Transitioning to the ESXi Hypervisor

Architecture – What Customers Need to Know

VMware, February 2011

© 2009 VMware Inc. All rights reserved

Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

2
VMware vSphere 4.1 and earlier support two hypervisors
architectures: VMware ESXi or ESX
VMware’s virtualization platform includes two components:
1. VMware vSphere 4.1 = virtualization software
• VMware vSphere 4.1 is available in several editions at different levels of functionality

• Customers can choose to install vSphere 4.1 using either the VMware ESXi or ESX

2. VMware vCenter Server 4.1 = virtualization management software

• VMware vCenter Server is necessary for advanced features such as VMotion, HA, etc.

VMware VMware VMware

vSphere vSphere vSphere

VMware vCenter
Server

3
Converging to ESXi with the next vSphere release

 With the GA of vSphere 4.1 in July 2010 VMware officially

announced that starting with the next vSphere our hypervisor
architecture will converge to ESXi
 From the release note:

VMware vSphere 4.1 and its subsequent update and patch releases are the last releases to
include both ESX and ESXi hypervisor architectures. Future major releases of VMware
vSphere will include only the VMware ESXi architecture.
• VMware recommends that customers start transitioning to the ESXi architecture when
deploying VMware vSphere 4.1.
• VMware will continue to provide technical support for VMware ESX according to the
VMware vSphere support policy on the VMware Enterprise Infrastructure Support page.
• To learn more about the ESXi architecture and how to migrate from ESX to ESXi, go to
the VMware ESXi and ESX InfoCenter.

4
VMware ESXi: 3rd Generation Hypervisor Architecture

VMware GSX VMware ESX VMware ESXi

(VMware Server) architecture architecture
• Installs “bare metal” • Installs “bare metal”
• Installs as an application • Relies on a Linux OS • Management tasks are
• Runs on a host OS (Service Console) for moved outside of the
• Depends on OS for running partner agents and hypervisor
resource management scripting

Service Console VMkernel

VMware ESX VMware ESXi VMkernel

2001 2003 2007

The ESXi architecture runs independently of a general purpose OS,

simplifying hypervisor management and improving security.

5
VMware ESXi and ESX hypervisor architectures comparison

VMware ESX VMware ESXi

Hypervisor Architecture Hypervisor Architecture

• Code base disk footprint: ~ 2GB • Code base disk footprint: <100 MB
• VMware agents run in Console OS • VMware agents ported to run directly on VMkernel
• Nearly all other management functionality • Authorized 3rd party modules can also run in
provided by agents running in the Console OS VMkernel to provide hw monitoring and drivers
• Users must log into Console OS in order to run • Other capabilities necessary for integration into an
commands for configuration and diagnostics enterprise datacenter are provided natively
• No other arbitrary code is allowed on the system

6
New and Improved Paradigm for ESX Management

Service Console (COS)

Management Agents Agentless vAPI-based

Hardware Agents
Agentless CIM-based
Service Console (COS)

vCLI, PowerCLI
Commands for
Configuration and
Diagnostics Local Support Consoles

CIM API vSphere API

Infrastructure Native Agents:

Service Agents hostd, vpxa, NTP,
Syslog, SNMP, etc.
“Classic” VMware ESX VMware ESXi

7
Why ESXi?

Next generation of VMware’s Hypervisor Architecture

Full-featured hypervisor
 Superior consolidation and scalability
 Same performance as VMware ESX architecture

More secure and reliable

 Small code base thanks to OS-Independent, thin architecture

Streamlined deployment and configuration

 Fewer configuration items making it easier to maintain
consistency
 Automation of routine tasks through scripting environments
such as vCLI or PowerCLI

Simplified hypervisor Patching and Updating

 Smaller code base = fewer patches
 The “dual-image” approach lets you revert to prior image if
desired
 VMware components and third party components can be
updated independently

8
The Gartner Group says…

 “The major benefit of ESXi is the fact that it is more lightweight —

under 100MB versus 2GB for VMware ESX with the service
console.”

