HOL-SDC-1610
Table of Contents Lab Overview - HOL-SDC-1610 - Virtualization 101: vSphere with Operations Management 6.................................................................................................................. 3 Lab Guidance .......................................................................................................... 4 What is Virtualization? ............................................................................................ 6 Module 1: Introduction to vSphere with Operations Management - (60 Minutes) ........... 17 VMware vSphere with Operations Management Overview.................................... 18 Understanding the Interface - vSphere Web Client ....................................... 21 Understanding the Interface - vRealize Operations Manager........................ 45 How to Install vSOM .............................................................................................. 64 Additional Information .......................................................................................... 66 Module 2: Build and Manage your Virtual Infrastructure - (90 Minutes) .......................... 67 Virtual Infrastructure - Cluster Management ......................................................... 68 Virtual Infrastructure - Create and Edit a Virtual Machine ..................................... 69 Virtual Infrastructure - Migrate a Virtual Machine ................................................. 88 Virtual Infrastructure - Working with Virtual Machine Snapshots .......................... 93 Virtual Infrastructure - Cloning Virtual Machines and Using Templates ............... 107 Virtual Infrastructure - Virtual Machine Monitoring and Remediation.................. 124 Virtual Infrastructure - Working with the Virtual Standard Switch ...................... 148 Abstraction of Storage for More Efficient Management and Better Control......... 165 Abstraction of Storage - Managing Your Storage................................................. 190 Getting Started with Update Manager ................................................................ 199 Build and Manage your Virtual Infrastructure - Scale Out ................................... 212 Additional Information......................................................................................... 214 Module 3: Manage Capacity Risk and Plan for the Future - (60 Minutes) ...................... 215 Manage Capacity and Risk .................................................................................. 216 Increase Operational Efficiency........................................................................... 237 Ensure Future Capacity Through Capacity Modeling ........................................... 253 Module 4: Optimize Workload Performance while Maintaining Business Priorities - (60 Minutes) ........................................................................................................................ 267 Module Preparation ............................................................................................. 268 Storage DRS........................................................................................................ 284 Storage Policy Based Management (SPBM)......................................................... 287 Right Size ............................................................................................................ 290 Demonstrate automatic load balancing for assuring proper resource allocation 310 Workload Placement (WLP) Rebalance ................................................................ 346 Module 5: Ensure Business Continuity and Availability - (60 Minutes) .......................... 357 Show automatic restart of virtual machines after a host failure ......................... 358 Demonstrate resilience to network component failures...................................... 398 vSphere Data Protection and vSphere Replication .............................................. 411 Module 6: Simplify Security and Compliance - (60 Minutes) ......................................... 412 Introduction to vSphere Hardening ..................................................................... 413 Ensure auditability of istrative actions ...................................................... 432 HOL-SDC-1610
Page 1
HOL-SDC-1610
Demonstrate authorization capabilities ...................................................... 448 Managing and Tracking Change .......................................................................... 488 Module 7: Log Management with vRealize sight - (60 Minutes)........................... 506 Overview of vRealize sight ........................................................................ 507 Configuring vCenter & vSphere Integration ........................................................ 513 sight Standalone Instance to sight Cluster....................................... 534 Event Forwarding ................................................................................................ 545 Exploring vSphere Log Events............................................................................. 552 Installing Content Packs ...................................................................................... 566 Installing & Managing sight Agents ........................................................... 585 Integrate vRealize sight with vRealize Operations Manager ...................... 599 Conclusion........................................................................................................... 624 Module 8: From Beginner to Advanced Features with PowerCLI - (60 Minutes)............. 625 Module overview ................................................................................................. 626 Getting Started With PowerShell and PowerCLI................................................... 627 Using PowerCLI for reporting............................................................................... 632 Exporting report results to various formats......................................................... 636 Setting up and configuring a cluster ................................................................... 642 Moving hosts to the cluster ................................................................................. 645 Setting up and configuring virtual distributed switch.......................................... 647 Creating a VM and vMotioning it between the hosts ........................................... 650 Creating multiple VMs and tagging them appropriately...................................... 652 Modifying multiple VMs based on their tag ......................................................... 658 Configuring and deploying an OFV template ...................................................... 660 Further Reading................................................................................................... 662
