance is to be kept.
Current host load standard deviation A value indicating the current load imbalance in the cluster. This value should be
less than the target host load standard deviation unless unapplied DRS
recommendations or constraints preclude attaining that level.
View Resource Distribution Chart Opens the Resource Distribution chart that provides CPU and memory utilization
information.
Open this chart by clicking the View Resource Distribution Chart link on the Summary tab for a VMware DRS
cluster.
CPU Utilization
CPU utilization is displayed on a per-virtual machine basis, grouped by host. The chart shows information for
each virtual machine as a colored box, which symbolizes the percentage of entitled resources (as computed by
DRS) that are delivered to it. If the virtual machine is receiving its entitlement, this box should be green. If it
is not green for an extended time, you might want to investigate what is causing this shortfall (for example,
unapplied recommendations).
If you hold the pointer over the box for a virtual machine, its utilization information (Consumed versus
Entitlement) appears.
You can toggle the display of CPU resources between % and MHz by clicking the appropriate button.
Memory Utilization
Memory utilization is displayed on a per-virtual machine basis, grouped by host.
If you hold the pointer over the box for a virtual machine, its utilization information (Consumed versus
Entitlement) appears.
You can toggle the display of memory resources between % and MB by clicking the appropriate button.
66 VMware, Inc.
Chapter 7 Viewing DRS Cluster Information
This tab displays information about the DRS recommendations made for the cluster, faults that have occurred
in applying such recommendations, and the history of DRS actions. You can access three pages from this tab.
These pages are named Recommendations, Faults, and History.
The Recommendations page of the DRS tab displays the following cluster properties.
Migration Automation Level Automation level for DRS virtual machine migration recommendations. Fully
Automated, Partially Automated, or Manual.
Power Management Automation level for VMware DPM recommendations. Off, Manual, or Automatic.
Automation Level
Power Management Threshold Priority level (or higher) of VMware DPM recommendations to apply.
Additionally, the DRS Recommendations section on this page displays the current set of recommendations
generated for optimizing resource utilization in the cluster through either migrations or power management.
Only manual recommendations awaiting user confirmation appear on this list.
Table 7-4 shows the information that DRS provides for each recommendation.
VMware, Inc. 67
vSphere Resource Management Guide
Priority Priority level (1-5) for the recommendation. Priority one, the highest, indicates a mandatory move
because of a host entering maintenance or standby mode or DRS rule violations. Other priority
ratings denote how much the recommendation would improve the cluster’s performance; from
priority two (significant improvement) to priority five (slight). Prior to ESX/ESXi 4.0,
recommendations received a star rating (1 to 5 stars) instead of a priority level. The higher the
star rating, the more desirable the move. See the VMware knowledge base article at
http://kb.vmware.com/kb/1007485 for information on priority level calculation.
Recommendation The action recommended by DRS. What appears in this column depends on the type of
recommendation.
n For virtual machine migrations: the name of the virtual machine to migrate, the source host
(on which the virtual machine is currently running), and the destination host (to which the
virtual machine is migrated).
n For host power state changes: the name of the host to power on or off.
Reason Reason for the recommendation. why DRS recommends that you migrate the virtual machine or
transition the power state of the host. Reasons can be related to any of the following.
n Balance average CPU or memory loads.
n Satisfy a DRS (affinity or anti-affinity) rule.
n Host is entering maintenance.
n Decrease power consumption.
n Power off a specific host.
n Increase cluster capacity.
n Balance CPU or memory reservations.
n Maintain unreserved capacity.
DRS recommendations are configurable only using vCenter Server. Migrations are not available when you
connect the vSphere Client directly to ESX/ESXi hosts. To use the migrations function, have vCenter Server
manage the host.
You can reach this page by clicking the Faults button on the DRS tab.
You can customize the display of problems using the Contains text box. Select the search criteria (Time,
Problem, Target) from the drop-down box next to the text box and enter a relevant text string.
You can click on a problem to display additional details about it, including specific faults and the
recommendations it prevented. If you click on a fault name, a detailed description of that fault is provided by
the DRS Troubleshooting Guide. You can also access this guide from the Faults page, by clicking View DRS
Troubleshooting Guide.
For each fault, DRS provides the information shown in Table 7-5.
Problem Description of the condition that prevented the recommendation from being made or
applied. When you select this field, more detailed information about its associated faults
displays in the Problem Details box.
68 VMware, Inc.
Chapter 7 Viewing DRS Cluster Information
You can reach this page by clicking the History button on the DRS tab.
For each action, DRS provides the information shown in Table 7-6.
By default, the information on this page is maintained for four hours and it is preserved across sessions (you
can log out and when you log back in, the information is still available.)
You can customize the display of recent actions using the Contains text box. Select the search criteria (DRS
Actions, Time) from the drop-down box next to the text box and enter a relevant text string.
VMware, Inc. 69
vSphere Resource Management Guide
70 VMware, Inc.
Using NUMA Systems with ESX/ESXi 8
ESX/ESXi supports memory access optimization for Intel and AMD Opteron processors in server architectures
that support NUMA (non-uniform memory access).
After you understand how ESX/ESXi NUMA scheduling is performed and how the VMware NUMA
algorithms work, you can specify NUMA controls to optimize the performance of your virtual machines.
What is NUMA?
NUMA systems are advanced server platforms with more than one system bus. They can harness large
numbers of processors in a single system image with superior price to performance ratios.
For the past decade, processor clock speed has increased dramatically. A multi-gigahertz CPU, however, needs
to be supplied with a large amount of memory bandwidth to use its processing power effectively. Even a single
CPU running a memory-intensive workload, such as a scientific computing application, can be constrained by
memory bandwidth.
This problem is amplified on symmetric multiprocessing (SMP) systems, where many processors must
compete for bandwidth on the same system bus. Some high-end systems often try to solve this problem by
building a high-speed data bus. However, such a solution is expensive and limited in scalability.
NUMA is an alternative approach that links several small, cost-effective nodes using a high-performance
connection. Each node contains processors and memory, much like a small SMP system. However, an advanced
memory controller allows a node to use memory on all other nodes, creating a single system image. When a
processor accesses memory that does not lie within its own node (remote memory), the data must be transferred
over the NUMA connection, which is slower than accessing local memory. Memory access times are not
uniform and depend on the location of the memory and the node from which it is accessed, as the technology’s
name implies.
VMware, Inc. 71
vSphere Resource Management Guide
There are many disadvantages to using such an operating system on a NUMA platform. The high latency of
remote memory accesses can leave the processors under-utilized, constantly waiting for data to be transferred
to the local node, and the NUMA connection can become a bottleneck for applications with high-memory
bandwidth demands.
Furthermore, performance on such a system can be highly variable. It varies, for example, if an application has
memory located locally on one benchmarking run, but a subsequent run happens to place all of that memory
on a remote node. This phenomenon can make capacity planning difficult. Finally, processor clocks might not
be synchronized between multiple nodes, so applications that read the clock directly might behave incorrectly.
Some high-end UNIX systems provide support for NUMA optimizations in their compilers and programming
libraries. This support requires software developers to tune and recompile their programs for optimal
performance. Optimizations for one system are not guaranteed to work well on the next generation of the same
system. Other systems have allowed an administrator to explicitly decide on the node on which an application
should run. While this might be acceptable for certain applications that demand 100 percent of their memory
to be local, it creates an administrative burden and can lead to imbalance between nodes when workloads
change.
Ideally, the system software provides transparent NUMA support, so that applications can benefit immediately
without modifications. The system should maximize the use of local memory and schedule programs
intelligently without requiring constant administrator intervention. Finally, it must respond well to changing
conditions without compromising fairness or performance.
1 Each virtual machine managed by the NUMA scheduler is assigned a home node. A home node is one of
the system’s NUMA nodes containing processors and local memory, as indicated by the System Resource
Allocation Table (SRAT).
2 When memory is allocated to a virtual machine, the ESX/ESXi host preferentially allocates it from the
home node.
3 The NUMA scheduler can dynamically change a virtual machine's home node to respond to changes in
system load. The scheduler might migrate a virtual machine to a new home node to reduce processor load
imbalance. Because this might cause more of its memory to be remote, the scheduler might migrate the
virtual machine’s memory dynamically to its new home node to improve memory locality. The NUMA
scheduler might also swap virtual machines between nodes when this improves overall memory locality.
Some virtual machines are not managed by the ESX/ESXi NUMA scheduler. For example, if you manually set
the processor affinity for a virtual machine, the NUMA scheduler might not be able to manage this virtual
machine. Virtual machines that have more virtual processors than the number of physical processor cores
available on a single hardware node cannot be managed automatically. Virtual machines that are not managed
by the NUMA scheduler still run correctly. However, they don't benefit from ESX/ESXi NUMA optimizations.
The NUMA scheduling and memory placement policies in ESX/ESXi can manage all virtual machines
transparently, so that administrators do not need to address the complexity of balancing virtual machines
between nodes explicitly.
The optimizations work seamlessly regardless of the type of guest operating system. ESX/ESXi provides
NUMA support even to virtual machines that do not support NUMA hardware, such as Windows NT 4.0. As
a result, you can take advantage of new hardware even with legacy operating systems.
72 VMware, Inc.
Chapter 8 Using NUMA Systems with ESX/ESXi
Unless a virtual machine’s home node changes, it uses only local memory, avoiding the performance penalties
associated with remote memory accesses to other NUMA nodes.
New virtual machines are initially assigned to home nodes in a round robin fashion, with the first virtual
machine going to the first node, the second virtual machine to the second node, and so forth. This policy ensures
that memory is evenly used throughout all nodes of the system.
Several operating systems, such as Windows Server 2003, provide this level of NUMA support, which is known
as initial placement. It might be sufficient for systems that run only a single workload, such as a benchmarking
configuration, which does not change over the course of the system’s uptime. However, initial placement is
not sophisticated enough to guarantee good performance and fairness for a datacenter-class system that is
expected to support changing workloads.
This calculation takes into account the resource settings for virtual machines and resource pools to improve
performance without violating fairness or resource entitlements.
The rebalancer selects an appropriate virtual machine and changes its home node to the least loaded node.
When it can, the rebalancer moves a virtual machine that already has some memory located on the destination
node. From that point on (unless it is moved again), the virtual machine allocates memory on its new home
node and it runs only on processors within the new home node.
Rebalancing is an effective solution to maintain fairness and ensure that all nodes are fully used. The rebalancer
might need to move a virtual machine to a node on which it has allocated little or no memory. In this case, the
virtual machine incurs a performance penalty associated with a large number of remote memory accesses.
ESX/ESXi can eliminate this penalty by transparently migrating memory from the virtual machine’s original
node to its new home node:
1 The system selects a page (4KB of contiguous memory) on the original node and copies its data to a page
in the destination node.
2 The system uses the virtual machine monitor layer and the processor’s memory management hardware
to seamlessly remap the virtual machine’s view of memory, so that it uses the page on the destination
node for all further references, eliminating the penalty of remote memory access.
VMware, Inc. 73
vSphere Resource Management Guide
When a virtual machine moves to a new node, the ESX/ESXi host immediately begins to migrate its memory
in this fashion. It manages the rate to avoid overtaxing the system, particularly when the virtual machine has
little remote memory remaining or when the destination node has little free memory available. The memory
migration algorithm also ensures that the ESX/ESXi host does not move memory needlessly if a virtual machine
is moved to a new node for only a short period.
When initial placement, dynamic rebalancing, and intelligent memory migration work in conjunction, they
ensure good memory performance on NUMA systems, even in the presence of changing workloads. When a
major workload change occurs, for instance when new virtual machines are started, the system takes time to
readjust, migrating virtual machines and memory to new locations. After a short period, typically seconds or
minutes, the system completes its readjustments and reaches a steady state.
For example, several virtual machines might be running instances of the same guest operating system, have
the same applications or components loaded, or contain common data. In such cases, ESX/ESXi systems use a
proprietary transparent page-sharing technique to securely eliminate redundant copies of memory pages. With
memory sharing, a workload running in virtual machines often consumes less memory than it would when
running on physical machines. As a result, higher levels of overcommitment can be supported efficiently.
Transparent page sharing for ESX/ESXi systems has also been optimized for use on NUMA systems. On NUMA
systems, pages are shared per-node, so each NUMA node has its own local copy of heavily shared pages. When
virtual machines use shared pages, they don't need to access remote memory.
VMkernel.Boot.sharePerNode is turned on by default, and identical pages are shared only within the same
NUMA node. This improves memory locality, because all accesses to shared pages use local memory.
NOTE This default behavior is the same in all previous versions of ESX.
When you turn off the VMkernel.Boot.sharePerNode option, identical pages can be shared across different
NUMA nodes. This increases the amount of sharing and de-duplication, which reduces overall memory
consumption at the expense of memory locality. In memory-constrained environments, such as VMware View
deployments, many similar virtual machines present an opportunity for de-duplication, and page sharing
across NUMA nodes could be very beneficial.
74 VMware, Inc.
Chapter 8 Using NUMA Systems with ESX/ESXi
The IBM Enterprise X-Architecture supports servers with up to four nodes (also called CECs or SMP Expansion
Complexes in IBM terminology). Each node can contain up to four Intel Xeon MP processors for a total of 16
CPUs. The next generation IBM eServer x445 uses an enhanced version of the Enterprise X-Architecture, and
scales to eight nodes with up to four Xeon MP processors for a total of 32 CPUs. The third-generation IBM
eServer x460 provides similar scalability but also supports 64-bit Xeon MP processors. The high scalability of
all these systems stems from the Enterprise X-Architecture’s NUMA design that is shared with IBM high end
POWER4-based pSeries servers.
The BIOS setting for node interleaving determines whether the system behaves more like a NUMA system or
more like a Uniform Memory Architecture (UMA) system. See the HP ProLiant DL585 Server technology brief.
See also the HP ROM-Based Setup Utility User Guide at the HP Web site.
By default, node interleaving is disabled, so each processor has its own memory. The BIOS builds a System
Resource Allocation Table (SRAT), so the ESX/ESXi host detects the system as NUMA and applies NUMA
optimizations. If you enable node interleaving (also known as interleaved memory), the BIOS does not build
an SRAT, so the ESX/ESXi host does not detect the system as NUMA.
Currently shipping Opteron processors have up to four cores per socket. When node memory is enabled, the
memory on the Opteron processors is divided such that each socket has some local memory, but memory for
other sockets is remote. The single-core Opteron systems have a single processor per NUMA node and the
dual-core Opteron systems have two processors for each NUMA node.
SMP virtual machines (having two virtual processors) cannot reside within a NUMA node that has a single
core, such as the single-core Opteron processors. This also means they cannot be managed by the ESX/ESXi
NUMA scheduler. Virtual machines that are not managed by the NUMA scheduler still run correctly. However,
those virtual machines don't benefit from the ESX/ESXi NUMA optimizations. Uniprocessor virtual machines
(with a single virtual processor) can reside within a single NUMA node and are managed by the ESX/ESXi
NUMA scheduler.
NOTE For small Opteron systems, NUMA rebalancing is now disabled by default to ensure scheduling fairness.
Use the Numa.RebalanceCoresTotal and Numa.RebalanceCoresNode options to change this behavior.
This is useful if a virtual machine runs a memory-intensive workload, such as an in-memory database or a
scientific computing application with a large data set. You might also want to optimize NUMA placements
manually if the system workload is known to be simple and unchanging. For example, an eight-processor
system running eight virtual machines with similar workloads is easy to optimize explicitly.
NOTE In most situations, an ESX/ESXi host’s automatic NUMA optimizations result in good performance.
ESX/ESXi provides two sets of controls for NUMA placement, so that administrators can control memory and
processor placement of a virtual machine.
CPU Affinity A virtual machine should use only the processors on a given node.
Memory Affinity The server should allocate memory only on the specified node.
If you set both options before a virtual machine starts, the virtual machine runs only on the selected node and
all of its memory is allocated locally.
VMware, Inc. 75
vSphere Resource Management Guide
An administrator can also manually move a virtual machine to another node after the virtual machine has
started running. In this case, the page migration rate of the virtual machine must be set manually, so that
memory from the virtual machine’s previous node can be moved to its new node.
Manual NUMA placement might interfere with the ESX/ESXi resource management algorithms, which try to
give each virtual machine a fair share of the system’s processor resources. For example, if ten virtual machines
with processor-intensive workloads are manually placed on one node, and only two virtual machines are
manually placed on another node, it is impossible for the system to give all twelve virtual machines equal
shares of the system’s resources.
NOTE You can view NUMA configuration information in the Memory panel of the resxtop (or esxtop) utility.
Associate Virtual Machines with a Single NUMA Node Using CPU Affinity
You might be able to improve the performance of the applications on a virtual machine by associating it to the
CPU numbers on a single NUMA node (manual CPU affinity).
Procedure
1 Using a vSphere Client, right-click a virtual machine and select Edit Settings.
2 In the Virtual Machine Properties dialog box, select the Resources tab and select Advanced CPU.
3 In the Scheduling Affinity panel, set CPU affinity for different NUMA nodes.
NOTE You must manually select the boxes for all processors in the NUMA node. CPU affinity is specified
on a per-processor, not on a per-node, basis.
NOTE Specify nodes to be used for future memory allocations only if you have also specified CPU affinity. If
you make manual changes only to the memory affinity settings, automatic NUMA rebalancing does not work
properly.
Procedure
1 Using a vSphere Client, right-click a virtual machine and select Edit Settings.
2 In the Virtual Machine Properties dialog box, select the Resources tab, and select Memory.
76 VMware, Inc.
Chapter 8 Using NUMA Systems with ESX/ESXi
1 In the vSphere Client inventory panel, select the virtual machine and select Edit Settings.
1 In the vSphere Client inventory panel, select the virtual machine and select Edit Settings.
4 In the vSphere Client, set memory affinity for the NUMA node to 1.
Completing these two tasks ensures that the virtual machine runs only on NUMA node 1 and, when possible,
allocates memory from the same node.
VMware, Inc. 77
vSphere Resource Management Guide
78 VMware, Inc.
Performance Monitoring Utilities:
resxtop and esxtop A
The resxtop and esxtop command-line utilities provide a detailed look at how ESX/ESXi uses resources in real
time. You can start either utility in one of three modes: interactive (default), batch, or replay.
The fundamental difference between resxtop and esxtop is that you can use resxtop remotely (or locally),
whereas esxtop can be started only through the service console of a local ESX host.
The esxtop utility reads its default configuration from .esxtop4rc. This configuration file consists of eight lines.
The first seven lines contain lowercase and uppercase letters to specify which fields appear in which order on
the CPU, memory, storage adapter, storage device, virtual machine storage, network, and interrupt panels.
The letters correspond to the letters in the Fields or Order panels for the respective esxtop panel.
The eighth line contains information on the other options. Most important, if you saved a configuration in
secure mode, you do not get an insecure esxtop without removing the s from the seventh line of
your .esxtop4rc file. A number specifies the delay time between updates. As in interactive mode, typing c, m,
d, u, v, n, or I determines the panel with which esxtop starts.
NOTE Do not edit the .esxtop4rc file. Instead, select the fields and the order in a running esxtop process, make
changes, and save this file using the W interactive command.
Before you can use any vSphere CLI commands, you must either download and install a vSphere CLI package
or deploy the vSphere Management Assistant (vMA) to your ESX/ESXi host or vCenter Server system.
VMware, Inc. 79
vSphere Resource Management Guide
After it is set up, start resxtop from the command line. For remote connections, you can either connect to an
ESX/ESXi host either directly or through vCenter Server.
The command-line options are the same as for esxtop (except for the R option) with additional connection
options.
NOTE resxtop does not use all the options shared by other vSphere CLI commands.
[server] Name of the remote host to connect to (required). If connecting directly to the ESX/
ESXi host, use the name of that host. If your connection to the ESX/ESXi host is indirect
(that is, through vCenter Server), use the name of the vCenter Server system for this
option.
[vihost] If you connect indirectly (through vCenter Server), this option should contain the
name of the ESX/ESXi host you connect to. If you connect directly to the ESX/ESXi
host, this option is not used.
[portnumber] Port number to connect to on the remote server. The default port is 443, and unless
this is changed on the server, this option is not needed.
[username] User name to be authenticated when connecting to the remote host. The remote server
prompts you for a password.
You can also use resxtop on a local ESX/ESXi host by omitting the server option on the command line and the
command defaults to localhost.
s Calls resxtop (or esxtop) in secure mode. In secure mode, the -d command, which specifies delay
between updates, is disabled.
d Specifies the delay between updates. The default is five seconds. The minimum is two seconds.
Change this with the interactive command s. If you specify a delay of less than two seconds, the
delay is set to two seconds.
n Number of iterations. Updates the display n times and exits.
server The name of the remote server host to connect to (required for resxtop only).
portnumber The port number to connect to on the remote server. The default port is 443, and unless this is
changed on the server, this option is not needed. (resxtop only)
username The user name to be authenticated when connecting to the remote host. The remote server prompts
you for a password, as well (resxtop only).
80 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
a Show all statistics. This option overrides configuration file setups and shows all statistics. The
configuration file can be the default ~/.esxtop4rc configuration file or a user-defined configuration
file.
c<filename> Load a user-defined configuration file. If the -c option is not used, the default configuration filename
is ~/.esxtop4rc. Create your own configuration file, specifying a different filename, using the W
single-key interactive command.
Several statistics appear on the different panels while resxtop (or esxtop) is running in interactive mode. These
statistics are common across all four panels.
The Uptime line, found at the top of each of the four resxtop (or esxtop) panels, displays the current time, time
since last reboot, number of currently running worlds and load averages. A world is an ESX/ESXi VMkernel
schedulable entity, similar to a process or thread in other operating systems.
Below that the load averages over the past one, five, and fifteen minutes appear. Load averages take into
account both running and ready-to-run worlds. A load average of 1.00 means that there is full utilization of
all physical CPUs. A load average of 2.00 means that the ESX/ESXi system might need twice as many physical
CPUs as are currently available. Similarly, a load average of 0.50 means that the physical CPUs on the ESX/
ESXi system are half utilized.
If you press f, F, o, or O, the system displays a page that specifies the field order on the top line and short
descriptions of the field contents. If the letter in the field string corresponding to a field is uppercase, the field
is displayed. An asterisk in front of the field description indicates whether a field is displayed.
The order of the fields corresponds to the order of the letters in the string.
When running in interactive mode, resxtop (or esxtop) recognizes several single-key commands.
All interactive mode panels recognize the commands listed in Table A-3. The command to specify the delay
between updates is disabled if the s option is given on the command line. All sorting interactive commands
sort in descending order.
h or ? Displays a help menu for the current panel, giving a brief summary of commands, and the status of secure mode.
f or F Displays a panel for adding or removing statistics columns (fields) to or from the current panel.
o or O Displays a panel for changing the order of statistics columns on the current panel.
VMware, Inc. 81
vSphere Resource Management Guide
# Prompts you for the number of statistics rows to display. Any value greater than 0 overrides automatic
determination of the number of rows to show, which is based on window size measurement. If you change this
number in one resxtop (or esxtop) panel, the change affects all four panels.
s Prompts you for the delay between updates, in seconds. Fractional values are recognized down to microseconds.
The default value is five seconds. The minimum value is two seconds. This command is not available in secure
mode.
W Write the current setup to an esxtop (or resxtop) configuration file. This is the recommended way to write a
configuration file. The default filename is the one specified by -c option, or ~/.esxtop4rc if the -c option is not
used. You can also specify a different filename on the prompt generated by this W command.
CPU Panel
The CPU panel displays server-wide statistics as well as statistics for individual world, resource pool, and
virtual machine CPU utilization.
Resource pools, running virtual machines, or other worlds are at times called groups. For worlds belonging
to a virtual machine, statistics for the running virtual machine are displayed. All other worlds are logically
aggregated into the resource pools that contain them.
PCPU USED(%) A PCPU refers to a physical hardware execution context. This can be a physical CPU core if
hyperthreading is unavailable or disabled, or a logical CPU (LCPU or SMT thread) if hyperthreading
is enabled.
PCPU USED(%) displays:
n Percentage of CPU usage per PCPU
n percentage of CPU usage averaged over all PCPUs
CPU Usage (%USED) is the percentage of PCPU nominal frequency that was used since the last screen
update. It equals the total sum of %USED for Worlds that ran on this PCPU.
NOTE If a PCPU is running at frequency that is higher than its nominal (rated) frequency, then PCPU
USED(%) can be greater than 100%.
PCPU UTIL(%) A PCPU refers to a physical hardware execution context. This can be a physical CPU core if
hyperthreading is unavailable or disabled, or a logical CPU (LCPU or SMT thread) if hyperthreading
is enabled.
PCPU UTIL(%) represents the percentage of real time that the PCPU was not idle (raw PCPU
utilization) and it displays the percentage CPU utilization per PCPU, and the percentage CPU
utilization averaged over all PCPUs.
NOTE PCPU UTIL(%) might differ from PCPU USED(%) due to power management technologies or
hyperthreading.
82 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
CCPU(%) Percentages of total CPU time as reported by the ESX service console. This field is not displayed if you
are using ESXi.
n us — Percentage user time.
n sy — Percentage system time.
n id — Percentage idle time.
n wa — Percentage wait time.
n cs/sec — Context switches per second recorded by the service console.
ID Resource pool ID or virtual machine ID of the running world’s resource pool or virtual machine, or
world ID of running world.
GID Resource pool ID of the running world’s resource pool or virtual machine.
NAME Name of running world’s resource pool or virtual machine, or name of running world.
NWLD Number of members in running world’s resource pool or virtual machine. If a Group is expanded
using the interactive command e (see interactive commands), then NWLD for all the resulting worlds
is 1 (some resource pools like the console resource pool have only one member).
%STATE TIMES Set of CPU statistics made up of the following percentages. For a world, the percentages are a
percentage of one physical CPU core.
%USED Percentage of physical CPU core cycles used by the resource pool, virtual machine, or world. %USED
might depend on the frequency with which the CPU core is running. When running with lower CPU
core frequency, %USED can be smaller than %RUN. On CPUs which support turbo mode, CPU
frequency can also be higher than the nominal (rated) frequency, and %USED can be larger than
%RUN.
%SYS Percentage of time spent in the ESX/ESXi VMkernel on behalf of the resource pool, virtual machine,
or world to process interrupts and to perform other system activities. This time is part of the time used
to calculate %USED.
%WAIT Percentage of time the resource pool, virtual machine, or world spent in the blocked or busy wait state.
This percentage includes the percentage of time the resource pool, virtual machine, or world was idle.
%IDLE Percentage of time the resource pool, virtual machine, or world was idle. Subtract this percentage
from %WAIT to see the percentage of time the resource pool, virtual machine, or world was waiting
for some event. The difference, %WAIT- %IDLE, of the VCPU worlds can be used to estimate guest
I/O wait time. To find the VCPU worlds, use the single-key command e to expand a virtual machine
and search for the world NAME starting with "vcpu". (Note that the VCPU worlds might wait for
other events besides I/O events, so, this measurement is only an estimate.)
%RDY Percentage of time the resource pool, virtual machine, or world was ready to run, but was not be
provided CPU resources on which to execute.
%MLMTD (max Percentage of time the ESX/ESXi VMkernel deliberately did not run the resource pool, virtual machine,
limited) or world because doing so would violate the resource pool, virtual machine, or world's limit setting.
Because the resource pool, virtual machine, or world is ready to run when it is prevented from running
in this way, the %MLMTD (max limited) time is included in %RDY time.
%SWPWT Percentage of time a resource pool or world spends waiting for the ESX/ESXi VMkernel to swap
memory. The %SWPWT (swap wait) time is included in the %WAIT time.
EVENT COUNTS/s Set of CPU statistics made up of per second event rates. These statistics are for VMware internal use
only.
CPU ALLOC Set of CPU statistics made up of the following CPU allocation configuration parameters.
AMAX Resource pool, virtual machine, or world attribute Limit. A value of -1 means unlimited.
SUMMARY STATS Set of CPU statistics made up of the following CPU configuration parameters and statistics. These
statistics apply only to worlds and not to virtual machines or resource pools.
VMware, Inc. 83
vSphere Resource Management Guide
AFFINITY BIT Bit mask showing the current scheduling affinity for the world.
MASK
CPU The physical or logical processor on which the world was running when resxtop (or esxtop) obtained
this information.
HTQ Indicates whether the world is currently quarantined or not. N means no and Y means yes.
%OVRLP Percentage of system time spent during scheduling of a resource pool, virtual machine, or world on
behalf of a different resource pool, virtual machine, or world while the resource pool, virtual machine,
or world was scheduled. This time is not included in %SYS. For example, if virtual machine A is
currently being scheduled and a network packet for virtual machine B is processed by the ESX/ESXi
VMkernel, the time spent appears as %OVRLP for virtual machine A and %SYS for virtual machine
B.
%RUN Percentage of total time scheduled. This time does not account for hyperthreading and system time.
On a hyperthreading enabled server, the %RUN can be twice as large as %USED.
You can change the display using single-key commands as discussed in Table A-5.
U Sorts resource pools, virtual machines, and worlds by the resource pool’s or virtual machine’s %Used
column.
R Sorts resource pools, virtual machines, and worlds by the resource pool’s or virtual machine’s %RDY
column.
N Sorts resource pools, virtual machines, and worlds by the GID column. This is the default sort order.
Memory Panel
The Memory panel displays server-wide and group memory utilization statistics. As on the CPU panel, groups
correspond to resource pools, running virtual machines, or other worlds that are consuming memory.
The first line, found at the top of the Memory panel displays the current time, time since last reboot, number
of currently running worlds, and memory overcommitment averages. The memory overcommitment averages
over the past one, five, and fifteen minutes appear. Memory overcommitment of 1.00 means a memory
overcommit of 100 percent. See “Memory Overcommitment,” on page 24.
84 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
PMEM (MB) Displays the machine memory statistics for the server. All numbers are in megabytes.
VMKMEM (MB) Displays the machine memory statistics for the ESX/ESXi VMkernel. All numbers are in
megabytes.
COSMEM (MB) Displays the memory statistics as reported by the ESX service console. All numbers are in
megabytes. This field is not displayed if you are using ESXi.
NUMA (MB) Displays the ESX/ESXi NUMA statistics. This line appears only if the ESX/ESXi host is running
on a NUMA server. All numbers are in megabytes.
For each NUMA node in the server, two statistics are displayed:
n The total amount of machine memory in the NUMA node that is managed by ESX/ESXi.
n The amount of machine memory in the node that is currently free (in parentheses).
PSHARE (MB) Displays the ESX/ESXi page-sharing statistics. All numbers are in megabytes.
VMware, Inc. 85
vSphere Resource Management Guide
SWAP (MB) Displays the ESX/ESXi swap usage statistics. All numbers are in megabytes.
target Where the ESX/ESXi system expects the swap usage to be.
MEMCTL (MB) Displays the memory balloon statistics. All numbers are in megabytes.
AMAX Memory limit for this resource pool or virtual machine. A value of -1 means Unlimited.
NHN Current home node for the resource pool or virtual machine. This statistic is applicable only on
NUMA systems. If the virtual machine has no home node, a dash (-) is displayed.
NRMEM (MB) Current amount of remote memory allocated to the virtual machine or resource pool. This
statistic is applicable only on NUMA systems.
N% L Current percentage of memory allocated to the virtual machine or resource pool that is local.
MEMSZ (MB) Amount of physical memory allocated to a resource pool or virtual machine.
GRANT (MB) Amount of guest physical memory mapped to a resource pool or virtual machine. The
consumed host machine memory is equal to GRANT - SHRDSVD.
SZTGT (MB) Amount of machine memory the ESX/ESXi VMkernel wants to allocate to a resource pool or
virtual machine.
TCHD (MB) Working set estimate for the resource pool or virtual machine.
%ACTV Percentage of guest physical memory that is being referenced by the guest. This is an
instantaneous value.
%ACTVS Percentage of guest physical memory that is being referenced by the guest. This is a slow
moving average.
%ACTVF Percentage of guest physical memory that is being referenced by the guest. This is a fast moving
average.
%ACTVN Percentage of guest physical memory that is being referenced by the guest. This is an estimation.
(You might see this statistic displayed, but it is intended for VMware use only.)
MCTL? Memory balloon driver is installed or not. N means no, Y means yes.
MCTLSZ (MB) Amount of physical memory reclaimed from the resource pool by way of ballooning.
MCTLTGT (MB) Amount of physical memory the ESX/ESXi system attempts to reclaim from the resource pool
or virtual machine by way of ballooning.
MCTLMAX (MB) Maximum amount of physical memory the ESX/ESXi system can reclaim from the resource
pool or virtual machine by way of ballooning. This maximum depends on the guest operating
system type.
SWCUR (MB) Current swap usage by this resource pool or virtual machine.
86 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
SWTGT (MB) Target where the ESX/ESXi host expects the swap usage by the resource pool or virtual machine
to be.
SWR/s (MB) Rate at which the ESX/ESXi host swaps in memory from disk for the resource pool or virtual
machine.
SWW/s (MB) Rate at which the ESX/ESXi host swaps resource pool or virtual machine memory to disk.
ZERO (MB) Resource pool or virtual machine physical pages that are zeroed.
SHRD (MB) Resource pool or virtual machine physical pages that are shared.
SHRDSVD (MB) Machine pages that are saved because of resource pool or virtual machine shared pages.
OVHDMAX (MB) Maximum space overhead that might be incurred by resource pool or virtual machine.
OVHDUW (MB) Current space overhead for a user world. (You might see this statistic displayed, but it is
intended for VMware use only.)
GST_NDx (MB) Guest memory allocated for a resource pool on NUMA node x. This statistic is applicable on
NUMA systems only.
OVD_NDx (MB) VMM overhead memory allocated for a resource pool on NUMA node x. This statistic is
applicable on NUMA systems only.
Table A-7 displays the interactive commands you can use with the memory panel.
N Sort resource pools or virtual machines by GID column. This is the default sort order.
The Storage Adapter panel displays the information shown in Table A-8.
CID Storage adapter channel ID. This ID is visible only if the corresponding adapter is expanded. See the
interactive command e below.
TID Storage adapter channel target ID. This ID is visible only if the corresponding adapter and channel are
expanded. See the interactive commands e and a below.
LID Storage adapter channel target LUN ID. This ID is visible only if the corresponding adapter, channel
and target are expanded. See the interactive commands e, a, and t below.
VMware, Inc. 87
vSphere Resource Management Guide
AQLEN Storage adapter queue depth. Maximum number of ESX/ESXi VMkernel active commands that the
adapter driver is configured to support.
LQLEN LUN queue depth. Maximum number of ESX/ESXi VMkernel active commands that the LUN is allowed
to have.
%USD Percentage of queue depth (adapter, LUN or world) used by ESX/ESXi VMkernel active commands.
LOAD Ratio of ESX/ESXi VMkernel active commands plus ESX/ESXi VMkernel queued commands to queue
depth (adapter, LUN or world).
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active.
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued.
GAVG/cmd Average virtual machine operating system latency per command, in milliseconds.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation, in milliseconds.
GAVG/rd Average guest operating system read latency per read operation, in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation, in milliseconds.
GAVG/wr Average guest operating system write latency per write operation, in milliseconds.
PAECMD/s The number of PAE (Physical Address Extension) commands per second.
Table A-9 displays the interactive commands you can use with the storage adapter panel.
88 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
e Toggles whether storage adapter statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by individual channels belonging to an expanded
storage adapter. You are prompted for the adapter name.
P Toggles whether storage adapter statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by paths belonging to an expanded storage adapter.
Does not roll up to adapter statistics. You are prompted for the adapter name.
a Toggles whether storage channel statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by individual targets belonging to an expanded
storage channel. You are prompted for the adapter name and the channel ID. The channel adapter needs
to be expanded before the channel itself can be expanded.
t Toggles whether storage target statistics are displayed in expanded or unexpanded mode. Allows
viewing storage resource utilization statistics broken down by individual paths belonging to an
expanded storage target. You are prompted for the adapter name, the channel ID, and the target ID. The
target channel and adapter must be expanded before the target itself can be expanded.
r Sorts by READS/s column.
w Sorts by WRITES/s column.
R Sorts by MBREAD/s read column.
T Sorts by MBWRTN/s written column.
N Sorts first by ADAPTR column, then by CID column within each ADAPTR, then by TID column within
each CID, then by LID column within each TID, and finally by WID column within each LID. This is the
default sort order.
By default, the information is grouped per storage device. You can also group the statistics per path, per world,
or per partition.
PATH Path name. This name is visible only if the corresponding device is expanded to paths. See the interactive
command p below.
WORLD World ID. This ID is visible only if the corresponding device is expanded to worlds. See the interactive
command e below. The world statistics are per world per device.
PARTITION Partition ID. This ID is visible only if the corresponding device is expanded to partitions. See interactive
command t below.
DQLEN Storage device queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that
the device is configured to support.
VMware, Inc. 89
vSphere Resource Management Guide
WQLEN World queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that the
world is allowed to have. This is a per device maximum for the world. It is valid only if the corresponding
device is expanded to worlds.
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active. This statistic is applicable
only to worlds and devices.
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued. This statistic is applicable
only to worlds and devices.
%USD Percentage of the queue depth used by ESX/ESXi VMkernel active commands. This statistic is applicable
only to worlds and devices.
LOAD Ratio of ESX/ESXi VMkernel active commands plus ESX/ESXi VMkernel queued commands to queue
depth. This statistic is applicable only to worlds and devices.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation in milliseconds.
GAVG/rd Average guest operating system read latency per read operation in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation in milliseconds.
GAVG/wr Average guest operating system write latency per write operation in milliseconds.
PAECMD/s Number of PAE commands per second. This statistic is applicable only to paths.
PAECP/s Number of PAE copies per second. This statistic is applicable only to paths.
SPLTCMD/s Number of split commands per second. This statistic is applicable only to paths.
SPLTCP/s Number of split copies per second. This statistic is applicable only to paths.
Table A-11 displays the interactive commands you can use with the storage device panel.
