ZOOM

TECHNOLOGIES

Course Presentation
0
 VMware Vsphere
Certification Mapped Course

Course Presentation

0
 ©2015 Zoom Technologies India Pvt. Ltd.

All rights reserved. No part of this book or related material may be reproduced in
any form or by any means without prior permission from Zoom Technologies India
Pvt. Ltd. All precautions have been take to make this book and related material
error-free. However, Zoom Technologies India Pvt. Ltd. is not liable for any errors or
omissions. The contents of this book are subject to change without notice.
DISCLAIMER: VMWARE, VSPHERE, VCENTER, VMOTION are registered
trademarks of VMware Inc.

0
 VMware vSphere ZOOM
vSphere Product Suite Components:
u
\jEC H NOLOSIES.

• ESX/ESXi
• vSphere Client
• Web Client
• vCenter Server
• Update Manager
• vSphere Data Protection
• vShield End Point
• vCenter Standalone Converter
• vCU, vMA

ii

0 1
 ZOOM
History of ESX/ESXi

• First Release 2001, ESX1.0

ll
^TECHNOLOGIES

• ESXi Release 2006-2007, ESXi3.0

• vSphere 4.0 Release 2009, ESX/ESXi4.0
• vSphere 4.1 Release 2010, ESX/ESXi4.1
• vSphere 5.0 Release 2011, Only ESXi5.0
• vSphere 5.1 Release 2012, ESXi5.1
• vSphere 5.5 Release 2013, ESXi5.5
• vSphere 6.0 Release 2015, ESXi6.0

Difference Between ESX & ESXi

ESX 4.0 ESXi 4.0

ZOOM
'J
^TECHNOLOGIES,

VMkernel + Kernel RHEL Vmkernel

Installation Media 760MB 360MB (Approx)
Installation & Booting slow Installs & Boots Faster
More Patching Requirement Less patches
Less Secure More Secure

0 2
 ESXi4.0VMkernel Console Hidden, Basic configuration by DCUI, Managed only through
remote management tools.
• ESXi4.1 VMkernel Console Open, Known as Tech support Mode, Should be enabled in
DCUI
• ESXiS.O VMkernel Console, Known as shell access, Should be enabled in DCUI, Firewall
introduced.

Virtual Machine

* Functionally Equal to a Physical Machine

ZOOM
u
^TECHNOLOGIES,

* Virtual Hardware
• Supported OS can be installed
• Set of Files, stored in a folder

0 3
 ZOOM
Terminology

• ESXi Host (Physical Machine Running ESXi)

ll
^TECHNOLOGIES

• ESXi - Hypervisor (Virtualization layer)

• VM (Virtual Hardware)
• Guest OS (OS Installed on a VM)
• Applications (Run on Guest OS)

ESX/ESXi - File system ZOOM

^TECHNOLOGIES,

• VMFS - Virtual Machine File System

Features
• Clustered File System
• Distributed Locking

0 4
 ZOOM
Virtual Networking

• Virtual Network Adaptors

ll
^TECHNOLOGIES

• Virtual Switches
• VMs Get Connected to Virtual Switches
• Virtual Switches Get connected to Physical Network Adaptors
• Physical Network Adaptors get connected to Physical Switches

Virtual Datacenter Infrastructure

Servers
ZOOM
u
^TECHNOLOGIES,

Types of Servers
• Tower Servers
• Rack mount Servers
• Blade Servers
Network
• Ethernet
• Fiberoptic
• Switches, Routers, Firewalls
Centralized Storage
• SAN (Storage Area Network)
FC SAN, iSCSI SAN
• NAS (Network Attached Storage)

0 5
 Server Virtualization Software (Hypervisor) VMware vSphere
• Virtual Machines
• Virtual Networking
• Virtual Storage
Guest Operating Systems
Applications
Internet
• Leased Lines
• Broad band
• VPN (Virtual Private Network)
Cloud Computing Software
• VMware vCloud Director

0 6
 Resource Sharing ZOOM I
^JECHNOIOGIES^

• VMs Running on ESXi host are allocated a portion of Physical Resources

• Hypervisor Schedules VMs, allocates memory and schedules VMs to run on various
CPUs
• VMs share Network and Disk Bandwidth
• VMs can be allocated with specific resources
• Default setting, All VMs on an ESXi host receive an Equal share of resources

CPU Virtualization ZOOM

^TECHNOLOGIES

• Emphasizes Performance
* Hypervisor runs instructions when needed to make VMs operate as if they were
running directly on a Physical Machine
• Multiple VMs running on ESXi host may compete for CPU resources, ESXi host time-
slices the Physical processors across all VMs, each VM runs as if it has a specific
number of vCPUs.

0 7
 Virtualized Host Memory Usage

When a VM gets started Hypervisor creates a contiguous addressable memory space

ZOOM
'J
TECHNOLOGIES

for VM
• Memory space allocated is configured when the VM is created and has same
properties as that of virtual address space.
• This allows the hypervisor to protect the memory of each VM from being accessed by
others

VMFS I ZOOM I
TECHNOLOGIES^

• Clustered File System

• Distributed Locking
• VMFS uses distributed Journaling of its file system meta data changes to allow fast
recovery in the event of hardware failure
• VMFS is the foundation for vMotion, SVMotion, automated restart of VMs and FT
• VMFS provides an interface to storage resources to access the datastores on which
VMs reside
• VMFS datastore can be dynamically expanded with no down time
• VMFS stores all the files that makeup a VM in single directory

0 8
 * VMFS datastore uses a file structure similar to Linux/Unix
• Each datastore is mounted to folder
/
vmfs

volumes

Local SAN

0 9
 ZOOM
Installing ESXi

ESXi versions
ll
^TECHNOLOGIES

• Free version VMware vSphere Hypervisor

Licensed Versions
• VMware vSphere Standard
• VMware vSphere Enterprise
• VMware vSphere Enterprise Plus