HOL-SDC-1610
Page 2
HOL-SDC-1610
Lab Overview - HOLSDC-1610 - Virtualization 101: vSphere with Operations Management 6
HOL-SDC-1610
Page 3
HOL-SDC-1610
Lab Guidance This introductory lab demonstrates the core features and functions of vSphere with Operations Management (VSOM) and vCenter 6.0. This lab is an ideal place to begin your journey in Virtualization. This lab will walk you through the core features of vSphere, vSphere with Operations Management, and vCenter, including storage and networking. The lab is broken into 8 Modules which can be taken in any order. • • • •
Module 1 - Introduction to vSOM (60 Minutes) Module 2 - Build and Manage your Virtual Infrastructure (90 Minutes) Module 3 - Manage, Optimize, and Plan Infrastructure Capacity (60 Minutes) Module 4 - Optimize Workload Performance While Maintaining Business Priorities (60 Minutes) • Module 5 - Ensure Business Continuity and Availability (60 Minutes) • Module 6 - Simplified Security and Compliance (60 Minutes) • Module 7 - From Beginner to Advanced Features with PowerCLI (60 Minutes) NOTE: If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI commands, names and s throughout the modules in this lab. Each Module will take approximately 60-90 minutes to complete, but based on your experience this could take more or less time. We have included videos throughout the modules of this lab. To get the most out of these videos, it is recommenced that you have headphones to hear the audio. The timing of each video is noted next to the title. In some cases, videos are included for tasks we are unable to show in a lab environment, while others are there to provide additional information. Some of these videos may contain an earlier edition of vSphere, however, the steps and concepts are primarily the same. This Hands-On Lab uses a beta version of vRealize Operations Manager which is still undergoing development before final release. Product features that are included in this lab are subject to change and there is no commitment from VMware to deliver them in any generally available product. Lab Captains: Phil Balfanz, Paval Dimitrov, Pierre Grothe, Tom Lusk, Carl Olafson This lab manual can be ed from the Hands-on Labs Document site found here: http://docs.hol.pub/HOL-2016/hol-sdc-1610_pdf_en.pdf This lab may be available in other languages. To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:
HOL-SDC-1610
Page 4
HOL-SDC-1610
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
Activation Prompt or Watermark When you first start your lab, you might notice a watermark on the desktop indicating that Windows is not activated. One of the major benefits of virtualization is that virtual machines can be moved and run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters. However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet. Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements. The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to the activation. Without full access to the Internet, this automated process fails and you see this watermark. This cosmetic issue has no effect on your lab. If you have any questions or concerns, please feel free to use the made available to you either at VMworld in the Hands-on Labs area, in your Expert-led Workshop, or online via the survey comments as we are always looking for ways to improve your hands on lab experience.
Disclaimer This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined.
HOL-SDC-1610
Page 5
HOL-SDC-1610
What is Virtualization? If you are not familiar with Virtualization, this lesson will give you an introduction to it.
Virtualization: Today's x86 computer hardware was designed to run a single operating system and a single application, leaving most machines vastly underutilized. Virtualization lets you run multiple virtual machines on a single physical machine, with each virtual machine sharing the resources of that one physical computer across multiple environments. Different virtual machines can run different operating systems and multiple applications on the same physical computer.
HOL-SDC-1610
Page 6
HOL-SDC-1610
Virtualization Defined Virtualization is placing an additional layer of software called a hypervisor on top of your physical server. The hypervisor enables you to install multiple operating systems and applications on a single server.
HOL-SDC-1610
Page 7
HOL-SDC-1610
Separation By isolating the operating system from the hardware, you can create a virtualizationbased x86 platform. VMware's hypervisor based virtualization products and solutions provide you the fundamental technology for x86 virtualization.
HOL-SDC-1610
Page 8
HOL-SDC-1610
Partitioning In this screen, you can see how partitioning helps improve utilization.
HOL-SDC-1610
Page 9
HOL-SDC-1610
Isolation You can isolate a VM to find and fix bugs and faults without affecting other VMs and operating systems. Once fixed, an entire VM Restore can be performed in minutes.
HOL-SDC-1610
Page 10
HOL-SDC-1610
Encapsulation Encapsulation simplifies management by helping you copy, move and restore VMs by treating entire VMs as files.
HOL-SDC-1610
Page 11
HOL-SDC-1610
Hardware Independence VMs are not dependent on any physical hardware or vendor, making your IT more flexible and scalable.