 “Smaller means fewer patches”

 “It also eliminates the need to manage a separate Linux console

(and the Linux skills needed to manage it)…”

 “VMware users should put a plan in place to migrate to ESXi during

the next 12 to 18 months.”

Source: Gartner, August 2010

9
Gartner Agrees ESXi is competitive advantage

“The lesson from all of this is that thinner

is better from a security perspective
and I’d argue that the x86 virtualization
platforms that we are installing (ESX, Xen,
Hyper-V and so on) are the most
important x86 platforms in our data
centers. That means patching this layer
is paramount. With Hyper-V’s parent
partition that means closely keeping an
eye on Microsoft’s vulnerability
announcements to see if it is affected.”

Source: http://blogs.gartner.com/neil_macdonald/2010/02/11/a-downside-to-hyper-v/

10
Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

11
Hardware Monitoring with CIM

Common Information Model (CIM) Management Server

 Agent-less, standards-based monitoring of Management
hardware resources Client

 Output readable by 3rd party management

tools via standard APIs

WS-MAN
 VMware and Partner CIM providers for
specific hardware devices

CIM Broker

VMkernel VMware Partner

Providers Providers

Platform
CPU Memory Network Storage
Hardware

12
Third Party Hardware Monitoring

• OEMs HW monitoring through their management consoles

HP SIM 5.3.2+
Dell Open Manager Server Administrator 6.1

 View server and storage asset data

 View server and storage health information
 View alerts and command logs

13
Monitor and Manage Health of Server Hardware with vCenter

CIM Interface
 Detailed hardware health
monitoring
 vCenter alarms alert when
hardware failures occur
 Host hardware fan status
 Host hardware power status
 Host hardware system board
status 4256413507
 Host hardware temperature
status

vCenter
Alarms for
Hardware

14
Monitoring of Installed Software Components

In ESXi 4.1 Directly

In vCenter Server

15
 Majority of Systems Management and Back Up Vendors Support ESXi

 BPM for Virtual Servers  CA Virtual  Operations  ITM for Virtual  Smarts ESM
 BPA for Virtual Servers Performance Orchestration Servers  ADM
 Capacity Mgmt Manager (VPM)  VI SPI  TPM  ControlCenter
Essentials  Spectrum  Client Automation  ITUAM  Avamar
 Atrium Orchestrator Automation  DDM  ITLCM  Networker
 Bladelogic Operations Management  Operations Agent  Tivoli Storage
Manager  Spectrum  UCMDB Manager
 ProactiveNet  eHealth  SiteScope
 Client Automation  Cohesion  Performance Agent
 Atrium Discovery &  ARCserve  DataProtector
Dependency Mapping  HP Operations

16
Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

17
Infrastructure Services for Production Environments

Function ESX ESXi

Time NTP agent in COS Built-in NTP service
synchronization
Centralized log Syslog agent in COS Built-in Syslog service
collection
SNMP monitoring SNMP agent in COS Built-in SNMP service
Persistent Logging Filesystem of the COS Log to files on datastore
Local access AD agent in COS, Built-in Built-in Active Directory
authentication Active Directory service service
Large-Scale Boot from SAN, PXE Boot from SAN, PXE
Deployment Install, Scripted installation install, Scripted install

New in vSphere 4.1

18
New Feature: PXE and Scripted Installation

Details
• Numerous choices for installation
• Installer booted from
• CD-ROM (default)
• Preboot Execution
Environment (PXE)
• ESXi Installation image on
• CD-ROM (default), HTTP/S,
FTP, NFS
• Script can be stored and accessed
• Within the ESXi Installer ramdisk
• On the installation CD-ROM
• HTTP / HTTPS, FTP, NFS
• Config script (“ks.cfg”) can include
• Preinstall
• Postinstall
• First boot

19
New Feature: PXE Installation

Requirements

• PXE-capable NIC

• DHCP Server (IPv4)

• Media depot + TFTP server + PXE

• A server hosting the entire content
of ESXi media

• Protocal: HTTP/HTTPS, FTP,

or NFS server.