How ESXi is Secure

• Memory Hardening
ZOOM
u
^TECHNOLOGIES,

• Kernel Module Security

• Trusted Platform Module

0 10
 Where can I Install ESXi ZOOM I
^TECHNOLOGIES^

Hard Disks
SAN LUNs
USB Devices
SD Cards
Directly in to the Memory (Embedded)

ESXi Hardware Requirements ZOOM

’J
VJECHNOLOGIES,

• 64 Bit Processor x86 (Min 2 Cores)

• (Intel Xeon/Nehalem, AMD Opteron + Virtualization Technology VT-X/AMD-V)
• RAM 4GB (Min)
• Ethernet Card
• (Min 1 Gigabit/10 Gigabit) Preferred More
• Storage Adaptors
• SCSI adaptor, FC adaptor, CNA, iSCSI adaptor. Internal RAID Controller
• Disks
• SATA, SCSI,SAS,FC LUN, iSCSI, RAID LUN

0 11
 ESXi Max Hardware Support

Up to 320 Logical CPUs (Cores or Hyperthreads)

ZOOM
'J
TECHNOLOGIES

• 512 VMs/Host
• 4TB RAM

Check HCG! For the Server Models, CPUs, Mother Boards, Controllers, Storage etc.

Installation of ESXi I ZOOM I

TECHNOLOGIES^

Have the ESXi ISO CD/DVD or USB Flash Drive

Boot the system
Make sure to select a disk which is not formatted with VMFS
vSphere 5.1 onwards uses GPT format this supports installation on disks>2TB up to
64TB
ESXi creates a 4GB Scratch partition and remaining space is formatted with VMFS-5
Scratch partition is used for storing temporary data including logs, diagnostic
information, and system swap.

0 12
 ZOOM
vSphere Client
^TECHNOLOGIES

It is a GUI used to connect to an ESXi host or vCenter Server to manage your vSphere
ll
infrastructure
Can be Installed from the vCenter Server installation media
Can be downloaded from the internet
vSphere Client is only for Windows

Virtual Machines

• VM is a set of discrete files

ZOOM
'J
^TECHNOLOGIES,

• Set of Virtual hardware

• Supported OS can be installed

0 13
 ZOOM
VM Files

• .vmx (configuration File)

ll
^TECHNOLOGIES

• .vmdk (Disk descriptor file)

• -flat.vmdk (Disk data file)
• .nvram (VM's BIOS file)
• .log (VM's current log file)
• .vswp (Swap files)
• .vmsd (Snapshot descriptive file)
• .vmsn (Snapshot state file)
• -delta.vmdk (Snapshot disk file)
• .vmtx (Template file)
• -rdm.vmdk ( Raw device map file)
• VM has additional lock file if it resides on NAS

VM Hardware

• Up to 64 vCPUs
ZOOM
u
^TECHNOLOGIES,

• Up to 1TB RAM
• Up to IONICS
• Up to 4 SCSI adaptors 15 devices/adaptor
• 1 IDE controller 4 devices
• 1 USB controller 20 devices
• Up to 3 parallel ports
• Up to 4 serial/com ports
• 1 Floppy controller 2 devices
• HD audio
• Hardware 3D
• Key board
• Mouse

0 14
 VM - Max CPU & RAM

Up to 64 vCPUs
ZOOM
'J
TECHNOLOGIES

This depends on the number of CPUs available on the host and the number of CPUs
the guest operating system supports
VMware vSphere Virtual Symmetric Multiprocessing: Configuring a VM with multiple
vCPUs
• Up to 1TB RAM
This depends on the amount of RAM configured on the VM (Max amount of physical
memory a VM can use)

Virtual Disk I ZOOM I

TECHNOLOGIES^

ESXi offers diff types of virtual SCSI adaptors:

• Bus Logic Parallel, LSI Logic Parallel, LSI Logic SAS and VMware Paravirtual
Types of Virtual Disks:
• Thick Provision Lazy Zeroed
• Thick Provision Eager Zeroed
• Thin Provision

0 15
 ZOOM
Virtual NIC

Fliexible
ll
^TECHNOLOGIES

* vlance: Emulated version of AMD79C970 Pcnet LANCE NIC supported by most 32 bit guest OS Except vista and later
* vmxnet: Optimized for performance Functional only after the Installtion of Vmware Tools
E1000

* Emulated version of Intel 8254EM Gigabit, drivers available in XP and later guest OS and Linux 2.4.19 and Later,
Default for 64 Bit guest OS.
• Required for VLAN guest tagging support
ElOOOe
• Emulated version of Intel 82574L Gigabit
• elOOO or elOOOe depends on Guest OS
Vmxnet2
• Based on vmxnet, provides high performance features like jumbo frames and hardware off-loads
Vmxnet3
• Not related to vmxnet/vmxnet2, available only on VM hardware version 7 onwards, supported only on limited set
of guest OS, features like IPV6 support, multiqueue support and MSI/MSI-X interrupt delivery, supports FT.

VMware Tools

• Suite of Utilities
ZOOM
u
^TECHNOLOGIES,

• Features
- Replaces generic drivers with VMware drivers
- Device Drivers: SVGA display, vmxnet. Balloon Driver for Memory mgmt, Sync driver
for quiescing I/O, Improved mouse
- VM Heartbeat
- VMware Tools Service for Time Synchronization
- Ability to shut down VM
- Adds additional perfmon monitoring options
- 5.1 reduce reboots when upgrading to newer versions of VMware Tools

0 16
 Virtual Appliances (VA)