90 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
e Expand or roll up storage world statistics. This command allows you to view storage resource utilization
statistics separated by individual worlds belonging to an expanded storage device. You are prompted for
the device name. The statistics are per world per device.
p Expand or roll up storage path statistics. This command allows you to view storage resource utilization
statistics separated by individual paths belonging to an expanded storage device. You are prompted for
the device name.
t Expand or roll up storage partition statistics. This command allows you to view storage resource
utilization statistics separated by individual partitions belonging to an expanded storage device. You are
prompted for the device name.
r Sort by READS/s column.
w Sort by WRITES/s column.
R Sort by MBREAD/s column.
T Sort by MBWRTN column.
N Sort first by DEVICE column, then by PATH, WORLD, and PARTITION column. This is the default sort
order.
L Changes the displayed length of the DEVICE column.
By default, statistics are aggregated on a per-resource-pool basis. One virtual machine has one corresponding
resource pool, so the panel really displays statistics on a per-virtual-machine basis. You can also view statistics
on a per-world, or a per-world-per-device basis.
ID Resource pool ID of the running world’s resource pool or the world ID of the running world.
NAME Name of running world’s resource pool or name of the running world.
Device Storage device name. This name is visible only if corresponding world is expanded to devices. See the
interactive command I below.
NDV The number of devices. This number is valid only if the corresponding resource pool is expanded to
worlds
SHARES Number of shares. This statistic is only applicable to worlds. It is valid only if the corresponding resource
pool is expanded to worlds
BLKSZ Block size in bytes. It is valid only if the corresponding world is expanded to devices.
NUMBLKS Number of blocks of the device. It is valid only if the corresponding world is expanded to devices.
DQLEN Storage device queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that
the device is configured to support. The displayed number is valid only if the corresponding world is
expanded to devices.
WQLEN World queue depth. This column displays the maximum number of ESX/ESXi VMkernel active
commands that the world is allowed to have. The number is valid only if the corresponding world is
expanded to devices. This is a per device maximum for the world.
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active. This number is applicable
only to worlds and devices.
VMware, Inc. 91
vSphere Resource Management Guide
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued. This number is applicable
only to worlds and devices.
%USD Percentage of queue depth used by ESX/ESXi VMkernel active commands. This number is applicable
only to worlds and devices.
LOAD Ratio of ESX/ESXi VMkernel active commands plus ESX/ESXi VMkernel queued commands to queue
depth. This number is applicable only to worlds and devices.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation in milliseconds.
GAVG/rd Average guest operating system read latency per read operation in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation in milliseconds.
GAVG/wr Average guest operating system write latency per write operation in milliseconds.
Table A-13 displays the interactive commands you can use with the virtual machine storage panel.
e Expand or roll up storage world statistics. Allows you to view storage resource utilization statistics
separated by individual worlds belonging to a group. You are prompted to enter the group ID. The
statistics are per world.
l Expand or roll up storage device, that is LUN, statistics. Allows you to view storage resource
utilization statistics separated by individual devices belonging to an expanded world. You are
prompted to enter the world ID.
V Display virtual machine instances only.
r Sort by READS/s column.
w Sort by WRITES/s column.
R Sort by MBREAD/s column.
T Sort by MBWRTN/s column.
92 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
N Sort first by virtual machine column, and then by WORLD column. This is the default sort order.
L Changes the displayed length of the NAME column.
Network Panel
The Network panel displays server-wide network utilization statistics.
Statistics are arranged by port for each virtual network device configured. For physical network adapter
statistics, see the row corresponding to the port to which the physical network adapter is connected. For
statistics on a virtual network adapter configured in a particular virtual machine, see the row corresponding
to the port to which the virtual network adapter is connected.
FDUPLX Y means the corresponding link is operating at full duplex. N means it is not.
DTYP Virtual network device type. H means HUB and S means switch.
TEAM-PNIC Name of the physical NIC used for the team uplink.
Table A-15 displays the interactive commands you can use with the network panel.
T Sorts by Mb Tx column.
R Sorts by Mb Rx column.
t Sorts by Packets Tx column.
r Sorts by Packets Rx column.
N Sorts by PORT-ID column. This is the default sort order.
L Changes the displayed length of the DNAME column.
VMware, Inc. 93
vSphere Resource Management Guide
Interrupt Panel
The interrupt panel displays information about the use of interrupt vectors.
COUNT/s Total number of interrupts per second. This value is cumulative of the count for every CPU.
DEVICES Devices that use the interrupt vector. If the interrupt vector is not enabled for the device, its name is
enclosed in angle brackets (< and >).
After you prepare for batch mode, you can use esxtop or resxtop in this mode.
Procedure
3 Save this configuration to a file (by default ~/.esxtop4rc) using the W interactive command.
Procedure
For example:
esxtop -b > my_file.csv
The filename must have a .csv extension. The utility does not enforce this, but the post-processing tools
require it.
2 Process statistics collected in batch mode using tools such as Microsoft Excel and Perfmon.
In batch mode, resxtop (or esxtop) does not accept interactive commands. In batch mode, the utility runs until
it produces the number of iterations requested (see command-line option n, below, for more details), or until
you end the process by pressing Ctrl+c.
94 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
a Show all statistics. This option overrides configuration file setups and shows all statistics. The
configuration file can be the default ~/.esxtop4rc configuration file or a user-defined configuration
file.
b Runs resxtop (or esxtop) in batch mode.
c <filename> Load a user-defined configuration file. If the -c option is not used, the default configuration filename
is ~/.esxtop4rc. Create your own configuration file, specifying a different filename, using the W single-
key interactive command.
d Specifies the delay between statistics snapshots. The default is five seconds. The minimum is two
seconds. If a delay of less than two seconds is specified, the delay is set to two seconds.
n Number of iterations. resxtop (or esxtop) collects and saves statistics this number of times, and
then exits.
server The name of the remote server host to connect to (required, resxtop only).
portnumber The port number to connect to on the remote server. The default port is 443, and unless this is changed
on the server, this option is not needed. (resxtop only)
username The user name to be authenticated when connecting to the remote host. You are prompted by the
remote server for a password, as well (resxtop only).
After you prepare for replay mode, you can use esxtop in this mode. See the vm-support man page.
In replay mode, esxtop accepts the same set of interactive commands as in interactive mode and runs until no
more snapshots are collected by vm-support to be read or until the requested number of iterations are
completed.
Procedure
2 Unzip and untar the resulting tar file so that esxtop can use it in replay mode.
You do not have to run replay mode on the ESX service console. Replay mode can be run to produce output
in the same style as batch mode (see the command-line option b, below).
Procedure
u To activate replay mode, enter the following at the command-line prompt.
esxtop -R <vm-support_dir_path>
VMware, Inc. 95
vSphere Resource Management Guide
Table A-18 lists the command-line options available for esxtop replay mode.
c<filename> Load a user-defined configuration file. If the -c option is not used, the default configuration
filename is ~/.esxtop4rc. Create your own configuration file and specify a different filename using
the W single-key interactive command.
d Specifies the delay between panel updates. The default is five seconds. The minimum is two
seconds. If a delay of less than two seconds is specified, the delay is set to two seconds.
n Number of iterations esxtop updates the display this number of times and then exits.
96 VMware, Inc.
Advanced Attributes B
You can set advanced attributes for hosts or individual virtual machines to help you customize resource
management.
In most cases, adjusting the basic resource allocation settings (reservation, limit, shares) or accepting default
settings results in appropriate resource allocation. However, you can use advanced attributes to customize
resource management for a host or a specific virtual machine.
CAUTION VMware recommends that only advanced users set advanced host attributes. In most cases, the
default settings produce the optimum result.
Procedure
4 In the Advanced Settings dialog box select the appropriate item (for example, CPU or Memory), and scroll
in the right panel to find and change the attribute.
CPU.MachineClearThreshold If you are using a host enabled for hyperthreading, set this value to 0 to disable
quarantining.
Power.CpuPolicy When you set this attribute to the default value of static, VMkernel does not
directly set CPU power management states and only responds to requests from
the BIOS. When you enable this policy (set to dynamic), VMkernel dynamically
selects appropriate power management states based on current usage. This can
save power without degrading performance. Enabling this option on systems that
do not support power management results in an error message.
VMware, Inc. 97
vSphere Resource Management Guide
Mem.CtlMaxPercent Limits the maximum amount of memory reclaimed from any virtual 65
machine using vmmemctl, based on a percentage of its configured
memory size. Specify 0 to disable reclamation using vmmemctl for
all virtual machines.
Mem.IdleTax Specifies the idle memory tax rate, as a percentage. This tax 75
effectively charges virtual machines more for idle memory than for
memory they are actively using. A tax rate of 0 percent defines an
allocation policy that ignores working sets and allocates memory
strictly based on shares. A high tax rate results in an allocation policy
that allows idle memory to be reallocated away from virtual
machines that are unproductively hoarding it.
Mem.AllocGuestLargePage Set this option to 1 to enable backing of guest large pages with host 1
large pages. Reduces TLB misses and improves performance in
server workloads that use guest large pages. 0=disable.
LPage.LPageAlwaysTryForNPT Set this option to 1 to enable always try to allocate large pages for 1
nested page tables (NPTs). 0= disable.
If you enable this option, all guest memory is backed with large
pages in machines that use nested page tables (for example, AMD
Barcelona). If NPT is not available, only some portion of guest
memory is backed with large pages.
98 VMware, Inc.
Appendix B Advanced Attributes
Numa.PageMigEnable If you set this option to 0, the system does not automatically 1
migrate pages between nodes to improve memory locality.
Page migration rates set manually are still in effect.
Numa.AutoMemAffinity If you set this option to 0, the system does not automatically 1
set memory affinity for virtual machines with CPU affinity
set.
VMkernel.Boot.sharePerNode Controls whether memory pages can be shared (de- True (selected)
duplicated) only within a single NUMA node or across
multiple NUMA nodes.
Unlike the other NUMA options, this option appears under
"VMkernel" in the Advanced Settings dialog box. This is
because, unlike the other NUMA options shown here which
can be changed while the system is running,
VMkernel.Boot.sharePerNode is a boot-time option that only
takes effect after a reboot.
Procedure
1 Select the virtual machine in the vSphere Client inventory panel, and select Edit Settings from the right-
click menu.
VMware, Inc. 99
vSphere Resource Management Guide
4 In the dialog box that appears, click Add Row to enter a new parameter and its value.
sched.mem.maxmemctl Maximum amount of memory reclaimed from the selected virtual machine by
ballooning, in megabytes (MB). If the ESX/ESXi host needs to reclaim additional
memory, it is forced to swap. Swapping is less desirable than ballooning.
sched.swap.persist Specifies whether the virtual machine’s swap files should persist or be deleted when
the virtual machine is powered off. By default, the system creates the swap file for a
virtual machine when the virtual machine is powered on, and deletes the swap file
when the virtual machine is powered off.
sched.swap.dir VMFS directory location of the virtual machine's swap file. Defaults to the virtual
machine's working directory, that is, the VMFS directory that contains its configuration
file. This directory must remain on a host that is accessible to the virtual machine. If
you move the virtual machine (or any clones created from it), you might need to reset
this attribute.
A D
admission control DPM
CPU 21 and admission control 14
resource pools 39 automation level 63
with expandable resource pools 40 enabling 62
advanced attributes Last Time Exited Standby 63
CPU 97 monitoring 64
hosts 97 overrides 63
memory 98 threshold 63
NUMA 99 DRS
virtual machines 99 disabling 50
alarms 64 fully automated 48
AMD Opteron-based systems 47, 71, 74, 99 group power on 44
applications information 66
CPU-bound 16 initial placement 43, 44
single-threaded 16 load balancing 43
automation modes, virtual machines 49 manual 48
migration 43
B migration recommendations 46
ballooning, memory 29
partially automated 48
Baseboard Management Controller (BMC) 61
single virtual machine power on 44
batch mode
virtual machine migration 45
command-line options 94
VMotion network 47
preparing for 94
DRS actions, history 67
DRS Cluster Summary tab 65
C
CPU DRS clusters
admission control 21 adding managed hosts 53
advanced attributes 97 adding unmanaged hosts 54
managing allocation 15, 16 as resource providers 7
overcommitment 15 creating 48
CPU affinity general information 65
hyperthreading 18 managing resources with 51
NUMA nodes 76 prerequisites 47
potential issues 21 processor compatibility 47
CPU panel shared storage 47
esxtop 82
shared VMFS volume 47
resxtop 82
validity 56
CPU power efficiency 22
viewing information 65
CPU virtualization
DRS faults 67
hardware-assisted 16
DRS migration threshold 46
software-based 15
DRS recommendations
CPU-bound applications 16
priority 67
CPU.MachineClearThreshold 20, 97
reasons 67
custom automation mode 49
DRS Resource Distribution Chart 66
memory P
advanced attributes 98 page migration, NUMA 73
balloon driver 29 parent resource pool 35
managing allocation 23, 26 partially automated DRS 48
overcommitment 24, 31 performance, CPU-bound applications 16
overhead 23 performance monitoring 79
overhead, understanding 27 physical memory usage 27
reclaiming unused 29 physical processors 17
service console 23 power on, single virtual machine 44
sharing 24 Power.CpuPolicy 22, 97
sharing across virtual machines 32 processor-specific behavior 16
virtual machines 29
virtualization 23 Q
memory affinity, NUMA nodes 76 quarantining, hyperthreading 20
memory idle tax 29
memory usage 33 R
memory virtualization red DRS clusters 59
hardware-assisted 25 replay mode
software-based 25 command-line options 96
migration recommendations 46 preparing for 95
monitoring software 64 reservation 10
multicore processors 17 resource allocation settings
changing 11
N limit 10
NUMA reservation 10
advanced attributes 99 shares 9
AMD Opteron-based systems 74 suggestions 10
CPU affinity 76 resource consumers 8
description 71 resource management
dynamic load balancing 73 customizing 97
home nodes 73 defined 7
home nodes and initial placement 73 goals 8
IBM Enterprise X-Architecture 74 information 11
manual controls 75 resource pools
memory page sharing 73 adding virtual machines 38
optimization algorithms 73 admission control 39
page migration 73 advantages 36
scheduling 72 attributes 37
supported architectures 74 changing attributes of 38
transparent page sharing 73 creating 37, 38
Numa.AutoMemAffinity 99 grafted 53, 54
Numa.MigImbalanceThreshold 99 parent 35
Numa.PageMigEnable 99 removing virtual machines 39
Numa.RebalanceCoresNode 99 root resource pool 35
Numa.RebalanceCoresTotal 99 siblings 35
Numa.RebalanceEnable 99 resource providers 7
Numa.RebalancePeriod 99 resource types 7
resxtop
O batch mode 94
Opteron 74 common statistics description 81
overcommitted DRS clusters 58 CPU panel 82
overhead memory 23 interactive mode 80
V Y
valid DRS clusters 57 yellow DRS clusters 58
EN-000108-00
vSphere Availability Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Index 49
VMware, Inc. 3
vSphere Availability Guide
4 VMware, Inc.
About This Book
The vSphere Availability Guide contains information about using solutions that provide business continuity,
®
including how to establish VMware High Availability (HA) and VMware Fault Tolerance.
Intended Audience
This book is for anyone who wants to provide business continuity through the VMware High Availability and
Fault Tolerance solutions. The information in this book is for experienced Windows or Linux system
administrators who are familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
vSphere Documentation
®
The vSphere documentation consists of the combined VMware vCenter Server and ESX/ESXi documentation
® ®
set. The vSphere Availability Guide covers ESX , ESXi, and vCenter Server.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
VMware, Inc. 5
vSphere Availability Guide
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
Business Continuity and Minimizing
Downtime 1
Downtime, whether planned or unplanned, brings with it considerable costs. However, solutions to ensure
higher levels of availability have traditionally been costly, hard to implement, and difficult to manage.
VMware software makes it simpler and less expensive to provide higher levels of availability for important
applications. With vSphere, organizations can easily increase the baseline level of availability provided for all
applications as well as provide higher levels of availability more easily and cost effectively. With vSphere, you
can:
n Provide higher availability independent of hardware, operating system, and applications.
n Eliminate planned downtime for common maintenance operations.
n Provide automatic restart in cases of failure.
vSphere makes it possible to reduce planned downtime, prevent unplanned downtime, and recover rapidly
from outages.
vSphere makes it possible for organizations to dramatically reduce planned downtime. Because workloads in
a vSphere environment can be dynamically moved to different physical servers without downtime or service
interruption, server maintenance can be performed without requiring application and service downtime. With
vSphere organizations can:
n Eliminate downtime for common maintenance operations.
n Eliminate planned maintenance windows.
n Perform maintenance at any time without disrupting users and services.
VMware, Inc. 7
vSphere Availability Guide
®
The VMotion and Storage VMotion functionality in vSphere makes it possible for organizations to
dramatically reduce planned downtime because workloads in a VMware environment can be dynamically
moved to different physical servers or to different underlying storage without service interruption.
Administrators can perform faster and completely transparent maintenance operations, without being forced
to schedule inconvenient maintenance windows.
These vSphere capabilities are part of virtual infrastructure and are transparent to the operating system and
applications running in virtual machines. These features can be configured and utilized by all the virtual
machines on a physical system, reducing the cost and complexity of providing higher availability. Key fault-
tolerance capabilities are built into vSphere:
n Shared storage. Eliminate single points of failure by storing virtual machine files on shared storage, such
as Fibre Channel or iSCSI SAN, or NAS. The use of SAN mirroring and replication features can be used
to keep updated copies of virtual disk at disaster recovery sites.
n Network interface teaming. Provide tolerance of individual network card failures.
n Storage multipathing. Tolerate storage path failures.
In addition to these capabilities, the VMware HA and Fault Tolerance features can minimize or eliminate
unplanned downtime by providing rapid recovery from outages and continuous availability, respectively.
Unlike other clustering solutions, VMware HA provides the infrastructure to protect all workloads with the
infrastructure:
n No special software needs to be installed within the application or virtual machine. All workloads are
protected by VMware HA. After VMware HA is configured, no actions are required to protect new virtual
machines. They are automatically protected.
n VMware HA can be combined with VMware Distributed Resource Scheduler (DRS) not only to protect
against failures but also to provide load balancing across the hosts within a cluster.
8 VMware, Inc.
Chapter 1 Business Continuity and Minimizing Downtime
Minimal setup After a VMware HA cluster is set up, all virtual machines in the cluster get
failover support without additional configuration.
Reduced hardware cost The virtual machine acts as a portable container for the applications and it can
and setup be moved among hosts. Administrators avoid duplicate configurations on
multiple machines. When you use VMware HA, you must have sufficient
resources to fail over the number of hosts you want to protect with VMware
HA. However, the vCenter Server system automatically manages resources
and configures clusters.
Increased application Any application running inside a virtual machine has access to increased
availability availability. Because the virtual machine can recover from hardware failure, all
applications that start at boot have increased availability without increased
computing needs, even if the application is not itself a clustered application.
By monitoring and responding to VMware Tools heartbeats and resetting non-
responsive virtual machines, it also protects against guest operating system
crashes.
DRS and VMotion If a host fails and virtual machines are restarted on other hosts, DRS can provide
integration migration recommendations or migrate virtual machines for balanced resource
allocation. If one or both of the source and destination hosts of a migration fail,
VMware HA can help recover from that failure.
Fault Tolerance uses the VMware vLockstep technology on the ESX/ESXi host platform to provide continuous
availability. This is done by ensuring that the states of the Primary and Secondary VMs are identical at any
point in the instruction execution of the virtual machine. vLockstep accomplishes this by having the Primary
and Secondary VMs execute identical sequences of x86 instructions. The Primary VM captures all inputs and
events -- from the processor to virtual I/O devices -- and replays them on the Secondary VM. The Secondary
VM executes the same series of instructions as the Primary VM, while only a single virtual machine image (the
Primary VM) is seen executing the workload.
If either the host running the Primary VM or the host running the Secondary VM fails, a transparent failover
occurs whereby the host that is still functioning seamlessly becomes the host of the Primary VM. With
transparent failover, there is no data loss and network connections are maintained. After a transparent failover
occurs, a new Secondary VM is automatically respawned and redundancy is re-established. The entire process
is transparent and fully automated and occurs even if vCenter Server is unavailable.
VMware, Inc. 9
vSphere Availability Guide
applications applications
client
RECORD REPLAY
Nondeterministic events Nondeterministic events
• Input (network, user), • Result = repeatable
asynchronous I/O (disk, virtual machine execution
devices) CPU timer
events
10 VMware, Inc.
Creating and Using VMware HA
Clusters 2
VMware HA clusters enable a collection of ESX/ESXi hosts to work together so that, as a group, they provide
higher levels of availability for virtual machines than each ESX/ESXi host could provide individually. When
you plan the creation and usage of a new VMware HA cluster, the options you select affect the way that cluster
responds to failures of hosts or virtual machines.
Before creating a VMware HA cluster, you should be aware of how VMware HA identifies host failures and
isolation and responds to these situations. You also should know how admission control works so that you
can choose the policy that best fits your failover needs. After a cluster has been established, you can customize
its behavior with advanced attributes and optimize its performance by following recommended best practices.
Any host that joins the cluster must communicate with an existing primary host to complete its configuration
(except when you are adding the first host to the cluster). At least one primary host must be functional for
VMware HA to operate correctly. If all primary hosts are unavailable (not responding), no hosts can be
successfully configured for VMware HA.
VMware, Inc. 11
vSphere Availability Guide
One of the primary hosts is also designated as the active primary host and its responsibilities include:
n Deciding where to restart virtual machines.
n Keeping track of failed restart attempts.
n Determining when it is appropriate to keep trying to restart a virtual machine.
If the active primary host fails, another primary host replaces it.
NOTE In the event of a host failure, VMware HA does not fail over any virtual machines to a host that is in
maintenance mode, because such a host is not considered when VMware HA computes the current failover
level. When a host exits maintenance mode, the VMware HA service is reenabled on that host, so it becomes
available for failover again.
Host network isolation occurs when a host is still running, but it can no longer communicate with other hosts
in the cluster. With default settings, if a host stops receiving heartbeats from all other hosts in the cluster for
more than 12 seconds, it attempts to ping its isolation addresses. If this also fails, the host declares itself as
isolated from the network.
When the isolated host's network connection is not restored for 15 seconds or longer, the other hosts in the
cluster treat it as failed and attempt to fail over its virtual machines. However, when an isolated host retains
access to the shared storage it also retains the disk lock on virtual machine files. To avoid potential data
corruption, VMFS disk locking prevents simultaneous write operations to the virtual machine disk files and
attempts to fail over the isolated host's virtual machines fail. By default, the isolated host leaves its virtual
machines powered on, but you can change the host isolation response to Shut Down VM or Power Off VM. See
“Virtual Machine Options,” on page 22.
NOTE If you ensure that your network infrastructure is sufficiently redundant and that at least one network
path is available at all times, host network isolation should be a rare occurrence.
When VMware HA performs failover and restarts virtual machines on different hosts, its first priority is the
immediate availability of all virtual machines. After the virtual machines have been restarted, those hosts on
which they were powered on might be heavily loaded, while other hosts are comparatively lightly loaded.
VMware HA uses the CPU and memory reservation to determine failover, while the actual usage might be
higher.
In a cluster using DRS and VMware HA with admission control turned on, virtual machines might not be
evacuated from hosts entering maintenance mode. This is because of the resources reserved to maintain the
failover level. You must manually migrate the virtual machines off of the hosts using VMotion.
12 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
When VMware HA admission control is disabled, failover resource constraints are not passed on to DRS and
VMware Distributed Power Management (DPM). The constraints are not enforced.
n DRS does evacuate virtual machines from hosts and place the hosts in maintenance mode or standby mode
regardless of the impact this might have on failover requirements.
n VMware DPM does power off hosts (place them in standby mode) even if doing so violates failover
requirements.
Host Ensures that a host has sufficient resources to satisfy the reservations of all
virtual machines running on it.
Resource pool Ensures that a resource pool has sufficient resources to satisfy the reservations,
shares, and limits of all virtual machines associated with it.
VMware HA Ensures that sufficient resources in the cluster are reserved for virtual machine
recovery in the event of host failure.
Admission control imposes constraints on resource usage and any action that would violate these constraints
is not permitted. Examples of actions that could be disallowed include:
n Powering on a virtual machine.
n Migrating a virtual machine onto a host or into a cluster or resource pool.
n Increasing the CPU or memory reservation of a virtual machine.
Of the three types of admission control, only VMware HA admission control can be disabled. However, without
it there is no assurance that all virtual machines in the cluster can be restarted after a host failure. VMware
recommends that you do not disable admission control, but you might need to do so temporarily, for the
following reasons:
n If you need to violate the failover constraints when there are not enough resources to support them (for
example, if you are placing hosts in standby mode to test them for use with DPM).
n If an automated process needs to take actions that might temporarily violate the failover constraints (for
example, as part of an upgrade directed by VMware Update Manager).
n If you need to perform testing or maintenance operations.
With the Host Failures Cluster Tolerates policy, VMware HA performs admission control in the following way:
A slot is a logical representation of the memory and CPU resources that satisfy the requirements for any
powered-on virtual machine in the cluster.
2 Determines how many slots each host in the cluster can hold.
VMware, Inc. 13
vSphere Availability Guide
This is the number of hosts that can fail and still leave enough slots to satisfy all of the powered-on virtual
machines.
4 Determines whether the Current Failover Capacity is less than the Configured Failover Capacity (provided
by the user).
NOTE The maximum Configured Failover Capacity that you can set is four. Each cluster has up to five primary
hosts and if all fail simultaneously, failover of all hosts might not be successful.
If your cluster contains any virtual machines that have much larger reservations than the others, they will
distort slot size calculation. To avoid this, you can specify an upper bound for the CPU or memory component
of the slot size by using the das.slotCpuInMHz or das.slotMemInMB advanced attributes, respectively.
When using these advanced attributes, there is a risk of resource fragmentation where virtual machines larger
than the slot size are assigned multiple slots. In a cluster that is close to capacity, there might be enough slots
in aggregate for a virtual machine to be failed over. However, those slots could be located on multiple hosts
and are unusable by a virtual machine assigned multiple slots because a virtual machine can run on only a
single ESX/ESXi host at a time.
The maximum number of slots that each host can support is then determined. To do this, the host’s CPU
resource amount is divided by the CPU component of the slot size and the result is rounded down. The same
calculation is made for the host's memory resource amount. These two numbers are compared and the lower
is the number of slots that the host can support.
The Current Failover Capacity is computed by determining how many hosts (starting from the largest) can fail
and still leave enough slots to satisfy the requirements of all powered-on virtual machines.
14 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
n Available slots. The number of slots available to power on additional virtual machines in the cluster.
VMware HA automatically reserves the required number of slots for failover. The remaining slots are
available to power on new virtual machines.
n Total powered on VMs in cluster.
n Total hosts in cluster.
n Total good hosts in cluster. The number of hosts that are connected, not in maintenance mode, and have
no VMware HA errors.
VMware, Inc. 15
vSphere Availability Guide
Example 2-1. Admission Control Using Host Failures Cluster Tolerates Policy
The way that slot size is calculated and utilized with this admission control policy can be shown with an
example. Make the following assumptions about a cluster:
n The cluster is comprised of three hosts, each with a different amount of available CPU and memory
resources. The first host (H1) has 9GHz of available CPU resources and 9GB of available memory, while
Host 2 (H2) has 9GHz and 6GB and Host 3 (H3) has 6GHz and 6GB.
n There are five powered-on virtual machines in the cluster with differing CPU and memory requirements.
VM1 needs 2GHz of CPU resources and 1GB of memory, while VM2 needs 2GHz and 1GB, VM3 needs
1GHz and 2GB, VM4 needs 1GHz and 1GB, and VM5 needs 1GHz and 1GB.
n The Host Failures Cluster Tolerates is set to one.
Figure 2-1. Admission Control Example with Host Failures Cluster Tolerates Policy
VM1 VM2 VM3 VM4 VM5
2GHz 2GHz 1GHz 1GHz 1GHz
1GB 1GB 2GB 1GB 1GB
slot size
2GHz, 2GB
H1 H2 H3
9GHz 9GHz 6GHz
9GB 6GB 6GB
6 slots remaining
if H1 fails
1 Slot size is calculated by comparing both the CPU and memory requirements of the virtual machines and
selecting the largest.
The largest CPU requirement (shared by VM1 and VM2) is 2GHz, while the largest memory requirement
(for VM3) is 2GB. Based on this, the slot size is 2GHz CPU and 2GB memory.
H1 can support four slots. H2 can support three slots (which is the smaller of 9GHz/2GHz and 6GB/2GB)
and H3 can also support three.
The largest host is H1 and if it fails, six slots remain in the cluster, which is sufficient for all five of the
powered-on virtual machines. If both H1 and H2 fail, only three slots remain, which is insufficient.
Therefore, the Current Failover Capacity is one.
The cluster has one available slot (the six slots on H2 and H3 minus the five used slots). VMware HA admission
control allows you to power on one additional virtual machine (that does not exceed the slot size).
16 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
With the Percentage of Cluster Resources Reserved admission control policy, VMware HA ensures that a
specified percentage of aggregate cluster resources is reserved for failover.
With the Cluster Resources Reserved policy, VMware HA performs admission control.
1 Calculates the total resource requirements for all powered-on virtual machines in the cluster.
3 Calculates the Current CPU Failover Capacity and Current Memory Failover Capacity for the cluster.
4 Determines if either the Current CPU Failover Capacity or Current Memory Failover Capacity is less than
the Configured Failover Capacity (provided by the user).
It uses the actual reservations of the virtual machines. If a virtual machine does not have reservations, meaning
that the reservation is 0, a default of 0MB memory and 256MHz CPU is applied. This is controlled by the same
HA advanced options used for the failover level policy.
The total host resources available for virtual machines is calculated by summing the hosts' CPU and memory
resources. These amounts are those contained in the host's root resource pool, not the total physical resources
of the host. Resources being used for virtualization purposes are not included. Only hosts that are connected,
not in maintenance mode, and have no VMware HA errors are considered.
The Current CPU Failover Capacity is computed by subtracting the total CPU resource requirements from the
total host CPU resources and dividing the result by the total host CPU resources. The Current Memory Failover
Capacity is calculated similarly.
VMware, Inc. 17
vSphere Availability Guide
Example 2-2. Admission Control Using Percentage of Cluster Resources Reserved Policy
The way that Current Failover Capacity is calculated and utilized with this admission control policy can be
shown with an example. Make the following assumptions about a cluster:
n The cluster is comprised of three hosts, each with a different amount of available CPU and memory
resources. The first host (H1) has 9GHz of available CPU resources and 9GB of available memory, while
Host 2 (H2) has 9GHz and 6GB and Host 3 (H3) has 6GHz and 6GB.
n There are five powered-on virtual machines in the cluster with differing CPU and memory requirements.
VM1 needs 2GHz of CPU resources and 1GB of memory, while VM2 needs 2GHz and 1GB, VM3 needs
1GHz and 2GB, VM4 needs 1GHz and 1GB, and VM5 needs 1GHz and 1GB.
n The Configured Failover Capacity is set to 25%.
Figure 2-2. Admission Control Example with Percentage of Cluster Resources Reserved Policy
VM1 VM2 VM3 VM4 VM5
2GHz 2GHz 1GHz 1GHz 1GHz
1GB 1GB 2GB 1GB 1GB
total resource requirements
7GHz, 6GB
H1 H2 H3
9GHz 9GHz 6GHz
9GB 6GB 6GB
The total resource requirements for the powered-on virtual machines is 7GHz and 6GB. The total host resources
available for virtual machines is 24GHz and 21GB. Based on this, the Current CPU Failover Capacity is 70%
((24GHz - 7GHz)/24GHz). Similarly, the Current Memory Failover Capacity is 71% ((21GB-6GB)/21GB).
Because the cluster's Configured Failover Capacity is set to 25%, 45% of the cluster's total CPU resources and
46% of the cluster's memory resources are still available to power on additional virtual machines.
With the Specify a Failover Host admission control policy, when a host fails, VMware HA attempts to restart
its virtual machines on a specified failover host. If this is not possible, for example the failover host itself has
failed or it has insufficient resources, then VMware HA attempts to restart those virtual machines on another
host in the cluster.
To ensure that spare capacity is available on the failover host, you are prevented from powering on virtual
machines or using VMotion to migrate virtual machines to the failover host. Also, DRS does not use the failover
host for load balancing.
18 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
The Current Failover Host is displayed in the VMware HA section of the cluster's Summary tab in the vSphere
Client. The status icon next to the host can be green, yellow, or red.
n Green. The host is connected, not in maintenance mode, and has no VMware HA errors. Also, no powered-
on virtual machines reside on the host.
n Yellow. The host is connected, not in maintenance mode, and has no VMware HA errors. However,
powered-on virtual machines reside on the host.
n Red. The host is disconnected, in maintenance mode, or has VMware HA errors.
When choosing an admission control policy, you should consider a number of factors.
Heterogeneity of Cluster
Clusters can be heterogeneous in terms of virtual machine resource reservations and host total resource
capacities. In a heterogeneous cluster, the Host Failures Cluster Tolerates policy can be too conservative
because it only considers the largest virtual machine reservations when defining slot size and assumes the
largest hosts fail when computing the Current Failover Capacity. The other two admission control policies are
not affected by cluster heterogeneity.
When you create a VMware HA cluster, you must configure a number of settings that determine how the
feature works. Before you do this, first identify your cluster's nodes. These are the ESX/ESXi hosts that will
provide the resources to support virtual machines and that VMware HA will use for failover protection. Then
you should determine how those nodes are to be connected to one another and to the shared storage where
your virtual machine data resides. After that networking architecture is in place, you can add the hosts to the
cluster and finish configuring VMware HA.
VMware, Inc. 19
vSphere Availability Guide
You can enable and configure VMware HA before you add host nodes to the cluster. However, until the hosts
are added your cluster is not fully operational and some of the cluster settings are unavailable. For example,
the Specify a Failover Host admission control policy is unavailable until there is a host that can be designated
as the failover host.
NOTE The Virtual Machine Startup and Shutdown (automatic startup) feature is disabled for all virtual
machines residing on hosts that are in (or moved into) a VMware HA cluster. VMware recommends that you
do not manually re-enable this setting for any of the virtual machines. Doing so could interfere with the actions
of cluster features such as VMware HA or Fault Tolerance.
Connect vSphere Client to vCenter Server using an account with cluster administrator permissions.
Prerequisites
All virtual machines and their configuration files must reside on shared storage. So that you can power on the
virtual machines using different hosts in the cluster, the hosts must be configured to access that shared storage.
Each host in a VMware HA cluster must have a host name assigned and a static IP address associated with
each of the virtual NICs.
For information about setting up network redundancy, see “Network Path Redundancy,” on page 28.
Procedure
2 Right-click the Datacenter in the Inventory tree and click New Cluster.
5 Based on your plan for the resources and networking architecture of the cluster, use the vSphere Client
to add hosts to the cluster.
The cluster's Settings dialog box is where you can modify the VMware HA (and other) settings for the
cluster.
20 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
Cluster Features
The first panel in the New Cluster wizard allows you to specify basic options for the cluster.
In this panel you can specify the cluster name and choose one or both cluster features.
Name Specifies the name of the cluster. This name appears in the vSphere Client
inventory panel. You must specify a name to continue with cluster creation.
Turn On VMware HA If this check box is selected, virtual machines are restarted on another host in
the cluster if a host fails. You must turn on VMware HA to enable VMware
Fault Tolerance on any virtual machine in the cluster.
Turn On VMware DRS If this check box is selected, DRS balances the load of virtual machines across
the cluster. DRS also places and migrates virtual machines when they are
protected with HA.
If Enable Host Monitoring is selected, each ESX/ESXi host in the cluster is checked to ensure it is running. If
a host failure occurs, virtual machines are restarted on another host. Host Monitoring is also required for the
VMware Fault Tolerance recovery process to work properly.
If you need to perform network maintenance that might trigger host isolation responses, VMware recommends
that you first suspend VMware HA by disabling Host Monitoring. After the maintenance is complete, reenable
Host Monitoring.
Prevent VMs from being Enables admission control and enforces availability constraints and preserves
powered on if they failover capacity. Any operation on a virtual machine that decreases the
violate availability unreserved resources in the cluster and violates availability constraints is not
constraints permitted.
Allow VMs to be powered Disables admission control. If you select this option, virtual machines can, for
on even if they violate example, be powered on even if that causes insufficient failover capacity. When
availability constraints this is done, no warnings are presented, and the cluster does not turn red. If a
cluster has insufficient failover capacity, VMware HA can still perform
failovers and it uses the VM Restart Priority setting to determine which virtual
machines to power on first.
VMware, Inc. 21
vSphere Availability Guide
NOTE See “Choosing an Admission Control Policy,” on page 19 for more information about how VMware HA
admission control works.
VM Restart Priority
VM restart priority determines the relative order in which virtual machines are restarted after a host failure.
Such virtual machines are restarted sequentially on new hosts, with the highest priority virtual machines first
and continuing to those with lower priority until all virtual machines are restarted or no more cluster resources
are available. If the number of hosts failures or virtual machines restarts exceeds what admission control
permits, the virtual machines with lower priority might not be restarted until more resources become available.
Virtual machines are restarted on the failover host, if one is specified, or on the host with the highest percentage
of available resources.
The values for this setting are: Disabled, Low, Medium (the default), and High. If Disabled is selected, VMware
HA is disabled for the virtual machine, meaning that it is not restarted on other ESX/ESXi hosts if its ESX/ESXi
host fails. If Disabled is selected, this does not affect virtual machine monitoring, which means that if a virtual
machine fails on a host that is functioning properly, that virtual machine is reset on that same host. You can
change this property for individual virtual machines.
The restart priority settings for virtual machines vary depending on user needs. VMware recommends that
you assign higher restart priority to the virtual machines that provide the most important services.
For example, in the case of a multitier application you might rank assignments according to functions hosted
on the virtual machines.
n High. Database servers that will provide data for applications.
n Medium. Application servers that consume data in the database and provide results on web pages.
n Low. Web servers that receive user requests, pass queries to application servers, and return results to
users.