HOL-SDC-1610
Page 12
HOL-SDC-1610
Benefits Virtualization enables you to consolidate servers and contain applications, resulting in high availability and scalability of critical applications.
HOL-SDC-1610
Page 13
HOL-SDC-1610
Simplify Recovery Virtualization eliminates the need for any hardware configuration, OS reinstallation and configuration, or backup agents. A simple restore can recover an entire VM.
HOL-SDC-1610
Page 14
HOL-SDC-1610
Reduce Storage Costs A technology called thin-provisioning helps you optimize space utilization and reduce storage costs. It provides storage to VMs when it's needed, and shares space with other VMs.
HOL-SDC-1610
Page 15
HOL-SDC-1610
Cost Avoidance
HOL-SDC-1610
Page 16
HOL-SDC-1610
Module 1: Introduction to vSphere with Operations Management - (60 Minutes)
HOL-SDC-1610
Page 17
HOL-SDC-1610
VMware vSphere with Operations Management Overview VMware vSphere with Operations Management (VSOM) delivers an environment optimized for efficient server virtualization management by pairing VMware vSphere, the world's leading virtualization platform along with vRealize Operations Manager. This combination delivers vSphere optimized for efficient server virtualization management by adding critical capacity management and performance monitoring capabilities. It is designed for businesses of all sizes to run applications at high service levels and maximize hardware savings through higher capacity utilization and consolidation ratios.
Simplify IT Management of Virtual Infrastructure Environments vSphere with Operations Management offers a more intuitive interface than vCenter Server and improves monitoring capabilities by adding predictive analytics to enable faster problem discovery and remediation as well as more efficient resource management. Key Features of VMware vSphere with Operations Management Unified Command Console displays key performance indicators in easily identifiable colored badges and provides a comprehensive view into what is driving current and potential future performance and capacity management issues. Performance Monitoring and Capacity Management analyzes vCenter Server performance data and establishes dynamic thresholds that adapt to the environment and provide smart alerts about health degradations, performance bottlenecks and capacity shortfalls: • Performance data is abstracted to health, risk and efficiency measures that provides IT with operations visibility to effectively identify developing performance. problems with less time and effort. • Capacity management helps identify idle or overprovisioned VMs to reclaim excess capacity and increase VM density without impacting performance. • Capabilities are equivalent to Standard edition of vRealize Operations Manager and available as an appliance that is accessible within minutes. Increased Performance and Availability of Mission-Critical Applications through new and enhanced functionality to deliver greater agility, efficiency and resiliency at high service levels for your IT environments:
HOL-SDC-1610
Page 18
HOL-SDC-1610
• Increased Host-Level Configuration Maximums (logical Us increased to 320) and for 62TB Virtual Machine Disk File (VMDK). • Flash Read Cache leverages server-side caching for enhanced performance of applications. • VM Latency reduction by reserving memory, dedicating U cores and disabling network features prone to high latency. • App HA works in conjunction with VMware vRealize Hyperic to monitor application services • running inside the virtual machine and performs restart actions as defined by the • when issues are detected • Big Data Extensions (BDE) plug-in enables s to deploy and manage Hadoop clusters on vSphere
HOL-SDC-1610
Page 19
HOL-SDC-1610
vSphere Hypervisor: Introduction to Virtualization (5:50)
Here is a short video that will explain some of the basic concepts of server virtualization.
Video: vSphere with Operations Management - Overview (3:13)
Here is a short video that will show you the benefits to using VSOM in your environment.
HOL-SDC-1610
Page 20
HOL-SDC-1610
Understanding the Interface vSphere Web Client With the release of VMware vRealize Operations Manager 6.0, the Interface has been consolidated into a single interface. This new Merged Interface provides a single customizable series of s which can be used to access all object types, across the entire environment. This includes both vSphere and non-vSphere oriented objects. This interface is also highly customizable, with consolidated alerting and consistent views and features.