• A preconfigured VM with guest OS and the required software or application installed

designed for a specific task like a firewall, backup and recovery utility etc.,
• Deployed as an OVF template
• OVF is a platform independent, open packaging and distribution format for VMs
• Downloaded from VMware VA Marketplace
• Deployed using vSphere Client on vCenter Server or ESXi host inventory

vCenter Server

E 17
 ZOOM
vCenter Server

• It's a service
ll
^TECHNOLOGIES

• Central Administration point for ESXi hosts and VMs in your Infrastructure
• Can Manage Max 1000 hosts/vCenter
• Can Manage 10000 VMs Powered on, 15000 VMs Registered/vCenter
• Provides Advanced Features: VMware vSphere vMotion, SvMotion, DRS, HA and FT
• Multiple vCenter Server can be joined to a vCenter Server Linked Mode Group

vCenter Architecture

• VMware vSphere Client/Web Client

ZOOM
u
^TECHNOLOGIES,

• vCenter Server Database (Critical)

• vCenter SSO
• Active Directory Domain
• Hosts & VMs

0 18
 Communication Between vSphere Client ESXi Host & vCenter Server ZOOM
^TECHNOLOGIES
ll

vCenter Server Services ZOOM

K^JECHNOLOGIES,

• Core services
- Host & VM config, VM provisioning, Mgmt of resources & VMs, Tasks, scheduling,
statistics logging, Mgmt of alarms & events
• Distributed services
- vMotion, SvMotion, DRS, HA
• Additional Services
- Vmware vSphere Update Manager
• Database interface
• AD interface
• Vmware vSphere API & vSphere SDK

0 19
 ZOOM
vCenter Server Modules

Update Manager
ll
^TECHNOLOGIES

Site Recovery Manager

• These are Applications which provide additional features in vCenter Server
• These modules have server client component
• Server Component is installed on vCenter server and Client component (Plug-in)
downloaded and installed to vSphere Client

vCenter Server Plug-ins

• VMware vCenter Storage Monitoring Service

ZOOM
u
^TECHNOLOGIES,

• vCenter Hardware Status

• vCenter Service Status

0 20
 vCenter Single Sign On

Benefits Features
ZOOM
!U
TECHNOLOGIES

Speeds up Operations Auto discovery of and less complexity

vCenter servers

Trust between Components Support for multiple or non AD repositories

Users can view all vCenter instances in single
view

Support for Open Standard Linked mode not

Protocols SAML2.0/WS-trust required

Better Architecture

How SSO Server Functions ZOOM

^TECHNOLOGIES,

• Customer Identity Sources: AD, Open LDAP, NIS, Local OS Users, SSO Users
- Users log in to Web Client
- Credentials are sent to SSO Server
- STS receives and forwards it to IDM
- IDM Forwards request to the Identity source
- User Authenticated IDM updates STS, STS generates Security Token
- Users can access vSphere Solutions

0 21
 SSO Components

• STS service issues (SAML) tokens

ZOOM
ll
^TECHNOLOGIES

• SSO Admin Service Configures SSO server and manage users & groups
• Lookup service contains topology information about vSphere infrastrusture
• Identity Manager Service, Identity Manager Client
• VMware Directory Service (vmdir)

vCenter Server Supports

- OpenLDAP versions 2.4 and later

ZOOM
'J
^TECHNOLOGIES,

- AD versions 2003 and later

- AD over LDAP
- Local OS System Users
- SSO Users & Groups

0 22
 Installation of vCenter Server ZOOM I
^TECHNOLOGIES^

• Components
- SSO Server
- Web Client
- Inventory Service
- vCenter Server
- Min Hardware Requirements for SSO on a Separate Machine
• Intel/AMD dual core x64 processor
• 3GB RAM
• 2GB disk storage
• lGbps NIC

vSphere Web client ZOOM

^TECHNOLOGIES,

Install to vCenter Server or remote machine

Web client Architecture

• Web client
• Application Server
• vCenter Server

Web client Plug-ins

• Run from server

0 23
 ZOOM
vCenter Inventory service

* Stores vCenter Server application & Inventory data

ll
^TECHNOLOGIES

* Search and access inventory of Multiple vCenter servers linked

• Supports login by SSO
• Used by vSphere Web Client
Hardware Requiremets
- Intel/AMD x64 2or more cores 2GHz
- 3GB RAM
- 2GB disk storage
- lGbps Network

vCenter Server I ZOOM I

TECHNOLOGIES^

• Hardware Requirements
- Intel/AMD x64, 2 or more Cores, 2GHz
- 4GB RAM
- 4GB disk storage
- lGbps Networking
• Requires a database
• Software Requirements
- 64 bit OS
- 64 bit database

0 24
 vCenter Server Database Requirements

• Supported Databases
ZOOM
ll
^^TECHNOLOGIES

- MS SQL Server 2005 SP3 (SP4 recommended)

- MS SQL Server 2008
- MS SQL Server 2008 R2 Express
- Oracle lOg R2 & llg
- IBM DB2 9.5 and 9.7

• Hierarchy of Objects
• Objects can be Folders or Objects that we manage
• Objects can be grouped in a meaningful way so that permissions can be applied

0 25
 Shared Storage

Datastore: Logical Container that holds files

ZOOM
u
\jEC H NOLOSIES.

Types of datastore
- VMFS: datastores formatted with VMFS
- NFS: formatted with a file system (NFS) of storage provider
Types Storage Technologies:
- DAS: Direct attached storage
- FC: protocol used for SANs, Encapsulates SCSI commands transmitted between FC
nodes, FC Switch Connects nodes.
- FCoE: FC traffic encapsulated in to FCoE frames, FCoE frames are converged with
networking traffic

0 26
 iSCSI: SCSI transport protocol, provides access to storage devices over TCP/IP
network
NAS: Provides access to storage shared using a file system(NFS) over TCP/IP
network, NFS protocol.