22 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
To use the Shut down VM setting, you must install VMware Tools in the guest operating system of the virtual
machine. Shutting down the virtual machine provides the advantage of preserving its state. This is better than
powering it off, which does not flush most recent changes to disk or commit transactions. Virtual machines
that are shut down will take longer to fail over while the shutdown completes. Virtual Machines that have not
shut down in 300 seconds, or the time specified in the advanced attribute das.isolationShutdownTimeout
seconds, are powered off.
NOTE After you create a VMware HA cluster, you can override the default cluster settings for Restart Priority
and Isolation Response for specific virtual machines. Such overrides are useful for virtual machines that are
used for special tasks. For example, virtual machines that provide infrastructure services like DNS or DHCP
might need to be powered on before other virtual machines in the cluster.
VM Monitoring
VM Monitoring restarts individual virtual machines if their VMware Tools heartbeats are not received within
a set time. You can configure the degree to which VMware HA is sensitive to such non-responsiveness.
If you select Enable VM Monitoring, the VM Monitoring service (using VMware Tools) evaluates whether
each virtual machine in the cluster is running by checking for regular heartbeats from the VMware Tools
process running inside the guest. If no heartbeats are received, this is most likely because the guest operating
system has failed or VMware Tools is not being allocated any time to complete tasks. In such a case, the VM
Monitoring service determines that the virtual machine has failed and the virtual machine is rebooted to restore
service.
You can also configure the level of monitoring sensitivity. Highly sensitive monitoring results in a more rapid
conclusion that a failure has occurred. While unlikely, highly sensitive monitoring might lead to falsely
identifying failures when the virtual machine in question is actually still working, but heartbeats have not been
received due to factors such as resource constraints. Low sensitivity monitoring results in longer interruptions
in service between actual failures and virtual machines being reset. Select an option that is an effective
compromise for your needs.
After failures are detected, VMware HA resets virtual machines. This helps ensure that services remain
available. To avoid resetting virtual machines repeatedly for nontransient errors, by default virtual machines
will be reset only three times during a certain configurable time interval. After virtual machines have been
reset three times, VMware HA makes no further attempts to reset the virtual machines after any subsequent
failures until after the specified time has elapsed. You can configure the number of resets using the Maximum
per-VM resets custom setting.
Occasionally, virtual machines that are still functioning properly stop sending heartbeats. To avoid
unnecessarily resetting such virtual machines, the VM Monitoring service also monitors a virtual machine's I/
O activity. If no heartbeats are received within the failure interval, the I/O stats interval (a cluster-level attribute)
is checked. The I/O stats interval determines if any disk or network activity has occurred for the virtual machine
during the previous two minutes (120 seconds). If not, the virtual machine is reset. This default value (120
seconds) can be changed using the advanced attribute das.iostatsInterval.
NOTE The VM Monitoring settings cannot be configured though advanced attributes. Modify settings in the
VM Monitoring page of the cluster’s Settings dialog box.
The default settings for VM Monitoring sensitivity are described in the table.
High 30 1 hour
Medium 60 24 hours
VMware, Inc. 23
vSphere Availability Guide
You can specify custom values for both VM Monitoring sensitivity and the I/O stats interval, as described in
“Customizing VMware HA Behavior,” on page 24.
This section guides you through setting advanced attributes for VMware HA and lists a few attributes you
might want to set. Because these attributes affect the functioning of HA, change them with caution. Review
the advanced settings you can use to optimize the VMware HA clusters in your environment.
das.failuredetectiontime Changes the default failure detection time for host monitoring.
The default is 15000 milliseconds (15 seconds). This is the time
period, when a host has received no heartbeats from another
host, that it waits before declaring that host as failed.
das.defaultfailoverhost Defines the host that VMware HA tries to fail virtual machines
over to. Use this option only if the VMware HA admission
control policy is failover level or cluster resource percentage.
If this option is used with the failover host admission control
policy, it takes precedence over the failover host named in the
policy. You can define only one failover host.
das.isolationShutdownTimeout The period of time the system waits for a virtual machine to
shut down before powering it off. This only applies if the host's
isolation response is Shut down VM. Default value is 300
seconds.
das.slotMemInMB Defines the maximum bound on the memory slot size. If this
option is used, the slot size is the smaller of this value or the
maximum memory reservation plus memory overhead of any
powered-on virtual machine in the cluster.
das.slotCpuInMHz Defines the maximum bound on the CPU slot size. If this
option is used, the slot size is the smaller of this value or the
maximum CPU reservation of any powered-on virtual
machine in the cluster.
24 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
NOTE If you change the value of any of the following advanced attributes, you must disable and then re-enable
VMware HA before your changes take effect.
n das.isolationaddress[...]
n das.usedefaultisolationaddress
n das.failuredetectiontime
n das.failuredetectioninterval
n das.isolationShutdownTimeout
Prerequisites
Procedure
2 Click the Advanced Options button to open the Advanced Options (HA) dialog box.
3 Enter each advanced attribute you want to change in a text box in the Option column and enter a value
in the Value column.
4 Click OK.
Procedure
1 Select the cluster and select Edit Settings from the right-click menu.
3 In the Virtual Machine Settings pane, select a virtual machine and customize its VM Restart Priority or
Host Isolation Response setting.
VMware, Inc. 25
vSphere Availability Guide
5 In the Virtual Machine Settings pane, select a virtual machine and customize its VM Monitoring setting.
6 Click OK.
The virtual machine’s behavior now differs from the cluster defaults for each setting you changed.
A cluster enabled for VMware HA becomes invalid (red) when the number of virtual machines powered on
exceeds the failover requirements, that is, the current failover capacity is smaller than configured failover
capacity. If admission control is disabled, clusters do not become invalid.
The cluster's Summary page in the vSphere Client displays a list of configuration issues for clusters. The list
explains what has caused the cluster to become invalid or over-committed (yellow).
NOTE Because networking is a vital component of VMware HA, if network maintenance needs to be performed
the VMware HA administrator should be informed.
26 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
For example, if the first host you add to the cluster has two networks being used for VMware HA
communications, 10.10.135.0/255.255.255.0 and 10.17.142.0/255.255.255.0, all subsequent hosts must have the
same two networks configured and used for VMware HA communications.
By default, the network isolation address is the default gateway for the host. There is only one default gateway
specified, regardless of how many service console networks have been defined, so you should use the
das.isolationaddress[...] advanced attribute to add isolation addresses for additional networks. For example,
das.isolationAddress2 to add an isolation address for your second network, das.isolationAddress3 for the
third, up to a maximum of das.isolationAddress9 for the ninth.
When you specify additional isolation address, VMware recommends that you increase the setting for the
das.failuredetectiontime advanced attribute to 20000 milliseconds (20 seconds) or greater. A node that is
isolated from the network needs time to release its virtual machine's VMFS locks if the host isolation response
is to fail over the virtual machines (not to leave them powered on.) This must happen before the other nodes
declare the node as failed, so that they can power on the virtual machines, without getting an error that the
virtual machines are still locked by the isolated node.
For more information on VMware HA advanced attributes, see “Customizing VMware HA Behavior,” on
page 24.
VMware, Inc. 27
vSphere Availability Guide
Host Firewalls. On ESX/ESXi hosts, VMware HA needs and automatically opens the following firewall ports.
n Incoming port: TCP/UDP 8042-8045
n Outgoing port: TCP/UDP 2050-2250
Port Group Names and Network Labels. Use consistent port group names and network labels on VLANs for
public networks. Port group names are used to reconfigure access to the network by virtual machines. If you
use inconsistent names between the original server and the failover server, virtual machines are disconnected
from their networks after failover. Network labels are used by virtual machines to reestablish network
connectivity upon restart.
If you have only one service console network, any failure between the host and the cluster can cause an
unnecessary (or false) failover situation. Possible failures include NIC failures, network cable failures, network
cable removal, and switch resets. Consider these possible sources of failure between hosts and try to minimize
them, typically by providing network redundancy.
You can implement network redundancy at the NIC level with NIC teaming, or at the service console (or
VMkernel port on ESXi) level. In most implementations, NIC teaming provides sufficient redundancy, but you
can use or add service console (or VMkernel port) redundancy if required. Redundant service console
networking on ESX (or VMkernel networking) allows the reliable detection of failures and prevents isolation
conditions from occurring, because heartbeats can be sent over multiple networks.
Configure the fewest possible number of hardware segments between the servers in a cluster. The goal being
to limit single points of failure. Additionally, routes with too many hops can cause networking packet delays
for heartbeats, and increase the possible points of failure.
After you have added a NIC to a host in your VMware HA cluster, you must reconfigure VMware HA on that
host.
28 VMware, Inc.
Providing Fault Tolerance for Virtual
Machines 3
You can enable VMware Fault Tolerance for your virtual machines to ensure business continuity with higher
levels of availability and data protection than is offered by VMware HA.
Fault Tolerance is built on the ESX/ESXi host platform (using the VMware vLockstep functionality) and it
provides continuous availability by having identical virtual machines run in virtual lockstep on separate hosts.
To obtain the optimal results from Fault Tolerance you should be familiar with how it works, how to enable
it for your cluster and virtual machines, the best practices for its usage, and troubleshooting tips.
You can enable Fault Tolerance for most mission critical virtual machines. A duplicate virtual machine, called
the Secondary VM, is created and runs in virtual lockstep with the Primary VM. VMware vLockstep captures
inputs and events that occur on the Primary VM and sends them to the Secondary VM, which is running on
another host. Using this information, the Secondary VM's execution is identical to that of the Primary VM.
Because the Secondary VM is in virtual lockstep with the Primary VM, it can take over execution at any point
without interruption, thereby providing fault tolerant protection.
VMware, Inc. 29
vSphere Availability Guide
The Primary and Secondary VMs continuously exchange heartbeats. This allows the virtual machine pair to
monitor the status of one another to ensure that Fault Tolerance is continually maintained. A transparent
failover occurs if the host running the Primary VM fails, in which case the Secondary VM is immediately
activated to replace the Primary VM. A new Secondary VM is started and Fault Tolerance redundancy is
reestablished within a few seconds. If the host running the Secondary VM fails, it is also immediately replaced.
In either case, users experience no interruption in service and no loss of data.
A fault tolerant virtual machine and its secondary copy are not allowed to run on the same host. Fault Tolerance
uses anti-affinity rules, which ensure that the two instances of the fault tolerant virtual machine are never on
the same host. This ensures that a host failure cannot result in the loss of both virtual machines.
Fault Tolerance avoids "split-brain" situations, which can lead to two active copies of a virtual machine after
recovery from a failure. Atomic file locking on shared storage is used to coordinate failover so that only one
side continues running as the Primary VM and a new Secondary VM is respawned automatically.
NOTE The anti-affinity check is performed when the Primary VM is powered on. It is possible that the Primary
and Secondary VMs can be on the same host when they are both in a powered-off state. This is normal behavior
and when the Primary VM is powered on, the Secondary VM is started on a different host at that time.
Fault Tolerance provides a higher level of business continuity than VMware HA. When a Secondary VM is
called upon to replace its Primary VM counterpart, the Secondary VM immediately takes over the Primary
VM’s role with the entire state of the virtual machine preserved. Applications are already running, and data
stored in memory does not need to be re-entered or reloaded. This differs from a failover provided by VMware
HA, which restarts the virtual machines affected by a failure.
This higher level of continuity and the added protection of state information and data informs the scenarios
when you might want to deploy Fault Tolerance.
n Applications that need to be available at all times, especially those that have long-lasting client connections
that users want to maintain during hardware failure.
n Custom applications that have no other way of doing clustering.
n Cases where high availability might be provided through custom clustering solutions, which are too
complicated to configure and maintain.
30 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
Cluster Prerequisites
Unlike VMware HA which, by default, protects every virtual machine in the cluster, VMware Fault Tolerance
is enabled on individual virtual machines. For a cluster to support VMware Fault Tolerance, the following
prerequisites must be met:
n VMware HA must be enabled on the cluster. Host Monitoring should also be enabled. If it is not, when
Fault Tolerance uses a Secondary VM to replace a Primary VM no new Secondary VM is created and
redundancy is not restored.
n Host certificate checking must be enabled for all hosts that will be used for Fault Tolerance. See “Enable
Host Certificate Checking,” on page 33.
n Each host must have a VMotion and a Fault Tolerance Logging NIC configured. See “Configure
Networking for Host Machines,” on page 34.
n At least two hosts must have processors from the same compatible processor group. While Fault Tolerance
supports heterogeneous clusters (a mix of processor groups), you get the maximum flexibility if all hosts
are compatible. See the VMware knowledge base article at http://kb.vmware.com/kb/1008027 for
information on supported processors.
n All hosts must have the same ESX/ESXi version and patch level.
n All hosts must have access to the virtual machines' datastores and networks.
To confirm the compatibility of the hosts in the cluster to support Fault Tolerance, run profile compliance
checks.
NOTE VMware HA includes the resource usage of Fault Tolerance Secondary VMs when it performs admission
control calculations. For the Host Failures Cluster Tolerates policy, a Secondary VM is assigned a slot, and for
the Percentage of Cluster Resources policy, the Secondary VM's resource usage is accounted for when
computing the usable capacity of the cluster. See “VMware HA Admission Control,” on page 13.
Host Prerequisites
A host can support fault tolerant virtual machines if it meets the following requirements.
n A host must have processors from the FT-compatible processor group. See the VMware knowledge base
article at http://kb.vmware.com/kb/1008027.
n A host must be certified by the OEM as FT-capable. Refer to the current Hardware Compatibility List
(HCL) for a list of FT-supported servers (see
http://www.vmware.com/resources/compatibility/search.php).
n The host configuration must have Hardware Virtualization (HV) enabled in the BIOS. Some hardware
manufacturers ship their products with HV disabled. The process for enabling HV varies among BIOSes.
See the documentation for your hosts' BIOSes for details on how to enable HV. If HV is not enabled,
attempts to power on a fault tolerant virtual machine produce an error and the virtual machine does not
power on.
Review the Host Configuration Section of “Fault Tolerance Best Practices,” on page 38 to select host options
that best support VMware Fault Tolerance.
VMware, Inc. 31
vSphere Availability Guide
Table 3-1. Features and Devices Incompatible with Fault Tolerance and Corrective Actions
Incompatible Feature or Device Corrective Action
Symmetric multiprocessor (SMP) virtual machines. Only Reconfigure the virtual machine as a single vCPU. Many
virtual machines that support a single vCPU are compatible workloads have good performance configured as a single
with Fault Tolerance. vCPU.
Physical Raw Disk mapping (RDM). If you want to use Raw Reconfigure virtual machines with physical RDM-backed
Disk Mapping (RDM) for your virtual disks, only virtual virtual devices to use virtual RDMs instead.
RDMs are supported.
CD-ROM or floppy virtual devices backed by a physical or Remove the CD-ROM or floppy virtual device or reconfigure
remote device. the backing with an ISO installed on shared storage.
32 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
Table 3-1. Features and Devices Incompatible with Fault Tolerance and Corrective Actions (Continued)
Incompatible Feature or Device Corrective Action
USB and sound devices. Remove these devices from the virtual machine.
N_Port ID Virtualization (NPIV). Disable the NPIV configuration of the virtual machine.
Network interfaces for legacy network hardware. While some legacy drivers are not supported, Fault Tolerance
does support the vmxnet2 driver. You might need to install
VMware tools to access the vmxnet2 driver instead of vlance
in certain guest operating systems.
Virtual disks backed with thin-provisioned storage or When you turn on Fault Tolerance, the conversion to the
thick-provisioned disks that do not have clustering features appropriate disk format is performed by default. The virtual
enabled. machine must be in a powered-off state to take this action.
Hot-plugging devices. The hot plug feature is automatically disabled for fault tolerant
virtual machines. To hot plug devices, you must momentarily
turn off Fault Tolerance, perform the hot plug, and then turn
on Fault Tolerance.
Extended Page Tables/Rapid Virtualization Indexing (EPT/ EPT/RVI is automatically disabled for virtual machines with
RVI). Fault Tolerance turned on.
The tasks you should complete before attempting to enable Fault Tolerance for your cluster include:
n Enable host certificate checking (if you are upgrading from a previous version of Virtual Infrastructure)
n Configure networking for each host
n Create the VMware HA cluster, add hosts, and check compliance
After your cluster and hosts are prepared for Fault Tolerance, you are ready to turn on Fault Tolerance for
your virtual machines. See “Turn On Fault Tolerance for Virtual Machines,” on page 36.
Procedure
VMware, Inc. 33
vSphere Availability Guide
5 Click OK.
Prerequisites
Multiple gigabit Network Interface Cards (NICs) are required. For each host supporting Fault Tolerance, you
need a total of two VMkernel gigabit NICs: one dedicated to Fault Tolerance logging and one dedicated to
VMotion. The VMotion and FT logging NICs must be on different subnets. Additional NICs are recommended
for virtual machine and management network traffic.
Procedure
2 In the vCenter Server inventory, select the host and click the Configuration tab.
3 Select Networking under Hardware, and click the Add Networking link.
6 Provide a label for the switch, and select either Use this port group for VMotion or Use this port group
for fault tolerance logging.
7 Click Next.
9 Click Finish.
To enable Fault Tolerance for a host, VMware recommends that you complete this procedure twice, once
for each port group option to ensure that sufficient bandwidth is available for Fault Tolerance logging.
Select one option, finish this procedure, and repeat the procedure a second time, selecting the other port
group option.
After you have created both a VMotion and Fault Tolerance logging virtual switch, you should add the host
to the cluster and complete any steps needed to turn on Fault Tolerance.
What to do next
To confirm that you successfully enabled both VMotion and Fault Tolerance on the host, view its Summary
tab in the vSphere Client. In the General pane, the fields VMotion Enabled and Fault Tolerance Enabled
should show yes.
NOTE If you configure networking to support Fault Tolerance but subsequently disable it, pairs of fault tolerant
virtual machines that are already powered on remain so. However, if a failover situation occurs, when the
Primary VM is replaced by its Secondary VM a new Secondary VM is not started, causing the new Primary
VM to run in a Not Protected state.
34 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
Procedure
2 In the vCenter Server inventory, select the cluster and click the Profile Compliance tab.
The results of the compliance test appear at the bottom of the screen. A host is labeled as either Compliant or
Noncompliant.
NOTE For a detailed discussion of how to create a VMware HA cluster, see Chapter 2, “Creating and Using
VMware HA Clusters,” on page 11.
The option to turn on Fault Tolerance is unavailable (grayed out) if any of these conditions apply:
n The virtual machine resides on a host that does not have a license for the feature.
n The virtual machine resides on a host that is in maintenance mode or standby mode.
n The virtual machine is disconnected or orphaned (its .vmx file cannot be accessed).
n The user does not have permission to turn the feature on.
If the option to turn on Fault Tolerance is available, this task still must be validated and can fail if certain
requirements are not met.
A number of additional validation checks are performed for powered-on virtual machines (or those being
powered on).
n The BIOS of the hosts where the fault tolerant virtual machines reside must have Hardware Virtualization
(HV) enabled.
n The host that supports the Primary VM must have a processor that supports Fault Tolerance.
VMware, Inc. 35
vSphere Availability Guide
n The host that supports the Secondary VM must have a processor that supports Fault Tolerance and is the
same CPU family or model as the host that supports the Primary VM.
n The combination of the virtual machine's guest operating system and processor must be supported by
Fault Tolerance (for example, 32-bit Solaris on AMD-based processors is not currently supported).
n The configuration of the virtual machine must be valid for use with Fault Tolerance (for example, it must
not contain any unsupported devices).
When your effort to turn on Fault Tolerance for a virtual machine passes the validation checks, the Secondary
VM is created and the entire state of the Primary VM is copied. The placement and immediate status of the
Secondary VM depends upon whether the Primary VM was powered-on or powered-off when you turned on
Fault Tolerance.
After these checks are passed, the Primary and Secondary VMs are powered on, placed on separate,
compatible hosts and the Fault Tolerance Status displayed on the virtual machine's Summary tab in the
vSphere Client is Protected.
NOTE When Fault Tolerance is turned on, vCenter Server unsets the virtual machine's memory limit and sets
the memory reservation to the memory size of the virtual machine. While Fault Tolerance remains turned on,
you cannot change the memory reservation, size, limit, or shares. When Fault Tolerance is turned off, any
parameters that were changed are not reverted to their original values.
Connect vSphere Client to vCenter Server using an account with cluster administrator permissions.
Procedure
2 Right-click a virtual machine and select Fault Tolerance > Turn On Fault Tolerance.
The specified virtual machine is designated as a Primary VM and a Secondary VM is established on another
host. The Primary VM is now fault tolerant.
36 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
NOTE You cannot disable Fault Tolerance from the Secondary VM.
A VMware Fault Tolerance section (pane) is provided in the Summary tab for the Primary VM and includes
information about the virtual machine.
Fault Tolerance Status Indicates the Fault Tolerance status of the virtual machine.
n Protected. Indicates that the Primary and Secondary VMs are powered on
and running as expected.
n Not Protected. Indicates that the Secondary VM is not running. Possible
reasons are listed in the table.
Secondary location Displays the ESX/ESXi host on which the Secondary VM is hosted.
Total Secondary CPU Indicates the CPU usage of the Secondary VM, displayed in MHz.
Total Secondary Indicates the memory usage of the Secondary VM, displayed in MB.
Memory
vLockstep Interval The time interval (displayed in seconds) needed for the Secondary VM to match
the current execution state of the Primary VM. Typically, this interval is less
than one-half of one second.
Log Bandwidth The amount of network capacity being used for sending VMware Fault
Tolerance log information from the host running the Primary VM to the host
running the Secondary VM.
VMware, Inc. 37
vSphere Availability Guide
Host Configuration
Observe the following best practices when configuring your hosts.
n Hosts running the Primary and Secondary VMs should operate at approximately the same processor
frequencies, otherwise the Secondary VM might be restarted more frequently. Platform power
management features which do not adjust based on workload (for example, power capping and enforced
low frequency modes to save power) can cause processor frequencies to vary greatly. If Secondary VMs
are being restarted on a regular basis, disable all power management modes on the hosts running fault
tolerant virtual machines or ensure that all hosts are running in the same power management modes.
n Apply the same instruction set extension configuration (enabled or disabled) to all hosts. The process for
enabling or disabling instruction sets varies among BIOSes. See the documentation for your hosts' BIOSes
for details on how to configure instruction sets.
Homogeneous Clusters
VMware Fault Tolerance can function in clusters with non-uniform hosts, but it works best in clusters with
compatible nodes. When constructing your cluster, all hosts should have the following:
n Processors from the same compatible processor group.
n Common access to datastores used by the virtual machines.
n The same virtual machine network configuration.
n The same ESX/ESXi version.
n The same BIOS settings for all hosts.
Performance
To increase the bandwidth available for the logging traffic between Primary and Secondary VMs use a 10Gbit
NIC rather than 1Gbit NIC, and enable the use of jumbo frames.
For virtual machines with Fault Tolerance enabled, you might use ISO images that are accessible only to the
Primary VM. In such a case, the Primary VM is able to access the ISO, but if a failover occurs, the CD-ROM
reports errors as if there is no media. This situation might be acceptable if the CD-ROM is being used for a
temporary, non-critical operation such as an installation.
Prerequisites
38 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
Sets of four or more ESX/ESXi hosts that are hosting fault tolerant virtual machines which are powered on. If
the virtual machines are powered off, the Primary and Secondary VMs can be relocated to hosts with different
builds.
NOTE This upgrade procedure is for a minimum four-node cluster. The same instructions can be followed for
a smaller cluster, though the unprotected interval will be slightly longer.
Procedure
1 Using VMotion, migrate the fault tolerant virtual machines off of two hosts.
4 Using VMotion, move the disabled Primary VM to one of the upgraded hosts.
6 Repeat Step 1 to Step 5 for as many fault tolerant virtual machine pairs as can be accommodated on the
upgraded hosts.
The troubleshooting topics discussed focus on issues that you might encounter when using the VMware Fault
Tolerance feature on your virtual machines. The topics also describe how to resolve problems.
You can use the information provided in the appendix Fault Tolerance Error Messages to help you troubleshoot
Fault Tolerance. The topic contains a list of error messages that you might encounter when you attempt to use
the feature and, where applicable, advice on how to resolve each error.
VMware, Inc. 39
vSphere Availability Guide
Too Much Activity on VMFS Volume Can Lead to Virtual Machine Failovers
When a number of file system locking operations, virtual machine power ons, power offs, or VMotion
migrations occur on a single VMFS volume, this can trigger fault tolerant virtual machines to be failed over.
A symptom that this might be occurring is receiving many warnings about SCSI reservations in the VMkernel
log. To resolve this problem, reduce the number of file system operations or ensure that the fault tolerant virtual
machine is on a VMFS volume that does not have an abundance of other virtual machines that are regularly
being powered on, powered off, or migrated using VMotion.
40 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
If the ESX/ESXi server hardware supports HV, but HV is not currently enabled, enable HV in the BIOS on that
server. The process for enabling HV varies among BIOSes. See the documentation for your hosts' BIOSes for
details on how to enable HV.
If the ESX/ESXi server hardware does not support HV, switch to hardware that uses processors that support
Fault Tolerance.
This can occur for a variety of reasons including that there are no other hosts in the cluster, there are no other
hosts with HV enabled, data stores are inaccessible, there is no available capacity, or hosts are in maintenance
mode. If there are insufficient hosts, add more hosts to the cluster. If there are hosts in the cluster, ensure they
support HV and that HV is enabled. The process for enabling HV varies among BIOSes. See the documentation
for your hosts' BIOSes for details on how to enable HV. Check that hosts have sufficient capacity and that they
are not in maintenance mode.
Further evidence of this problem could be if the vLockstep Interval on the Primary VM's Fault Tolerance panel
is yellow or red. This means that the Secondary VM is running several seconds behind the Primary VM. In
such cases, Fault Tolerance slows down the Primary VM. If the vLockstep Interval remains yellow or red for
an extended period of time, this is a strong indication that the Secondary VM is not getting enough CPU
resources to keep up with the Primary VM.
To resolve this problem, set an explicit CPU reservation for the Primary VM at a MHz value sufficient to run
its workload at the desired performance level. This reservation is applied to both the Primary and Secondary
VMs ensuring that both are able to execute at a specified rate. For guidance setting this reservation, view the
performance graphs of the virtual machine (prior to Fault Tolerance being enabled) to see how much CPU
resources it used under normal conditions.
To resolve this problem, before you enable Fault Tolerance, power off the virtual machine and increase its
timeout window by adding the following line to the vmx file of the virtual machine:
ft.maxSwitchoverSeconds = "30"
where 30 is the timeout window in number in seconds. Enable Fault Tolerance and power the virtual machine
back on. This solution should work except under conditions of very high network activity.
NOTE If you increase the timeout to 30 seconds, the fault tolerant virtual machine might become unresponsive
for a longer period of time (up to 30 seconds) when enabling FT or when a new Secondary VM is created after
a failover.
VMware, Inc. 41
vSphere Availability Guide
42 VMware, Inc.
Appendix: Fault Tolerance Error Messages
You might encounter error messages when trying to use VMware Fault Tolerance (FT). The table lists some of
these error messages. For each error message there is a description and information about resolving the error,
if applicable.
This host contains virtual machines This host cannot be moved out of the cluster because it contains virtual machines with
(VMs) with Fault Tolerance turned FT turned on. To move the host to another cluster, first migrate the fault tolerant
On; therefore, this host cannot be virtual machines to a different host.
moved out of its current cluster. To
move the host to another cluster,
first migrate the VMs with Fault
Tolerance turned On to a different
host
Cannot add a host with virtual FT requires the cluster to be enabled for VMware HA. Edit your cluster settings and
machines that have Fault Tolerance turn on VMware HA.
turned On to a non-HA enabled
cluster
Cannot add a host with virtual FT cannot be enabled on a stand-alone host. While the host is in the VMware HA-
machines that have Fault Tolerance enabled cluster, right-click each virtual machine on the host and select Turn Off Fault
turned On as a stand-alone host Tolerance. Once FT is disabled, the host can be made into a stand-alone host.
Fault Tolerance is enabled on one or This host cannot be moved out of the cluster until FT is turned off. To turn off FT,
more VMs on this host and must be right-click the fault tolerant virtual machines and select Turn Off Fault Tolerance.
disabled to move the host out of the
current cluster
Fault Tolerance is enabled on VM To move the virtual machine to another cluster or to a standalone host, first turn off
{vmName}. Disable Fault Tolerance FT.
to move the VM from the current
[Resource pool, Cluster]
The host {hostName} has VMs with This host cannot be disconnected until it is placed in maintenance mode or until FT is
Fault Tolerance turned On. Before turned off. To turn off FT, right-click the fault tolerant virtual machines and select
disconnecting the host, the host Turn Off Fault Tolerance.
should be put into maintenance
mode or turn Off Fault Tolerance
protection on these VMs
Virtual machines in the same Fault You have attempted to VMotion a Secondary VM to the same host a Primary VM is
Tolerance pair cannot be on the on. A Primary VM and its Secondary VM cannot reside on the same host. Select a
same host different destination host for the Secondary VM.
VMware, Inc. 43
vSphere Availability Guide
The unused disk blocks of the You have attempted to turn on FT on a powered-on virtual machine which has thick
virtual machine's disks have not formatted disks with the property of being lazy-zeroed. FT cannot be enabled on such
been scrubbed on the file system. a virtual machine while it is powered on. Power off the virtual machine, then turn on
This is needed to support features FT and power the virtual machine back on. This changes the disk format of the virtual
like Fault Tolerance machine when it is powered back on. Turning on FT could take some time to complete
if the virtual disk is large.
The disk blocks of the virtual You have attempted to turn on FT on a powered-on virtual machine with thin
machine's disks have not been fully provisioned disks. FT cannot be enabled on such a virtual machine while it is powered
provisioned on the file system. This on. Power off the virtual machine, then turn on FT and power the virtual machine
is needed to support features like back on. This changes the disk format of the virtual machine when it is powered back
Fault Tolerance on. Turning on FT could take some time to complete if the virtual disk is large.
Unsupported virtual machine The virtual machine has a virtual device that does not support FT. The specific reason
configuration for Fault Tolerance for the incompatibility (for example, multiple vCPUs) is specified in the sub-fault of
this message. This error also occurs when you attempt to reconfigure a fault tolerant
virtual machine with an unsupported operation, for example, extend disk.
There are configuration issues for There are FT operation issues. To troubleshoot this issue, in the vSphere Client select
the Fault Tolerance operation. Refer the failed FT operation in either the Recent Tasks pane or the Tasks & Events tab and
to the errors and warnings list for click the View details link that appears in the Details column.
details
This operation is not supported on An unsupported operation was performed directly on the Secondary VM. Typically
a Secondary VM of a Fault Tolerant this operation would come from an API. FT does not allow direct interaction with the
pair Secondary VM (except for relocating or migrating it to a different host). Most
operations must be performed on the Primary VM.
The Secondary VM with An attempt was made to enable FT for a virtual machine on which FT was already
instanceUuid '{instanceUuid}' has enabled. Typically, such an operation would come from an API.
already been enabled
The Secondary VM with An attempt was made to disable FT for a Secondary VM on which FT was already
instanceUuid '{instanceUuid}' has disabled. Typically, such an operation would come from an API.
already been disabled
Cannot power On the Fault An attempt to power on the Secondary VM failed. To troubleshoot this issue, in the
Tolerance Secondary VM for virtual vSphere Client select the failed FT operation in either the Recent Tasks pane or the
machine {vmName}. Refer to the Tasks & Events tab and click the View details link that appears in the Details column.
errors list for details
Host {hostName} does not support The product you are using is not compatible with Fault Tolerance. To use the product
virtual machines with Fault you must turn Fault Tolerance off. This error message primarily appears when
Tolerance turned on. This VMware vCenter Server is managing a host with an earlier version of ESX/ESXi or if you are
product does not support Fault using VMware Server.
Tolerance
Host {hostName} does not support This hosts' processor does not support Fault Tolerance. Use a host with supported
virtual machines with Fault hardware to use FT. See the VMware knowledge base article at
Tolerance turned on. This product http://kb.vmware.com/kb/1008027 for information on supported processors.
supports Fault Tolerance, but the
host processor does not
Host {hostName} has some Fault vCenter Server has detected FT issues on the host. To troubleshoot this issue, in the
Tolerance issues for virtual vSphere Client select the failed FT operation in either the Recent Tasks pane or the
machine {vmName}. Refer to the Tasks & Events tab and click the View details link that appears in the Details column.
errors list for details
No suitable host can be found to FT requires that the hosts for the Primary and Secondary VMs use the same CPU
place the Fault Tolerance model or family and have the same ESX/ESXi host version and patch level. Enable FT
Secondary VM for virtual machine on a virtual machine registered to a host with a matching CPU model or family within
{vmName} the cluster. If no such hosts exist, you must add one.
44 VMware, Inc.
Appendix: Fault Tolerance Error Messages
Operation to power On the Fault The attempt to start the Secondary VM by copying the state of the Primary VM failed
Tolerance Secondary VM for with a timeout. Default timeout is 300 seconds. Determine what is preventing the
{vmName} could not be completed Secondary VM from powering on. Check if the FT logging NIC on the Primary VM's
within {timeout} seconds host and those tried for the Secondary VM is being shared with other network traffic
You can reduce traffic on the logging NIC of the Primary and Secondary VMs by
moving virtual machines with high network traffic to another host.
The Fault Tolerance Secondary VM The Secondary VM was not powered on due to a failure to power on the Primary VM.
was not powered On because the This error displays when the vSphere Client is used to attempt to power on a Primary
Fault Tolerance Primary VM could VM or if an SDK client invokes the vim.Datacenter.PowerOnVM() API. You must
not be powered On address the issue that prevented the Primary VM from powering on because vCenter
Server attempts to power on the Secondary VM only after it has powered on the
Primary VM.
DRS Disabled is the only supported An SDK client attempted to set a DRS automation level override for a Primary or
DRS behavior for Fault Tolerance Secondary VM. vCenter Server blocks all such attempts to change the DRS automation
virtual machine {vmName} level of fault tolerant virtual machines.
Host CPU is incompatible with the FT requires that the hosts for the Primary and Secondary VMs use the same CPU
virtual machine's requirements model, family, and stepping. Enable FT on a virtual machine registered to a host with
mismatch detected for these a matching CPU model, family, and stepping within the cluster. If no such hosts exist,
features: CPU does not match you must add one. This error also occurs when you attempt to migrate a fault tolerant
virtual machine to a different host.
Record/Replay is not supported for This error occurs when you attempt to power on an FT virtual machine that does not
Guest OS XP/PRO on this CPU meet all of the configuration requirements for FT. See “Turning On Fault Tolerance
for Virtual Machines,” on page 35.
The Fault Tolerance configuration This virtual machine is on a host that is not in a VMware HA cluster or it has had
of the entity {entityName} has an VMware HA disabled. Fault Tolerance requires VMware HA.
issue: HA is not enabled on the
virtual machine
The Fault Tolerance configuration The Primary VM already has a Secondary VM. Do not attempt to create multiple
of the entity {entityName} has an Secondary VMs for the same Primary VM.
issue: Secondary VM already exists
The Fault Tolerance configuration FT cannot be enabled on virtual machines which are templates. Use a non-template
of the entity {entityName} has an virtual machine for FT.
issue: Template virtual machine
The Fault Tolerance configuration FT is only supported on virtual machines with a single vCPU configured. Use a single
of the entity {entityName} has an vCPU virtual machine for FT.
issue: Virtual machine with
multiple virtual CPUs
The Fault Tolerance configuration You must enable FT on an active host. An inactive host is one that is disconnected, in
of the entity {entityName} has an maintenance mode, or in standby mode.
issue: Host is inactive
The Fault Tolerance configuration FT is only supported on specific processors and BIOS settings with Hardware
of the entity {entityName} has an Virtualization (HV) enabled. To resolve this issue, use hosts with supported CPU
issue: Fault Tolerance not models and BIOS settings.
supported by host hardware
The Fault Tolerance configuration Upgrade to VMware ESX or ESXi 4.0 or later.
of the entity {entityName} has an
issue: Fault Tolerance not
supported by VMware Server 2.0
The Fault Tolerance configuration Verify that you have correctly configured networking on the host. See “Configure
of the entity {entityName} has an Networking for Host Machines,” on page 34. If it is, then you might need to acquire
issue: No VMotion license or no a VMotion license.
virtual NIC configured for
VMotion
VMware, Inc. 45
vSphere Availability Guide
The Fault Tolerance configuration An FT logging NIC has not been configured. See “Configure Networking for Host
of the entity {entityName} has an Machines,” on page 34 for instructions.
issue: No virtual NIC configured
for Fault Tolerance logging
The Fault Tolerance configuration The "check host certificates" box is not checked in the SSL settings for vCenter Server.
of the entity {entityName} has an You must check that box. See “Enable Host Certificate Checking,” on page 33.
issue: Check host certificates flag
not set for vCenter Server
The Fault Tolerance configuration FT does not support virtual machines with snapshots. Enable FT on a virtual machine
of the entity {entityName} has an without snapshots or use the snapshot manager to delete all snapshots associated with
issue: The virtual machine has one this virtual machine.
or more snapshots
The Fault Tolerance configuration vCenter Server has no information about the configuration of the virtual machine.
of the entity {entityName} has an Determine if it is misconfigured. You can try removing the virtual machine from the
issue: No configuration inventory and re-registering it.
information for the virtual machine
The Fault Tolerance configuration Upgrade the hardware the virtual machine is running on and then turn on FT.
of the entity {entityName} has an Potential configuration issues include:
issue: Record and replay n Software virtualization with FT is unsupported.
functionality not supported by the n FT is not supported for SMP virtual machines.
virtual machine
n Paravirtualization (VMI) with FT is not supported.
n VM has device that is not supported with FT.
n Combination of guest operating system, CPU type and configuration options is
incompatible with FT.
See “Fault Tolerance Interoperability,” on page 32 for more details about these
requirements.