• OS: Windows/Linux server

20
New Feature: Boot from SAN

Boot from SAN fully supported in ESXi 4.1

Requirements outlined in SAN Configuration Guide:

An iBFT (iSCSI Boot Firmware Table) NIC is required

 iBFT communicates info about the iSCSI boot device to an OS

21
Active Directory Integration

Provides authentication for all local services

 Remote access based on vSphere API, vSphere Client,

PowerCLI, etc

 Works with Active Directory users as well as groups

 Can grant varying levels of privileges, e.g. full administrative,

read-only or custom

 AD Group “ESX Admins” will be granted Administrator role

22
Configuration of Active Directory in vSphere Client

1. Select “Active Directory”

2. Click “Join Domain”
3. Provide valid credentials

23
Active Directory Service

• Host will appear in the Active Directory “Computers” Object listing

• vSphere Client will indicate which domain is joined

24
New Feature: Total Lockdown

Ability to totally control local access via vCenter Server

• Lockdown Mode (prevents all access except root on DCUI)
• DCUI – can additionally disable separately
• If both configured, then no local activity possible (except pull the plugs)

Access Mode Normal Lockdown

vSphere API (e.g., vSphere Any user, based on local None (except vCenter vpxuser)
Client, PowerCLI, vCLI, etc) roles/privileges

CIM Any user, based on local None (except via vCenter

role/privilege ticket)
DCUI Root and users with Admin Root only
privileges
Tech Support Mode (Local Root and users with Admin None
and Remote) privileges

25
Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

26
vCLI and PowerCLI: primary Scripting Interfaces

vSphere
vCLI Other utility PowerCLI Other
scripts languages

vSphere
vSphere SDK Client

vSphere Web Service API

vCLI and PowerCLI built on same API as vSphere Client

• Same authentication (e.g. Active Directory), roles and privileges, event logging
• API is secure, optimized for remote environments, firewall-friendly,
standards-based

27
New Feature: Additional vCLI Configuration Commands

Storage

• esxcli swiscsi session: Manage iSCSI sessions

• esxcli swiscsi nic: Manage iSCSI NICs

• esxcli swiscsi vmknic: List VMkernel NICs available for binding to particular
iSCSI adapter

• esxcli swiscsi vmnic: List available uplink adapters for use with a specified
iSCSI adapter

• esxcli vaai device: Display information about devices claimed by the VMware
VAAI (vStorage APIs for Array Integration) Filter Plugin.

• esxcli corestorage device: List devices or plugins. Used in conjunction with

hardware acceleration.

28
 Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

29
Summary of ESXi Diagnostics and Troubleshooting

Initial Diagnostics Advanced Situations

DCUI: misconfigs / restart mgmt agents
Browser vCLI

vSphere
APIs

TSM: In-depth troubleshooting

API Direct
Access ESXi Access

30
Diagnostic Commands for ESXi: vCLI

Familiar set of ‘esxcfg-*’ commands available in vCLI

• Names mapped to ‘vicfg-*’

• Also includes

• vmkfstools

• vmware-cmd

• resxtop

• esxcli: suite of diagnostic tools

31
New Feature: Additional vCLI Troubleshooting Commands

Network
• esxcli network: List active connections or list active ARP table entries.

Storage
• NFS statistics available in resxtop

VM
• esxcli vms vm kill: Forcibly stop VMs that do not respond to normal stop
operations, by using kill commands.
• # esxcli vms vm kill --type <kill_type> --world-id <ID>

• NOTE: designed to kill VMs in a reliable way (not dependent upon well-
behaving system)
• Eliminates one of the most common reasons for wanting to use TSM.