VMFS can be deployed on SCSI based Storage

• DAS, FC, iSCSI
ESXi supports NFS version3 over TCP/IP, uses a lock file .Ick-fieldid

iSCSI SAN Storage ZOOM

')
^TECHNOLOGIES,

• Components
• iSCSI Storage system
• Hard disks (arrays)
• LUNs
• SPs
• TCP/IP network
• Servers (hosts)

0 27
 • iSCSI Initiator transmits SCSI commands over TCP/IP network
• iSCSI target receives SCSI commands from TCP/IP network
• Target presents LUNs to initiator
iSCSI addressing: IQN can be 255 characters
iqn.yy-mm.com.company:iSCSI alias
eg: iqn.l999-08.com.someit:storagel-67df4c98 (target), IP address: 10.0.1.9
eg: iqn.l998-01.com.vmware:testl-95cd4c35
(initiator), IP address: 10.0.1.20
or
EUI -16 characters
eg: eui.bdfcab9876543210 (target)
eg: eui.0123456789abcdef (initiator)

iSCSI initiators

* Sofware iSCSI initiator

ZOOM
u
^TECHNOLOGIES,

* Dependent Hardware iSCSI initiator (broadcom 5709)

* Independent Hardware iSCSI initiator (QLE4062c)

iSCSI Security Uses CHAP

ESXi supports iSCSI Multipathing (Port Binding)

0 28
 ZOOM
NAS/NFS

NFS Components
ll
^TECHNOLOGIES

• NAS device/NFS server

• TCP/IP Network

• ESXi host

• ESXi host accesses NFS server using IP address/HN

• NFS administrator should use no_root_squash option to export an nfs volume
• ESXi supports NFS multipathing

FC SAN

FC Components
ZOOM
u
^TECHNOLOGIES,

• FC Storage System
• Diskdrive arrays
• LUNs
• SPs

• FC Switches

• ESXi hosts with

• HBAs

0 29
 • LUN: address of a Logical unit, LU is a unit of storage, LU can be a JBOD/RAID set can
be partitioned in to multiple LUNs
• SP: partitions JBOD/RAID sets in to LUNs can restrict access to a particular LUN from
Servers
• HBA: Connects ESXi host to FC network
• FC Switch: Forms FC fabric, interconnects multiple FC nodes, add source and
destination address to packets

• FC Addressing
• WWN unique 64 bit address assigned to FC nodes eg: 60:08:05:E0:10:20:B2:78
• Access Control in FC
• LUN Masking: Configured at SP
• Zoning/Zones: Configured at FC switch
• Soft Zoning/Hard Zoning
• ESXi supports 16Gbps FC, supports multipathing
• VMkernel scans for LUNs 0-255

0 30
 ZOOM I
• Components
- FC SAN -LAN

• FCoE Switch

• ESXi Host
• with CNA/NIC with
• sw FCoE supprt

• SCSI storage devices use various identifiers on ESXi hosts

• VMkernel requires an identifier generated by storage device
Identifiers:
• SCSI ID: unique address of a SCSI device
• Canonical name: The NAA ID is a unique LUN identifier, persistent, begins with naa
• T10 : assigned by IEFT begins with tlO
• mpx: Vmware namespace, non persistent, local devices use mpx
• Runtime name: uses convention vmhba:N:C:T:L created by host, not persistent

0 31
 Snapshot

• Captures Present State info of the VM

ZOOM
u
TECHNOLOGIES.

II

0 32
 ZOOM
Clones & Templates

• Template is a master image copy of a VM

ll
^TECHNOLOGIES

• Contains Guests OS, Application and VM configuration

• Clone is an exact copy of a VM
• Use Guest Customization Wizard to customize the guest OS during cloning and
deployment from template

vApp

• Container for one or more VMs

ZOOM
u
^TECHNOLOGIES,

• vApp is an object
• CPU & Memory can be allocated & configure startup and shutdown order for VMs
• vApp also be deployed using OVF/OVA
• OVF has an XML file and VMDKs of VMs
• OVA is from xensource is an archive file which has files that belong to OVF directory

0 33
 Migrating VMs

Types of Migration
ZOOM
'J
^TECHNOLOGIES

- Cold
- Suspended
- vMotion
- Storage vMotion
- Enhanced vMotion

• Max of 8 simultaneous vMotion, cloning, deployment, SvMotion, accesses/VMFS-5

datastore

• 128 Concurrent vMotion/VMFS datastore

• 4 Concurrent vMotion/host on lGbps network
• 8 Concurrent vMotion/host on lOGbps network
• CPU compatibility between hosts required for vMotion
• SSE3, SSSE3 or SSE4.1 CPU instructions on hosts
• NX/XD CPU technology

0 34
 ZOOM
vMotion Technology

• vMotion migrates the VM's entire state from one host to another
ll
^TECHNOLOGIES

• VMkernel port for vMotion enabled on source and destination host

Storage vMotion I ZOOM I

TECHNOLOGIES^

• Uses the same technology as vMotion

• Storage vMotion migrates the VM files from one datastore to another
• Datastores can be of different storage types
• VMkernel data mover/VAAl
• Start new VM process
• Mirror Driver
• Storage vMotion performs upto 4 parallel disk migrations/storage vMotion operation
• Parallel disk migrations apply only betw diff datastores
• 2 Concurrent SvMotion/Host, 8/Datastore
• VMDKs must be in persistent mode
• Migrate Virtual RDMs mapping file or convert thick/thin if the destination is not NFS
datastore

0 35
 Enhanced vMotion ZOOM
• Migrate VM host & datastore simultaneously with out a shared storage
• Hosts must be in same datacenter and same network
• Only 2 Concurrent Enhanced vMotion/Host

vSphere HA

E 36
 vSphere HA

Configured, managed and monitored in vCenter Server

ZOOM
^TECHNOLOGIES
ll
Provides high availability against:
• ESXi host failure
• VM/Guest OS failure
• Application Failure (Optional)
Cluster is a group of ESXi hosts and its VMs with VMware vSphere HA and DRS enabled
32 hosts/cluster, 512 VMs/host, 3000 VMs/cluster

vSphere HA Architecture ZOOM

')
^TECHNOLOGIES,

• All the hosts in a HA cluster have Master/Slave relationship

• HA is enabled, Fault Domain Manager service starts on each ESXi host, FDM agents
start.
• FD is managed by Master host
• Cluster configuration info is maintained by vpxd process and is updated to the master
agent
• List of protected VMs is stored on each datastore
• HA depends on Network Heartbeats, Datastore Heartbeats