The Fault Tolerance configuration This error occurs when you attempt to turn on FT for a powered-on virtual machine
of the entity {entityName} has an that does not meet all of the configuration requirements for FT. Power off the virtual
issue: The virtual machine's current machine, address the configuration issue, then Turn On Fault Tolerance. Potential
configuration does not support configuration issues include:
Fault Tolerance n Software virtualization with FT is unsupported.
n FT is not supported for SMP virtual machines.
n Paravirtualization (VMI) with FT is not supported.
n VM has device that is not supported with FT.
n Combination of guest operating system, CPU type and configuration options is
incompatible with FT.
See “Fault Tolerance Interoperability,” on page 32 for more details about these
requirements.
The virtual machine has {numCpu} This error occurs when you attempt to reconfigure a Primary VM with more than one
virtual CPUs and is not supported vCPU. You must modify the number of vCPUs to one.
for reason: Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual floppy device that has file
({backingFilename}) for device backing not accessible to the host upon which the Secondary VM resides. To turn on
Virtual Floppy is not supported for FT for this virtual machine, first remove the unsupported device.
Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual CDROM device that has file
({backingFilename}) for device backing not accessible to the host upon which the Secondary VM resides. To turn on
Virtual CDROM is not supported FT for this virtual machine, first remove the unsupported device.
for Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual serial port device that has file
({backingFilename}) for device backing not accessible to the host upon which the Secondary VM resides. To turn on
Virtual serial port is not supported FT for this virtual machine, first remove the unsupported device.
for Fault Tolerance
46 VMware, Inc.
Appendix: Fault Tolerance Error Messages
The file backing FT is not supported on a virtual machine with a virtual parallel port device that has
({backingFilename}) for device file backing not accessible to the host upon which the Secondary VM resides. To turn
Virtual parallel port is not on FT for this virtual machine, first remove the unsupported device.
supported for Fault Tolerance
The file backing FT is not supported on a virtual machine with a physical disk that has file backing not
({backingFilename}) for device accessible to the host upon which the Secondary VM resides. To turn on FT for this
Virtual disk is not supported for virtual machine, first remove the unsupported device.
Fault Tolerance
vCenter disabled Fault Tolerance To diagnose why the Secondary VM could not be powered on, see “Troubleshooting
on VM {vmName} because the Fault Tolerance,” on page 39.
Secondary VM could not be
powered on
Starting the Secondary VM You might be experiencing network latency that is causing the timeout. See
{vmName} timed out within “Troubleshooting Fault Tolerance,” on page 39.
{timeout} ms
Resynchronizing Primary and Fault Tolerance has detected a difference between the Primary and Secondary VMs.
Secondary VMs This can be caused by transient events which occur due to hardware or software
differences between the two hosts. FT has automatically started a new Secondary VM,
and no action is required. If you see this message frequently, you should alert support
to determine if there is an issue.
NOTE For errors related to CPU compatibility, see the VMware knowledge base article at
http://kb.vmware.com/kb/1008027 for information on supported processors.
VMware, Inc. 47
vSphere Availability Guide
48 VMware, Inc.
Index
VMware, Inc. 49
vSphere Availability Guide
I T
I/O stats interval 23 tolerating host failures 13
interoperability, Fault Tolerance 32 transparent failover 9, 29
iSCSI SAN 31 troubleshooting Fault Tolerance 39
ISO images 38 turning on VMware HA 21
M U
Maximum per-VM resets 23 unplanned downtime 8
minimizing downtime 7 upgrading hosts with FT virtual machines 38
modifying cluster settings 20 use cases, Fault Tolerance 30
monitoring VMware HA 26
V
N validation checks 35
N_Port ID Virtualization (NPIV) 32 virtual machine overrides 22, 25
network isolation address 26 Virtual Machine Startup and Shutdown
network labels 26 feature 19
networking configuration, Fault Tolerance 34 VM Monitoring 23
NIC teaming 28 VM Monitoring sensitivity 23
VM Restart Priority setting 22
O VMDK 31
On-Demand Fault Tolerance 30 VMFS 11, 26, 40
VMware HA
P advanced attributes 24
paravirtualization 32 advantages 8
Percentage of Cluster Resources Reserved 17 cluster settings 19
planned downtime 7 customizing 24
planning a VMware HA cluster 11 monitoring 26
port group names 26 recovery from outages 8
PortFast 26 suspending 21
prerequisites, Fault Tolerance 31 turning on 21
primary hosts in clusters 11 VMware HA cluster
admission control 13
best practices 26
50 VMware, Inc.
Index
VMware, Inc. 51
vSphere Availability Guide
52 VMware, Inc.
Fibre Channel SAN Configuration Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000109-02
Fibre Channel SAN Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 5
VMware, Inc. 3
Fibre Channel SAN Configuration Guide
A Multipathing Checklist 77
Index 87
4 VMware, Inc.
Updated Information
This Fibre Channel SAN Configuration Guide is updated with each release of the product or when necessary.
This table provides the update history of the Fibre Channel SAN Configuration Guide.
Revision Description
EN-000109-02 n “EMC CLARiiON Storage Systems,” on page 34 has been updated to include
information on the host automatic registration feature. “Disable Automatic Host
Registration,” on page 66 provides instructions about how to turn the feature off.
n “Path Failover,” on page 64 has been updated to remove information on setting
HBA timeout parameters for failover. This information is no longer valid for ESX 4.0.
EN-000109-01 n The topic “HP StorageWorks EVA,” on page 40 has been updated to remove
references to the HP EVA3000/5000 storage devices, which are not supported by
ESX 4.0.
n Appendix A, “Multipathing Checklist,” on page 77 has been updated to remove
references to the HP EVA3000/5000 storage devices, which are not supported by
ESX 4.0.
VMware, Inc. 5
Fibre Channel SAN Configuration Guide
6 VMware, Inc.
About This Book
®
This manual, the Fibre Channel SAN Configuration Guide, explains how to use a VMware ESX and VMware
ESXi systems with a Fibre Channel storage area network (SAN). The manual discusses conceptual background,
installation requirements, and management information in the following main topics:
n Understanding ESX/ESXi – Introduces ESX/ESXi systems for SAN administrators.
n Using ESX/ESXi with a SAN – Discusses requirements, noticeable differences in SAN setup if ESX/ESXi
is used, and how to manage and troubleshoot the two systems together.
n Enabling your ESX system to boot from a LUN on a SAN – Discusses requirements, limitations, and
management of boot from SAN.
The Fibre Channel SAN Configuration Guide covers ESX, ESXi, and vCenter Server.
Intended Audience
The information presented in this manual is written for experienced Windows or Linux system administrators
and who are familiar with virtual machine technology datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
VMware, Inc. 7
Fibre Channel SAN Configuration Guide
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for the fastest response on priority 1 issues. Go to
http://www.vmware.com/support/phone_support.html.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
8 VMware, Inc.
Overview of VMware ESX/ESXi 1
You can use ESX/ESXi in conjunction with a Fibre Channel storage area network (SAN), a specialized high-
speed network that uses Fibre Channel (FC) protocol to transmit data between your computer systems and
high-performance storage subsystems. Using ESX/ESXi with a SAN provides extra storage for consolidation,
improves reliability, and helps with disaster recovery.
To use ESX/ESXi effectively with a SAN, you must have a working knowledge of ESX/ESXi systems and SAN
concepts.
Introduction to ESX/ESXi
The ESX/ESXi architecture allows administrators to allocate hardware resources to multiple workloads in fully
isolated environments called virtual machines.
System Components
The main components of ESX/ESXi include a virtualization layer, hardware interface components, and user
interface.
Virtualization layer This layer provides the idealized hardware environment and virtualization of
underlying physical resources to the virtual machines. This layer includes the
virtual machine monitor (VMM), which is responsible for virtualization, and
VMkernel.
VMware, Inc. 9
Fibre Channel SAN Configuration Guide
The virtualization layer schedules the virtual machine operating systems and,
if you are running an ESX host, the service console. The virtualization layer
manages how the operating systems access physical resources. The VMkernel
must have its own drivers to provide access to the physical devices. VMkernel
drivers are modified Linux drivers, even though the VMkernel is not a Linux
variant.
Hardware interface The virtual machine communicates with hardware such as CPU or disk by
components using hardware interface components. These components include device
drivers, which enable hardware-specific service delivery while hiding
hardware differences from other parts of the system.
User interface Administrators can view and manage ESX/ESXi hosts and virtual machines in
several ways:
n A VMware vSphere Client (vSphere Client) can connect directly to the
ESX/ESXi host. This setup is appropriate if your environment has only one
host.
A vSphere Client can also connect to vCenter Server and interact with all
ESX/ESXi hosts that vCenter Server manages.
n The vSphere Web Access Client allows you to perform many management
tasks by using a browser-based interface.
n When you must have command-line access, you can use the VMware
vSphere Command-Line Interface (vSphere CLI).
Most applications interact only with the guest operating system, not with the underlying hardware. As a result,
you can run applications on the hardware of your choice if you install a virtual machine with the operating
system that the application requires.
Understanding Virtualization
The VMware virtualization layer is common across VMware desktop products (such as VMware Workstation)
and server products (such as VMware ESX/ESXi). This layer provides a consistent platform for development,
testing, delivery, and support of application workloads.
10 VMware, Inc.
Chapter 1 Overview of VMware ESX/ESXi
CPU virtualization Each virtual machine appears to run on its own CPU (or a set of CPUs), fully
isolated from other virtual machines. Registers, the translation lookaside
buffer, and other control structures are maintained separately for each virtual
machine.
Most instructions are executed directly on the physical CPU, allowing resource-
intensive workloads to run at near-native speed. The virtualization layer safely
performs privileged instructions.
Memory virtualization A contiguous memory space is visible to each virtual machine. However, the
allocated physical memory might not be contiguous. Instead, noncontiguous
physical pages are remapped and presented to each virtual machine. With
unusually memory-intensive loads, server memory becomes overcommitted.
In that case, some of the physical memory of a virtual machine might be
mapped to shared pages or to pages that are unmapped or swapped out.
ESX/ESXi performs this virtual memory management without the information
that the guest operating system has and without interfering with the guest
operating system’s memory management subsystem.
Network virtualization The virtualization layer guarantees that each virtual machine is isolated from
other virtual machines. Virtual machines can communicate with each other
only through networking mechanisms similar to those used to connect separate
physical machines.
The isolation allows administrators to build internal firewalls or other network
isolation environments that allow some virtual machines to connect to the
outside, while others are connected only through virtual networks to other
virtual machines.
Storage Virtualization
ESX/ESXi provides host-level storage virtualization, which logically abstracts the physical storage layer from
virtual machines. Virtual machines running on the ESX/ESXi host are not aware of the complexities and
specifics of the storage devices to which the host connects.
An ESX/ESXi virtual machine uses a virtual hard disk to store its operating system, program files, and other
data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied,
moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple
virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers appear to a
virtual machine as different types of controllers, including BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS,
and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can
see and access.
VMware, Inc. 11
Fibre Channel SAN Configuration Guide
Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the
VMware Virtual Machine File System (VMFS) datastore, NFS-based datastore, or on a raw disk. From the
standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI
controller. Whether the actual physical disk device is being accessed through parallel SCSI, iSCSI, network, or
Fibre Channel adapters on the host is transparent to the guest operating system and to applications running
on the virtual machine.
Figure 1-1 gives an overview of storage virtualization. The diagram illustrates storage that uses VMFS and
storage that uses raw device mapping (RDM).
virtual machine
1
SCSI controller
HBA
VMFS
LUN1 LUN2 LUN5
.vmdk RDM
ESX/ESXi hosts use VMFS to store virtual machine files. With VMFS, multiple virtual machines can run
concurrently and have concurrent access to their virtual disk files. Since VMFS is a clustered file system,
multiple hosts can have a shared simultaneous access to VMFS datastores on SAN LUNs. VMFS provides the
distributed locking to ensure that the multi-host environment is safe.
You can configure a VMFS datastore on either local disks or SAN LUNs. If you use the ESXi host, the local disk
is captured and used for the VMFS datastore during the host's first boot.
A VMFS datastore can map to a single SAN LUN or stretch over multiple SAN LUNs. You can expand a
datastore while virtual machines are running on it, either by growing the datastore or by adding a new extent.
The VMFS datastore can be extended over 32 physical storage extents of the same storage type.
12 VMware, Inc.
Chapter 1 Overview of VMware ESX/ESXi
An RDM might be required if you use Microsoft Cluster Service (MSCS) or if you run SAN snapshot or other
layered applications on the virtual machine. RDMs enable systems to use the hardware features inherent to
SAN arrays. However, virtual machines with RDMs do not display performance gains compared to virtual
machines with virtual disk files stored on a VMFS datastore.
For more information on the RDM, see the ESX Configuration Guide or ESXi Configuration Guide.
Administrators can interact with ESX/ESXi systems in one of the following ways:
n With a GUI client (vSphere Client or vSphere Web Access). You can connect clients directly to the ESX/
ESXi host, or you can manage multiple ESX/ESXi hosts simultaneously with vCenter Server.
n Through the command-line interface. vSphere Command-Line Interface (vSphere CLI) commands are
scripts that run on top of the vSphere SDK for Perl. The vSphere CLI package includes commands for
storage, network, virtual machine, and user management and allows you to perform most management
operations. For more information, see vSphere Command-Line Interface Installation and Reference Guide.
n ESX administrators can also use the ESX service console, which supports a full Linux environment and
includes all vSphere CLI commands. Using the service console is less secure than remotely running the
vSphere CLI. The service console is not supported on ESXi.
vCenter Server vCenter Server acts as a central administrator for your hosts connected on a
network. The server directs actions upon the virtual machines and VMware
ESX/ESXi.
vSphere Client The vSphere Client runs on Microsoft Windows. In a multihost environment,
administrators use the vSphere Client to make requests to vCenter Server,
which in turn affects its virtual machines and hosts. In a single-server
environment, the vSphere Client connects directly to an ESX/ESXi host.
vSphere Web Access vSphere Web Access allows you to connect to vCenter Server by using an
HTML browser.
VMware, Inc. 13
Fibre Channel SAN Configuration Guide
14 VMware, Inc.
Using ESX/ESXi with Fibre Channel
SAN 2
When you set up ESX/ESXi hosts to use FC SAN array storage, special considerations are necessary. This section
provides introductory information about how to use ESX/ESXi with a SAN array.
If you are new to SAN technology, familiarize yourself with the basic terminology.
A storage area network (SAN) is a specialized high-speed network that connects computer systems, or host
servers, to high performance storage subsystems. The SAN components include host bus adapters (HBAs) in
the host servers, switches that help route storage traffic, cables, storage processors (SPs), and storage disk
arrays.
A SAN topology with at least one switch present on the network forms a SAN fabric.
To transfer traffic from host servers to shared storage, the SAN uses Fibre Channel (FC) protocol that packages
SCSI commands into Fibre Channel frames.
To restrict server access to storage arrays not allocated to that server, the SAN uses zoning. Typically, zones
are created for each group of servers that access a shared group of storage devices and LUNs. Zones define
which HBAs can connect to which SPs. Devices outside a zone are not visible to the devices inside the zone.
VMware, Inc. 15
Fibre Channel SAN Configuration Guide
Zoning is similar to LUN masking, which is commonly used for permission management. LUN masking is a
process that makes a LUN available to some hosts and unavailable to other hosts. Usually, LUN masking is
performed at the SP or server level.
Ports
In the context of this document, a port is the connection from a device into the SAN. Each node in the SAN, a
host, storage device, and fabric component has one or more ports that connect it to the SAN. Ports are identified
in a number of ways.
WWPN (World Wide Port A globally unique identifier for a port that allows certain applications to access
Name) the port. The FC switches discover the WWPN of a device or host and assign
a port address to the device.
Port_ID (or port address) In the SAN, each port has a unique port ID that serves as the FC address for
the port. This unique ID enables routing of data through the SAN to that port.
The FC switches assign the port ID when the device logs in to the fabric. The
port ID is valid only while the device is logged on.
When N-Port ID Virtualization (NPIV) is used, a single FC HBA port (N-port) can register with the fabric by
using several WWPNs. This method allows an N-port to claim multiple fabric addresses, each of which appears
as a unique entity. When ESX/ESXi hosts use a SAN, these multiple, unique identifiers allow the assignment
of WWNs to individual virtual machines as part of their configuration.
If a path or any component along the path, HBA or NIC, cable, switch or switch port, or storage processor,
fails, the server selects another of the available paths. The process of detecting a failed path and switching to
another is called path failover.
16 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
Using ESX/ESXi in conjunction with SAN is effective for the following tasks:
Maintenance with zero When performing an ESX/ESXi host or infrastructure maintenance, use
downtime VMware DRS or VMotion to migrate virtual machines to other servers. If
shared storage is on the SAN, you can perform maintenance without
interruptions to the user.
Load balancing Use VMotion or VMware DRS to migrate virtual machines to other hosts for
load balancing. If shared storage is on a SAN, you can perform load balancing
without interruption to the user.
Storage consolidation If you are working with multiple hosts, and each host is running multiple
and simplification of virtual machines, the storage on the hosts is no longer sufficient and external
storage layout storage is required. Choosing a SAN for external storage results in a simpler
system architecture along with other benefits.
Start by reserving a large LUN and then allocate portions to virtual machines
as needed. LUN reservation and creation from the storage device needs to
happen only once.
VMware, Inc. 17
Fibre Channel SAN Configuration Guide
Disaster recovery Having all data stored on a SAN facilitates the remote storage of data backups.
You can restart virtual machines on remote ESX/ESXi hosts for recovery if one
site is compromised.
Simplified array When you purchase new storage systems or arrays, use storage VMotion to
migrations and storage perform live automated migration of virtual machine disk files from existing
upgrades storage to their new destination.
A VMFS datastore can run multiple virtual machines as one workload. VMFS provides distributed locking for
your virtual machine files, so that your virtual machines can operate safely in a SAN environment where
multiple ESX/ESXi hosts share a set of LUNs.
Use the vSphere Client to set up a VMFS datastore in advance on any SCSI-based storage device that your ESX/
ESXi host discovers. A VMFS datastore can be extended over several physical storage extents, including SAN
LUNs and local storage. This feature allows you to pool storage and gives you flexibility in creating the storage
volume necessary for your virtual machine.
You can increase the capacity of a datastore while virtual machines are running on the datastore. This ability
lets you add new space to your VMFS datastores as your virtual machine requires it. ESX/ESXi VMFS is
designed for concurrent access from multiple physical machines and enforces the appropriate access controls
on virtual machine files.
To ensure that multiple servers do not access the same virtual machine at the same time, VMFS provides on-
disk locking. To coordinate access to VMFS internal file system information, ESX/ESXi uses SCSI reservations
on the entire LUN.
Figure 2-1 shows several ESX/ESXi systems sharing the same VMFS volume.
18 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
VMFS volume
disk1
virtual
disk2 disk
files
disk3
Because virtual machines share a common VMFS datastore, it might be difficult to characterize peak-access
periods or to optimize performance. You must plan virtual machine storage access for peak periods, but
different applications might have different peak-access periods. VMware recommends that you load balance
virtual machines over servers, CPU, and storage. Run a mix of virtual machines on each server so that not all
experience high demand in the same area at the same time.
Metadata Updates
A VMFS datastore holds virtual machine files, directories, symbolic links, RDMs, and so on. A VMS datastore
also maintains a consistent view of all the mapping information for these objects. This mapping information
is called metadata.
Metadata is updated each time the attributes of a virtual machine file are accessed or modified when, for
example, you perform one of the following operations:
n Creating, growing, or locking a virtual machine file
n Changing a file's attributes
n Powering a virtual machine on or off
When you make your LUN decision, keep in mind the following considerations:
n Each LUN should have the correct RAID level and storage characteristic for applications in virtual
machines that use it.
n One LUN must contain only one VMFS datastore.
n If multiple virtual machines access the same VMFS, use disk shares to prioritize virtual machines.
You might want fewer, larger LUNs for the following reasons:
n More flexibility to create virtual machines without asking the storage administrator for more space.
n More flexibility for resizing virtual disks, doing snapshots, and so on.
n Fewer VMFS datastores to manage.
VMware, Inc. 19
Fibre Channel SAN Configuration Guide
You might want more, smaller LUNs for the following reasons:
n Less wasted storage space.
n Different applications might need different RAID characteristics.
n More flexibility, as the multipathing policy and disk shares are set per LUN.
n Use of Microsoft Cluster Service requires that each cluster disk resource is in its own LUN.
n Better performance because there is less contention for a single volume.
When the storage characterization for a virtual machine is not available, there is often no simple answer when
you have to decide on the LUN size and number of LUNs to use. You can experiment using either predictive
or adaptive scheme.
Procedure
2 Build a VMFS datastore on each LUN, labeling each datastore according to its characteristics.
3 Allocate virtual disks to contain the data for virtual machine applications in the VMFS datastores built on
LUNs with the appropriate RAID level for the applications' requirements.
Disk shares are relevant only within a given host. The shares assigned to virtual machines on one host
have no effect on virtual machines on other hosts.
Procedure
1 Create a large LUN (RAID 1+0 or RAID 5), with write caching enabled.
If performance is acceptable, you can place additional virtual disks on the VMFS. If performance is not
acceptable, create a new, larger LUN, possibly with a different RAID level, and repeat the process. Use
migration so that you do not lose virtual machines when you recreate the LUN.
20 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
Procedure
2 Select the virtual machine in the inventory panel and click Edit virtual machine settings from the menu.
3 Click the Resources tab and click Disk.
4 Double-click the Shares column for the disk to modify and select the required value from the drop-down
menu.
Shares is a value that represents the relative metric for controlling disk bandwidth to all virtual machines.
The values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual machines
on the server and, on an ESX host, the service console. Share allocation symbolic values can be used to
configure their conversion into numeric values.
NOTE Disk shares are relevant only within a given ESX/ESXi host. The shares assigned to virtual machines on
one host have no effect on virtual machines on other hosts.
When you use SAN storage with ESX/ESXi, keep in mind the following considerations:
n You cannot directly access the virtual machine operating system that uses the storage. With traditional
tools, you can monitor only the VMware ESX/ESXi operating system. You use the vSphere Client to
monitor virtual machines.
n When you create a virtual machine, it is, by default, configured with one virtual hard disk and one virtual
SCSI controller. You can modify the SCSI controller type and SCSI bus sharing characteristics by using
the vSphere Client to edit the virtual machine settings. You can also add hard disks to your virtual machine.
n The HBA visible to the SAN administration tools is part of the ESX/ESXi system, not part of the virtual
machine.
n Your ESX/ESXi system performs multipathing for you.
Most SAN hardware is packaged with SAN management software. This software typically runs on the storage
array or on a single server, independent of the servers that use the SAN for storage.
VMware, Inc. 21
Fibre Channel SAN Configuration Guide
If you decide to run the SAN management software on a virtual machine, you gain the benefits of running a
virtual machine, including failover using VMotion and VMware HA. Because of the additional level of
indirection, however, the management software might not be able to detect the SAN. This problem can be
resolved by using an RDM.
NOTE Whether a virtual machine can run management software successfully depends on the particular storage
system.
When a virtual machine interacts with its virtual disk stored on a SAN, the following process takes place:
1 When the guest operating system in a virtual machine reads or writes to SCSI disk, it issues SCSI
commands to the virtual disk.
2 Device drivers in the virtual machine’s operating system communicate with the virtual SCSI controllers.
6 Depending on which port the HBA uses to connect to the fabric, one of the SAN switches receives the
request and routes it to the storage device that the host wants to access.
This storage device appears to be a specific disk to the host, but it might be a logical device that corresponds
to a physical device on the SAN. The switch must determine which physical device is made available to
the host for its targeted logical device.
In case of a failure of any element in the SAN network, such as an adapter, switch, or cable, ESX/ESXi can
switch to another physical path, which does not use the failed component. This process of path switching to
avoid failed components is known as path failover.
In addition to path failover, multipathing provides load balancing. Load balancing is the process of distributing
I/O loads across multiple physical paths. Load balancing reduces or removes potential bottlenecks.
NOTE Virtual machine I/O might be delayed for up to sixty seconds while path failover takes place. These
delais allow the SAN to stabilize its configuration after topology changes. In general, the I/O delays might be
longer on active-passive arrays and shorter on activate-active arrays.
22 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
In Figure 2-2, multiple physical paths connect each server with the storage device. For example, if HBA1 or
the link between HBA1 and the FC switch fails, HBA2 takes over and provides the connection between the
server and the switch. The process of one HBA taking over for another is called HBA failover.
switch switch
SP1 SP2
storage array
Similarly, if SP1 fails or the links between SP1 and the switches breaks, SP2 takes over and provides the
connection between the switch and the storage device. This process is called SP failover. VMware ESX/ESXi
supports HBA and SP failover with its multipathing capability.
The VMkernel multipathing plugin that ESX/ESXi provides by default is the VMware Native Multipathing
Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP
subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be
built-in and provided by VMware, or can be provided by a third party.
If more multipathing functionality is required, a third party can also provide an MPP to run in addition to, or
as a replacement for, the default NMP.
When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the following
tasks:
n Loads and unloads multipathing plugins.
n Hides virtual machine specifics from a particular plugin.
n Routes I/O requests for a specific logical device to the MPP managing that device.
n Handles I/O queuing to the logical devices.
n Implements logical device bandwidth sharing between virtual machines.
VMware, Inc. 23
Fibre Channel SAN Configuration Guide
As Figure 2-3 illustrates, multiple third-party MPPs can run in parallel with the VMware NMP. The third-party
MPPs can replace the behavior of the NMP and take complete control of the path failover and the load-
balancing operations for specified storage devices.
VMware SATP
Generally, the VMware NMP supports all storage arrays listed on the VMware storage HCL and provides a
default path selection algorithm based on the array type. The NMP associates a set of physical paths with a
specific storage device, or LUN. The specific details of handling path failover for a given storage array are
delegated to a Storage Array Type Plugin (SATP). The specific details for determining which physical path is
used to issue an I/O request to a storage device are handled by a Path Selection Plugin (PSP). SATPs and PSPs
are sub-plugins within the NMP module.
VMware SATPs
Storage Array Type Plugins (SATPs) run in conjunction with the VMware NMP and are responsible for array-
specific operations.
ESX/ESXi offers an SATP for every type of array that VMware supports. These SATPs include an active/active
SATP and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage.
Each SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
specific operations required to detect path state and to activate an inactive path. As a result, the NMP module
can work with multiple storage arrays without having to be aware of the storage device specifics.
24 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
After the NMP determines which SATP to call for a specific storage device and associates the SATP with the
physical paths for that storage device, the SATP implements the tasks that include the following:
n Monitors health of each physical path.
n Reports changes in the state of each physical path.
n Performs array-specific actions necessary for storage fail-over. For example, for active/passive devices, it
can activate passive paths.
VMware PSPs
Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a
physical path for I/O requests.
The VMware NMP assigns a default PSP for every logical device based on the SATP associated with the physical
paths for that device. You can override the default PSP.
Most Recently Used Selects the path the ESX/ESXi host used most recently to access the given device.
(MRU) If this path becomes unavailable, the host switches to an alternative path and
continues to use the new path while it is available.
Fixed Uses the designated preferred path, if it has been configured. Otherwise, it uses
the first working path discovered at system boot time. If the host cannot use
the preferred path, it selects a random alternative available path. The host
automatically reverts back to the preferred path as soon as that path becomes
available.
NOTE With active-passive arrays that have a Fixed path policy, path thrashing
might be a problem.
Round Robin (RR) Uses a path selection algorithm that rotates through all available paths enabling
load balancing across the paths.
When a virtual machine issues an I/O request to a storage device managed by the NMP, the following process
takes place.
2 The PSP selects an appropriate physical path on which to issue the I/O.
4 If the I/O operation reports an error, the NMP calls an appropriate SATP.
5 The SATP interprets the I/O command errors and, when appropriate, activates inactive paths.
6 The PSP is called to select a new path on which to issue the I/O.
VMware, Inc. 25
Fibre Channel SAN Configuration Guide
High tier Offers high performance and high availability. Might offer built-in snapshots
to facilitate backups and Point-in-Time (PiT) restorations. Supports replication,
full SP redundancy, and fibre drives. Uses high-cost spindles.
Mid tier Offers mid-range performance, lower availability, some SP redundancy, and
SCSI drives. Might offer snapshots. Uses medium-cost spindles.
Lower tier Offers low performance, little internal storage redundancy. Uses low end SCSI
drives or SATA (serial low-cost spindles).
Not all applications require the highest performance and most available storage, at least not throughout their
entire life cycle.
If you want some of the functionality of the high tier, such as snapshots, but do not want to pay for it, you
might be able to achieve some of the high-performance characteristics in software.
When you decide where to place a virtual machine, ask yourself these questions:
n How critical is the virtual machine?
n What are its performance and availability requirements?
n What are its point-in-time (PiT) restoration requirements?
n What are its backup requirements?
n What are its replication requirements?
A virtual machine might change tiers throughout its life cycle because of changes in criticality or changes in
technology that push higher-tier features to a lower tier. Criticality is relative and might change for a variety
of reasons, including changes in the organization, operational processes, regulatory requirements, disaster
planning, and so on.
Using VMware HA
With VMware HA, you can organize virtual machines into failover groups. When a host fails, all its virtual
machines are immediately started on different hosts. HA requires SAN storage.
When a virtual machine is restored on a different host, the virtual machine loses its memory state, but its disk
state is exactly as it was when the host failed (crash-consistent failover).
26 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
VMware tests Microsoft Cluster Service in conjunction with ESX/ESXi systems, but other cluster solutions
might also work. Different configuration options are available for achieving failover with clustering:
Cluster in a box Two virtual machines on one host act as failover servers for each other. When
one virtual machine fails, the other takes over. This configuration does not
protect against host failures and is most commonly used during testing of the
clustered application.
Cluster across boxes A virtual machine on an ESX/ESXi host has a matching virtual machine on
another ESX/ESXi host.
Physical to virtual A virtual machine on an ESX/ESXi host acts as a failover server for a physical
clustering (N+1 server. Because virtual machines that run on a single host can act as failover
clustering) servers for numerous physical servers, this clustering method is a cost-effective
N+1 solution.
Although a LUN is accessible to a host, all virtual machines on that host do not necessarily have access to
all data on that LUN. A virtual machine can access only the virtual disks for which it has been configured.
In case of a configuration error, virtual disks are locked when the virtual machine boots so that no
corruption occurs.
NOTE As a rule, when you are using boot from a SAN LUN, only the host that is booting from a LUN should
see each boot LUN. An exception is when you are trying to recover from a failure by pointing a second host
to the same LUN. In this case, the SAN LUN in question is not really booting from SAN. No host is booting
from the SAN LUN because it is corrupted. The SAN LUN is a nonboot LUN that is made visible to a host.
You can use VMotion or DRS only if the virtual disks are located on shared storage accessible to multiple
servers. In most cases, SAN storage is used.
VMware, Inc. 27
Fibre Channel SAN Configuration Guide
DRS collects resource usage information for all hosts and virtual machines in a VMware cluster and gives
recommendations (or migrates virtual machines) in one of two situations:
Initial placement When you first power on a virtual machine in the cluster, DRS either places the
virtual machine or makes a recommendation.
Load balancing DRS tries to improve resource use across the cluster by performing automatic
migrations of virtual machines (VMotion) or by providing recommendations
for virtual machine migrations.
28 VMware, Inc.
Requirements and Installation 3
When you use ESX/ESXi systems with SAN storage, specific hardware and system requirements exist.
This chapter includes the following topics:
n “General ESX/ESXi SAN Requirements,” on page 29
n “ESX Boot from SAN Requirements,” on page 31
n “Installation and Setup Steps,” on page 31
In the case of diskless servers that boot from a SAN, a shared diagnostic partition is appropriate.
n VMware recommends that you use RDMs for access to any raw disk from an ESX Server 2.5 or later
machine.
n For multipathing to work properly, each LUN must present the same LUN ID number to all ESX/ESXi
hosts.
n Make sure the driver you use in the guest operating system specifies a large enough queue. You can set
the queue depth for the physical HBA during system setup.
n On virtual machines running Microsoft Windows, increase the value of the SCSI TimeoutValue parameter
to 60. This increase allows Windows to better tolerate delayed I/O resulting from path failover.
VMware, Inc. 29
Fibre Channel SAN Configuration Guide
Storage provisioning. To ensure that the ESX/ESXi system recognizes the LUNs at startup time,
provision all LUNs to the appropriate HBAs before you connect the SAN to the
ESX/ESXi system.
VMware recommends that you provision all LUNs to all ESX/ESXi HBAs at the
same time. HBA failover works only if all HBAs see the same LUNs.
VMotion and VMware When you use vCenter Server and VMotion or DRS, make sure that the LUNs
DRS for the virtual machines are provisioned to all ESX/ESXi hosts. This provides
the greatest freedom in moving virtual machines.
Active/active compared When you use VMotion or DRS with an active/passive SAN storage device,
to active/passive arrays make sure that all ESX/ESXi systems have consistent paths to all storage
processors. Not doing so can cause path thrashing when a VMotion migration
occurs.
For active/passive storage arrays not listed in the Storage/SAN Compatibility
Guide, VMware does not support storage port failover. In those cases, you must
connect the server to the active port on the storage array. This configuration
ensures that the LUNs are presented to the ESX/ESXi host.
NOTE You should not mix FC HBAs from different vendors in a single server. Having different models of the
same HBA is supported, but a single LUN can not be accessed through two different HBA types, only through
the same type. Ensure that the firmware level on each HBA is the same.
30 VMware, Inc.
Chapter 3 Requirements and Installation
To enable your ESX system to boot from a SAN, your environment must meet the requirements listed in
Table 3-1.
ESX system ESX 3.x or later is recommended. When you use the ESX 3.x system or later, RDMs are supported
requirements in conjunction with boot from SAN. For an ESX Server 2.5.x system, RDMs are not supported in
conjunction with boot from SAN.
HBA requirements The HBA BIOS for your HBA FC card must be enabled and correctly configured to access the boot
LUN.
The HBA should be plugged into the lowest PCI bus and slot number. This allows the drivers to
detect the HBA quickly because the drivers scan the HBAs in ascending PCI bus and slot numbers,
regardless of the associated virtual machine HBA number.
Boot LUN n When you boot from an active/passive storage array, the SP whose WWN is specified in the
considerations BIOS configuration of the HBA must be active. If that SP is passive, the HBA cannot support
the boot process.
n To facilitate BIOS configuration, mask each boot LUN so that only its own ESX system can see
it. Each ESX system should see its own boot LUN, but not the boot LUN of any other ESX
system.
SAN considerations n SAN connections must be through a switched topology if the array is not certified for direct
connect topology. If the array is certified for direct connect topology, the SAN connections can
be made directly to the array. Boot from SAN is supported for both switched topology and
direct connect topology if these topologies for the specific array are certified.
n Redundant and nonredundant configurations are supported. In the redundant case, ESX
collapses the redundant paths so that only a single path to a LUN is presented to the user.
Hardware- specific If you are running an IBM eServer BladeCenter and use boot from SAN, you must disable IDE
considerations drives on the blades.
1 Design your SAN if it is not already configured. Most existing SANs require only minor modification to
work with ESX/ESXi.
2 Check that all SAN components meet requirements.
Most vendors have vendor-specific documentation for setting up a SAN to work with VMware ESX/ESXi.
4 Set up the HBAs for the hosts you have connected to the SAN.
7 (Optional) Set up your system for VMware HA failover or for using Microsoft Clustering Services.
VMware, Inc. 31
Fibre Channel SAN Configuration Guide
32 VMware, Inc.
Setting Up SAN Storage Devices with
ESX/ESXi 4
This section discusses many of the storage devices supported in conjunction with VMware ESX/ESXi. For each
device, it lists the major known potential issues, points to vendor-specific information (if available), and
includes information from VMware knowledge base articles.
NOTE Information related to specific storage devices is updated only with each release. New information
might already be available. Consult the most recent Storage/SAN Compatibility Guide, check with your storage
array vendor, and explore the VMware knowledge base articles.
Basic connectivity Tests whether ESX/ESXi can recognize and operate with the storage array. This
configuration does not allow for multipathing or any type of failover.
HBA failover The server is equipped with multiple HBAs connecting to one or more SAN
switches. The server is robust to HBA and switch failure only.
Storage port failover The server is attached to multiple storage ports and is robust to storage port
failures and switch failures.
Boot from SAN (with ESX The ESX host boots from a LUN configured on the SAN rather than from the
only) server itself.
VMware, Inc. 33
Fibre Channel SAN Configuration Guide
Direct connect The server connects to the array without using switches and with only an FC
cable. For all other tests, a fabric connection is used. FC Arbitrated Loop (AL)
is not supported.
Clustering The system is tested with Microsoft Cluster Service running in the virtual
machine.
For all storage arrays, make sure that the following requirements are met:
n LUNs must be presented to each HBA of each host with the same LUN ID number.
Because instructions on how to configure identical SAN LUN IDs are vendor specific, consult your storage
array documentation for more information.
n Unless specified for individual storage arrays, set the host type for LUNs presented to ESX/ESXi to
Linux, Linux Cluster, or, if available, to vmware or esx.
n If you are using VMotion, DRS, or HA, make sure that both source and target hosts for virtual machines
can see the same LUNs with identical LUN IDs.
SAN administrators might find it counterintuitive to have multiple hosts see the same LUNs because they
might be concerned about data corruption. However, VMFS prevents multiple virtual machines from
writing to the same file at the same time, so provisioning the LUNs to all required ESX/ESXi system is
appropriate.
5 Registering the servers connected to the SAN. By default, the host automatically performs this step.
Use the EMC storage management software to perform configuration. For information, see the EMC
documentation.
ESX/ESXi automatically sends the host's name and IP address to the array and registers the host with the array.
You are no longer required to perform host registration manually. If you prefer to use storage management
software, such as EMC Navisphere, to perform manual registration, turn off the ESX/ESXi auto-registration
feature. Turning it off helps you avoid overwriting the manual user registration. For information, see “Disable
Automatic Host Registration,” on page 66.