Using the vSphere 6.0 Web Client The vSphere Web Client is the primary method for system s and end s to interact with the virtual data center environment created by VMware vSphere. vSphere manages a collection of objects that make up the virtual data center, including hosts, clusters, virtual machines, data storage, and networking resources. The vSphere Web Client is a Web browser-based application that you can use to manage, monitor, and ister the objects that make up your virtualized data center. You can use the vSphere Web Client to observe and modify the vSphere environment in the following ways. • Viewing health, status, and performance information on vSphere objects • Issuing management and istration commands to vSphere objects • Creating, configuring, provisioning, or deleting vSphere objects You can extend vSphere in different ways to create a solution for your unique IT infrastructure. You can extend the vSphere Web Client with additional GUI features to these new capabilities, with which you can manage and monitor your unique vSphere environment.
to the vSphere Web Client Using the Firefox web browser, navigate to the URL for the Web client. For this lab, you can use the shortcut in the address bar. 1. Click on bookmark for "Site A Web Client" 2. Click on "Use Windows session authentication" 3. Click "" Alternatively, you could use these credentials 1. Enter name ""
HOL-SDC-1610
Page 21
HOL-SDC-1610
2. "VMware1!" (without quotes) Please Note: All of the credentials used in this lab are listed in the REE.TXT file on the desktop.
vSphere Web Client Interface Overview When you to the Web Client, you will be taken to the Home Screen. The vSphere Web Client is broken into 6 main areas also referred to as panes. 1. 2. 3. 4. 5. 6.
Navigation Tree or Navigator Main Content area Search Bar Alarms list Work in Progress list Recent Tasks list
HOL-SDC-1610
Page 22
HOL-SDC-1610
The layout of these panes can be customized. Click the push pin icon in the Navigator, Recent Tasks, Work in Progress, or Alarms panes to minimize them. This can create more room for the main area if you are working on a small monitor or one with low resolution. You can also change where each of those panes are shown by dragging the title bar of the pane to one of the edges of the screen. Please Note: In this lab, since our screen size is limited, we have set all the panes to be minimized by default to give you the most screen real estate possible. You can open any of the panes at your convenience and click on the push pin in any pane to allow it to stay on the screen.
HOL-SDC-1610
Page 23
HOL-SDC-1610
vCenter 6.0 Inventory From the Home screen, you can click on "vCenter Inventory Lists" either in the Navigator pane, or the Main content area. Clicking vCenter Inventory Lists will take you to the Inventory page where you will find all the objects associated with the vCenter Server systems, such as datacenters, hosts, clusters, networking, storage, and virtual machines.
Navigating to the Inventory Items Inventory lists allow you to view aggregated lists of objects across vCenter Server systems. For this example, we will navigate to Virtual Machines Inventory. 1. Click on "Virtual Machines" inventory item. You can view objects of other types by navigating to those object categories in the Inventory list.
HOL-SDC-1610
Page 24
HOL-SDC-1610
Please Note: There are "Getting Started" pages to help familiarize s with navigating the vSphere Web Client. Once you are familiar with the Web Client, you can hide these pages. Simply click on the "Help" dropdown and select the option to "Hide All Getting Started Pages".
HOL-SDC-1610
Page 25
HOL-SDC-1610
Virtual Machine Inventory List The Virtual Machine inventory page will show you the list of virtual machines associated with the vCenter server system. For a given virtual machine, the "Summary" page will detail relevant information about that machine. 1. Click the "linux-base-01a" virtual machine. 2. Click the "Summary" Tab for that virtual machine.
HOL-SDC-1610
Page 26
HOL-SDC-1610
Virtual Machine Summary On this page you are able to see all the details regarding the virtual machine. We can view details of the virtual machine, as well as change them. The purpose of this exercise was to familiarize you with navigating through the vCenter Inventory List. We will explore the virtual machine further in Module 2.
Using the Tag and Search Features to Find Objects Quickly The vSphere 6.0 Web Client now provides some powerful search options. This lesson will guide you through the different search options to find the inventory of interest quickly. Also, a new feature of vCenter Inventory Service enables s to create custom defined tags that can be categorized and added to any inventory objects in the environment. These tags are searchable metadata and reduce the time to find inventory object information. This lab will cover how to create tags and search using those tags.
Search Options We have different search options, "New Search", "Saved Searches" and "Quick Search". Let's first take a look at "New Search"
HOL-SDC-1610
Page 27
HOL-SDC-1610
1. From anywhere in the web client, click the "Home" icon to show the Home Menu. 2. Click "New Search"
HOL-SDC-1610
Page 28
HOL-SDC-1610
Search for Virtual Machines For this lesson, we will search for a virtual machine. 1. Let's do a simple search by entering "vm" in the search box. 2. Click "Search" 3. In the inventory pane search results are returned that have been grouped by object type. 4. The inventory list for the object type selected will be displayed.