0 37
 HA failure Scenarios

• Salve Host failure

ZOOM
ll
^TECHNOLOGIES

• Master Host failure

• Isolated Host
Avoid Isolated host scenario by having redundant heartbeat network/isolation
addresses
• Network Partition

Configuring vSphere HA ZOOM

^TECHNOLOGIES,

• Enable host monitoring (vSphere HA monitors and responds to host failures

• Admission control refers to the amount of available resources that can be used to
start VMs on an ESXi host
• VM monitoring

0 38
 vSphere DRS ZOOM I
^TECHNOLOGIES^

* DRS is a cluster managed by vCenter Server

• ESXi host resources becomes part of cluster resources
• DRS has these resource management capabilities
- Initial placement
- Load balancing
- Power Management

DRS Settings

DRS Affinity Rules for VMs

ZOOM
u
^TECHNOLOGIES,

* Affinity rules: DRS should try to keep certain VMs together on the same host
* Anti-affinity rules: DRS should try to make sure certain VMs are not together
DRS Groups
- VM DRS Group
- Host DRS Group
- VM/Host can belong to multiple DRS groups

0 39
 VMs to Host Affinity Rule specify whether a VM DRS Group can run on specific Host DRS
Group
Rules
• Preferential rule is softly enforced can be violated
eg: VMs of Group A/B are forced to Run on Host of Group A/B respectively
• Required rule is strictly enforced can never be violated

vSphere FT

•
ZOOM
'J
TECHNOLOGIES.

Provides zero downtime and zero data loss for applications in the event of unplanned
downtime
• vSphere HA required
• Can be used with DRS cluster
• 4 VMs/Host
• Disable BIOS-based power management (Host)

0 40
 ZOOM
Update Manager
’J
TECHNOLOGIES.

Provides centralized patch, version management of ESXi hosts, VM hardware, VMware

tools and VAs

• Update Manager 5.1 can be used to patch

• ESXi 3.5,4.x and 5.x
• Upgrade ESX/ESXi 4.x to ESXi 5.x

a
0 41
 Components of Update Manager
- Update Manager Server
- Patch Database
- Update Manager Plug-in

Hardware requirements
- CPU 2 or more Cores, 2GHz
- 2/4GB RAM
- lGbps Network

0 42
 ZOOM
Access & Authentication

• Configuring Security Profile Services

ll
^TECHNOLOGIES

• ESXi Firewall
• Lockdown Mode
• Integrating ESXi with AD

Access Control

• Privilege: Defines action that can be performed

ZOOM
u
^TECHNOLOGIES,

• Role: Set of Privileges

• Object: Target of the action
• User/Group: Who can perform the action
• Role+User/Group+Object=Permission

0 43
 Applying Permissions Scenarios ZOOM I
^^TECMNOIOGIE^^

• Scenario 1: Permissions can propagate down the object hierarchy to all subobjects,
you can also explicitly override a permission at lower level objects
• Scenario 2: When a user is a member of multiple groups with permissions on the same
object. The user gets both the permissions
• Scenario 3: When a user is a member of multiple groups with permissions on diff
objects, both roles propagate to their child objects
• Scenarios Permissions defined explicitly for the user on an object take precedence
over all group permissions on that same object

vSphere Data Protection

E 44
 vSphere Data Protection ZOOM I
^TECHNOLOGIES^

Traditional Backup Solutions not suitable for Virtual Architecture

• Virtual Backup Solutions Advantages:
- No backup agents on VMs
- Backup processing is offloaded from ESXi hosts to backup server
- Virtual disks can be thin provisioned, use of snapshot functionality
- Faster backup and recovery
- Single backup image
- Image level and file level restoration

* vSphere Storage API Data Protection(VADP) built in to the ESXi framework

- API directly integrated with third party backup tools
- Supports all types of storages FC,iSCSI,NAS,Local
• vSphere Data Protection can restore individual files
• Incremental backups using VDP

0 45
 VDP Components & Architecture ZOOM
• VDP Appliance
- .ova format, VM with 4vCPUs, 4GB RAM, SLES 11 64bit
- VA- .5TB-850GB,1TB-1.6TB,2TB-3.1TB
• vSphere Infrastucture
- CBT, VSS in VMware tools
• Integrated with vCenter Server 5.1
• Managed Through Web Client
• De-duplication Store (.vmdk files)

Resource Mgmt & Monitoring

E 46
 Resource Mgmt & Monitoring

Memory Virtualization has 3 layers

ZOOM
ll
^TECHNOLOGIES

• Guest OS virtual memory

• Guest OS physical memory
• Host physical memory

VM Memory Overcommitment
• Occurs when physical memory installed is less than sum of memory allocated to all
VMs
• VMs power on only if minimum memory available, that is overhead memory
• VMs overhead memory is extra host physical memory
• Swap file (.vswp) size is the diff betw allocated and reserved memory

0 47
 ZOOM
VMkernel memory reclaim techniques

• Transparent page sharing

ll
^TECHNOLOGIES

• Ballooning mechanism
• Memory Compression
• Host-level SSD swapping
• Page VM memory out to disk (VMkernel Swap)

CPU virtualization I ZOOM I

TECHNOLOGIES^

• VMkernel Schedules vCPUs on the physical processor

• Socket, Core, Thread Topology
• CPU load balancing

0 48
 ZOOM
Resource Control
^TECHNOLOGIES

• vSphere 5.x employs a share based allocation algorithm to allocate resources for VMs
ll
• Parameters that control a VMs access to a given resource are
• Limit (Cannot exceed this value)
• Reservation (VM to start)
• Shares (Guarantee a certain amount of resources for a VM)