34 VMware, Inc.
Chapter 4 Setting Up SAN Storage Devices with ESX/ESXi
Because this array is an active/passive disk array, the following general considerations apply.
n To avoid the possibility of path thrashing, the default multipathing policy is Most Recently Used, not
Fixed. The ESX/ESXi system sets the default policy when it identifies the array.
n Automatic volume resignaturing is not supported for AX100 storage devices.
n To use boot from SAN, make sure that the active SP is chosen for the boot LUN’s target in the HBA BIOS.
IMPORTANT If the EMC CLARiiON CX storage systems use the ALUA protocol, your host cannot boot from
the systems or display VMFS datastores deployed on them. With ALUA enabled, these storage systems do not
support SCSI-2 reservations that ESX/ESXi requires for its operations.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host in
the cluster. By default, the AX100 does not support this configuration.
An ESX/ESXi system is directly connected to an AX100 storage device. The ESX/ESXi has two FC HBAs. One
of the HBAs was previously registered with the storage array and its LUNs were configured, but the
connections are now inactive.
When you connect the second HBA on the ESX/ESXi host to the AX100 and register it, the ESX/ESXi host
correctly shows the array as having an active connection. However, none of the LUNs that were previously
configured to the ESX/ESXi host are visible, even after repeated rescans.
To resolve this issue, remove the inactive HBA, unregister the connection to the inactive HBA, or make all
inactive connections active. This causes only active HBAs to be in the storage group. After this change, rescan
to add the configured LUNs.
The utility runs only on the service console and is not available with ESXi.
The following settings are required on the Symmetrix networked storage system. For more information, see
the EMC documentation.
n Common serial number (C)
n Auto negotiation (EAN) enabled
n Fibrepath enabled on this port (VCM)
VMware, Inc. 35
Fibre Channel SAN Configuration Guide
The ESX/ESXi host considers any LUNs from a Symmetrix storage array with a capacity of 50MB or less as
management LUNs. These LUNs are also known as pseudo or gatekeeper LUNs. These LUNs appear in the
EMC Symmetrix Management Interface and should not be used to hold data.
In addition to normal configuration steps for your IBM TotalStorage storage system, you must perform specific
tasks. You must also make sure that multipathing policy is set to Most Recently Used.
Configuring the Hardware for SAN Failover with DS4800 Storage Servers
This topic provides information on how to set up a highly available SAN failover configuration with an ESX/
ESXi host and DS4800 storage.
Use the following connection settings for the ESX/ESXi host, as shown in Figure 4-1:
n Connect each HBA on each ESX/ESXi machine to a separate switch. For example, connect HBA1 to FC
switch 1 and HBA2 to FC switch 2.
n On FC switch 1, connect SP1 to a lower switch port number than SP2, to ensure that SP1 is listed first. For
example, connect SP1 to FC switch 1 port 1 and SP2 to FC switch 1 port 2.
n On FC switch 2, connect SP1 to a lower switch port number than SP2, to ensure that SP1 is listed first. For
example, connect SP1 to port 1 on FC switch 2 and SP2 to port 2 on FC switch 2.
FC switch 1 FC switch 2
SP1 SP2
storage
36 VMware, Inc.
Chapter 4 Setting Up SAN Storage Devices with ESX/ESXi
This configuration provides two paths from each HBA, so that each element of the connection can fail over to
a redundant path. The order of the paths in this configuration provides HBA and switch failover without the
need to trigger SP failover. The storage processor that the preferred paths are connected to must own the LUNs.
In the preceding example configuration, SP1 owns them.
NOTE The preceding example assumes that the switches are not connected through an Inter-Switch Link (ISL)
in one fabric.
Procedure
Compare the WWPN information to the information listed in the DS4800 storage subsystem profile.
To disable AVT, in the DS 4800 Storage Manager, for each port defined in each host group that contains HBAs
for one or more ESX/ESXi machines, set the host type to LNXCL or, in later versions, to VMware.
You must reboot the ESX/ESXi host after you change the AVT configuration.
Procedure
1 Determine the index for the LNXCL host type by using the following commands in a shell window.
VMware, Inc. 37
Fibre Channel SAN Configuration Guide
The following commands assume that 13 is the index corresponding to LNXCL in the NVSRAM host type
definitions. If your storage processors have LNXCL at a different index, substitute that index for 13 in the
following commands.
2 Execute these commands for SPA to have it return Not Ready sense data.
3 Execute these commands for SPB to have it return Not Ready sense data.
NOTE If you use the DS4800 Storage Manager GUI, paste the configuration commands for both storage
processors into a single script and configure both storage processors at the same time. If you use
SMcli.exe, make individual connections to each SP.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host in
the cluster.
In the TotalStorage Configuration Management tool, select Use same ID for LUN in source and target.
NOTE If you are configuring the ESX host to use boot from SAN from a LUN on an IBM TotalStorage 8000
array, disable the internal fibre port for the corresponding blade until installation is finished.
For additional information, see the HP ActiveAnswers section on VMware ESX/ESXi at the HP web site.
38 VMware, Inc.
Chapter 4 Setting Up SAN Storage Devices with ESX/ESXi
HP StorageWorks MSA
This section lists issues of interest if you are using the active/passive version of the HP StorageWorks MSA.
Procedure
1 Create a static connection on the MSA 1000 by using the MSA 1000 command-line interface.
For information on installing and configuring the command-line interface, see the HP StorageWorks MSA
1000 documentation.
NOTE You cannot create connection settings by using the HP Array Configuration utility.
3 Verify that the FC network between the MSA 1000 and the ESX/ESXi host is working.
4 Start the command-line interface and enter the following at the prompt:
SHOW CONNECTIONS
The output displays a connection specification for each FC WWNN and WWPN attached to the MSA 1000.
Connection Name: <unknown>
Host WWNN = 20:02:00:a0:b8:0c:d5:56
Host WWPN = 20:03:00:a0:b8:0c:d5:57
Profile Name = Default
Unit Offset 0
Controller 1 Port 1 Status = Online
Controller 2 Port 1 Status = Online
5 Make sure the host’s WWNN and WWPN show the correct connection for each FC adapter on the ESX/
ESXi machine.
VMware, Inc. 39
Fibre Channel SAN Configuration Guide
SHOW CONNECTIONS
The output displays a single connection with the WWNN and WWPN pair 20:02:00:a0:b8:0c:d5:56 and
20:03:00:a0:b8:0c:d5:57 and the Profile Name set to Linux:
There should be no connection with the Connection Name unknown for WWNN=20:02:00:a0:b8:0c:d5:56 and
WWPN =20:03:00:a0:b8:0c:d5:57.
8 Add static connections with different connection name values for each WWNN and WWPN on the ESX/
ESXi host.
HP StorageWorks EVA
To use an HP StorageWorks EVA system with ESX/ESXi, you must configure the correct host mode type.
Set the connection type to Custom when you present a LUN to an ESX/ESXi host. The value is one of the
following:
n For EVA4000/6000/8000 active/active arrays with firmware below 5.031, use the host mode type
000000202200083E.
n For EVA4000/6000/8000 active/active arrays with firmware 5.031 and above, use the host mode type
VMware.
Otherwise, EVA systems do not require special configuration changes to work with an ESX/ESXi system.
See the VMware Infrastructure, HP StorageWorks Best Practices on the HP Web site.
40 VMware, Inc.
Chapter 4 Setting Up SAN Storage Devices with ESX/ESXi
HP StorageWorks XP
For HP StorageWorks XP, set the host mode to Windows (not Linux). This system is available from Hitachi Data
Systems.
LUN masking To mask LUNs on an ESX/ESXi host, use the HDS Storage Navigator software
for best results.
Microcode and Check with your HDS representative for exact configurations and microcode
configurations levels needed for interoperability with ESX/ESXi. If your microcode is not
supported, interaction with ESX/ESXi is usually not possible.
Modes The modes you set depend on the model you are using, for example:
n 9900 and 9900v uses Netware host mode.
n 9500v series uses Hostmode1: standard and Hostmode2: SUN Cluster.
Check with your HDS representative for host mode settings for the models not
listed here.
LUN type VMware (if VMware type is not available, use Linux).
Initiator group type VMware (if VMware type is not available, use Linux).
Procedure
4 Create a LUN.
VMware, Inc. 41
Fibre Channel SAN Configuration Guide
42 VMware, Inc.
Using Boot from SAN with ESX
Systems 5
This section discusses the benefits of boot from SAN and describes the tasks you need to perform to have the
ESX boot image stored on a SAN LUN.
NOTE Skip this information if you do not plan to have your ESX host boot from a SAN.
You should not use boot from SAN in the following situations:
n If you are using Microsoft Cluster Service.
n If I/O contention might occur between the service console and VMkernel.
NOTE With ESX Server 2.5, you could not use boot from SAN together with RDM. With ESX 3.x or later, this
restriction is removed.
VMware, Inc. 43
Fibre Channel SAN Configuration Guide
service
console VMkernel
HBA
FC switch
storage array
boot disk
NOTE When you use boot from SAN in conjunction with ESX hosts, each host must have its own boot LUN.
1 Ensure that the configuration settings meet the basic boot from SAN requirements.
This includes your HBA, network devices, and storage system. Refer to the product documentation for
each device.
44 VMware, Inc.
Chapter 5 Using Boot from SAN with ESX Systems
This ensures that each ESX host has a dedicated LUN for the boot partitions. The boot LUN must be
dedicated to a single server.
Diagnostic partitions can be put on the same LUN as the boot partition. Core dumps are stored in
diagnostic partitions.
IMPORTANT Your host cannot boot from the EMC CLARiiON CX storage systems that use the ALUA protocol.
With ALUA enabled, these storage systems do not support SCSI-2 reservations, which ESX requires to boot
from a SAN LUN.
For information on how to mask paths to specific LUNs on your host, see “Mask Paths,” on page 83.
VMware, Inc. 45
Fibre Channel SAN Configuration Guide
Procedure
1 Connect the FC and Ethernet cables, referring to any cabling guide that applies to your setup.
b From the SAN storage array, set up the ESX host to have the WWPNs of the host’s FC adapters as
port names or node names.
c Create LUNs.
d Assign LUNs.
CAUTION If you use scripted installation to install ESX in boot from SAN mode, you need to take special
steps to avoid unintended data loss.
The QLogic BIOS uses a search list of paths (wwpn:lun) to locate a boot image. If one of the wwpn:lun paths is
associated with a passive path, for example, when you use CLARiiON or IBM TotalStorage DS 4000 systems,
the BIOS stays with the passive path and does not locate an active path. If you are booting your ESX system
from a SAN LUN, the boot fails while the host tries to access the passive path.
For example, if fifteen initiators and four Symmetrix ports are in one zone, you might not be able to select a
boot device from either the Emulex or QLogic BIOS because it becomes unresponsive. If you zone the two host
ports to see only the four storage ports, you can select a boot LUN.
For example, you need to complete the following on the IBM X-Series 345 server.
Procedure
1 During your system power up, enter the system BIOS Configuration/Setup Utility.
46 VMware, Inc.
Chapter 5 Using Boot from SAN with ESX Systems
NOTE If you are using an IBM BladeCenter, disconnect all your local disk drives from the server.
Procedure
Option Description
One HBA If you have only one host bus adapter (HBA), the Fast!UTIL Options page
appears. Skip to Step 3.
Multiple HBAs If you have more than one HBA, select the HBA manually.
a In the Select Host Adapter page, use the arrow keys to position the cursor
on the appropriate HBA.
b Press Enter.
3 In the Fast!UTIL Options page, select Configuration Settings and press Enter.
4 In the Configuration Settings page, select Host Adapter Settings and press Enter.
Procedure
VMware, Inc. 47
Fibre Channel SAN Configuration Guide
Procedure
1 Use the cursor keys to select the first entry in the list of storage processors.
If any remaining storage processors show in the list, position to those entries and press C to clear the
data.
Procedure
1 From the ESX service console or a Linux command prompt, run lputil.
NOTE Consider booting the ESX host from a Linux Administration CD that loads the Emulex driver, then
run lputil from there.
3 Select an adapter.
Procedure
48 VMware, Inc.
Chapter 5 Using Boot from SAN with ESX Systems
g Select <1> WWPN. (Boot this device using WWPN, not DID).
4 Boot into the system BIOS and move Emulex first in the boot controller sequence.
VMware, Inc. 49
Fibre Channel SAN Configuration Guide
50 VMware, Inc.
Managing ESX/ESXi Systems That Use
SAN Storage 6
This section helps you manage your ESX/ESXi system, use SAN storage effectively, and perform
troubleshooting. It also explains how to find information about storage devices, adapters, multipathing, and
so on.
When you list all available adapters, you can see their models, types, such as Fibre Channel, Parallel SCSI, or
iSCSI, and, if available, their unique identifiers.
As unique identifiers, Fibre Channel HBAs use World Wide Names (WWNs).
When you display details for each Fibre Channel HBA, you see the following information.
VMware, Inc. 51
Fibre Channel SAN Configuration Guide
WWN A World Wide Name formed according to Fibre Channel standards that uniquely identifies
the FC adapter.
Procedure
4 To view details for a specific adapter, select the adapter from the Storage Adapters list.
5 To list all storage devices the adapter can access, click Devices.
For each storage adapter, you can display a separate list of storage devices accessible just through this adapter.
When you review a list of storage devices, you typically see the following information.
Name A friendly name that the host assigns to the device based on the storage type and
manufacturer.
LUN The LUN number that shows the position of the LUN within the target.
Owner The plugin, such as the NMP or a third-party plugin, the host uses to manage the storage
device.
52 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Name A friendly name that the host assigns to a device based on the storage type and
manufacturer. You can modify the name using the vSphere Client.
Identifier A universally unique identifier that the host extracts from the storage.
Depending on the type of storage, the host uses different algorithms to extract
the identifier. The identifier is persistent across reboots and is the same for all
hosts sharing the device.
Runtime Name The name of the first path to the device. The runtime name is created by the
host. The name is not a reliable identifier for the device, and is not persistent.
The runtime name has the following format:
vmhba#:C#:T#:L#, where
n vmhba# is the name of the storage adapter. The name refers to the physical
adapter on the host, not to the SCSI controller used by the virtual machines.
n C# is the storage channel number.
n T# is the target number. Target numbering is decided by the host and might
change if there is a change in the mappings of targets visible to the host.
Targets that are shared by different hosts might not have the same target
number.
n L# is the LUN number that shows the position of the LUN within the target.
The LUN number is provided by the storage system. If a target has only
one LUN, the LUN number is always zero (0).
Procedure
4 Click Devices.
5 To view additional details about a specific device, select the device from the list.
VMware, Inc. 53
Fibre Channel SAN Configuration Guide
Procedure
5 Click Devices.
For each datastore, you can also review the following details:
n Location of the datastore.
n Total capacity, including the used and available space.
n Individual extents that the datastore spans and their capacity. To view extent details, click Properties and
select the Extents panel.
n Paths used to access the storage device.
Procedure
4 To display details for a particular datastore, select the datastore from the list.
54 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Check cable connectivity. If you do not see a port, the problem could be cable connectivity. Check the cables first.
Ensure that cables are connected to the ports and a link light indicates that the connection
is good. If each end of the cable does not show a good link light, replace the cable.
Check zoning. Zoning limits access to specific storage devices, increases security, and decreases traffic
over the network. Some storage vendors allow only single-initiator zones. In that case, an
HBA can be in multiple zones to only one target. Other vendors allow multiple-initiator
zones. See your storage vendor’s documentation for zoning requirements. Use the SAN
switch software to configure and manage zoning.
Check access control n The MASK_PATH plugin allows you to prevent your host form seeing a specific
configuration. storage array or specific LUNs on a storage array. If your host does not see the expected
LUNs on the array, path masking could have been set up incorrectly.
n For booting from a SAN, ensure that each ESX host sees only required LUNs. Do not
allow any ESX host to see any boot LUN other than its own. Use storage system
software to make sure that the ESX host can see only the LUNs that it is supposed to
see.
n Ensure that the Disk.MaxLUN setting allows you to view the LUN you expect to see.
Check storage processor If a disk array has more than one storage processor (SP), make sure that the SAN switch
setup. has a connection to the SP that owns the LUNs you want to access. On some disk arrays,
only one SP is active and the other SP is passive until there is a failure. If you are connected
to the wrong SP (the one with the passive path), you might see the LUNs but get errors
when trying to access them.
Rescan your HBA. Perform a rescan each time you complete the following tasks:
n Create new LUNs on a SAN.
n Change the path masking configuration on an ESX/ESXi host storage system.
n Reconnect a cable.
n Make a change to a host in a cluster.
You can rescan all adapters on your host. If the changes you make are isolated to a specific adapter, rescan
only this adapter. If your vSphere Client is connected to a vCenter Server system, you can rescan adapters on
all hosts managed by the vCenter Server system.
Perform a rescan each time you make one of the following changes.
n Zone a new disk array on the SAN to an ESX/ESXi host.
n Create new LUNs on a SAN.
n Change the path masking on a host.
n Reconnect a cable.
n Make a change to a host in a cluster.
IMPORTANT Do not rescan when a path is unavailable. If one path fails, another takes over and your system
continues to be fully functional. If, however, you rescan at a time when a path is not available, the host removes
the path from its list of paths to the device. The path cannot be used by the host until the next time a rescan is
performed while the path is active.
VMware, Inc. 55
Fibre Channel SAN Configuration Guide
Use this procedure if you want to limit the rescan to a particular host or an adapter on the host. If you want to
rescan adapters on all hosts managed by your vCenter Server system, you can do so by right-clicking a
datacenter, cluster, or folder that contains the hosts and selecting Rescan for Datastores.
Procedure
1 In the vSphere Client, select a host and click the Configuration tab.
2 In the Hardware panel, select Storage Adapters, and click Rescan above the Storage Adapters panel.
You can also right-click an individual adapter and click Rescan to rescan just that adapter.
IMPORTANT On ESXi, it is not possible to rescan a single storage adapter. If you rescan a single adapter,
all adapters are rescanned.
3 To discover new disks or LUNs, select Scan for New Storage Devices.
4 To discover new datastores or update a datastore after its configuration has been changed, select Scan for
New VMFS Volumes.
If new datastores or VMFS volumes are discovered, they appear in the datastore list.
IMPORTANT You cannot discover LUNs with a LUN ID number that is greater than 255.
Reducing the value can shorten rescan time and boot time. However, the time to rescan LUNs might depend
on other factors, including the type of storage system and whether sparse LUN support is enabled.
Procedure
1 In the vSphere Client inventory panel, select the host, click the Configuration tab, and click Advanced
Settings.
2 Select Disk.
4 Change the existing value to the value of your choice, and click OK.
The value you enter specifies the LUN after the last one you want to discover.
For example, to discover LUNs from 0 through 31, set Disk.MaxLUN to 32.
56 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
The VMkernel provides sparse LUN support by default. The sparse LUN support enables the VMkernel to
perform uninterrupted LUN scanning when a storage system presents LUNs with nonsequential LUN
numbering, for example 0, 6, and 23. If all LUNs that your storage system presents are sequential, you can
disable the sparse LUN support.
Procedure
1 In the vSphere Client inventory panel, select the host, click the Configuration tab, and click Advanced
Settings.
N-Port ID Virtualization
N-Port ID Virtualization (NPIV) is an ANSI T11 standard that describes how a single Fibre Channel HBA port
can register with the fabric using several worldwide port names (WWPNs). This allows a fabric-attached N-
port to claim multiple fabric addresses. Each address appears as a unique entity on the Fibre Channel fabric.
SAN objects, such as switches, HBAs, storage devices, or virtual machines can be assigned World Wide Name
(WWN) identifiers. WWNs uniquely identify such objects in the Fibre Channel fabric. When virtual machines
have WWN assignments, they use them for all RDM traffic, so the LUNs pointed to by any of the RDMs on
the virtual machine must not be masked against its WWNs. When virtual machines do not have WWN
assignments, they access storage LUNs with the WWNs of their host’s physical HBAs. By using NPIV, however,
a SAN administrator can monitor and route storage access on a per virtual machine basis. The following section
describes how this works.
When a virtual machine has a WWN assigned to it, the virtual machine’s configuration file (.vmx) is updated
to include a WWN pair (consisting of a World Wide Port Name, WWPN, and a World Wide Node Name,
WWNN). As that virtual machine is powered on, the VMkernel instantiates a virtual port (VPORT) on the
physical HBA which is used to access the LUN. The VPORT is a virtual HBA that appears to the FC fabric as
a physical HBA, that is, it has its own unique identifier, the WWN pair that was assigned to the virtual machine.
Each VPORT is specific to the virtual machine, and the VPORT is destroyed on the host and it no longer appears
to the FC fabric when the virtual machine is powered off. When a virtual machine is migrated from one ESX/
ESXi to another, the VPORT is closed on the first host and opened on the destination host.
If NPIV is enabled, four WWN pairs (WWPN & WWNN) are specified for each virtual machine at creation
time.When a virtual machine using NPIV is powered on, it uses each of these WWN pairs in sequence to try
to discover an access path to the storage. The number of VPORTs that are instantiated equals the number of
physical HBAs present on the host up to the maximum of four. A VPORT is created on each physical HBA that
a physical path is found on. Each physical path is used to determine the virtual path that will be used to access
the LUN.Note that HBAs that are not NPIV-aware are skipped in this discovery process because VPORTs
cannot be instantiated on them.
NOTE If a host has four physical HBAs as paths to the storage, all physical paths must be zoned to the virtual
machine by the SAN administrator. This is required to support multipathing even though only one path at a
time will be active.
VMware, Inc. 57
Fibre Channel SAN Configuration Guide
CAUTION Disabling and then re-enabling the NPIV capability on an FC switch while virtual machines are
running can cause an FC link to fail and I/O to stop.
Procedure
1 From the vSphere Client, click Inventory in the navigation bar, and expand the inventory as needed.
2 In the inventory list, select the managed host to which you want to add a new virtual machine.
7 If the resource pool option is available, expand the tree until you locate the resource pool in which you
want to run the virtual machine, highlight it, and click Next.
8 Select a datastore in which to store the virtual machine files, and click Next.
9 Under Guest operating system, select the operating system family (Microsoft Windows, Linux, Novell
NetWare, Solaris, or Other).
10 Select the version from the pull-down menu, and click Next.
58 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
11 Select the number of virtual processors in the virtual machine from the pull-down list, and click Next.
12 Configure the virtual machine’s memory size by selecting the number of megabytes, and click Next.
14 Choose the type of SCSI adapter you want to use with the virtual machine.
16 From a list of SAN disks or LUNs, select a raw LUN you want your virtual machine to access directly.
NOTE If you want to use VMotion for a virtual machine with enabled NPIV, make sure that the RDM file
is located on the same datastore where the virtual machine configuration file resides. You cannot perform
Storage VMotion, or VMotion between datastores, when NPIV is enabled.
19 On the Specify Advanced Options page, you can change the virtual device node and click Next.
21 On the Ready to Complete New Virtual Machine page, select the Edit the virtual machine settings before
completion check box and click Next.
Prerequisites
Make sure to power off the virtual machine if you want to edit the existing WWNs.
Before you begin, ensure that your SAN administrator has provisioned the storage LUN ACL to allow the
virtual machine’s ESX/ESXi host to access it.
VMware, Inc. 59
Fibre Channel SAN Configuration Guide
Procedure
Option Action
New virtual machine For a new virtual machine, after creating the virtual machine, on the Ready
to Complete New Virtual Machine page select the Edit the virtual machine
settings before submitting the creation task checkbox, and click
Continue.
Existing virtual machine For an existing virtual machine, select the virtual machine from the inventory
panel, and click the Edit Settings link.
4 In the dialog box that opens, select one of the following options:
Option Description
Leave unchanged The existing WWN assignments are retained. The read-only WWN
Assignments section of this dialog box displays the node and port values of
any existing WWN assignments.
Generate new WWNs New WWNs are generated and assigned to the virtual machine, overwriting
any existing WWNs (those of the HBA itself are unaffected).
Remove WWN assignment The WWNs assigned to the virtual machine are removed and it uses the HBA
WWNs to access the storage LUN. This option is not available if you are
creating a new virtual machine.
CAUTION Removing or changing a virtual machine’s existing WWN
assignments causes it to lose connectivity to the storage LUNs
By default, the host performs a periodic path evaluation every 5 minutes causing any unclaimed paths to be
claimed by the appropriate MPP.
The claim rules are numbered. For each physical path, the host runs through the claim rules starting with the
lowest number first. The attributes of the physical path are compared to the path specification in the claim rule.
If there is a match, the host assigns the MPP specified in the claim rule to manage the physical path. This
continues until all physical paths are claimed by corresponding MPPs, either third-party multipathing plugins
or the native multipathing plugin (NMP).
For the paths managed by the NMP module, a second set of claim rules is applied. These rules determine which
SATP should be used to manage the paths from a specific array type, and which PSP is to be used for each
storage device. For example, for a storage device that belongs to the EMC CLARiiON CX storage family, the
default SATP is VMW_SATP_CX and the default PSP is Most Recently Used.
Use the vSphere Client to view which SATP and PSP the host is using for a specific storage device and the
status of all available paths for this storage device. If needed, you can change the default VMware PSP using
the vSphere Client. To change the default SATP, you need to modify claim rules using the vSphere CLI.
60 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
You can find some information about modifying claim rules in Appendix B, “Managing Storage Paths and
Multipathing Plugins,” on page 79.
For detailed descriptions of the commands available to manage PSA, see the vSphere Command-Line Interface
Installation and Reference Guide.
The path information includes the SATP assigned to manage the device, the path selection policy (PSP), and
a list of paths with their physical characteristics, such as an adapter and target each path uses, and the status
of each path. The following path status information can appear:
Active Paths available for issuing I/O to a LUN. A single or multiple working paths
currently used for transferring data are marked as Active (I/O).
NOTE For hosts that run ESX/ESXi 3.5 or earlier, the term active means the only
path that the host is using to issue I/O to a LUN.
Standby The path is operational and can be used for I/O if active paths fail.
Broken The software cannot connect to the disk through this path.
If you are using the Fixed path policy, you can see which path is the preferred path. The preferred path is
marked with an asterisk (*) in the Preferred column.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
4 From the list of configured datastores, select the datastore whose paths you want to view or configure.
The Details panel shows the total number of paths being used to access the device and whether any of
them are broken or disabled.
5 Click Properties > Manage Paths to open the Manage Paths dialog box.
You can use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and
specify the preferred path.
VMware, Inc. 61
Fibre Channel SAN Configuration Guide
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed on
your host, its policy also appears on the list.
Fixed (VMware) The host always uses the preferred path to the disk when that path is available.
If the host cannot access the disk through the preferred path, it tries the
alternative paths. The default policy for active-active storage devices is Fixed.
Most Recently Used The host uses a path to the disk until the path becomes unavailable. When the
(VMware) path becomes unavailable, the host selects one of the alternative paths. The host
does not revert back to the original path when that path becomes available
again. There is no preferred path setting with the MRU policy. MRU is the
default policy for active-passive storage devices and is required for those
devices.
Round Robin (VMware) The host uses an automatic path selection algorithm rotating through all
available paths. This implements load balancing across all the available
physical paths.
Load balancing is the process of spreading server I/O requests across all
available host paths. The goal is to optimize performance in terms of
throughput (I/O per second, megabytes per second, or response times).
Table 6-4 summarizes how the behavior of host changes, depending on the type of array and the failover policy.
Most Recently Used Administrator action is required to fail back Administrator action is required to fail back
after path failure. after path failure.
Fixed VMkernel resumes using the preferred path VMkernel attempts to resume using the
when connectivity is restored. preferred path. This can cause path thrashing
or failure when another SP now owns the
LUN.
62 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed
on your host, its policy also appears on the list.
n Fixed (VMware)
n Most Recently Used (VMware)
n Round Robin (VMware)
3 For the fixed policy, specify the preferred path by right-clicking the path you want to assign as the
preferred path, and selecting Preferred.
Disable Paths
You can temporarily disable paths for maintenance or other reasons. You can do so using the vSphere Client.
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
2 In the Paths panel, right-click the path to disable, and select Disable.
You can also disable a path from the adapter’s Paths view by right-clicking the path in the list and selecting
Disable.
If a path fails, the surviving paths carry all the traffic. Path failover might take a minute or more, because the
SAN might converge with a new topology to try to restore service. This delay is necessary to allow the SAN
to stabilize its configuration after topology changes.
With active/active storage arrays, you can configure your ESX/ESXi host to load balance traffic across multiple
adapters by assigning preferred paths to your LUNs. Path policy must be set to Fixed.
The following example demonstrates how manual load balancing is performed with an active/active array.
VMware, Inc. 63
Fibre Channel SAN Configuration Guide
FC switch
SP1 SP2
1 2 3 4
storage array
For load balancing, set the preferred paths as follows. Load balancing can be performed with as few as two
HBAs, although this example uses four.
n For LUN 1: HBA1-SP1-LUN1
n For LUN 2: HBA2-SP1-LUN2
n For LUN 3: HBA3-SP2-LUN3
n For LUN 4: HBA4-SP2-LUN4
With active/passive arrays, you can perform load balancing if the array supports two active paths and the HBA
ports can access both SPs in an array.
NOTE Active/passive arrays use the MRU path policy which does not have a preferred path. If a path failure
occurs, there is no failback. As a result, static load balancing can become out of balance over time.
Path Failover
Path failover refers to situations when the active path to a LUN is changed from one path to another, usually
because of some SAN component failure along the current path. A server usually has one or two HBAs and
each HBA is connected to one or two storage processors on a given SAN array. You can determine the active
path, the path currently used by the server, by looking at the LUN’s properties.
When an FC cable is pulled, I/O might pause for 30-60 seconds until the FC driver determines that the link is
unavailable and failover has occurred. As a result, the virtual machines, with their virtual disks installed on
SAN storage, can appear unresponsive. If you attempt to display the host, its storage devices, or its adapter,
the operation might appear to stall. After failover is complete, I/O resumes normally.
In case of disastrous events that include multiple breakages, all connections to SAN storage devices might be
lost. If none of the connections to the storage device is working, some virtual machines might encounter I/O
errors on their virtual SCSI disks.
For Windows 2000 and Windows Server 2003 guest operating systems, you can set operating system timeout
using the registry.
Prerequisites
64 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
3 In the left panel hierarchy view, double-click first HKEY_LOCAL_MACHINE, then System, then
CurrentControlSet, then Services, and then Disk.
4 Select the TimeOutValue and set the data value to x03c (hexadecimal) or 60 (decimal).
After you’ve made this change, Windows waits at least 60 seconds for delayed disk operations to complete
before it generates errors.
Procedure
The file includes a section for each SCSI device, as in the following example.
/device/002:02.0/class = "0c0400"
/device/002:02.0/devID = "2312"
/device/002:02.0/irq = "19"
/device/002:02.0/name = "QLogic Corp QLA231x/2340 (rev 02)"
/device/002:02.0/options = ""
/device/002:02.0/owner = "vmkernel"
/device/002:02.0/subsysDevID = "027d"
/device/002:02.0/subsysVendor = "1014"
/device/002:02.0/vendor = "1077"
/device/002:02.0/vmkname = "vmhba0"
2 Find the options line right under the name line and modify it as appropriate.
3 Repeat for every SCSI adapter that is controlled by the same driver if needed.
If more than one ESX/ESXi system uses the same LUN as the diagnostic partition, that LUN must be zoned so
that all the servers can access it.
Each server needs 100MB of space, so the size of the LUN determines how many servers can share it. Each
ESX/ESXi system is mapped to a diagnostic slot. VMware recommends at least 16 slots (1600MB) of disk space
if servers share a diagnostic partition.
If there is only one diagnostic slot on the device, all ESX/ESXi systems sharing that device map to the same
slot. This setup can easily create problems. If two ESX/ESXi systems perform a core dump at the same time,
the core dumps are overwritten on the last slot on the diagnostic partition.
If you allocate enough disk space for 16 slots, it is unlikely that core dumps are mapped to the same location
on the diagnostic partition, even if two ESX/ESXi systems perform a core dump at the same time.
VMware, Inc. 65
Fibre Channel SAN Configuration Guide
Procedure
3 Select Disk in the left panel and scroll down to Disk.EnableNaviReg on the right.
You should observe these tips for avoiding and resolving problems with your SAN configuration:
n Place only one VMFS datastore on each LUN. Multiple VMFS datastores on one LUN is not recommended.
n Do not change the path policy the system sets for you unless you understand the implications of making
such a change. In particular, working with an active-passive array and setting the path policy to Fixed can
lead to path thrashing.
n Document everything. Include information about zoning, access control, storage, switch, server and FC
HBA configuration, software and firmware versions, and storage cable plan.
n Plan for failure:
n Make several copies of your topology maps. For each element, consider what happens to your SAN
if the element fails.
n Cross off different links, switches, HBAs and other elements to ensure you did not miss a critical
failure point in your design.
n Ensure that the Fibre Channel HBAs are installed in the correct slots in the ESX/ESXi host, based on slot
and bus speed. Balance PCI bus load among the available busses in the server.
n Become familiar with the various monitor points in your storage network, at all visibility points, including
ESX/ESXi performance charts, FC switch statistics, and storage performance statistics.
n Be cautious when changing IDs of the LUNs that have VMFS datastores being used by your ESX/ESXi
host. If you change the ID, virtual machines running on the VMFS datastore will fail.
If there are no running virtual machines on the VMFS datastore, after you change the ID of the LUN, you
must use rescan to reset the ID on your host. For information on using rescan, see “Rescan Storage
Adapters,” on page 56.
66 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
If the environment is properly configured, the SAN fabric components (particularly the SAN switches) are
only minor contributors because of their low latencies relative to servers and storage arrays. Make sure that
the paths through the switch fabric are not saturated, that is, that the switch fabric is running at the highest
throughput.
If there are issues with storage array performance, be sure to consult your storage array vendor’s
documentation for any relevant information.
When assigning LUNs, remember that each LUN is accessed by a number of ESX/ESXi hosts, and that a number
of virtual machines can run on each host. One LUN used by an ESX/ESXi host can service I/O from many
different applications running on different operating systems. Because of this diverse workload, the RAID
group containing the ESX/ESXi LUNs should not include LUNs used by other hosts that are not running ESX/
ESXi for I/O intensive applications.
SAN storage arrays require continual redesign and tuning to ensure that I/O is load balanced across all storage
array paths. To meet this requirement, distribute the paths to the LUNs among all the SPs to provide optimal
load balancing. Close monitoring indicates when it is necessary to manually rebalance the LUN distribution.
Tuning statically balanced storage arrays is a matter of monitoring the specific performance statistics (such as
I/O operations per second, blocks per second, and response time) and distributing the LUN workload to spread
the workload across all the SPs.
Server Performance
You must consider several factors to ensure optimal server performance.
Each server application must have access to its designated storage with the following conditions:
n High I/O rate (number of I/O operations per second)
n High throughput (megabytes per second)
n Minimal latency (response times)
Because each application has different requirements, you can meet these goals by choosing an appropriate
RAID group on the storage array. To achieve performance goals:
n Place each LUN on a RAID group that provides the necessary performance levels. Pay attention to the
activities and resource utilization of other LUNS in the assigned RAID group. A high-performance RAID
group that has too many applications doing I/O to it might not meet performance goals required by an
application running on the ESX/ESXi host.
n Make sure that each server has a sufficient number of HBAs to allow maximum throughput for all the
applications hosted on the server for the peak period. I/O spread across multiple HBAs provide higher
throughput and less latency for each application.
n To provide redundancy in the event of HBA failure, make sure the server is connected to a dual redundant
fabric.
VMware, Inc. 67
Fibre Channel SAN Configuration Guide
n When allocating LUNs or RAID groups for ESX/ESXi systems, multiple operating systems use and share
that resource. As a result, the performance required from each LUN in the storage subsystem can be much
higher if you are working with ESX/ESXi systems than if you are using physical machines. For example,
if you expect to run four I/O intensive applications, allocate four times the performance capacity for the
ESX/ESXi LUNs.
n When using multiple ESX/ESXi systems in conjunction with vCenter Server, the performance needed from
the storage subsystem increases correspondingly.
n The number of outstanding I/Os needed by applications running on an ESX/ESXi system should match
the number of I/Os the HBA and storage array can handle.
You can also use the resxtop vSphere CLI command that allows you to examine how ESX/ESXi hosts use
resources. For information about resxtop, see the Resource Management Guide or vSphere Command-Line Interface
Installation and Reference Guide.
Only specific SAN configurations in conjunction with the following conditions can cause the path thrashing:
n You are working with an active-passive array. Path thrashing only occurs on active-passive arrays. For
active-active arrays or arrays that provide transparent failover, path thrashing does not occur.
n Two hosts access the same LUN using different storage processors (SPs). For example, the LUN is
configured to use the Fixed PSP. On Host A, the preferred path to the LUN is set to use a path through SP
A. On Host B, the preferred path to the LUN is configured to use a path through SP B.
Path thrashing can also occur if the LUN is configured to use either the Fixed PSP or the MRU PSP and Host
A can access the LUN only with paths through SP A, while Host B can access the LUN only with paths through
SP B.
This problem can also occur on a direct connect array (such as AX100) with HBA failover on one or more nodes.
Path thrashing is a problem that you typically do not experience with other operating systems:
n No other common operating system uses shared LUNs for more than two servers. That setup is typically
reserved for clustering.
n If only one server is issuing I/Os to the LUN at a time, path thrashing does not become a problem.
In contrast, multiple ESX/ESXi systems might issue I/O to the same LUN concurrently.
68 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
1 Ensure that all hosts sharing the same set of LUNs on the active-passive arrays use the same storage
processor.
2 Correct any cabling inconsistencies between different ESX/ESXi hosts and SAN targets so that all HBAs
see the same targets in the same order.
3 Configure the path to use the Most Recently Used PSP (the default).
For active/passive arrays, all the sectors on the storage that make up a given LUN can be accessed by only one
SP at a time. The LUN ownership is passed around between the storage processors. The reason is that storage
arrays use caches and SP A must not write anything to disk that invalidates the SP B cache. Because the SP has
to flush the cache when it finishes the operation, it takes a little time to move the ownership. During that time,
no I/O to the LUN can be processed by either SP.