32
Browser-based Access of Config Files

https://<hostname>/host

33
Browser-based Access of Log Files

https://<hostname>/host/messages

34
Browser-based Access of Datastore Files

https://<hostname>/folder

Disk Descriptor

35
DCUI-based Troubleshooting

 Menu item to restart all

management agents,
including
­ Hostd
­ Vpxa

 Menu item to reset

all configuration
settings
­ Fix a misconfigured
vNetwork Distributed
Switch
­ Reset all configurations

36
New Feature: Full Support of Tech Support Mode

Two ways to access

• Local: on console of host (press “Alt-F1”)
• Remote: via SSH

37
New Feature: Full Support of Tech Support Mode

• Toggle on DCUI
• Disable/Enable
• Both Local and Remote
• Optional timeout
automatically disables
TSM (local and remote)
• Running sessions are
not terminated.
• New sessions are
rejected
• All commands issued in
Tech Support Mode are
sent to syslog

38
New Feature: Full Support of Tech Support Mode

Can also enable in vCenter Server

and Host Profiles

39
Tech Support Mode use cases

Recommended uses
•Support, troubleshooting, and break-fix
•Scripted deployment preinstall, postinstall, and first boot scripts
Discouraged uses
•Any other scripts
•Running commands/scripts periodically (cron jobs)
•Leaving open for routine access or permanent SSH connection
Admin will be
notified when active

40
New Feature: Additional Commands in Tech Support Mode

Additional commands for troubleshooting

• vscsiStat

• nc (netcat)

• tcpdump-uw

41
 Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

42
Is ESXi production and enterprise ready? YES

 The VMware ESXi hypervisor architecture can be deployed with any

vSphere edition and used to address any of its use cases
 VMware recommends ESXi for any installation of vSphere 4.x or higher

43
What is the VMware vSphere Hypervisor?

 VMware vSphere Hypervisor is the new name for what was formerly known
as VMware ESXi Single Server or free ESXi (often abbreviated to simply
“VMware ESXi”). 
 VMware vSphere Hypervisor is the free edition of the vSphere product line.
It is licensed to only unlock the hypervisor functionality of vSphere, but it
can be seamlessly upgraded to more advanced offerings of VMware
vSphere.
 vSphere Hypervisor is based only on the ESXi hypervisor
 vSphere Hypervisor is target to virtualization first time users

44
Is ESXi at feature parity with ESX? Yes!!

Capability ESXi 4.0 ESXi 4.1 ESX 4.1

Admin/config CLIs PowerCLI + vCLI PowerCLI + vCLI COS + vCLI + PowerCLI

Advanced Tech Support Mode Tech Support Mode COS

troubleshooting (restricted) (full support)

Scripted installation Not supported Supported Supported

Boot from SAN Not supported Supported Supported

SNMP Supported Supported Supported

Active Directory Not supported Integrated Integrated

HW monitoring CIM providers CIM providers 3rd party agents in COS

Jumbo frames Supported Supported Supported

Web Access Not supported Not supported Not supported

Total Lockdown Not available Supported Not available

45
How to plan an ESX to ESXi migration

Start testing ESXi

• If you’ve not already deployed, there’s no better time than the present

Ensure 3rd party solutions used by your customers are ESXi Ready
• Monitoring, backup, management, etc. Most already are.

• Bid farewell to agents!

Familiarize with ESXi remote management options

• Transition any scripts or automation that depended on the COS

• Powerful off-host scripting and automation using vCLI, PowerCLI, …

Plan an ESXi migration as part of vSphere upgrade

• Testing of ESXi architecture can be incorporated into overall vSphere testing

46
Agenda
 ESXi Convergence and ESXi Value Proposition
 Hardware Monitoring and System Management with ESXi
 Security and Deployment Options
 Command Line Interfaces
 Diagnostics and troubleshooting
 Answering common questions
 Resources and call to action

47
Call to action for VMware partners

 Learn about ESXi and become an expert

 Make sure your customers know about ESXi convergence in the
next release of vSphere
 Help your customers plan and complete their ESX to ESXi
migrations with their upgrade to vSphere 4.1
 When working on new vSphere 4.1 deployments advise your
customers to deploy ESXi directly

48
Visit the ESXi and ESX Info Center today

http://vmware.com/go/ESXiInfoCenter

49
VMware ESXi: Planning, Implementation, Security

 Title: VMware ESXi: Planning,

Implementation, and Security

 Author: Dave Mischenko

 ISBN: 1435454952

 List Price: $49.99

 Release Date: October 2010

50