Resource Pools ZOOM

K^JECHNOLOGIES,

Logical abstraction for hierarchically managing CPU and memory resources

❖ Allows administrators to divide and allocate resources to VMs

Resource Pool Attributes

• Shares: Low, Normal, High, Custom
• Reservations in MHz and MB
• Limits in MHz and MB
• Expandable reservation? yes, no

0 49
 Resource Pool Scenarios

• Host esxil
ZOOM
'J
^.TECHNOLOGIES

• CPU:10000MHz
• Memory:32GB

Finance Pool
CPU shares 1000
Reservation 1000MHz
Limit 4000MHz
Expandable reservation yes

Fin-Prod VM Fin-Dev VM
CPU shares 1000 CPU shares 2000
Reservation 0MHz Reservation 250 MHz
Limit 4000MHz Limit 4000MHz

All VMs are running on same CPU

Finance pool Marketing Pool

CPU shares 2000 CPU shares 1000

Fin-prod VM Mar-test VM Mar-prod VM

Fin-test VM
CPU shares CPU shares 1000 CPU shares 2000
CPU shares 1000
2000

0 50
 ZOOM
Monitoring

Monitoring VM resource usage

ll
^TECHNOLOGIES

- CPU
- Memory
- Disk
- Network Bandwidth
Monitoring Tools
GUEST OS TOOLS VMWARE TOOLS
Perfmon dll vCenter perf charts
Task Manager ESXi System Logs
lometer resxtop and esxtop

Interpreting Data from monitoring tools

• Is a VM CPU Constrained?
ZOOM
u
^TECHNOLOGIES,

• Are VMs CPU Constrained?

• Is the VM Memory Constrained?
• Is the Host Memory Constrained?
• Monitoring Active Memory of VM
• Are VMs Disk-Constrained?
• Are VMs Network-Constrained?

0 51
 vSS Policies

Network Policies
ZOOM
u
VjEC H NOLOSIES.

• Security
• Traffic Shaping
• NIC Teaming

(\

0 52
 Security Policy
• Promiscuous Mode: (default reject) to prevent VMs network adaptors from observing
traffic not intended for
• MAC Address Changes: (default accept) if set to reject, when guest OS tries to change
the MAC, it stops receiving frames
• Forged Transmits: (default accept) if set to reject the virtual NIC drops frames that the
guest sends if the MAC is changed

Traffic Shaping Policy

- Mechanism for controlling VMs network bandwidth
- Controls outbound traffic only

Average Bandwidth: Allowed average load

Peak Bandwidth: Max amount of bandwidth vSwitch can pass without dropping
packets

Burst Size: Max amount of data included in a burst

0 53
 NIC Teaming Policy
• Load balancing Method (outbound only)

Originating Virtual Port ID: NIC is determined by the port ID to which VM is connected.
Fast & Simple

Source MAC Hash: NIC is based on virtual NICs MAC address. Low overhead, might not
spread traffic evenly across the physical NICs

IP Hash: NIC is chosen based on packets source and destination IP address. High
Overhead, better distribution of traffic, requires 8802.3ad standard

Network failure Detection

• Detected by VMkernel
• Link Status Only: Provided by network adaptor detects failures like cable pulls &
physical switch power failures
• Beacon Probing: link status plus detect configuration errors like port blocked by STP
and wrong VLAN

0 54
 Notify Switches
* Physical switches are notified by VMkernel when a virtual NIC is connected to virtual
switch and when a failover event causes a virtual NICs traffic to be rerouted to a diff
physical NIC

• Do not use this option with VMs running unicast mode MS NLB

Fallback
* Yes: Failed physical adaptor is active whenever its up
• No: Failed adaptor is inactive even after its up

0 55
 vSphere Distributed Switch vDS

• Configured and Managed at vCenter Level

ZOOM
V: u
TECHNOLOGIES.

* vSphere Distributed Switch functions as a single virtual switch across all the associated
ESXi hosts

qistntxjted port group

A
1 1 B 1 C | D 1 E | M O 1 » | 1 |J~1

vSpticrc Distributed Switch

virtual

phys-ical

0 56
 * With VLAN Type set to None, the dvPort group will receive only untagged traffic. In
this case, the uplinks must connect to physical switch ports configured as access ports,
or they will receive only untagged/native VLAN traffic.
• With VLAN Type set to VLAN, you'll then need to specify a VLAN ID. The dvPort group
will receive traffic tagged with that VLAN ID. The uplinks must connect to physical
switch ports configured as VLAN trunks.
• With VLAN Type set to VLAN Trunking, you'll then need to specify the range of allowed
VLANs. The dvPort group will pass the VLAN tags up to the guest Oses on any
connected VMs.
• With VLAN Type set to Private VLAN, you'll then need to specify a Private VLAN entry.

• PVLANs are a way to further isolate ports within a VLAN

* PVLANs are configured in pairs: the primary VLAN and any secondary VLANs. The
primary VLAN is considered the downstream VLAN; that is, traffic to the host travels
along the primary VLAN. The secondary VLAN is considered the upstream VLAN; that
is, traffic from the host travels along the secondary VLAN

0 57
 ESXi Architecture

Functionally, ESXi is equivalent to ESX 3

ZOOM
D
^TECHNOLOGIES

Footprint less than 32MB of memory.