Some active/passive arrays attempt to look like active/active arrays by passing the ownership of the LUN to
the various SPs as I/O arrives. This approach works in a clustering setup, but if many ESX/ESXi systems access
the same LUN concurrently through different SPs, the result is path thrashing.
This limit does not apply when only one virtual machine is active on a LUN. In that case, the bandwidth is
limited by the queue depth of the storage adapter.
VMware, Inc. 69
Fibre Channel SAN Configuration Guide
Procedure
2 Click the Configuration tab and click Advanced Settings under Software.
4 Change the parameter value to the number of your choice and click OK.
This change can impact disk bandwidth scheduling, but experiments have shown improvements for disk-
intensive workloads.
What to do next
If you adjust this value in the VMkernel, you might also want to adjust the queue depth in your storage adapter.
Examples of operations that require getting file locks or metadata locks include:
n Virtual machine power on.
n VMotion.
n Virtual machines running with virtual disk snapshots.
n File operations that require opening files or doing metadata updates.
Performance degradation can occur if such operations occur frequently on multiple servers accessing the same
VMFS. For instance, VMware recommends that you do not run many virtual machines from multiple servers
that are using virtual disk snapshots on the same VMFS. Limit the number of VMFS file operations when many
virtual machines run on the VMFS.
You can adjust the maximum queue depth for a QLogic qla2xxx series adapter by using the vSphere CLI.
Procedure
1 Verify which QLogic HBA module is currently loaded by entering the following command:
vmkload_mod -l | grep qla2xxx.
The example shows the qla2300_707 module. Use the appropriate module based on the outcome of the
previous step.
vicfg-module -s ql2xmaxqdepth=64 qla2300_707
In this case, the HBA represented by ql2x will have its LUN queue depth set to 64.
70 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
You can adjust the maximum queue depth for an Emulex HBA using vSphere CLI.
Procedure
1 Verify which Emulex HBA module is currently loaded by entering the vmkload_mod -l | grep lpfcdd
command.
The example shows the lpfcdd_7xx module. Use the appropriate module based on the outcome of
Step 1.
vicfg-module -s lpfc0_lun_queue_depth=16 lpfcdd_7xx
In this case, the HBA represented by lpfc0 will have its LUN queue depth set to 16.
Include a recovery-time objective for each application when you design your backup strategy. That is, consider
the time and resources necessary to reprovision the data. For example, if a scheduled backup stores so much
data that recovery requires a considerable amount of time, examine the scheduled backup. Perform the backup
more frequently, so that less data is backed up at a time and the recovery time decreases.
If a particular application requires recovery within a certain time frame, the backup process needs to provide
a time schedule and specific data processing to meet this requirement. Fast recovery can require the use of
recovery volumes that reside on online storage to minimize or eliminate the need to access slow offline media
for missing data components.
VMware, Inc. 71
Fibre Channel SAN Configuration Guide
Snapshot Software
Snapshot software allows an administrator to make an instantaneous copy of any single virtual disk defined
within the disk subsystem.
If you are using third-party backup software, make sure that the software is supported with ESX/ESXi hosts.
If you use snapshots to back up your data, consider the following points:
n Some vendors support snapshots for both VMFS and RDMs. If both are supported, you can make either
a snapshot of the whole virtual machine file system for a host, or snapshots for the individual virtual
machines (one per disk).
n Some vendors support snapshots only for a setup using RDM. If only RDM is supported, you can make
snapshots of individual virtual machines.
Layered Applications
SAN administrators customarily use specialized array-based software for backup, disaster recovery, data
mining, forensics, and configuration testing.
Storage providers typically supply two types of advanced services for their LUNs: snapshotting and
replication.
n Snapshotting creates space with efficient copies of LUNs that share common blocks of data. In general,
snapshotting is used locally on the same storage systems as the primary LUN for quick backups,
application testing, forensics, or data mining.
n Replication creates full copies of LUNs. Replicas are usually made to separate storage systems, possibly
separate sites to protect against major outages that incapacitate or destroy an entire array or site.
When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based or host-
based tools are more suitable for your particular situation.
72 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
When you consider an array-based solution, keep in mind the following points:
n Array-based solutions usually result in more comprehensive statistics. With RDM, data always takes the
same path, which results in easier performance management.
n Security is more transparent to the storage administrator when you use RDM and an array-based solution
because with RDM, virtual machines more closely resemble physical machines.
n If you use an array-based solution, physical compatibility RDMs are often used for the storage of virtual
machines. If you do not intend to use RDM, check the storage vendor documentation to see if operations
on LUNs with VMFS volumes are supported. If you use array operations on VMFS LUNs, carefully read
the section on resignaturing.
When you consider a file-based solution that uses VMware tools and VMFS instead of the array tools, be aware
of the following points:
n Using VMware tools and VMFS is better for provisioning. One large LUN is allocated and multiple .vmdk
files can be placed on that LUN. With RDM, a new LUN is required for each virtual machine.
n Snapshotting is included with your ESX/ESXi host at no extra cost. The file-based solution is therefore
more cost-effective than the array-based solution.
n Using VMFS is easier for ESX/ESXi administrators.
n ESX/ESXi administrators who use the file-based solution are more independent from the SAN
administrator.
Each VMFS datastore created in a LUN has a unique UUID that is stored in the file system superblock. When
the LUN is replicated or snapshotted, the resulting LUN copy is identical, byte-for-byte, with the original LUN.
As a result, if the original LUN contains a VMFS datastore with UUID X, the LUN copy appears to contain an
identical VMFS datastore, or a VMFS datastore copy, with exactly the same UUID X.
ESX/ESXi can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore
copy with its original UUID or change the UUID, thus resignaturing the datastore.
VMware, Inc. 73
Fibre Channel SAN Configuration Guide
For example, you can maintain synchronized copies of virtual machines at a secondary site as part of a disaster
recovery plan. In the event of a disaster at the primary site, you can mount the datastore copy and power on
the virtual machines at the secondary site.
IMPORTANT You can mount a VMFS datastore only if it does not collide with an already mounted VMFS
datastore that has the same UUID.
When you mount the VMFS datastore, ESX/ESXi allows both reads and writes to the datastore residing on the
LUN copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system
reboots.
Because ESX/ESXi does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.
Prerequisites
Before you mount a VMFS datastore, perform a storage rescan on your host so that it updates its view of LUNs
presented to it.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
If you later want to resignature the mounted datastore, you must unmount it first.
Unmount Datastores
When you unmount a datastore, it remains intact, but can no longer be seen from the hosts that you specify.
It continues to appear on other hosts, where it remains mounted.
74 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
3 If the datastore is shared, specify which hosts should no longer access the datastore.
a If needed, deselect the hosts where you want to keep the datastore mounted.
b Click Next.
c Review the list of hosts from which to unmount the datastore, and click Finish.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID>
is an integer and <oldLabel> is the label of the original datastore.
When you perform datastore resignaturing, consider the following points:
n Datastore resignaturing is irreversible.
n The LUN copy that contains the VMFS datastore that you resignature is no longer treated as a LUN copy.
n A spanned datastore can be resignatured only if all its extents are online.
n The resignaturing process is crash and fault tolerant. If the process is interrupted, you can resume it later.
n You can mount the new VMFS datastore without a risk of its UUID colliding with UUIDs of any other
datastore, such as an ancestor or child in a hierarchy of LUN snapshots.
Prerequisites
Before you resignature a VMFS datastore, perform a storage rescan on your host so that the host updates its
view of LUNs presented to it and discovers any LUN copies.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
VMware, Inc. 75
Fibre Channel SAN Configuration Guide
6 Under Mount Options, select Assign a New Signature and click Next.
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
76 VMware, Inc.
Multipathing Checklist A
This topic provides a checklist of multipathing setup requirements for different storage arrays.
All storage arrays Write cache must be disabled if not battery backed.
Topology No single failure should cause both HBA and SP failover, especially with active-passive
storage arrays.
IBM TotalStorage DS 4000 Host type must be LNXCL or VMware in later versions.
(formerly FastT) AVT (Auto Volume Transfer) is disabled in this host mode.
HDS 99xx and 95xxV family HDS 9500V family (Thunder) requires two host modes:
n Host Mode 1: Standard.
n Host Mode 2: Sun Cluster
HDS 99xx family (Lightning) and HDS Tabma (USP) require host mode set to Netware.
EMC Symmetrix Enable the SPC2 and SC3 settings. Contact EMC for the latest settings.
HP EVA For EVA4000/6000/8000 firmware 5.031 and above, set the host type to VMware.
Otherwise, set the host mode type to Custom. The value is: 000000202200083E.
HP XP For XP 128/1024/10000/12000, the host mode should be set to 0C (Windows), that is, zeroC
(Windows).
ESX/ESXi Configuration A PSP of Most Recently Used must be used for all LUNs hosting clustered disks for active-
passive arrays. A PSP of Most Recently Used or Fixed may be used for LUNs on active-
active arrays.
All FC HBAs must be of the same model.
VMware, Inc. 77
Fibre Channel SAN Configuration Guide
78 VMware, Inc.
Managing Storage Paths and
Multipathing Plugins B
Use the vSphere CLI to manage the Pluggable Storage Architecture (PSA) multipathing plugins and storage
paths assigned to them.
You can use the vSphere CLI to display all multipathing plugins available on your host. You can list any third-
party MPPs, as well as your host's NMP and SATPs and review the paths they claim. You can also define new
paths and specify which multipathing plugin should claim the paths.
For more information about additional commands available to manage PSA, see the vSphere Command-Line
Interface Installation and Reference Guide.
Claim rules indicate which multipathing plugin, the NMP or any third-party MPP, manages a given physical
path. Each claim rule identifies a set of paths based on the following parameters:
n Vendor/model strings
n Transportation, such as SATA, IDE, Fibre Channel, and so on
n Adapter, target, or LUN location
n Device driver, for example, Mega-RAID
VMware, Inc. 79
Fibre Channel SAN Configuration Guide
Procedure
u Use the esxcli corestorage claimrule list to list claim rules.
Example B-1. Sample Output of the esxcli corestorage claimrule list Command
Procedure
u To list all multipathing modules, run the following command:
where <server> is your vSphere CLI administration server. You might be prompted for a user name and
password.
At a minimum, this command returns the NMP module. If any third-party MPPs have been loaded, they are
listed as well.
80 VMware, Inc.
Appendix B Managing Storage Paths and Multipathing Plugins
MPP_1
MPP_2
MPP_3
MASK_PATH
NMP
Procedure
u To list all VMware SATPs, run the following command.
For each SATP, the command displays information that shows the type of storage array or system this SATP
supports and the default PSP for any LUNs using this SATP.
Example B-3. Sample Output of the esxcli nmp satp list Command
Procedure
VMware, Inc. 81
Fibre Channel SAN Configuration Guide
You add a new PSA claim rule when, for example, you load a new multipathing plugin (MPP) and need to
define which paths this module should claim. You may need to create a new claim rule if you add new paths
and want an existing MPP to claim them.
CAUTION When creating new claim rules, be careful to avoid a situation when different physical paths to the
same LUN are claimed by different MPPs. Unless one of the MPPs is the MASK_PATH MPP, this configuration
will cause performance errors.
Procedure
1 To define a new claim rule, on the vSphere CLI, run the following command:
For information on the options that the command requires, see “esxcli corestorage Command-Line
Options,” on page 85.
2 To load the new claim rule into your system, run the following command:
This command has no options. It loads all newly created claim rules from your system's configuration file.
If you now run the esxcli corestorage claimrule list command, you can see the new claim rule appearing
on the list.
NOTE The two lines for the claim rule, one with the Class of runtime another with the Class of file, indicate
that the new claim rule has been loaded into the system and is active.
82 VMware, Inc.
Appendix B Managing Storage Paths and Multipathing Plugins
Procedure
For information on the options that the command takes, see “esxcli corestorage Command-Line Options,”
on page 85.
NOTE By default, the PSA claim rule 101 masks Dell array pseudo devices. Do not delete this rule, unless
you want to unmask these devices.
Mask Paths
You can prevent the ESX/ESXi host from accessing storage devices or LUNs or from using individual paths to
a LUN. Use the vSphere CLI commands to mask the paths.
When you mask paths, you create claim rules that assign the MASK_PATH plugin to the specified paths.
Procedure
The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200. If this command
shows that rule 101 and 102 already exist, you can specify 103 for the rule to add.
2 Assign the MASK_PATH plugin to a path by creating a new claim rule for the plugin.
5 If a claim rule for the masked path exists, remove the rule.
After you assign the MASK_PATH plugin to a path, the path state becomes irrelevant and is no longer
maintained by the host. As a result, commands that display the masked path's information might show the
path state as dead.
VMware, Inc. 83
Fibre Channel SAN Configuration Guide
Unmask Paths
When you need the host to access the masked storage device, unmask the paths to the device.
Procedure
1 Unmask a path to the storage device by running the esxcli corestorage claiming unclaim command.
For example:
2 Load path claiming rules into the VMkernel by running the esxcli corestorage claimrule load
command.
3 Run the path claiming rules by entering the esxcli corestorage claimrule run.
Your host can now access the previously masked storage device.
You might need to create a new SATP rule when you install a third-party SATP for a specific storage array.
Procedure
1 To add a claim rule for a specific SATP, run the following command.
84 VMware, Inc.
Appendix B Managing Storage Paths and Multipathing Plugins
Use the following options for <rule_parameter>. The -V and -M options can be used at the same time. They
cannot be used in conjunction with the -R or -D options.
NOTE When searching the SATP rules to locate an SATP for a given device, the NMP searches the driver
rules first. If there is no match, the vendor/model rules are searched, and finally the transport rules. If
there is still no match, NMP selects a default SATP for the device.
n -D <driver> -- Driver string to set when adding the SATP claim rule.
n -V <vendor> -- Vendor string to set when adding the SATP claim rule.
n -M <model> -- Model string to set when adding the SATP claim rule.
n -R <transport> -- Transport type string to set when adding the SATP claim rule.
n -o <option> -- Claim option string to set when adding the SATP claim rule. This string is passed to
the SATP when the SATP claims a path. The contents of this string, and how the SATP behaves as a
result, are unique to each SATP. For example, some SATPs support the claim option strings tpgs_on
and tpgs_off. If tpgs_on is specified, the SATP will claim the path only if the ALUA Target Port Group
support is enabled on the storage device.
2 To delete a rule from the list of claim rules for the specified SATP, run the following command. You can
run this command with the same options you used for addrule.
If you run the esxcli nmp satp listrules -s VMW_SATP_INV command, you can see the new rule added to the
list of VMW_SATP_INV rules.
Name Vendor Model Driver Transport Options Claim Options Description
VMW_SATP_INV EMC Invista
VMW_SATP_INV EMC LUNZ Invista LUNZ
VMW_SATP_INV NewVend NewMod
Table B-1 lists options available for the esxcli corestorage commands.
VMware, Inc. 85
Fibre Channel SAN Configuration Guide
86 VMware, Inc.
Index
VMware, Inc. 87
Fibre Channel SAN Configuration Guide
88 VMware, Inc.
Index
VMware, Inc. 89
Fibre Channel SAN Configuration Guide
Q snapshot software 72
Qlogic FC HBA software compatibility 10
boot from SAN 47 SP visibility, LUN not visible 54
NPIV support 58 sparse LUN support 57
Qlogic HBA BIOS, enabling for BFS 47 storage adapter, displaying in vSphere Client 52
queue depth 70 storage adapters, viewing in vSphere Client 51
SATPs, displaying 81
R Storage Array Type Plugins 24
raw device mapping, mapping file 13 storage arrays
RDM configuring 33
mapping file 13 performance 67
Microsoft Cluster Service 13 storage devices
refresh 55 accessible through adapters 54
requirements, boot from SAN 31 available to hosts 53
rescan displaying 81
adding disk array 55, 56 naming 53
LUN creation 54–56 paths 62
LUN masking 54 viewing information 52
path masking 55, 56 storage processors
when path is down 55, 56 configuring sense data 37
reservations, reducing SCSI reservations 70 port configuration 37
resolving problems 66 sense data 37
resource utilization, optimizing 27 storage systems
restrictions 29 EMC CLARiiON 34
Round Robin path policy 25, 62 EMC Symmetrix 35
Hitachi 41
S HP StorageWorks 38
SAN Network Appliance 41
backup considerations 71 types 16
hardware failover 36 storage virtualization 11
preparing 46 supported devices 34
requirements 29
server failover 27 T
specifics 21 tape devices 30
SAN fabric 15 third-party backup package 72
SAN management software 21 third-party management applications 21
SAN storage performance, optimizing 67 timeout 64
SAN storage, benefits 17 TimeoutValue parameter 29
SANs, accessing 22 troubleshooting 66
SATP rules, adding 84
scanning, changing number 56 U
SCSI controllers 11 use cases 17
SCSI controllers, device driver options 65
SCSI reservations, reducing 70 V
SDK 13 vCenter Server, accessing 13
selectable boot, enabling 47 Virtual Machine File System 12
server failover 27 Virtual Machine Monitor 9
server failure 26 virtual machines
server performance 67 accessing SANs 22
service console 43 assigning WWNs to 58
setup steps 31 equalizing disk access 69
sharing diagnostic partitions 65 locations 26
sharing VMFS across servers 18 prioritizing 21
90 VMware, Inc.
Index
VMware, Inc. 91
Fibre Channel SAN Configuration Guide
92 VMware, Inc.
iSCSI SAN Configuration Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000110-00
iSCSI SAN Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
VMware, Inc. 3
iSCSI SAN Configuration Guide
Index 91
4 VMware, Inc.
About This Book
®
This manual, the iSCSI SAN Configuration Guide, explains how to use a VMware ESX and VMware ESXi
systems with an iSCSI storage area network (SAN). The manual discusses conceptual background, installation
requirements, and covers ESX, ESXi, and vCenter Server.
Intended Audience
The information presented in this manual is written for experienced Windows or Linux system administrators
who are familiar with virtual machine technology datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for the fastest response on priority 1 issues. Go to
http://www.vmware.com/support/phone_support.html.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
VMware, Inc. 5
iSCSI SAN Configuration Guide
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
Using ESX/ESXi with an iSCSI Storage
Area Network 1
You can use ESX/ESXi in conjunction with a storage area network (SAN), a specialized high-speed network
that connects computer systems to high-performance storage subsystems. Using ESX/ESXi together with a
SAN provides extra storage for consolidation, improves reliability, and helps with disaster recovery.
To use ESX/ESXi effectively with a SAN, you must have a working knowledge of ESX/ESXi systems and SAN
concepts. Also, when you set up ESX/ESXi hosts to use Internet SCSI (iSCSI) SAN storage systems, you must
be aware of certain special considerations that exist.
Understanding Virtualization
The VMware virtualization layer is common across VMware desktop products (such as VMware Workstation)
and server products (such as VMware ESX/ESXi). This layer provides a consistent platform for development,
testing, delivery, and support of application workloads.
VMware, Inc. 7
iSCSI SAN Configuration Guide
Network Virtualization
The virtualization layer guarantees that each virtual machine is isolated from other virtual machines. Virtual
machines can talk to each other only through networking mechanisms similar to those used to connect separate
physical machines.
The isolation allows administrators to build internal firewalls or other network isolation environments so that
some virtual machines can connect to the outside, while others are connected only through virtual networks
to other virtual machines.
Storage Virtualization
ESX/ESXi provides host-level storage virtualization, which logically abstracts the physical storage layer from
virtual machines. Virtual machines running on the ESX/ESXi host are not aware of the complexities and
specifics of the storage devices to which the host connects.
An ESX/ESXi virtual machine uses a virtual hard disk to store its operating system, program files, and other
data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied,
moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple
virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers appear to a
virtual machine as different types of controllers, including BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS,
and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can
see and access.
Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the
VMware Virtual Machine File System (VMFS) datastore, NFS-based datastore, or on a raw disk. From the
standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI
controller. Whether the actual physical disk device is being accessed through parallel SCSI, iSCSI, network, or
Fibre Channel adapters on the host is transparent to the guest operating system and to applications running
on the virtual machine.
Figure 1-1 gives an overview of storage virtualization. The diagram illustrates storage that uses VMFS and
storage that uses raw device mapping. The diagram also shows how iSCSI storage is accessed through either
iSCSI HBAs or by using a general-purpose NIC that uses iSCSI initiator software.
8 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
virtual virtual
machine machine
SCSI SCSI
controller controller
software
iSCSI initiator
hardware
iSCSI
initiator ethernet
(HBA) NIC
LAN LAN
VMFS
LUN1 LUN2 LUN5
.vmdk
iSCSI SANs use Ethernet connections between computer systems, or host servers, and high-performance
storage subsystems. The SAN components include host bus adapters (HBAs) or Network Interface Cards
(NICs) in the host servers, switches and routers that transport the storage traffic, cables, storage processors
(SPs), and storage disk systems.
To transfer traffic from host servers to shared storage, the SAN uses the iSCSI protocol that packages SCSI
commands into iSCSI packets and transmits them on an Ethernet network.
VMware, Inc. 9
iSCSI SAN Configuration Guide
iSCSI Initiators
To access remote targets, your ESX/ESXi host uses iSCSI initiators. Initiators transport SCSI requests and
responses between the ESX/ESXi system and the target storage device on the IP network.
Hardware iSCSI Initiator Uses a specialized iSCSI HBA. The hardware iSCSI initiator is responsible for
all iSCSI and network processing and management.
Software iSCSI Initiator Code built into the VMkernel that allows an ESX/ESXi to connect to the iSCSI
storage device through standard network adapters. The software initiator
handles iSCSI processing while communicating with the network adapter.
With the software initiator, you can use iSCSI technology without purchasing
specialized hardware.
IP Address Each iSCSI port has an IP address associated with it so that routing and
switching equipment on your network can establish the connection between
the server and storage. This address is just like the IP address that you assign
to your computer to get access to your company's network or the Internet.
iSCSI Name A worldwide unique name for identifying the port. The iSCSI name starts with
either iqn. (for iSCSI qualified name) or eui. (for extended unique identifier).
Multiple iSCSI devices can be present, with multiple iSCSI names, and can be
connected through a single physical Ethernet port.
By default, ESX/ESXi generates unique iSCSI names for your iSCSI initiators,
for example, iqn.1998-01.com.vmware:iscsitestox-68158ef2. Usually, you do
not have to change the default value, but if you do, make sure that the new
iSCSI name you enter is worldwide unique.
iSCSI Alias A more manageable name for an iSCSI device or port used instead of the iSCSI
name. iSCSI aliases are not unique and are intended to be just a friendly name
to associate with a port.
If a path or any component along the path, HBA or NIC, cable, switch or switch port, or storage processor,
fails, the server selects another of the available paths. The process of detecting a failed path and switching to
another is called path failover.
10 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
Different iSCSI storage vendors present storage to servers in different ways. Some vendors present multiple
LUNs on a single target, while others present multiple targets with one LUN each. While the way the storage
is used by an ESX/ESXi is similar, the way the information is presented through administrative tools is different.
Three LUNs are available in each of these configurations. In the first case, ESX/ESXi detects one target but that
target has three LUNs that can be used. Each of the LUNs represents individual storage volume. In the second
case, the ESX/ESXi detects three different targets, each having one LUN.
ESX/ESXi-based iSCSI initiators establish connections to each target. Storage systems with a single target
containing multiple LUNs have traffic to all the LUNs on a single connection. With a system that has three
targets with one LUN each, a host uses separate connections to the three LUNs. This information is useful
when you are trying to aggregate storage traffic on multiple connections from the ESX/ESXi host with multiple
iSCSI HBAs, where traffic for one target can be set to a particular HBA, while traffic for another target can use
a different HBA.
VMware, Inc. 11
iSCSI SAN Configuration Guide
iSCSI names are formatted in two different ways. The first is by an iSCSI qualified name, commonly referred
to as an IQN name. The second, much less common method, is through an enterprise unique identifier, also
referred to as an EUI name.
For more details on iSCSI naming requirements and string profiles, see RFC 3721 and RFC 3722 on the IETF
Web site.
The 16-hexadecimal digits are text representations of a 64-bit number of an IEEE EUI (extended unique
identifier) format. The top 24 bits are a company ID that IEEE registers with a particular company. The lower
40 bits are assigned by the entity holding that company ID and must be unique.
In many cases, the IQN format is chosen over the EUI format for readability and as a more user-friendly method
of assigning names.
You must configure your host and the iSCSI storage system to support your storage access control policy.
Discovery
A discovery session is part of the iSCSI protocol, and it returns the set of targets you can access on an iSCSI
storage system. The two types of discovery available on ESX/ESXi are dynamic and static. Dynamic discovery
obtains a list of accessible targets from the iSCSI storage system, while static discovery can only try to access
one particular target by target name.
12 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
Authentication
iSCSI storage systems authenticate an initiator by a name and key pair. ESX/ESXi supports the CHAP protocol,
which VMware recommends for your SAN implementation. The ESX/ESXi host and the iSCSI storage system
must have CHAP enabled and have common credentials. In the iSCSI login phrase, the iSCSI storage system
exchanges and checks these credentials.
Access Control
Access control is a policy set up on the iSCSI storage system. Most implementations support one or more of
three types of access control:
n By initiator name
n By IP address
n By the CHAP protocol
Only initiators that meet all rules can access the iSCSI volume.
Error Correction
To protect the integrity of iSCSI headers and data, the iSCSI protocol defines error correction methods known
as header digests and data digests.
Both parameters are disabled by default, but you can enable them. These digests pertain to, respectively, the
header and SCSI data being transferred between iSCSI initiators and targets, in both directions.
Header and data digests check the end-to-end, noncryptographic data integrity beyond the integrity checks
that other networking layers provide, such as TCP and Ethernet. They check the entire communication path,
including all elements that can change the network-level traffic, such as routers, switches, and proxies.
The existence and type of the digests are negotiated when an iSCSI connection is established. When the initiator
and target agree on a digest configuration, this digest must be used for all traffic between them.
Enabling header and data digests does require additional processing for both the initiator and the target and
can affect throughput and CPU use performance.
NOTE Systems that use Intel Nehalem processors offload the iSCSI digest calculations, thus reducing the impact
on performance.
VMware, Inc. 13
iSCSI SAN Configuration Guide
n Use VMware Distributed Resource Scheduler (DRS) to migrate virtual machines from one host to another
for load balancing. Because storage is on a SAN array, applications continue running seamlessly.
n If you use VMware DRS clusters, put an ESX/ESXi host into maintenance mode to have the system migrate
all running virtual machines to other ESX/ESXi hosts. You can then perform upgrades or other
maintenance operations.
The transportability and encapsulation of VMware virtual machines complements the shared nature of this
storage. When virtual machines are located on SAN-based storage, you can quickly shut down a virtual
machine on one server and power it up on another server, or suspend it on one server and resume operation
on another server on the same network. This ability allows you to migrate computing resources while
maintaining consistent shared access.
Using ESX/ESXi in conjunction with SAN is effective for the following tasks:
Maintenance with zero When performing an ESX/ESXi host or infrastructure maintenance, use
downtime VMware DRS or VMotion to migrate virtual machines to other servers. If
shared storage is on the SAN, you can perform maintenance without
interruptions to the user.
Load balancing Use VMotion or VMware DRS to migrate virtual machines to other hosts for
load balancing. If shared storage is on a SAN, you can perform load balancing
without interruption to the user.
Storage consolidation If you are working with multiple hosts, and each host is running multiple
and simplification of virtual machines, the storage on the hosts is no longer sufficient and external
storage layout storage is required. Choosing a SAN for external storage results in a simpler
system architecture along with other benefits.
Start by reserving a large volume and then allocate portions to virtual machines
as needed. Volume allocation and creation from the storage device needs to
happen only once.
Disaster recovery Having all data stored on a SAN facilitates the remote storage of data backups.
You can restart virtual machines on remote ESX/ESXi hosts for recovery if one
site is compromised.
Simplified array When you purchase new storage systems or arrays, use storage VMotion to
migrations and storage perform live automated migration of virtual machine disk files from existing
upgrades storage to their new destination.
14 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
n The VMware Release Notes give information about known issues and workarounds.
n The VMware Knowledge Bases have information on common issues and workarounds.
When you use SAN storage with ESX/ESXi, keep in mind the following considerations:
n You cannot directly access the virtual machine operating system that uses the storage. With traditional
tools, you can monitor only the VMware ESX/ESXi operating system. You use the vSphere Client to
monitor virtual machines.
n When you create a virtual machine, it is, by default, configured with one virtual hard disk and one virtual
SCSI controller. You can modify the SCSI controller type and SCSI bus sharing characteristics by using
the vSphere Client to edit the virtual machine settings. You can also add hard disks to your virtual machine.
n The HBA visible to the SAN administration tools is part of the ESX/ESXi system, not part of the virtual
machine.
n Your ESX/ESXi system performs multipathing for you.
Most iSCSI storage hardware is packaged with storage management software. In many cases, this software is
a web application that can be used with any web browser connected to your network. In other cases, this
software typically runs on the storage system or on a single server, independent of the servers that use the
SAN for storage.
If you decide to run the SAN management software on a virtual machine, you gain the benefits of running a
virtual machine, including failover using VMotion and VMware HA. Because of the additional level of
indirection, however, the management software might not be able to detect the SAN. This problem can be
resolved by using an RDM.
NOTE Whether a virtual machine can run management software successfully depends on the particular storage
system.
A VMFS datastore can run multiple virtual machines as one workload. VMFS provides distributed locking for
your virtual machine files, so that your virtual machines can operate safely in a SAN environment where
multiple ESX/ESXi hosts share a set of LUNs.
VMware, Inc. 15
iSCSI SAN Configuration Guide
Use the vSphere Client to set up a VMFS datastore in advance on any SCSI-based storage device that your ESX/
ESXi host discovers. A VMFS datastore can be extended over several physical storage extents, including SAN
LUNs and local storage. This feature allows you to pool storage and gives you flexibility in creating thestorage
volume necessary for your virtual machine.
You can increase the capacity of a datastore while virtual machines are running on the datastore. This ability
lets you add new space to your VMFS datastores as your virtual machine requires it. ESX/ESXi VMFS is
designed for concurrent access from multiple physical machines and enforces the appropriate access controls
on virtual machine files.
To ensure that multiple servers do not access the same virtual machine at the same time, VMFS provides on-
disk locking. To coordinate access to VMFS internal file system information, ESX/ESXi uses SCSI reservations
on the entire LUN.
Figure 1-3 shows several ESX/ESXi systems sharing the same VMFS volume.
VMFS volume
disk1
virtual
disk2 disk
files
disk3
Because virtual machines share a common VMFS datastore, it might be difficult to characterize peak-access
periods or to optimize performance. You must plan virtual machine storage access for peak periods, but
different applications might have different peak-access periods. VMware recommends that you load balance
virtual machines over servers, CPU, and storage. Run a mix of virtual machines on each server so that not all
experience high demand in the same area at the same time.
Metadata Updates
A VMFS datastore holds virtual machine files, directories, symbolic links, RDMs, and so on. A VMS datastore
also maintains a consistent view of all the mapping information for these objects. This mapping information
is called metadata.
Metadata is updated each time the attributes of a virtual machine file are accessed or modified when, for
example, you perform one of the following operations:
n Creating, growing, or locking a virtual machine file
n Changing a file's attributes
n Powering a virtual machine on or off
16 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
When you make your LUN decision, keep in mind the following considerations:
n Each LUN should have the correct RAID level and storage characteristic for applications in virtual
machines that use it.
n One LUN must contain only one VMFS datastore.
n If multiple virtual machines access the same VMFS, use disk shares to prioritize virtual machines.
You might want fewer, larger LUNs for the following reasons:
n More flexibility to create virtual machines without asking the storage administrator for more space.
n More flexibility for resizing virtual disks, doing snapshots, and so on.
n Fewer VMFS datastores to manage.
You might want more, smaller LUNs for the following reasons:
n Less wasted storage space.
n Different applications might need different RAID characteristics.
n More flexibility, as the multipathing policy and disk shares are set per LUN.
n Use of Microsoft Cluster Service requires that each cluster disk resource is in its own LUN.
n Better performance because there is less contention for a single volume.
When the storage characterization for a virtual machine is not available, there is often no simple answer when
you have to decide on the LUN size and number of LUNs to use. You can experiment using either predictive
or adaptive scheme.
Procedure
2 Build a VMFS datastore on each LUN, labeling each datastore according to its characteristics.
3 Allocate virtual disks to contain the data for virtual machine applications in the VMFS datastores built on
LUNs with the appropriate RAID level for the applications' requirements.
Disk shares are relevant only within a given host. The shares assigned to virtual machines on one host
have no effect on virtual machines on other hosts.
VMware, Inc. 17
iSCSI SAN Configuration Guide
Procedure
1 Create a large LUN (RAID 1+0 or RAID 5), with write caching enabled.
If performance is acceptable, you can place additional virtual disks on the VMFS. If performance is not
acceptable, create a new, larger LUN, possibly with a different RAID level, and repeat the process. Use
migration so that you do not lose virtual machines when you recreate the LUN.
Procedure
2 Select the virtual machine in the inventory panel and click Edit virtual machine settings from the menu.
4 Double-click the Shares column for the disk to modify and select the required value from the drop-down
menu.
Shares is a value that represents the relative metric for controlling disk bandwidth to all virtual machines.
The values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual machines
on the server and, on an ESX host, the service console. Share allocation symbolic values can be used to
configure their conversion into numeric values.
NOTE Disk shares are relevant only within a given ESX/ESXi host. The shares assigned to virtual machines on
one host have no effect on virtual machines on other hosts.
When a virtual machine interacts with its virtual disk stored on a SAN, the following process takes place:
1 When the guest operating system in a virtual machine reads or writes to SCSI disk, it issues SCSI
commands to the virtual disk.
2 Device drivers in the virtual machine’s operating system communicate with the virtual SCSI controllers.
18 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
5 If the iSCSI initiator is a hardware iSCSI initiator (iSCSI HBA), the HBA performs the following tasks.
n Encapsulates I/O requests into iSCSI Protocol Data Units (PDUs).
n Encapsulates iSCSI PDUs into TCP/IP packets.
n Sends IP packets over Ethernet to the iSCSI storage system.
6 If the iSCSI initiator is a software iSCSI initiator, the following takes place.
n The initiator encapsulates I/O requests into iSCSI PDUs.
n The initiator sends iSCSI PDUs through TCP/IP connections.
n The VMkernel TCP/IP stack relays TCP/IP packets to a physical NIC.
n The physical NIC sends IP packets over Ethernet to the iSCSI storage system.
7 Depending on which port the iSCSI initiator uses to connect to the network, Ethernet switches and routers
carry the request to the storage device that the host wants to access.
This storage device appears to be a specific disk to the host, but it might be a logical device that corresponds
to a physical device on the SAN.
In case of a failure of any element in the SAN network, such as an adapter, switch, or cable, ESX/ESXi can
switch to another physical path, which does not use the failed component. This process of path switching to
avoid failed components is known as path failover.
In addition to path failover, multipathing provides load balancing. Load balancing is the process of distributing
I/O loads across multiple physical paths. Load balancing reduces or removes potential bottlenecks.
NOTE Virtual machine I/O might be delayed for up to sixty seconds while path failover takes place. These
delais allow the SAN to stabilize its configuration after topology changes. In general, the I/O delays might be
longer on active-passive arrays and shorter on activate-active arrays.
The VMkernel multipathing plugin that ESX/ESXi provides by default is the VMware Native Multipathing
Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP
subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be
built-in and provided by VMware, or can be provided by a third party.
If more multipathing functionality is required, a third party can also provide an MPP to run in addition to, or
as a replacement for, the default NMP.
VMware, Inc. 19
iSCSI SAN Configuration Guide
When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the following
tasks:
n Loads and unloads multipathing plugins.
n Hides virtual machine specifics from a particular plugin.
n Routes I/O requests for a specific logical device to the MPP managing that device.
n Handles I/O queuing to the logical devices.
n Implements logical device bandwidth sharing between virtual machines.
n Handles I/O queueing to the physical storage HBAs.
n Handles physical path discovery and removal.
n Provides logical device and physical path I/O statistics.
As Figure 1-4 illustrates, multiple third-party MPPs can run in parallel with the VMware NMP. The third-party
MPPs can replace the behavior of the NMP and take complete control of the path failover and the load-
balancing operations for specified storage devices.
VMware SATP
Generally, the VMware NMP supports all storage arrays listed on the VMware storage HCL and provides a
default path selection algorithm based on the array type. The NMP associates a set of physical paths with a
specific storage device, or LUN. The specific details of handling path failover for a given storage array are
delegated to a Storage Array Type Plugin (SATP). The specific details for determining which physical path is
used to issue an I/O request to a storage device are handled by a Path Selection Plugin (PSP). SATPs and PSPs
are sub-plugins within the NMP module.
20 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
VMware SATPs
Storage Array Type Plugins (SATPs) run in conjunction with the VMware NMP and are responsible for array-
specific operations.
ESX/ESXi offers an SATP for every type of array that VMware supports. These SATPs include an active/active
SATP and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage.
Each SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
specific operations required to detect path state and to activate an inactive path. As a result, the NMP module
can work with multiple storage arrays without having to be aware of the storage device specifics.
After the NMP determines which SATP to call for a specific storage device and associates the SATP with the
physical paths for that storage device, the SATP implements the tasks that include the following:
n Monitors health of each physical path.
n Reports changes in the state of each physical path.
n Performs array-specific actions necessary for storage fail-over. For example, for active/passive devices, it
can activate passive paths.
VMware PSPs
Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a
physical path for I/O requests.
The VMware NMP assigns a default PSP for every logical device based on the SATP associated with the physical
paths for that device. You can override the default PSP.
Most Recently Used Selects the path the ESX/ESXi host used most recently to access the given device.
(MRU) If this path becomes unavailable, the host switches to an alternative path and
continues to use the new path while it is available.
Fixed Uses the designated preferred path, if it has been configured. Otherwise, it uses
the first working path discovered at system boot time. If the host cannot use
the preferred path, it selects a random alternative available path. The host
automatically reverts back to the preferred path as soon as that path becomes
available.
NOTE With active-passive arrays that have a Fixed path policy, path thrashing
might be a problem.