• VMkernel is a POSIX-like operating system

• Core functionality as:
• Resource scheduling
• I/O stacks
• Device drivers
• VMkernel uses a simple in-memory file system to hold the ESXi configuration files
/etc/vmware, log files /var/log/vmware, and staged patches in /tmp

0 58
 Components/Processes

DCUI
ZOOM
'J
TECHNOLOGIES

• VMM the process that provides the execution environment for a virtual machine, as
well as a helper process known as VMX. Each running virtual machine has its own
VMM and VMX process.
• The hostd process provides a programmatic interface to VMkernel and is used by
direct VI Client connections as well as the VI API. It is the process that authenticates
users and keeps track of which users and groups have which privileges. It also allows
you to create and manage local users.
• vpxa process
• HA agent
• Syslog daemon stores logs and forward logs to remote servers

A process that handles initial iSCSI target discovery

Process that enable NTP
• Process that enable SNMP
• The Common Information Model (CIM) system: CIM is the interface that enables
hardware-level management from remote applications via a set of standard APIs.
• User and group definitions are stored on the file system in the files /etc/passwd,
/etc/shadow, and /etc/group

0 59
 ■ ZOOM I
^^^^JECHNOLOGIES^

Bootloader partition [4MBJ

Boot bank
partition
[48MB1 Boot bank partition
Alt boot bank Core hypervisor (32MB). includes
partition • VM kernel

[4BMBJ - Server manufacturer

customization*

Alt boot bank partition

X Initially empty

750MB
Store- partition
[‘>40 MR]
Store partition
Auxiliary files
— - VI Client

- VMware Tools
Runtime storage

Core dump Core dump partition

partition — Normally empty
[1 IOMB]

Command Line Tools

• SSH Client (Putty)

V
ZOOM
u
TECHNOLOGIES.

• vCU
• vMA

60
 Using vCLI commands
Use esxcli commands or vicfg commands

Eg:
vicfg-vswitch -server <vCenter host name> -vihost
<ESXi host name> -username
cvCenter administrative user> -list

vicfg-hostops -server cvCenter host name> -vihost

cESXi host name> —username
cvCenter administrative user> -operation shutdown -force

0 61
 vShield ZOOM
k^TECMNOLOGIE^

• vShield Manager
• vShield Edge: Protects the edge of virtual datacenter
• vShield App with Data security: Hypervisor-based, application aware firewall for
virtual datacenter
• vShield Endpoint: Offloads antivirus and antimalware agent processing to a dedicated
secure VA delivered by VMware partners
• Endpoint is integrated with vSphere 5.1

0 62
 ZOOM
ll
^TECHNOLOGIES

• VMware Virtual SAN uses local SSDs as cache and Local HDDs to create a clustered
datastore.
• VSAN requires min 3 ESXi Host to form a VSAN Cluster and Max of 8.
• Atleast 1 SSD and 1HDD on each host is required with local storage
• VSAN Cluster requires a dedicated network

Configuring VSAN I ZOOM I

TECHNOLOGIES^

• VMkernel network for VSAN

• Create a VSAN Cluster
• Configured through Web Client
• Single VSAN datastore is created

0 63
 vSphere Replication ZOOM
TECHNOLOGIES.

vSphere Replication protects VMs from Disaster by replicating the VM to a remote site
vSphere Replication is handled by components of hypervisor
vSphere Replication is a VA vSphere Replication Appliance
Managed Through Web Client

(\

0 64
 Host Profiles ZOOM
')
\jEC H NOIOGIES.

* Host Profile creates a profile of the host configuration

* Provides centralized managed automated mechanism for host configuration

II

0 65
 MCSE-2012 FUII Course
MICROSOFT CERTIFIED SOLUTIONS EXPERT
Practicals in real-time environment. Detailed curriculum with all 5 papers
Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month)
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30 \
CCNA (v 2.0) Full Course
CISCO CERTIFIED NETWORK ASSOCIATE Complete Package
Cisco Routers with BSNL/TELCO MUX & Live Channelised El for Only
Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month)
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30

Fees: ? 5,900/-
+ 14% Service Tax

Practicals on Live Web Administration + Integration of Windows with Linux/Unix (Samba Server)
Duration: 3 Months
Duration: 2 Weeks | 4 Hrs Per Day (starts on is* &30,h of every month) 4 Hrs Per Day
Batches: Morning: 8.00 • Afternoon: 1.30 • Evening: 7.00

I'.'iilillWIliJJiJIhAHiWIlWjWlllliltWIi: 100%
►/
• Ethical Hacking, Cyber Security and Firewall • Open Source: A glimpse into advance Linux
• VMware vSphere and MS Private Cloude • Cisco WAN Technology & Collaboration

Free MCSE & CCNA Exam Practice Questions GUARANTEED

[UAr | Ethical Hacking &
EI1UE I Countermeasures Expert
Course is mapped to EHCE course from US-Council (www.us-council.com)
Fees: ? 9,500/-
JOB
+ 14% Service Tax.
(Pre requisite is CCNA / MCSE / LINUX) ASSISTANCE
1
Duration: 2 Weeks | 4 Hrs Per Day (starts on is " & 30th of every month)
Batches: Morning: 7.30 or Evening: 6.00

CCNP R&S
rcisco CERTIFIED NETWORK PROFESSIONAL^
Duration: 1 Month | 4 Hrs Per Day (starts on 15th of every month)
Batches: Morning: 7.30 • Afternoon: 2.00 • Evening: 6.00 Fees: ^ jBfOCG/;
• Labs on latest routers with IOS version 15.X Introductory Special Offer
Monitoring, Diagnostics & Troubleshooting Tools
• PRTG • Wireshark • SolarWinds, etc.
Fees: ? 5,500/-
+ 14% Service Tax
Exam Practice Challenge Labs

CCIE R&S
tcisco CERTIFIED INTERNETWORK EXPERT
Duration: 1 Month | 4 Hrs Per Day (starts on is1" of every month)
Batches: Morning: 7.30 • Evening: 6.00
• Individual Rack For Every Student Fees: ?
• Real time scenarios by 20+ years experienced CCIE certified industry expert who
has worked on critical projects worldwide. Introductory Special Offer
Written + Lab Exam Focus Fees: ? 9,999/-
FREE Full Scale 8 Hours Exam Lab Included + 14% Service Tax
Unlimited Lab Access For 1 Year
 Fees: ? 2,500/-
1
Duration: 2 Weeks | 4 Hrs Per Day (starts on is* & 30* of every month) + 14% Service Tax
Batches: (Contact the Counselors for the next available batch)

Fees: 2,500/-
Duration: 2 Weeks | 4 Hrs Per Day + 14% Service Tax
Batches: (Contact the Counselors for the next available batch)