Round Robin (RR) Uses a path selection algorithm that rotates through all available paths enabling
load balancing across the paths.
When a virtual machine issues an I/O request to a storage device managed by the NMP, the following process
takes place.
2 The PSP selects an appropriate physical path on which to issue the I/O.
4 If the I/O operation reports an error, the NMP calls an appropriate SATP.
5 The SATP interprets the I/O command errors and, when appropriate, activates inactive paths.
6 The PSP is called to select a new path on which to issue the I/O.
VMware, Inc. 21
iSCSI SAN Configuration Guide
As Figure 1-5 illustrates, the host has two hardware iSCSI adapters, HBA1 and HBA2, that provide two physical
paths to the storage system. Multipathing plugins on your host, whether the VMkernel NMP or any third-
party MPPs, have access to the paths by default and can monitor health of each physical path. If, for example,
HBA1 or the link between HBA1 and the network fails, the multipathing plugins can switch the path over to
HBA2.
HBA2 HBA1
IP network
SP
iSCSI storage
For this setup, because multipathing plugins do not have direct access to physical NICs on your host, you first
need to connect each physical NIC to a separate VMkernel port. You then associate all VMkernel ports with
the software iSCSI initiator using a port binding technique. As a result, each VMkernel port connected to a
separate NIC becomes a different path that the iSCSI storage stack and its storage-aware multipathing plugins
can use.
For information on how to configure multipathing for the software iSCSI, see “Networking Configuration for
Software iSCSI Storage,” on page 30.
22 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
software initiator
NIC2 NIC1
IP network
SP
iSCSI storage
Array-Based Failover
Some iSCSI storage systems manage path use of their ports automatically (transparently to ESX/ESXi).
When using one of these storage systems, ESX/ESXi does not see multiple ports on the storage and cannot
choose the storage port it connects to. These systems have a single virtual port address that ESX/ESXi uses to
initially communicate. During this initial communication, the storage system can redirect ESX/ESXi to
communicate with another port on the storage system. The iSCSI initiators in ESX/ESXi obey this reconnection
request and connect with a different port on the system. The storage system uses this technique to spread the
load across available ports.
If ESX/ESXi loses connection to one of these ports, it automatically attempts to reconnect with the virtual port
of the storage system, and should be redirected to an active, usable port. This reconnection and redirection
happens quickly and generally does not disrupt running virtual machines. These storage systems can also
request that iSCSI initiators reconnect to the system, to change which storage port they are connected to. This
allows the most effective use of the multiple ports.
Figure 1-7 shows an example of port redirection. ESX/ESXi attempts to connect to the 10.0.0.1 virtual port. The
storage system redirects this request to 10.0.0.2. ESX/ESXi connects with 10.0.0.2 and uses this port for I/O
communication.
NOTE The storage system does not always redirect connections. The port at 10.0.0.1 could be used for traffic,
also.
VMware, Inc. 23
iSCSI SAN Configuration Guide
10.0.0.2
storage
10.0.0.2
storage
If the port on the storage system that is acting as the virtual port becomes unavailable, the storage system
reassigns the address of the virtual port to another port on the system. Figure 1-8 shows an example of this
type of port reassignment. In this case, the virtual port 10.0.0.1 becomes unavailable and the storage system
reassigns the virtual port IP address to a different port. The second port responds to both addresses.
10.0.0.1
10.0.0.2
storage
10.0.0.1
10.0.0.1
10.0.0.2
storage
24 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
Not all applications need to be on the highest-performance, most-available storage—at least not throughout
their entire life cycle.
NOTE If you need some of the functionality of the high tier, such as snapshots, but do not want to pay for it,
you might be able to achieve some of the high-performance characteristics in software. For example, you can
create snapshots in software.
When you decide where to place a virtual machine, ask yourself these questions:
n How critical is the virtual machine?
n What are its performance and availability requirements?
n What are its PiT restoration requirements?
n What are its backup requirements?
n What are its replication requirements?
A virtual machine might change tiers throughout its life cycle because of changes in criticality or changes in
technology that push higher-tier features to a lower tier. Criticality is relative and might change for a variety
of reasons, including changes in the organization, operational processes, regulatory requirements, disaster
planning, and so on.
Using VMware HA
One of the failover options ESX/ESXi provides is VMware High Availability (HA).
VMware HA allows you to organize virtual machines into failover groups. When a host fails, all its virtual
machines are immediately started on different hosts. When a virtual machine is restored on a different host, it
loses its memory state, but its disk state is exactly as it was when the host failed (crash-consistent failover).
Shared storage (such as a SAN) is required for HA.
VMware, Inc. 25
iSCSI SAN Configuration Guide
Although a datastore is accessible to a host, all virtual machines on that host do not necessarily have access
to all data on that datastore. A virtual machine can access only the virtual disks for which it was configured.
In case of a configuration error, virtual disks are locked when the virtual machine boots so no corruption
occurs.
NOTE As a rule, when you boot from a SAN, each boot volume should be seen only by the host that is booting
from that volume. An exception is when you try to recover from a failure by pointing a second host to the same
volume. In this case, the SAN volume in question is not really for booting from a SAN. No host is booting from
it because it is corrupted. The SAN volume is a regular non-boot volume that is made visible to a host.
The VMkernel discovers LUNs when it boots, and those LUNs are then visible in the vSphere Client. If changes
are made to the LUNs, you must rescan to see those changes.
n New LUNs created on the iSCSI storage
n Changes to LUN access control
n Changes in connectivity
26 VMware, Inc.
Configuring iSCSI Initiators and
Storage 2
Before ESX/ESXi can work with a SAN, you must set up your iSCSI initiators and storage.
To do this, you must first observe certain basic requirements and then follow best practices for installing and
setting up hardware or software iSCSI initiators to access the SAN.
VMware, Inc. 27
iSCSI SAN Configuration Guide
For active-passive storage arrays not listed in the Storage/SAN Compatibility Guide, VMware does not
support storage-port failover. You must connect the server to the active port on the storage system. This
configuration ensures that the LUNs are presented to the ESX/ESXi host.
You must install and configure the hardware iSCSI adapter before you set up a datastore that resides on an
iSCSI storage device.
28 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
Prerequisites
Before you begin configuring the hardware iSCSI initiator, make sure that the iSCSI HBA is successfully
installed and appears on the list of initiators available for configuration. If the initiator is installed, you can
view its properties.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
The default details for the initiator appear, including the model, iSCSI name, iSCSI alias, IP address, and
target and paths information.
4 Click Properties.
The iSCSI Initiator Properties dialog box appears. The General tab displays additional characteristics of
the initiator.
You can now configure your hardware initiator or change its default characteristics.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 To change the default iSCSI name for your initiator, enter the new name.
Make sure the name you enter is worldwide unique and properly formatted or some storage devices might
not recognize the hardware iSCSI initiator.
The alias is a name that you use to identify the hardware iSCSI initiator.
You must change the default IP settings so that they are configured properly for the IP SAN. Work with
your network administrator to determine the IP setting for the HBA.
If you change the iSCSI name, it is used for new iSCSI sessions. For existing sessions, new settings are not used
until logout and re-login.
VMware, Inc. 29
iSCSI SAN Configuration Guide
Before you configure the software iSCSI initiator, you must perform the following tasks:
3 If you use multiple network adapters, activate multipathing on your host using the port binding technique.
4 If needed, enable Jumbo Frames. Jumbo Frames must be enabled for each vSwitch through the vSphere
CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo
Frames.
Depending on the number of physical NICs you use for iSCSI traffic, the networking setup can be different:
n If you have one physical NIC, create one VMkernel port on a vSwitch and map the port to the NIC. VMware
recommends that you designate a separate network adapter entirely for iSCSI. No additional network
configuration steps are required.
For information on creating a port, see “Create a VMkernel Port for Software iSCSI,” on page 31.
n If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by
using the port binding technique.
For background information on multipathing with software iSCSI, see “Host-Based Path Failover,” on
page 22.
With port binding, you create a separate VMkernel port for each physical NIC using 1:1 mapping. You
can add all network adapter and VMkernel port pairs to a single vSwitch, as Figure 2-1 shows.
vmk1 vmk2
vSwitch1
portgrp1 portgrp2
vmnic1 vmnic2
For information on adding the NIC and VMkernel port pairs to a vSwitch, see “Set Up Multipathing for
Software iSCSI,” on page 32.
Another alternative is to create a separate vSwitch for each network adapter and VMkernel port pair, as
Figure 2-2 indicates.
30 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
vmk1 vmk2
vSwitch0 vSwitch1
vmnic1 vmnic2
After you map VMkernel ports to network adapters, use the esxcli command to connect the ports with
the software iSCSI initiator. For information, see “Activate Multipathing for Software iSCSI Initiator,” on
page 33.
If you have one physical network adapter to be used for iSCSI traffic, this is the only procedure you must
perform to set up your iSCSI networking.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
If no adapters appear under Create a virtual switch, existing vSwitches are using all of the network
adapters in the system. You can use an existing vSwitch for your iSCSI traffic.
7 Click Next.
8 Under Port Group Properties, enter a network label. Network label is a friendly name that identifies the
VMkernel port that you are creating.
9 Click Next.
What to do next
If your host uses only one network adapter for iSCSI, no additional network configuration steps are required.
VMware, Inc. 31
iSCSI SAN Configuration Guide
If your host uses more than one physical network adapter for iSCSI, connect additional adapters and associate
them with corresponding VMkernel ports using the port binding technique. You have the following options:
n Use a single vSwitch for iSCSI multipathing. You must connect additional network adapters and VMkernel
ports to the vSwitch you just created and override the default setup, so that each port maps to only one
active adapter. See “Set Up Multipathing for Software iSCSI,” on page 32.
n Create separate vSwitches for each additional network adapter.
You now need to connect additional network adapters to the existing vSwitch and map them to corresponding
VMkernel ports.
Prerequisites
You must create one VMkernel port for your network adapter before you can set up multipathing for software
iSCSI.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
3 Select the vSwitch that you use for iSCSI and click Properties.
a In the vSwitch Properties dialog box, click the Network Adapters tab and click Add.
b Select one or more adapters from the list and click Next.
c Review the information on the Adapter Summary page, and click Finish.
The list of network adapters reappears, showing the network adapters that the vSwitch now claims.
5 Create VMkernel ports for all network adapters that you connected.
The number of VMkernel ports must correspond to the number of network adapters on the vSwitch.
a In the vSwitch Properties dialog box, click the Ports tab and click Add.
c Under Port Group Properties, enter a network label and click Next.
When you enter subnet mask, make sure that the network adapter is set to the subnet of the storage
system it connects to.
CAUTION If the network adapter you add to software iSCSI initiator is not in the same subnet as your iSCSI
target, your host is not able to establish sessions from this network adapter to the target.
32 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
By default, for each VMkernel port on the vSwitch, all network adapters appear as active. You must
override this setup, so that each port maps to only one corresponding active adapter. For example,
VMkernel port vmk1 maps to active adapter vmnic1, port vmk2 maps to vmnic2, and so on.
b Click the NIC Teaming tab and select Override vSwitch failover order.
c Designate only one adapter as active and move all remaining adapters to the Unused Adapters
category.
7 Repeat the last step for each VMkernel port on the vSwitch.
What to do next
After performing this task, use the esxcli command to connect the VMkernel ports to the software iSCSI
initiator.
Prerequisites
Procedure
The vSphere Client displays the port's name below the network label.
For example, the following graphic shows the ports' names as vmk1 and vmk2.
2 Using the vSphere CLI, connect the software iSCSI initiator to the iSCSI VMkernel ports.
3 Verify that the ports were added to the software iSCSI initiator by running the following command:
VMware, Inc. 33
iSCSI SAN Configuration Guide
5 To disconnect the software iSCSI initiator from the ports, run the following command.
If there are active iSCSI sessions between your host and targets, discontinue them before running this
command. You can do so by removing static targets that the ports use from the vSphere Client.
In this example, if you use the vSphere client to display the Paths view for the vmhba33 initiator, you can see
that it uses two different paths to access the same target. The runtime names of the paths are vmhba33:C1:T1:L0
and vmhba33:C2:T1:L0. C1 and C2 in this example indicate the two network adapters that are used for
multipathing.
Procedure
1 Log in to the vSphere Client, and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 Click Configure.
The General Properties dialog box displays the initiator’s status, default name, and alias.
Make sure the name you enter is worldwide unique and properly formatted or some storage devices might
not recognize the software iSCSI initiator.
If you change the iSCSI name, it is used for new iSCSI sessions. For existing sessions, new settings are not used
until you logout and re-login.
Before enabling Jumbo Frames, check with your hardware vendor to ensure your physical network adapter
and iSCSI storage support Jumbo Frames.
Jumbo Frames must be enabled for each vSwitch through the vSphere CLI. Also, if you use an ESX host, you
must create a VMkernel network interface enabled with Jumbo Frames.
34 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
Procedure
1 To set the MTU size for the vSwitch, run the vicfg-vswitch -m <MTU> <vSwitch> command from the
vSphere CLI.
This command sets the MTU for all uplinks on that vSwitch. The MTU size should be set to the largest
MTU size among all the virtual network adapters connected to the vSwitch.
2 Run the vicfg-vswitch -l command to display a list of vSwitches on the host, and check that the
configuration of the vSwitch is correct.
Procedure
2 Use the esxcfg-vmknic command to create a VMkernel connection with Jumbo Frame support.
3 Run the esxcfg-vmknic -l command to display a list of VMkernel interfaces and check that the
configuration of the Jumbo Frame-enabled interface is correct.
4 Check that the VMkernel interface is connected to a vSwitch with Jumbo Frames enabled.
5 Configure all physical switches and any physical or virtual machines to which this VMkernel interface
connects to support Jumbo Frames.
Dynamic Discovery Also known as Send Targets discovery. Each time the initiator contacts a
specified iSCSI server, the initiator sends the Send Targets request to the server.
The server responds by supplying a list of available targets to the initiator. The
names and IP addresses of these targets appear on the Static Discovery tab. If
you remove a static target added by dynamic discovery, the target might be
returned to the list the next time a rescan happens, the HBA is reset, or the host
is rebooted.
Static Discovery The initiator does not have to perform any discovery. The initiator has a list of
targets it can contact and uses their IP addresses and target names to
communicate with them.
VMware, Inc. 35
iSCSI SAN Configuration Guide
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
4 In the iSCSI Initiator Properties dialog box, click the Dynamic Discovery tab.
6 Enter the IP address or DNS name of the storage system and click OK.
After your host establishes the Send Targets session with this system, any newly discovered targets appear
in the Static Discovery list.
After you remove a Send Targets server, it might still appear in the Inheritance field as the parent of static
targets. This entry indicates where the static targets were discovered and does not affect the functionality.
NOTE You cannot change the IP address, DNS name, or port number of an existing Send Targets server. To
make changes, delete the existing server and add a new one.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
The tab displays all dynamically discovered targets and any static targets already entered.
NOTE You cannot change the IP address, DNS name, iSCSI target name, or port number of an existing target.
To make changes, remove the existing target and add a new one.
36 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
target when the host and target establish a connection. The verification is based on a predefined private value,
or CHAP secret, that the initiator and target share.
ESX/ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP
name and secret from the iSCSI initiator. For software iSCSI, ESX/ESXi also supports per-target CHAP
authentication, which allows you to configure different credentials for each target to achieve greater level of
security.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP
authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that
the CHAP authentication credentials match the credentials on the iSCSI storage.
For software iSCSI only, you can set one-way CHAP and mutual CHAP for each initiator or at the target level.
Hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
Do not use CHAP The host does not use CHAP authentication. Select this Software iSCSI
option to disable authentication if it is currently enabled. Hardware iSCSI
Do not use CHAP unless The host prefers a non-CHAP connection, but can use a Software iSCSI
required by target CHAP connection if required by the target.
Use CHAP unless prohibited The host prefers CHAP, but can use non-CHAP Software iSCSI
by target connections if the target does not support CHAP. Hardware iSCSI
Use CHAP The host requires successful CHAP authentication. The Software iSCSI
connection fails if CHAP negotiation fails.
VMware, Inc. 37
iSCSI SAN Configuration Guide
Prerequisites
Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual
CHAP. Hardware iSCSI does not support mutual CHAP.
n In one-way CHAP, the target authenticates the initiator.
n In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
for CHAP and mutual CHAP.
When configuring CHAP parameters, make sure that they match the parameters on the storage side.
For software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
For hardware iSCSI, the CHAP name should not exceed 255 and the CHAP secret 100 alphanumeric characters.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
Make sure that the name you specify matches the name configured on the storage side.
n To set the CHAP name to the iSCSI initiator name, select Use initiator name.
n To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator
name and enter a name in the Name field.
c Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
that you enter on the storage side.
6 To configure mutual CHAP, first configure one-way CHAP by following directions in Step 5.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual
CHAP:
c Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
7 Click OK.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing
sessions, new settings are not used until you log out and login again.
38 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
When configuring CHAP parameters, make sure that they match the parameters on the storage side. For
software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
Prerequisites
Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual
CHAP.
n In one-way CHAP, the target authenticates the initiator.
n In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
for CHAP and mutual CHAP.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
5 From the list of available targets, select a target you want to configure and click Settings > CHAP.
Make sure that the name you specify matches the name configured on the storage side.
n To set the CHAP name to the iSCSI initiator name, select Use initiator name.
n To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator
name and enter a name in the Name field.
d Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
that you enter on the storage side.
7 To configure mutual CHAP, first configure one-way CHAP by following directions in Step 6.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual
CHAP:
VMware, Inc. 39
iSCSI SAN Configuration Guide
d Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
8 Click OK.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing
sessions, new settings are not used until you log out and login again.
Disable CHAP
You can disable CHAP if your storage system does not require it.
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active
until you reboot your ESX/ESXi host or the storage system forces a logout. After the session ends, you can no
longer connect to targets that require CHAP.
Procedure
2 For software iSCSI, to disable just the mutual CHAP, select Do not use CHAP under Mutual CHAP.
The mutual CHAP, if set up, automatically turns to Do not use CHAP when you disable the one-way
CHAP.
4 Click OK.
Do not make any changes to the advanced iSCSI settings unless you are working with the VMware support
team or otherwise have thorough information about the values to provide for the settings.
Table 2-2 lists advanced iSCSI parameters that you can configure using the vSphere Client. In addition, you
can use the vicfg-iscsi vSphere CLI command to configure some of the advanced parameters. For
information, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Header Digest Increases data integrity. When header digest is enabled, the system Software iSCSI
performs a checksum over each iSCSI Protocol Data Unit’s (PDU’s)
header part and verifies using the CRC32C algorithm.
Data Digest Increases data integrity. When data digest is enabled, the system Software iSCSI
performs a checksum over each PDU's data part and verifies using
the CRC32C algorithm.
NOTE Systems that use Intel Nehalem processors offload the iSCSI
digest calculations for software iSCSI, thus reducing the impact on
performance.
Maximum Defines the R2T (Ready to Transfer) PDUs that can be in transition Software iSCSI
Outstanding R2T before an acknowledge PDU is received.
40 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
First Burst Length Specifies the maximum amount of unsolicited data an iSCSI initiator Software iSCSI
can send to the target during the execution of a single SCSI command,
in bytes.
Maximum Burst Maximum SCSI data payload in a Data-In or a solicited Data-Out Software iSCSI
Length iSCSI sequence, in bytes.
Maximum Receive Maximum data segment length, in bytes, that can be received in an Software iSCSI
Data Segment Length iSCSI PDU.
ARP Redirect Allows storage systems to move iSCSI traffic dynamically from one Hardware iSCSI
port to another. ARP is required by storage systems that do array- (Configurable through
based failover. vSphere CLI)
Delayed ACK Allows systems to delay acknowledgment of received data packets. Software iSCSI
CAUTION Do not make any changes to the advanced iSCSI settings unless you are working with the VMware
support team or otherwise have thorough information about the values to provide for the settings.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
4 To configure advanced parameters at the initiator level, on the General tab, click Advanced. Proceed to
Step 6.
At the target level, advanced parpameters can be configured only for software iSCSI.
b From the list of available targets, select a target to configure and click Settings > Advanced.
6 Enter any required values for the advanced parameters you want to modify and click OK to save your
changes.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
VMware, Inc. 41
iSCSI SAN Configuration Guide
The Select Disk/LUN page appears. This can take a few seconds depending on the number of targets.
5 Select the iSCSI device to use for your datastore and click Next.
The datastore name appears in the vSphere Client, and the label must be unique within the current
VMware vSphere instance.
8 If needed, adjust the file system values and capacity you use for the datastore.
By default, the entire free space available on the storage device is offered to you.
9 Click Next.
42 VMware, Inc.
Modifying SAN Storage Systems for
ESX/ESXi 3
After you configure your iSCSI initiators and storage, you might need to modify your storage system to ensure
that it works properly with your ESX/ESXi implementation.
This section discusses many of the iSCSI storage systems supported in conjunction with VMware ESX/ESXi.
For each device, it lists major known potential issues, points to vendor-specific information (if available), or
includes information from VMware knowledge base articles.
NOTE Information in this section is updated only with each release. New information might already be
available. Also, other iSCSI storage systems are supported but are not covered in this chapter. Consult the most
recent Storage/SAN Compatibility Guide, check with your storage vendor, and explore the VMware knowledge
base articles.
Not all storage devices are certified for all features and capabilities of ESX/ESXi, and vendors might have
specific positions of support with regard to ESX/ESXi.
VMware, Inc. 43
iSCSI SAN Configuration Guide
Basic Connectivity Tests whether ESX/ESXi can recognize and operate with the storage system.
This configuration does not allow for multipathing or any type of failover.
HBA Failover The server is equipped with multiple HBAs connecting to one or more SAN
switches. The server is robust to HBA and switch failure only.
Storage Port Failover The server is attached to multiple storage ports and is robust to storage port
failures and switch failures.
Booting from a SAN The ESX host boots from a LUN configured on the SAN rather than from the
(with ESX hosts only) server itself.
This is an active-passive disk array, so any related issues that apply to all active-passive disk arrays are relevant.
In addition, keep in mind the following:
n To avoid the possibility of path thrashing, the default multipathing policy is Most Recently Used, not
Fixed. The ESX/ESXi system sets the default policy when it identifies the storage system.
n To boot from a SAN, choose the active storage processor for the boot LUN’s target in the HBA BIOS.
n On EMC CLARiiON AX100i and AX150i systems, RDMs are supported only if you use the Navisphere
Management Suite for SAN administration. Navisphere Express is not guaranteed to configure them
properly.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host
in the cluster. The AX100i and AX150i do not do this by default.
44 VMware, Inc.
Chapter 3 Modifying SAN Storage Systems for ESX/ESXi
n When you use an AX100i or AX150i storage system, no host agent periodically checks the host
configuration and pushes changes to the storage system. The axnaviserverutil cli utility is used to
update the changes. This is a manual operation that you should perform as needed.
n EMC CLARiiON storage systems do not support port binding.
The following settings are required for ESX/ESXi operations on the Symmetrix networked storage system:
n Common serial number (C)
n Auto negotiation (EAN) enabled
n SCSI 3 (SC3) set (enabled)
n Unique world wide name (UWN)
n SPC-2 (Decal) (SPC2) SPC-2 flag is required
NOTE The ESX/ESXi host considers any LUNs from a Symmetrix storage system that have a capacity of 50MB
or less as management LUNs. These LUNs are also known as pseudo or gatekeeper LUNs. These LUNs appear
in the EMC Symmetrix Management Interface and should not be used to hold data.
Procedure
1 Install, connect, and power up the network devices as detailed in the vendor installation document.
a Scroll through the messages on the LCD panel until the following message appears: 603 Port MA0 IP
<address>
b Record the management port IP address that appears in Basic MSA1510i information.
3 From the server or a workstation on the MSA1510i LAN segment, open a Web browser and enter the
address obtained in the previous step.
VMware, Inc. 45
iSCSI SAN Configuration Guide
Option Description
Storage configuration a Set the Fault Tolerant mode (RAID mode).
b Assign a spare disk for appropriate RAID level.
iSCSI configuration (configure an a Select a data port.
iSCSI portal) b Assign an IP address to the data port.
c VLANs are set up on the switch and are used as one method of
controlling access to the storage. If you are using VLANs, enter the
VLAN ID to use (0 = not used).
d The wizard suggests a default iSCSI Target Name and iSCSI Target Alias.
Accept the default or enter user-defined values.
NOTE To configure the remaining data ports, complete the Initial System
Configuration Wizard process, and then use tasks available on the Configure
tab.
Login settings
Management settings
NOTE Wizards are available for basic configuration tasks only. Use the Manage and Configure tabs to view
and change your configuration.
What to do next
After initial setup, perform the following tasks to complete the configuration:
n Create an array.
n Create a logical drive.
n Create a target.
n Create a portal group.
n Associate or assign the portals created using the wizard with the portal group created.
n Map logical drives to the target.
n Add initiators (initiator IQN name and alias).
n Update the ACLs of the logical drives to provide access to initiators (select the list of initiators to access
the logical drive).
Set the connection type to Custom when you present a LUN to an ESX/ESXi host. The value is one of the
following:
n For HP EVAgl 3000/5000 (active-passive), use the 000000002200282E host mode type.
n For HP EVAgl firmware 4.001 (active-active firmware for GL series) and above, use the VMware host mode
type.
46 VMware, Inc.
Chapter 3 Modifying SAN Storage Systems for ESX/ESXi
n For EVA4000/6000/8000 active-active arrays with firmware earlier than 5.031, use the 000000202200083E
host mode type.
n For EVA4000/6000/8000 active-active arrays with firmware 5.031 and later, use the VMware host mode type.
Otherwise, EVA systems do not require special configuration changes to work with an ESX/ESXi system.
For additional documentation on NetApp and VMware best practices and SAN solutions, search the NetApp
web page.
Disable ALUA. If any of your iSCSI initiators are a part of an initiator group (igroup), disable ALUA on the
NetApp filter.
Set up multipathing. When you set up multipathing between two iSCSI HBAs and multiple ports on a NetApp
storage system, give the two HBAs different dynamic or static discovery addresses to connect
to the storage.
The NetApp storage system only permits one connection for each target and each initiator.
Attempts to make additional connections cause the first connection to drop. Therefore, a
single HBA should not attempt to connect to multiple IP addresses associated with the same
NetApp target.
Set LUN type and initiator Set the appropriate LUN type and initiator group type for the storage system:
group type. n LUN type – VMware (if VMware type is not available, use Linux).
n Initiator group type – VMware (if VMware type is not available, use Linux).
Procedure
2 Create a volume.
b Click Next.
e Enter values for Containing Aggregate, Total Volume Size, and Space Guarantee and click Next.
3 Create LUNs.
VMware, Inc. 47
iSCSI SAN Configuration Guide
c Click Add.
b From this list, click the label on the Maps row for the specific LUNs.
e When prompted, enter the LUN ID (any number from 0 to 255) and click Apply.
Procedure
4 Create a LUN.
lun create -s <size> -t vmware <path>
48 VMware, Inc.
Chapter 3 Modifying SAN Storage Systems for ESX/ESXi
The following are specific requirements for EqualLogic storage systems to work with ESX/ESXi:
n Multipathing. No special setup is needed because EqualLogic storage systems support storage-processor
failover that is transparent to iSCSI. Multiple iSCSI HBAs or NICs can connect to the same target or LUN
on the storage side.
n Creating iSCSI LUNs. From the EqualLogic web portal, right-click Volumes, and then select Create
Volume.
n Enable ARP redirection for ESX/ESXi hardware iSCSI HBAs.
n EqualLogic storage systems impose a maximum limit of 512 iSCSI connections per storage pool and 2048
connections per storage group.
For more information about configuring and using EqualLogic storage systems, see the vendor’s
documentation.
When configuring SAN/iQ, enable automatic volume resignaturing for SAN/iQ storage devices to allow access
to SAN/iQ snapshots and remote copies.
For more information on configuring LeftHand Networks SANs for VMware vSphere, see the vendor
documentation related to VMware.
3 Create volumes.
As a best practice, configure virtual IP load balancing in SAN/iQ for all ESX/ESXi authentication groups.
When you configure mutual CHAP for the MD3000i iSCSI array, follow these guidelines:
n On the MD3000i storage system, mutual CHAP configuration requires only a CHAP secret.
n On the ESX/ESXi host, mutual CHAP configuration requires both the name and CHAP secret. When
configuring mutual CHAP on the ESX/ESXi host, enter the IQN name of the target as the mutual CHAP
name. Make sure the CHAP secret matches the one set on the array.
VMware, Inc. 49
iSCSI SAN Configuration Guide
50 VMware, Inc.
Booting from an iSCSI SAN with ESX
Systems 4
If you use ESX host, you can set up your system to boot from a SAN. The boot image is not stored on the ESX
system’s local disk, but instead is stored on a SAN LUN. You can boot from a SAN only with hardware iSCSI.
NOTE When you boot from a SAN in conjunction with a VMware ESX system, each server must have its own
boot LUN.
Only ESX hosts with hardware iSCSI initiators can boot from SAN.
service
console VMkernel
hardware
iSCSI
initiator
(HBA)
LAN
storage array
boot disk
VMware, Inc. 51
iSCSI SAN Configuration Guide
Do not boot from a SAN if you risk I/O contention between the service console and VMkernel.
Procedure
1 Review any vendor configuration recommendations that apply to the storage system or the server booting
from SAN.
2 Configure the hardware elements of your storage network, including SAN and HBAs.
Proper access control on the storage systems is important when an ESX host is booting from iSCSI.
n Boot LUNs should only be visible to the server using that LUN to boot. No other server or system on
the SAN should be permitted to see that boot LUN.
n Multiple ESX hosts can share a diagnostic partition. ACLs on the storage systems can allow you to
do this.
Diagnostic partitions can be put on the same LUN as the boot partition. Core dumps are stored in
diagnostic partitions. If a diagnostic partition is configured in the boot LUN, this LUN cannot be shared
between multiple hosts
5 Set up your ESX to boot from CD-ROM first because the VMware installation CD is in the CD-ROM drive.
To achieve this, change the system boot sequence in your system BIOS setup.
52 VMware, Inc.
Chapter 4 Booting from an iSCSI SAN with ESX Systems
CAUTION If you use scripted installation to install ESX when booting from a SAN, you must take special steps
to avoid unintended data loss. See VMware knowledge base article 1540.
Procedure
1 Connect network cables, referring to any cabling guide that applies to your setup.
This includes proper configuration of any routers or switches on your storage network. Storage systems
must be able to ping the iSCSI HBAs in your ESX hosts.
a Create a volume (or LUN) on the storage system for ESX to boot from.
b Configure the storage system so that the ESX system has access to the assigned LUN.
This could involve updating ACLs with the IP addresses, iSCSI names, and the CHAP authentication
parameter you use on the ESX system. On some storage systems, in addition to providing access
information for the ESX host, you must also explicitly associate the assigned LUN with the host.
c Ensure that the LUN is presented to the ESX system as LUN 0. The host can also boot from LUN 255.
On storage systems that present volumes as multiple targets rather than multiple LUNs, the volumes
are always presented as LUN 0.
e Record the iSCSI name and IP addresses of the targets assigned to the ESX host.
Procedure
1 During server POST, press Crtl+q to enter the QLogic iSCSI HBA configuration menu.
a From the Fast!UTIL Options menu, select Configuration Settings > Host Adapter Settings.
b Configure the following settings for your host adapter: initiator IP address, subnet mask, gateway,
initiator iSCSI name, and CHAP (if required).
VMware, Inc. 53
iSCSI SAN Configuration Guide
a From the Fast!UTIL Options menu, select Configuration Settings > iSCSI Boot Settings.
b Before you can set SendTargets, set Adapter Boot mode to Manual.
2 You can leave the Boot LUN and iSCSI Name fields blank if only one iSCSI target and one LUN
are at the specified address to boot from. Otherwise, you must specify these fields to ensure that
you do not boot from a volume for some other system. After the target storage system is reached,
these fields will be populated after a rescan.
3 Save changes.
d From the iSCSI Boot Settings menu, select the primary boot device. An auto rescan of the HBA is
made to find new target LUNS.
NOTE If more then one LUN exists within the target, you can choose a specific LUN ID by pressing
Enter after you locate the iSCSI device.
f Return to the Primary Boot Device Setting menu. After the rescan, the Boot LUNand iSCSI Name
fields are populated. Change the value of Boot LUN to the desired LUN ID.
What to do next
For more information and more up-to-date details about QLogic host adapter configuration settings, see the
QLogic host adapter readme file at the QLogic web site.
54 VMware, Inc.
Managing ESX/ESXi Systems That Use
SAN Storage 5
This section helps you manage your ESX/ESXi system, use SAN storage effectively, and perform
troubleshooting. It also explains how to find information about storage devices, adapters, multipathing, and
so on.
When you list all available adapters, you can see their models, types, such as Fibre Channel, Parallel SCSI, or
iSCSI, and, if available, their unique identifiers.
When you display details for each iSCSI adapter, you see the following information. Certain adapters might
need to be configured or enabled before you can view their information.
iSCSI Name A unique name formed according to iSCSI standards that identifies the iSCSI adapter.
VMware, Inc. 55
iSCSI SAN Configuration Guide
Procedure
4 To view details for a specific adapter, select the adapter from the Storage Adapters list.
5 To list all storage devices the adapter can access, click Devices.
Procedure
5 In the Details panel, right-click the value in the name field, and select Copy.
For each storage adapter, you can display a separate list of storage devices accessible just through this adapter.
When you review a list of storage devices, you typically see the following information.
Name A friendly name that the host assigns to the device based on the storage type and
manufacturer.
LUN The LUN number that shows the position of the LUN within the target.
56 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Owner The plugin, such as the NMP or a third-party plugin, the host uses to manage the storage
device.
Name A friendly name that the host assigns to a device based on the storage type and
manufacturer. You can modify the name using the vSphere Client.
Identifier A universally unique identifier that the host extracts from the storage.
Depending on the type of storage, the host uses different algorithms to extract
the identifier. The identifier is persistent across reboots and is the same for all
hosts sharing the device.
Runtime Name The name of the first path to the device. The runtime name is created by the
host. The name is not a reliable identifier for the device, and is not persistent.
The runtime name has the following format:
vmhba#:C#:T#:L#, where
n vmhba# is the name of the storage adapter. The name refers to the physical
adapter on the host, not to the SCSI controller used by the virtual machines.
n C# is the storage channel number.
Software iSCSI initiators use the channel number to show multiple paths
to the same target.
n T# is the target number. Target numbering is decided by the host and might
change if there is a change in the mappings of targets visible to the host.
Targets that are shared by different hosts might not have the same target
number.
n L# is the LUN number that shows the position of the LUN within the target.
The LUN number is provided by the storage system. If a target has only
one LUN, the LUN number is always zero (0).
Procedure
VMware, Inc. 57
iSCSI SAN Configuration Guide
4 Click Devices.
5 To view additional details about a specific device, select the device from the list.
Procedure
5 Click Devices.
Procedure
For each datastore, you can also review the following details:
n Location of the datastore.
n Total capacity, including the used and available space.
n Individual extents that the datastore spans and their capacity. To view extent details, click Properties and
select the Extents panel.
n Paths used to access the storage device.
58 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
4 To display details for a particular datastore, select the datastore from the list.
Check cable connectivity. If you do not see a port, the problem could be cable connectivity or routing. Check the cables
first. Ensure that cables are connected to the ports and a link light indicates that the
connection is good. If each end of the cable does not show a good link light, replace the cable.
Check routing settings. Controls connectivity between different subnets on your Ethernet configuration. If your ESX/
ESXi system and iSCSI storage are not on the same subnet, ensure that appropriate routing
exists between the subnets. Also, ensure that the subnet mask and gateway address are set
correctly on the iSCSI storage and the iSCSI initiator in the ESX/ESXi host.
Check access control If the expected LUNs do not appear after rescan, access control might not be configured
configuration. correctly on the storage system side:
n If CHAP is configured, ensure that it is enabled on the ESX/ESXi host and matches the
storage system setup.
n If IP-based filtering is used, ensure that the iSCSI HBA or the VMkernel port group IP
address and service console IP address are allowed.
n If you are using initiator name-based filtering, ensure that the name is a qualified iSCSI
name and matches the storage system setup.
n For booting from a SAN, ensure that each ESX host sees only required LUNs. Do not
allow any ESX host to see any boot LUN other than its own. Use storage system software
to make sure that the ESX host can see only the LUNs that it is supposed to see.
n Ensure that the Disk.MaxLUN setting allows you to view the LUN you expect to see.
Check storage processor If a storage system has more than one storage processor, make sure that the SAN switch has
setup. a connection to the SP that owns the LUNs you want to access. On some storage systems,
only one SP is active and the other SP is passive until a failure occurs. If you are connected
to the wrong SP (the one with the passive path) you might not see the expected LUNs, or
you might see the LUNs but get errors when trying to access them.
For software iSCSI, check The software iSCSI initiator in ESX/ESXi requires that a VMkernel network port have access
network configuration. to the iSCSI storage. The software initiator uses the VMkernel for data transfer between the
ESX/ESXi system and the iSCSI storage.
Rescan your iSCSI initiator. Perform a rescan each time you complete the following tasks:
n Create new LUNs on a SAN.
n Change the LUN masking on an ESX/ESXi host storage system.
n Reconnect a cable.
n Make a change to a host in a cluster.
n Change CHAP settings or add new discovery addresses.
VMware, Inc. 59
iSCSI SAN Configuration Guide
You can rescan all adapters on your host. If the changes you make are isolated to a specific adapter, rescan
only this adapter. If your vSphere Client is connected to a vCenter Server system, you can rescan adapters on
all hosts managed by the vCenter Server system.
Perform a rescan each time you make one of the following changes.
n Create new LUNs on a SAN.
n Change the path masking on a host.
n Reconnect a cable.
n Make a change to a host in a cluster.
n Change CHAP settings or add new discovery addresses.
IMPORTANT Do not rescan when a path is unavailable. If one path fails, another takes over and your system
continues to be fully functional. If, however, you rescan at a time when a path is not available, the host removes
the path from its list of paths to the device. The path cannot be used by the host until the next time a rescan is
performed while the path is active.
Use this procedure if you want to limit the rescan to a particular host or an adapter on the host. If you want to
rescan adapters on all hosts managed by your vCenter Server system, you can do so by right-clicking a
datacenter, cluster, or folder that contains the hosts and selecting Rescan for Datastores.
Procedure
1 In the vSphere Client, select a host and click the Configuration tab.
2 In the Hardware panel, select Storage Adapters, and click Rescan above the Storage Adapters panel.
You can also right-click an individual adapter and click Rescan to rescan just that adapter.
IMPORTANT On ESXi, it is not possible to rescan a single storage adapter. If you rescan a single adapter,
all adapters are rescanned.
3 To discover new disks or LUNs, select Scan for New Storage Devices.
4 To discover new datastores or update a datastore after its configuration has been changed, select Scan for
New VMFS Volumes.
If new datastores or VMFS volumes are discovered, they appear in the datastore list.
60 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
IMPORTANT You cannot discover LUNs with a LUN ID number that is greater than 255.
Reducing the value can shorten rescan time and boot time. However, the time to rescan LUNs might depend
on other factors, including the type of storage system and whether sparse LUN support is enabled.
Procedure
1 In the vSphere Client inventory panel, select the host, click the Configuration tab, and click Advanced
Settings.
2 Select Disk.
4 Change the existing value to the value of your choice, and click OK.
The value you enter specifies the LUN after the last one you want to discover.
For example, to discover LUNs from 0 through 31, set Disk.MaxLUN to 32.
The VMkernel provides sparse LUN support by default. The sparse LUN support enables the VMkernel to
perform uninterrupted LUN scanning when a storage system presents LUNs with nonsequential LUN
numbering, for example 0, 6, and 23. If all LUNs that your storage system presents are sequential, you can
disable the sparse LUN support.
Procedure
1 In the vSphere Client inventory panel, select the host, click the Configuration tab, and click Advanced
Settings.
By default, the host performs a periodic path evaluation every 5 minutes causing any unclaimed paths to be
claimed by the appropriate MPP.
The claim rules are numbered. For each physical path, the host runs through the claim rules starting with the
lowest number first. The attributes of the physical path are compared to the path specification in the claim rule.
If there is a match, the host assigns the MPP specified in the claim rule to manage the physical path. This
continues until all physical paths are claimed by corresponding MPPs, either third-party multipathing plugins
or the native multipathing plugin (NMP).
VMware, Inc. 61
iSCSI SAN Configuration Guide
For the paths managed by the NMP module, a second set of claim rules is applied. These rules determine which
SATP should be used to manage the paths from a specific array type, and which PSP is to be used for each
storage device. For example, for a storage device that belongs to the EMC CLARiiON CX storage family, the
default SATP is VMW_SATP_CX and the default PSP is Most Recently Used.
Use the vSphere Client to view which SATP and PSP the host is using for a specific storage device and the
status of all available paths for this storage device. If needed, you can change the default VMware PSP using
the vSphere Client. To change the default SATP, you need to modify claim rules using the vSphere CLI.
You can find some information about modifying claim rules in Appendix C, “Managing Storage Paths and
Multipathing Plugins,” on page 83.
For detailed descriptions of the commands available to manage PSA, see the vSphere Command-Line Interface
Installation and Reference Guide.
The path information includes the SATP assigned to manage the device, the path selection policy (PSP), and
a list of paths with their physical characteristics, such as an adapter and target each path uses, and the status
of each path. The following path status information can appear:
Active Paths available for issuing I/O to a LUN. A single or multiple working paths
currently used for transferring data are marked as Active (I/O).
NOTE For hosts that run ESX/ESXi 3.5 or earlier, the term active means the only
path that the host is using to issue I/O to a LUN.
Standby The path is operational and can be used for I/O if active paths fail.
Broken The software cannot connect to the disk through this path.
If you are using the Fixed path policy, you can see which path is the preferred path. The preferred path is
marked with an asterisk (*) in the Preferred column.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
4 From the list of configured datastores, select the datastore whose paths you want to view or configure.
The Details panel shows the total number of paths being used to access the device and whether any of
them are broken or disabled.
5 Click Properties > Manage Paths to open the Manage Paths dialog box.
You can use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and
specify the preferred path.
62 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed on
your host, its policy also appears on the list.
Fixed (VMware) The host always uses the preferred path to the disk when that path is available.
If the host cannot access the disk through the preferred path, it tries the
alternative paths. The default policy for active-active storage devices is Fixed.
Most Recently Used The host uses a path to the disk until the path becomes unavailable. When the
(VMware) path becomes unavailable, the host selects one of the alternative paths. The host
does not revert back to the original path when that path becomes available
again. There is no preferred path setting with the MRU policy. MRU is the
default policy for active-passive storage devices and is required for those
devices.
Round Robin (VMware) The host uses an automatic path selection algorithm rotating through all
available paths. This implements load balancing across all the available
physical paths.
Load balancing is the process of spreading server I/O requests across all
available host paths. The goal is to optimize performance in terms of
throughput (I/O per second, megabytes per second, or response times).
Table 5-4 summarizes how the behavior of host changes, depending on the type of array and the failover policy.
Most Recently Used Administrator action is required to fail back Administrator action is required to fail back
after path failure. after path failure.
Fixed VMkernel resumes using the preferred path VMkernel attempts to resume using the
when connectivity is restored. preferred path. This can cause path thrashing
or failure when another SP now owns the LUN.
VMware, Inc. 63
iSCSI SAN Configuration Guide
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed
on your host, its policy also appears on the list.
n Fixed (VMware)
n Most Recently Used (VMware)
n Round Robin (VMware)
3 For the fixed policy, specify the preferred path by right-clicking the path you want to assign as the
preferred path, and selecting Preferred.
Disable Paths
You can temporarily disable paths for maintenance or other reasons. You can do so using the vSphere Client.
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
2 In the Paths panel, right-click the path to disable, and select Disable.
You can also disable a path from the adapter’s Paths view by right-clicking the path in the list and selecting
Disable.
If a path fails, the surviving paths carry all the traffic. Path failover might take a minute or more, because the
SAN might converge with a new topology to try to restore service. This delay is necessary to allow the SAN
to stabilize its configuration after topology changes.
With active/active storage arrays, you can configure your ESX/ESXi host to load balance traffic across multiple
adapters by assigning preferred paths to your LUNs. Path policy must be set to Fixed.
The following example demonstrates how manual load balancing is performed with an active/active array.
64 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
HBA1 HBA2
IP network
SP1 SP2
1 2 3 4
storage array
With active/passive arrays, you can perform load balancing if the array supports two active paths and the HBA
ports can access both SPs in an array.
NOTE Active/passive arrays use the MRU path policy which does not have a preferred path. If a path failure
occurs, there is no failback. As a result, static load balancing can become out of balance over time.
Path failover occurs when the active path to a LUN is changed from one path to another, usually because of
some SAN component failure along the current path.
I/O might pause for 30 to 60 seconds until the iSCSI driver determines that the link is unavailable and until
failover is complete. As a result, the virtual machines (with their virtual disks installed on SAN storage) can
appear unresponsive. If you attempt to display the host, its storage devices, or its adapter, the operation might
appear to stall. After failover is complete, I/O resumes normally.
In case of multiple breakages, all connections to SAN storage devices might be lost. If none of the connections
to the storage device is working, some virtual machines might encounter I/O errors on their virtual SCSI disks.
For Windows 2000 and Windows Server 2003 guest operating systems, you can set operating system timeout
by fusing the registry.
Procedure
VMware, Inc. 65
iSCSI SAN Configuration Guide
5 Select the TimeOutValue and set the data value to x03c (hexadecimal) or 60 (decimal).
After you make this change, Windows waits at least 60 seconds for delayed disk operations to complete
before it generates errors.
If more than one ESX/ESXi system uses the same LUN as the diagnostic partition, that LUN must be zoned so
that all the servers can access it.
Each server needs 100MB of space, so the size of the LUN determines how many servers can share it. Each
ESX/ESXi system is mapped to a diagnostic slot. VMware recommends at least 16 slots (1600MB) of disk space
if servers share a diagnostic partition.
If there is only one diagnostic slot on the device, all ESX/ESXi systems sharing that device map to the same
slot. This setup can easily create problems. If two ESX/ESXi systems perform a core dump at the same time,
the core dumps are overwritten on the last slot on the diagnostic partition.
If you allocate enough disk space for 16 slots, it is unlikely that core dumps are mapped to the same location
on the diagnostic partition, even if two ESX/ESXi systems perform a core dump at the same time.
You should observe these tips for avoiding and resolving problems with your SAN configuration:
n Place only one VMFS datastore on each LUN. Multiple VMFS datastores on one LUN is not recommended.
n Do not change the path policy the system sets for you unless you understand the implications of making
such a change. In particular, working with an active-passive array and setting the path policy to Fixed can
lead to path thrashing.
n Document everything. Include information about configuration, access control, storage, switch, server
and iSCSI HBA configuration, software and firmware versions, and storage cable plan.
n Plan for failure:
n Make several copies of your topology maps. For each element, consider what happens to your SAN
if the element fails.
n Cross off different links, switches, HBAs and other elements to ensure you did not miss a critical
failure point in your design.
n Ensure that the iSCSI HBAs are installed in the correct slots in the ESX/ESXi host, based on slot and bus
speed. Balance PCI bus load among the available busses in the server.
n Become familiar with the various monitor points in your storage network, at all visibility points, including
ESX/ESXi performance charts, Ethernet switch statistics, and storage performance statistics.
n Be cautious when changing IDs of the LUNs that have VMFS datastores being used by your ESX/ESXi
host. If you change the ID, virtual machines running on the VMFS datastore will fail.
If there are no running virtual machines on the VMFS datastore, after you change the ID of the LUN, you
must use rescan to reset the ID on your host. For information on using rescan, see “Rescan Storage
Adapters,” on page 60.
66 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
If the network environment is properly configured, the iSCSI components provide adequate throughput and
low enough latency for iSCSI initiators and targets. If the network is congested and links, switches or routers
are saturated, iSCSI performance suffers and might not be adequate for ESX/ESXi environments.
If issues occur with storage system performance, consult your storage system vendor’s documentation for any
relevant information.
When you assign LUNs, remember that you can access each LUN through a number of ESX/ESXi hosts, and
that a number of virtual machines can run on each host. One LUN used by an ESX/ESXi host can service I/O
from many different applications running on different operating systems. Because of this diverse workload,
the RAID group that contains the ESX/ESXi LUNs should not include LUNs that other hosts use that are not
running ESX/ESXi for I/O intensive applications.
Load balancing is the process of spreading server I/O requests across all available SPs and their associated host
server paths. The goal is to optimize performance in terms of throughput (I/O per second, megabytes per
second, or response times).
SAN storage systems require continual redesign and tuning to ensure that I/O is load balanced across all storage
system paths. To meet this requirement, distribute the paths to the LUNs among all the SPs to provide optimal
load balancing. Close monitoring indicates when it is necessary to manually rebalance the LUN distribution.
Tuning statically balanced storage systems is a matter of monitoring the specific performance statistics (such
as I/O operations per second, blocks per second, and response time) and distributing the LUN workload to
spread the workload across all the SPs.
Server Performance
You must consider several factors to ensure optimal server performance.
Each server application must have access to its designated storage with the following conditions:
n High I/O rate (number of I/O operations per second)
n High throughput (megabytes per second)
n Minimal latency (response times)
Because each application has different requirements, you can meet these goals by choosing an appropriate
RAID group on the storage system. To achieve performance goals, perform the following tasks:
n Place each LUN on a RAID group that provides the necessary performance levels. Pay attention to the
activities and resource utilization of other LUNS in the assigned RAID group. A high-performance RAID
group that has too many applications doing I/O to it might not meet performance goals required by an
application running on the ESX/ESXi host.
n Provide each server with a sufficient number of network adapters or iSCSI hardware adapters to allow
maximum throughput for all the applications hosted on the server for the peak period. I/O spread across
multiple ports provides higher throughput and less latency for each application.
VMware, Inc. 67
iSCSI SAN Configuration Guide
n To provide redundancy for software iSCSI, make sure the initiator is connected to all network adapters
used for iSCSI connectivity.
n When allocating LUNs or RAID groups for ESX/ESXi systems, multiple operating systems use and share
that resource. As a result, the performance required from each LUN in the storage subsystem can be much
higher if you are working with ESX/ESXi systems than if you are using physical machines. For example,
if you expect to run four I/O intensive applications, allocate four times the performance capacity for the
ESX/ESXi LUNs.
n When using multiple ESX/ESXi systems in conjunction with vCenter Server, the performance needed from
the storage subsystem increases correspondingly.
n The number of outstanding I/Os needed by applications running on an ESX/ESXi system should match
the number of I/Os the SAN can handle.
Network Performance
A typical SAN consists of a collection of computers connected to a collection of storage systems through a
network of switches. Several computers often access the same storage.
Figure 5-2 shows several computer systems connected to a storage system through an Ethernet switch. In this
configuration, each system is connected through a single Ethernet link to the switch, which is also connected
to the storage system through a single Ethernet link. In most configurations, with modern switches and typical
traffic, this is not a problem.
When systems read data from storage, the maximum response from the storage is to send enough data to fill
the link between the storage systems and the Ethernet switch. It is unlikely that any single system or virtual
machine gets full use of the network speed, but this situation can be expected when many systems share one
storage device.
When writing data to storage, multiple systems or virtual machines might attempt to fill their links. As
Figure 5-3 shows, when this happens, the switch between the systems and the storage system has to drop data.
This happens because, while it has a single connection to the storage device, it has more traffic to send to the
storage system than a single link can carry. In this case, the switch drops network packets because the amount
of data it can transmit is limited by the speed of the link between it and the storage system.
1 Gbit
1 Gbit
1 Gbit
dropped packets
68 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Recovering from dropped network packets results in large performance degradation. In addition to time spent
determining that data was dropped, the retransmission uses network bandwidth that could otherwise be used
for current transactions.
iSCSI traffic is carried on the network by the Transmission Control Protocol (TCP). TCP is a reliable
transmission protocol that ensures that dropped packets are retried and eventually reach their destination.
TCP is designed to recover from dropped packets and retransmits them quickly and seamlessly. However,
when the switch discards packets with any regularity, network throughput suffers significantly. The network
becomes congested with requests to resend data and with the resent packets, and less data is actually
transferred than in a network without congestion.
Most Ethernet switches can buffer, or store, data and give every device attempting to send data an equal chance
to get to the destination. This ability to buffer some transmissions, combined with many systems limiting the
number of outstanding commands, allows small bursts from several systems to be sent to a storage system in
turn.
If the transactions are large and multiple servers are trying to send data through a single switch port, a switch's
ability to buffer one request while another is transmitted can be exceeded. In this case, the switch drops the
data it cannot send, and the storage system must request retransmission of the dropped packet. For example,
if an Ethernet switch can buffer 32KB on an input port, but the server connected to it thinks it can send 256KB
to the storage device, some of the data is dropped.
Most managed switches provide information on dropped packets, similar to the following:
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
In this example from a Cisco switch, the bandwidth used is 476303000 bits/second, which is less than half of
wire speed. In spite of this, the port is buffering incoming packets and has dropped quite a few packets. The
final line of this interface summary indicates that this port has already dropped almost 10,000 inbound packets
in the IQD column.
Configuration changes to avoid this problem involve making sure several input Ethernet links are not funneled
into one output link, resulting in an oversubscribed link. When a number of links transmitting near capacity
are switched to a smaller number of links, oversubscription is a possibility.
Generally, applications or systems that write a lot of data to storage, such as data acquisition or transaction
logging systems, should not share Ethernet links to a storage device. These types of applications perform best
with multiple connections to storage devices.
Figure 5-4 shows multiple connections from the switch to the storage.
1 Gbit
1 Gbit
1 Gbit
1 Gbit
VMware, Inc. 69
iSCSI SAN Configuration Guide
Using VLANs or VPNs does not provide a suitable solution to the problem of link oversubscription in shared
configurations. VLANs and other virtual partitioning of a network provide a way of logically designing a
network, but do not change the physical capabilities of links and trunks between switches. When storage traffic
and other network traffic end up sharing physical connections, as they would with a VPN, the possibility for
oversubscription and lost packets exists. The same is true of VLANs that share interswitch trunks. Performance
design for a SANs must take into account the physical limitations of the network, not logical allocations.
You can also use the resxtop vSphere CLI command that allows you to examine how ESX/ESXi hosts use
resources. For information about resxtop, see the Resource Management Guide or vSphere Command-Line Interface
Installation and Reference Guide.
Switches that have ports operating near maximum throughput much of the time do not provide optimum
performance. If you have ports in your iSCSI SAN running near the maximum, reduce the load. If the port is
connected to an ESX/ESXi system or iSCSI storage, you can reduce the load by using manual load balancing.
If the port is connected between multiple switches or routers, consider installing additional links between these
components to handle more load. Ethernet switches also commonly provide information about transmission
errors, queued packets, and dropped Ethernet packets. If the switch regularly reports any of these conditions
on ports being used for iSCSI traffic, performance of the iSCSI SAN will be poor.
Only specific SAN configurations in conjunction with the following conditions can cause the path thrashing:
n You are working with an active-passive array. Path thrashing only occurs on active-passive arrays. For
active-active arrays or arrays that provide transparent failover, path thrashing does not occur.
n Two hosts access the same LUN using different storage processors (SPs). For example, the LUN is
configured to use the Fixed PSP. On Host A, the preferred path to the LUN is set to use a path through SP
A. On Host B, the preferred path to the LUN is configured to use a path through SP B.
Path thrashing can also occur if the LUN is configured to use either the Fixed PSP or the MRU PSP and Host
A can access the LUN only with paths through SP A, while Host B can access the LUN only with paths through
SP B.
This problem can also occur on a direct connect array (such as AX100) with HBA failover on one or more nodes.
Path thrashing is a problem that you typically do not experience with other operating systems:
n No other common operating system uses shared LUNs for more than two servers. That setup is typically
reserved for clustering.
n If only one server is issuing I/Os to the LUN at a time, path thrashing does not become a problem.
In contrast, multiple ESX/ESXi systems might issue I/O to the same LUN concurrently.
70 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
For active/passive arrays, only one LUN at a time can access all the sectors on the storage that make up a given
LUN. The ownership is passed between the storage processors. Storage systems use caches and SP A must not
write anything to disk that invalidates the SP B cache. Because the SP has to flush the cache when it finishes
the operation, it takes a little time to move the ownership. During that time, neither SP can process I/O to the
LUN.
For active/active arrays, the algorithms allow more fine-grained access to the storage and synchronize caches.
Access can happen concurrently through any SP without extra time required.
Path thrashing can occur as a result of the following path choice: If server A can reach a LUN only through
one SP, and server B can reach the same LUN only through a different SP, they both continually cause the
ownership of the LUN to move between the two SPs, effectively ping-ponging the ownership of the LUN.
Because the system moves the ownership quickly, the storage array cannot process any I/O (or can process
only very little). As a result, any servers that depend on the LUN will experience low throughput due to
the long time it takes to complete each I/O request.
Procedure
1 Ensure that all hosts sharing the same set of LUNs on the active-passive arrays use the same storage
processor.
2 Correct any cabling inconsistencies between different ESX/ESXi hosts and SAN targets so that all HBAs
see the same targets in the same order.
3 Configure the path to use the Most Recently Used PSP (the default).
This limit does not apply when only one virtual machine is active on a LUN. In that case, the bandwidth is
limited by the queue depth of the storage adapter.
VMware, Inc. 71
iSCSI SAN Configuration Guide
Procedure
2 Click the Configuration tab and click Advanced Settings under Software.
4 Change the parameter value to the number of your choice and click OK.
This change can impact disk bandwidth scheduling, but experiments have shown improvements for disk-
intensive workloads.
What to do next
If you adjust this value in the VMkernel, you might also want to adjust the queue depth in your storage adapter.
Examples of operations that require getting file locks or metadata locks include:
n Virtual machine power on.
n VMotion.
n Virtual machines running with virtual disk snapshots.
n File operations that require opening files or doing metadata updates.
Performance degradation can occur if such operations occur frequently on multiple servers accessing the same
VMFS. For instance, VMware recommends that you do not run many virtual machines from multiple servers
that are using virtual disk snapshots on the same VMFS. Limit the number of VMFS file operations when many
virtual machines run on the VMFS.
The iscsi_max_lun_queue parameter is used to set the maximum outstanding commands, or queue depth, for
each LUN accessed through the software iSCSI adapter. The default is 32, and the valid range is 1 to 255.
CAUTION Setting the queue depth higher than the default can decrease the total number of LUNs supported.
72 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Include a recovery-time objective for each application when you design your backup strategy. That is, consider
the time and resources necessary to reprovision the data. For example, if a scheduled backup stores so much
data that recovery requires a considerable amount of time, examine the scheduled backup. Perform the backup
more frequently, so that less data is backed up at a time and the recovery time decreases.
If a particular application requires recovery within a certain time frame, the backup process needs to provide
a time schedule and specific data processing to meet this requirement. Fast recovery can require the use of
recovery volumes that reside on online storage to minimize or eliminate the need to access slow offline media
for missing data components.
Snapshot Software
Snapshot software allows an administrator to make an instantaneous copy of any single virtual disk defined
within the disk subsystem.
VMware, Inc. 73
iSCSI SAN Configuration Guide
If you are using third-party backup software, make sure that the software is supported with ESX/ESXi hosts.
If you use snapshots to back up your data, consider the following points:
n Some vendors support snapshots for both VMFS and RDMs. If both are supported, you can make either
a snapshot of the whole virtual machine file system for a host, or snapshots for the individual virtual
machines (one per disk).
n Some vendors support snapshots only for a setup using RDM. If only RDM is supported, you can make
snapshots of individual virtual machines.
Layered Applications
SAN administrators customarily use specialized array-based software for backup, disaster recovery, data
mining, forensics, and configuration testing.
Storage providers typically supply two types of advanced services for their LUNs: snapshotting and
replication.
When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based or host-
based tools are more suitable for your particular situation.
When you consider an array-based solution, keep in mind the following points:
n Array-based solutions usually result in more comprehensive statistics. With RDM, data always takes the
same path, which results in easier performance management.
n Security is more transparent to the storage administrator when you use RDM and an array-based solution
because with RDM, virtual machines more closely resemble physical machines.
n If you use an array-based solution, physical compatibility RDMs are often used for the storage of virtual
machines. If you do not intend to use RDM, check the storage vendor documentation to see if operations
on LUNs with VMFS volumes are supported. If you use array operations on VMFS LUNs, carefully read
the section on resignaturing.
When you consider a file-based solution that uses VMware tools and VMFS instead of the array tools, be aware
of the following points:
n Using VMware tools and VMFS is better for provisioning. One large LUN is allocated and multiple .vmdk
files can be placed on that LUN. With RDM, a new LUN is required for each virtual machine.
n Snapshotting is included with your ESX/ESXi host at no extra cost. The file-based solution is therefore
more cost-effective than the array-based solution.
74 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Each VMFS datastore created in a LUN has a unique UUID that is stored in the file system superblock. When
the LUN is replicated or snapshotted, the resulting LUN copy is identical, byte-for-byte, with the original LUN.
As a result, if the original LUN contains a VMFS datastore with UUID X, the LUN copy appears to contain an
identical VMFS datastore, or a VMFS datastore copy, with exactly the same UUID X.
ESX/ESXi can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore
copy with its original UUID or change the UUID, thus resignaturing the datastore.
For example, you can maintain synchronized copies of virtual machines at a secondary site as part of a disaster
recovery plan. In the event of a disaster at the primary site, you can mount the datastore copy and power on
the virtual machines at the secondary site.
IMPORTANT You can mount a VMFS datastore only if it does not collide with an already mounted VMFS
datastore that has the same UUID.
When you mount the VMFS datastore, ESX/ESXi allows both reads and writes to the datastore residing on the
LUN copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system
reboots.
Because ESX/ESXi does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.
Prerequisites
Before you mount a VMFS datastore, perform a storage rescan on your host so that it updates its view of LUNs
presented to it.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
VMware, Inc. 75
iSCSI SAN Configuration Guide
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
If you later want to resignature the mounted datastore, you must unmount it first.
Unmount Datastores
When you unmount a datastore, it remains intact, but can no longer be seen from the hosts that you specify.
It continues to appear on other hosts, where it remains mounted.
Procedure
3 If the datastore is shared, specify which hosts should no longer access the datastore.
a If needed, deselect the hosts where you want to keep the datastore mounted.
b Click Next.
c Review the list of hosts from which to unmount the datastore, and click Finish.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID>
is an integer and <oldLabel> is the label of the original datastore.
When you perform datastore resignaturing, consider the following points:
n Datastore resignaturing is irreversible.
n The LUN copy that contains the VMFS datastore that you resignature is no longer treated as a LUN copy.
n A spanned datastore can be resignatured only if all its extents are online.
n The resignaturing process is crash and fault tolerant. If the process is interrupted, you can resume it later.
n You can mount the new VMFS datastore without a risk of its UUID colliding with UUIDs of any other
datastore, such as an ancestor or child in a hierarchy of LUN snapshots.
76 VMware, Inc.
Chapter 5 Managing ESX/ESXi Systems That Use SAN Storage
Prerequisites
Before you resignature a VMFS datastore, perform a storage rescan on your host so that the host updates its
view of LUNs presented to it and discovers any LUN copies.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
6 Under Mount Options, select Assign a New Signature and click Next.
7 In the Ready to Complete page, review the datastore configuration information and click Finish.
What to do next
VMware, Inc. 77
iSCSI SAN Configuration Guide
78 VMware, Inc.
iSCSI SAN Configuration Checklist A
This topic provides a checklist of special setup requirements for different storage systems and ESX/ESXi hosts.
All storage systems Write cache must be disabled if not battery backed.
Topology No single failure should cause HBA and SP failover, especially with active-passive storage
arrays.
EMC Symmetrix Enable the SPC2 and SC3 settings. Contact EMC for the latest settings.
EMC Clariion Set the Advanced Setting for the ESX/ESXi host.
All Initiator records must have:
n Failover Mode = 1
n Initiator Type = Clariion Open
n Array CommPath = “Enabled” or 1
HP EVA For EVA3000/5000 firmware 4.001 and later, and EVA4000/6000/8000 firmware 5.031 and later,
set the host type to VMware.
Otherwise, set the host mode type to Custom. The value is:
n EVA3000/5000 firmware 3.x: 000000002200282E
n EVA4000/6000/8000: 000000202200083E
NetApp If any of your iSCSI initiators are a part of an initiator group (igroup), disable ALUA on the
NetApp array.
ESX/ESXi Configuration Set the following Advanced Settings for the ESX/ESXi host:
n Set Disk.UseLunReset to 1
n Set Disk.UseDeviceReset to 0
A multipathing policy of Most Recently Used must be set for all LUNs hosting clustered disks
for active-passive arrays. A multipathing policy of Most Recently Used or Fixed may be set
for LUNs on active-active arrays.
Allow ARP redirection if the storage system supports transparent failover.
VMware, Inc. 79
iSCSI SAN Configuration Guide
80 VMware, Inc.
VMware vSphere Command-Line
Interface B
In most cases, the vSphere Client is well-suited for monitoring an ESX/ESXi host connected to SAN storage.
Advanced users might, at times, want to use some VMware vSphere Command-Line Interface (vSphere CLI)
commands for additional details.
For more information, see VMware vSphere Command-Line Interface Installation and Reference Guide.
resxtop Command
The resxtop command provides a detailed look at ESX/ESXi resource use in real time.
For detailed information about resxtop, see the Resource Management Guide and VMware vSphere Command-Line
Interface Installation and Reference Guide.
vicfg-iscsi Command
The vicfg-iscsi command allows you to configure software or hardware iSCSI on ESX/ESXi hosts, set up
CHAP parameters, and set up iSCSI networking.
For details, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
vicfg-mpath Command
Use the vicfg-mpath command to view information about storage devices, paths, and multipathing plugins.
For details, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
For details, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
VMware, Inc. 81
iSCSI SAN Configuration Guide
vmkping Command
The vmkping command allows you to verify the VMkernel networking configuration.
Usage example:
vmkping [options] [host|IP address]
82 VMware, Inc.
Managing Storage Paths and
Multipathing Plugins C
Use the vSphere CLI to manage the Pluggable Storage Architecture (PSA) multipathing plugins and storage
paths assigned to them.
You can use the vSphere CLI to display all multipathing plugins available on your host. You can list any third-
party MPPs, as well as your host's NMP and SATPs and review the paths they claim. You can also define new
paths and specify which multipathing plugin should claim the paths.
For more information about additional commands available to manage PSA, see the vSphere Command-Line
Interface Installation and Reference Guide.
Claim rules indicate which multipathing plugin, the NMP or any third-party MPP, manages a given physical
path. Each claim rule identifies a set of paths based on the following parameters:
n Vendor/model strings
n Transportation, such as SATA, IDE, Fibre Channel, and so on
n Adapter, target, or LUN location
n Device driver, for example, Mega-RAID
VMware, Inc. 83
iSCSI SAN Configuration Guide
Procedure
u Use the esxcli corestorage claimrule list to list claim rules.
Example C-1. Sample Output of the esxcli corestorage claimrule list Command
Procedure
u To list all multipathing modules, run the following command:
where <server> is your vSphere CLI administration server. You might be prompted for a user name and
password.
At a minimum, this command returns the NMP module. If any third-party MPPs have been loaded, they are
listed as well.
84 VMware, Inc.
Appendix C Managing Storage Paths and Multipathing Plugins
MPP_1
MPP_2
MPP_3
MASK_PATH
NMP
Procedure
u To list all VMware SATPs, run the following command.
For each SATP, the command displays information that shows the type of storage array or system this SATP
supports and the default PSP for any LUNs using this SATP.
Example C-3. Sample Output of the esxcli nmp satp list Command
Procedure
VMware, Inc. 85
iSCSI SAN Configuration Guide
You add a new PSA claim rule when, for example, you load a new multipathing plugin (MPP) and need to
define which paths this module should claim. You may need to create a new claim rule if you add new paths
and want an existing MPP to claim them.
CAUTION When creating new claim rules, be careful to avoid a situation when different physical paths to the
same LUN are claimed by different MPPs. Unless one of the MPPs is the MASK_PATH MPP, this configuration
will cause performance errors.
Procedure
1 To define a new claim rule, on the vSphere CLI, run the following command:
For information on the options that the command requires, see “esxcli corestorage Command-Line
Options,” on page 89.
2 To load the new claim rule into your system, run the following command:
This command has no options. It loads all newly created claim rules from your system's configuration file.
If you now run the esxcli corestorage claimrule list command, you can see the new claim rule appearing
on the list.
NOTE The two lines for the claim rule, one with the Class of runtime another with the Class of file, indicate
that the new claim rule has been loaded into the system and is active.
86 VMware, Inc.
Appendix C Managing Storage Paths and Multipathing Plugins
Procedure
For information on the options that the command takes, see “esxcli corestorage Command-Line Options,”
on page 89.
NOTE By default, the PSA claim rule 101 masks Dell array pseudo devices. Do not delete this rule, unless
you want to unmask these devices.
Mask Paths
You can prevent the ESX/ESXi host from accessing storage devices or LUNs or from using individual paths to
a LUN. Use the vSphere CLI commands to mask the paths.
When you mask paths, you create claim rules that assign the MASK_PATH plugin to the specified paths.
Procedure
The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200. If this command
shows that rule 101 and 102 already exist, you can specify 103 for the rule to add.
2 Assign the MASK_PATH plugin to a path by creating a new claim rule for the plugin.
5 If a claim rule for the masked path exists, remove the rule.
After you assign the MASK_PATH plugin to a path, the path state becomes irrelevant and is no longer
maintained by the host. As a result, commands that display the masked path's information might show the
path state as dead.
VMware, Inc. 87
iSCSI SAN Configuration Guide
Unmask Paths
When you need the host to access the masked storage device, unmask the paths to the device.
Procedure
1 Unmask a path to the storage device by running the esxcli corestorage claiming unclaim command.
For example:
2 Load path claiming rules into the VMkernel by running the esxcli corestorage claimrule load
command.
3 Run the path claiming rules by entering the esxcli corestorage claimrule run.
Your host can now access the previously masked storage device.
You might need to create a new SATP rule when you install a third-party SATP for a specific storage array.
Procedure
1 To add a claim rule for a specific SATP, run the following command.
88 VMware, Inc.
Appendix C Managing Storage Paths and Multipathing Plugins
Use the following options for <rule_parameter>. The -V and -M options can be used at the same time. They
cannot be used in conjunction with the -R or -D options.
NOTE When searching the SATP rules to locate an SATP for a given device, the NMP searches the driver
rules first. If there is no match, the vendor/model rules are searched, and finally the transport rules. If
there is still no match, NMP selects a default SATP for the device.
n -D <driver> -- Driver string to set when adding the SATP claim rule.
n -V <vendor> -- Vendor string to set when adding the SATP claim rule.
n -M <model> -- Model string to set when adding the SATP claim rule.
n -R <transport> -- Transport type string to set when adding the SATP claim rule.
n -o <option> -- Claim option string to set when adding the SATP claim rule. This string is passed to
the SATP when the SATP claims a path. The contents of this string, and how the SATP behaves as a
result, are unique to each SATP. For example, some SATPs support the claim option strings tpgs_on
and tpgs_off. If tpgs_on is specified, the SATP will claim the path only if the ALUA Target Port Group
support is enabled on the storage device.
2 To delete a rule from the list of claim rules for the specified SATP, run the following command. You can
run this command with the same options you used for addrule.
If you run the esxcli nmp satp listrules -s VMW_SATP_INV command, you can see the new rule added to the
list of VMW_SATP_INV rules.
Name Vendor Model Driver Transport Options Claim Options Description
VMW_SATP_INV EMC Invista
VMW_SATP_INV EMC LUNZ Invista LUNZ
VMW_SATP_INV NewVend NewMod
Table C-1 lists options available for the esxcli corestorage commands.
VMware, Inc. 89
iSCSI SAN Configuration Guide
90 VMware, Inc.
Index
VMware, Inc. 91
iSCSI SAN Configuration Guide
F J
failover jumbo frames, enabling 34
I/O delay 23
transparent 11 L
failover paths, status 62 layered applications 74
failure, server 25 LeftHand Networks SAN/iQ storage systems 49
file-based (VMFS) solution 74 Linux Cluster host type 44
FilerView 47 Linux host type 44
finding information 14 load balancing, manual 64
Fixed path policy, path thrashing 70 locations of virtual machines 24
lower-tier storage 24
H LUN decisions
hardware iSCSI, and failover 22 adaptive scheme 18
hardware iSCSI initiator, changing iSCSI predictive scheme 17
name 29 LUN discovery, VMkernel 26
hardware iSCSI initiators
LUN not visible, SP visibility 59
configuring 28
LUNs
installing 29 allocations 28
setting up discovery addresses 35 can't see 59
setting up naming parameters 29 changing number scanned 61
viewing 29 creating, and rescan 59, 60
header digests 13 decisions 17
high-tier storage 24 display and rescan 26
host type 44 making changes and rescan 60
HP StorageWorks masking 87
EVA 46
masking changes and rescan 59, 60
MSA 45
multipathing policy 63
number scanned 61
I
one VMFS volume per 27
I/O delay 23, 27
setting multipathing policy 63
IP address 10
sparse 61
iSCSI alias 10
iSCSI HBA, alias 29
iSCSI initiators
M
advanced parameters 40 maintenance 14
configuring advanced parameters 41 manual load balancing 64
configuring CHAP 37 masking LUNs 87
hardware 10, 28 metadata updates 16
setting up CHAP parameters 37 mid-tier storage 24
software 10 Most Recently Used path policy, path
thrashing 70
viewing in vSphere Client 55
iSCSI names, conventions 12 mounting VMFS datastores 75
92 VMware, Inc.
Index
MPPs paths
displaying 84 disabling 64
See also multipathing plugins masking 87
MRU path policy 63 preferred 62
MSA (HP StorageWorks) 45 performance
MTU 35 checking Ethernet switch statistics 70
multipathing issues 70
activating for software iSCSI 33 network 68
active paths 62 optimizing 67
broken paths 62 SCSI reservations 16
disabled paths 62 storage system 67
standby paths 62 Pluggable Storage Architecture 19
viewing the current state of 62 port binding 22, 30
multipathing plugins, path claiming 61 port redirection 23
multipathing policy 63 predictive scheme 17
multipathing state 62 preferred path 62
mutual CHAP 37 prioritizing virtual machines 18
problems
N avoiding 66
Native Multipathing Plugin 19, 20 performance 70
NetApp visibility 59
provisioning storage on CLI 48 PSA, See Pluggable Storage Architecture
provisioning storage on FilerView 47 PSPs, See Path Selection Plugins
NetApp storage system 47
network performance 68 Q
network virtualization 8 queue depth 27, 72
networking, configuring 28
NFS datastores, unmounting 76 R
NICs, mapping to ports 32 refresh 60
NMP, path claiming 61 rescan
number of outstanding disk requests 71 LUN creation 59, 60
LUN display 26
O LUN masking 59
one-way CHAP 37 path masking 60
outstanding disk requests 71 when path is down 60
reservations, reducing SCSI reservations 72
P resolving problems 66
passive disk arrays, path thrashing 71
resxtop command 81
path claiming 61
Round Robin path policy 21, 63
path failover
array-based 23
S
host-based 22 SAN
path failure rescan 60 backup considerations 73
path management 19, 64 server failover 25
path policies specifics 15
changing defaults 64 SAN management software 15
Fixed 21, 23, 63 SAN restrictions, when working with ESX/
Most Recently Used 21, 63 ESXi 28
MRU 63 SAN storage performance, optimizing 67
Round Robin 21, 63 SAN storage, benefits 13
path policy reset, active-passive disk array 66 SANs, accessing 18
Path Selection Plugins 21 SATP rules, adding 88
path thrashing, resolving 71 scanning, changing number 61
VMware, Inc. 93
iSCSI SAN Configuration Guide
94 VMware, Inc.