Fees: ? 2,500/-
Duration: 2 Weeks | 4 Hrs Per Day (starts on 15* & 30* of every month) + 14% Service Tax
Batches: (Contact the Counselors for the next available batch)

CCNA SECURITY (Pre requisite is CCNA R&S)

Fees: ^ 7,500/-
CISCO CERTIFIED NETWORK ASSOCIATE - SECURITY]
+ 14% Service Tax
Duration: 2 Weeks | 4 Hrs Per Day (starts on 15* of every month)
Batches: Morning: 7.30 or Evening: 6.00

CCNP SECURITY (Pre requisite is CCNA Security at ZOOM)

Fees: ^ 9,500/-
CISCO CERTIFIED NETWORK PROFESSIONAL - SECURITY
Duration: 2 Weeks | 4 Hrs Per Day (starts on 30* of every month) + 14% Service Tax
Batches: Morning: 7.30 or Evening: 6.00

CCIE SECURITY (Pre requisite is CCNA & CCNP Security at ZOOM)

Fees:^15,500/-
CISCO CERTIFIED INTERNETWORK - SECURITY.
+ 14% Service Tax
Duration: 1 Month | 4 Hrs Per Day
Batches: (Contact the Counselors for the next available batch)

VMware vSphere (Pre requisite is MCSE) Fees: ? 4,950/-

Duration: 1 Month | 4 Hrs Per Day (starts on 15* of every month) + 14% Service Tax
Batches: Morning: 7.30 and Evening: 7.30

VMware vCloud (Pre requisite is VMware vSphere) Fees: ? 2,500/-

Duration: 1 Week | 4 Hrs Per Day (starts on 15* of every month) + 14% Service Tax
Batches: Morning: 9.30 to 11.30

■diiJd'iJiiiniJhnHHT Fees: ^ 5,500/-

Duration: 2 Weeks | 4 Hrs Per Day + 14% Service Tax
Batches: (Contact the Counselors for the next available batch)

We also offer the following courses (Contact the Counselors for the next available batch)
► CCNA Voice @ ^7,500/- ► CCNA Data Center @ ^7,500/-
► CCNP Voice @ ?9,500/- ► CCNP Data Center ?9,500/-
► CCIE Collaboration @ 5,500/- ► CCIE Data Center 5,500/-
► IPv6 Migration @ ^5,500/-
► All Senior Engineers of Zoom working on Live projects
FACULTY * Training Engineers of British Army, CISCO, CMC, GE, BSNL, Tata Teleservices and
Several Corporates etc for 18 Years.

www.zoomgroup.com
 FREE Training
Zoom Technologies offers a number of free resources for the professional development of network
engineers.

Register on our website to get access to the video recordings of live sessions on:

■ MCSE - Windows Server 2012

■ Cisco - CCNA "1
■ Cisco-CCNP r All Tracks (R & S, Security and Voice)
■ Cisco-CCIE J
■ Exchange Server 2013

- Ethical Hacking and Countermeasure Expert (www.us-council.com)

Find us at: www.zoomgroup.com

Like us on Facebook and get access to free online webinars as well as special offers and discounts.
https://www.facebook.com/ZoomTechnolgies

Online Training
Online Training at Zoom is a cost effective method of learning new networking skills from the
convenience of your home or workplace.

Taking an online training course has many advantages for everyone (Freshers / Working Professionals).
Zoom offers online training for the highly coveted CCNA, CCNP and CCIE courses as well as MCSE,
Linux, VMware, Ethical Hacking and Firewalls, IPv6 with more courses planned for the near future.
These are live instructor led courses, using Cisco WebEX. Check out our online course offerings at:
http://zoomgroup.com/online_course

Job Opportunities
There is a high demand for network and security professionals at all times. Apart from job opportunities
in India and the Middle East, network and security administrators are also sought-after in the US and
Europe.

If you do not have the right skills, then get them now! Choose the experts in network and security
training, an organization which has already trained over one hundred thousand engineers.

For the latest job openings in networking and security, register and upload your resume on:
http://zoomgroup.com/careers or visit zoom to choose job offering from several multinational
companies.
0
 ABOUT US

ZOOM Technologies India Pvt. Ltd. is a pioneering leader in network and security train-
ing, having trained over a hundred thousand engineers over the last two decades.

We offer a world class learning environment, with state-of-the-art labs which are fully
equipped with high-end routers, firewalls, servers and switches. All our courses are
hands-on so you'll get much needed practical experience.

The difference between us and the competition can be summed up in one simple sen-
tence. Our instructors are real-time network professionals who also teach.

Zoom has designed, developed and provided network and security solutions as well as
training to all the big names in the Indian industry, for the public sector as well as corpo-
rate leaders. Some of our clients are:

TATA
BSNL
VSNL
Indian Railways
National Police Academy
Air Force Academy
IPCL- Reliance Corporation
CMC
British Army

No other training institute can boast of a customer base like this. This is the reason for
the resounding success of our networking courses. If you do not have the right skills, then
get them now. Come, join the experts!

Training Centers in Hyderabad, India.

Banjara Hills Ameerpet Secunderabad Dilsukhnagar

HDFC Bank Building, 2nd Floor, # 203, 2nd Floor, Navketan Building, 1st Floor, # 16-11-477/B/1 &B/2,
Road #12, Banjara Hills, HUDA Maitrivanam, Ameerpet, 5 Floor, # 501 Shlivahana Nagar, Dilsukhnagar,
Hyderabad - 500 034 Hyderabad-500 016 Secunderabad - 500 003 Hyderabad - 500 060
Telangana, Telangana, Telangana, Telangana,
India. India. India. India.

Phone: +91 40 23394150 Phone: +91 40 39185252 Phone: +91 40 27802461 Phone: +91-40-24140011
Email: banjara@zoomgroup.com Email: ameerpet@zoomgroup.com Email: mktg@zoomgroup.com Email: dsnr@zoomgroup.com

website: www.zoomgroup.com