HOL-SDC-1610
Page 29
HOL-SDC-1610
Virtual Machines That Exist in the Environment The search has also created tabs that group by object type. 1. Select the "Virtual Machines" tab, a list of VM's that exist in the environment is returned. 2. Now let's search for a specific tag. Click the "Advanced Search" link.
HOL-SDC-1610
Page 30
HOL-SDC-1610
Advanced Search Using advanced search allows you to search for managed objects that meet multiple criteria. For example, you can search for virtual machines matching a search string. The virtual machines reside on hosts whose names match a second search string. Let's do a search for virtual machines to check VMware Tools status. 1. 2. 3. 4. 5. 6.
Change the field shown to "Virtual Machine". For the property Field click "Virtual Machine Name" Click the drop down menu to select the "Current" criteria. Click the "Search" button. The results are displayed in the results screen. This search can be used in the future so let's save the search. Click "Save..."
HOL-SDC-1610
Page 31
HOL-SDC-1610
Name the Search 1. There will be a default Name, but let's enter "Application VMs" for the name of the search. 2. Click "OK"
View Saved Searches 1. Click on the "Home" icon at the top of the screen 2. Click on "Saved Searches"
HOL-SDC-1610
Page 32
HOL-SDC-1610
Saved Search Results 1. Click the saved search "Application VMs" 2. A list of the VM's with "App" in their name is returned in the results window.
Quick Search 1. In the upper right hand corner, enter "vm" in the Quick Search field. A pop-up window is displayed that shows filtered items which match. 2. Click "VM Network" next to the "Distributed Port Group" heading.
List of Virtual Machines 1. Select "Virtual Machines" on the left side of the screen.
HOL-SDC-1610
Page 33
HOL-SDC-1610
2. Select "Related Objects" on the right. An expanded list of virtual machines is shown.
Recent Objects Navigator A very useful tool that is part of the Navigator screen is the Recent Objects Navigator. Simply click on the icon and recently visited objects will populate the list.
Recent History Navigator The Recent History Navigator feature allows you to navigate backwards as well as forwards through items that you have recently worked on.
HOL-SDC-1610
Page 34
HOL-SDC-1610
• To view your current history, Right-click or hold on the Navigator bar. • Click the arrows to navigate forward and backwards through your history.
HOL-SDC-1610
Page 35
HOL-SDC-1610
Tags, Defined Labels Tags allow you to add metadata to inventory objects. You can record information about your inventory objects in tags and use the tags in searches. 1. Click the "Home" Menu 2. Select "Tags" to create tag categories and tags.
HOL-SDC-1610
Page 36
HOL-SDC-1610
Create Tag Categories You use categories to group tags together and define how tags can be applied to objects. Every tag must belong to one and only one category. You must create at least one category before creating any tags. 1. Click "New Category"
HOL-SDC-1610
Page 37
HOL-SDC-1610
New Tag Category Associable Object Types: We will use the default which states that the new tag in this category can be assigned to all objects. The other option is you can specify a specific object, such as virtual machines or datastores. 1. Enter "web tier" for the Category Name. 2. Keep the default "One tag per object" 3. Click "OK"
HOL-SDC-1610
Page 38
HOL-SDC-1610
Create a New Tag Click "New Tag" to create a new tag.
HOL-SDC-1610
Page 39
HOL-SDC-1610
Tag Creation and Assign to a Category 1. To create a new tag, enter "Web Server version 2" 2. Click the tag category "web tier" in the drop down box. 3. Select "OK" To review the category and tags you created, select the "Items" tab. In this screen, you can review and edit the categories and tags. New categories and tags also can be created in this screen.
List Created Tags 1. When the "Items" tab is selected, a list of the created tags is returned. Notice there is also a Categories tab, which would list the categories which have been created.
HOL-SDC-1610
Page 40
HOL-SDC-1610
Assign Tags to a Virtual Machine 1. Click the "Home" Menu 2. Click "VMs and Templates"
HOL-SDC-1610
Page 41
HOL-SDC-1610
Select a Virtual Machine 1. Right-click the virtual machine "linux-base-01a". You may need to expand the navigation tree on the left side to expose the VMs. 2. Find "Tags & Custom Attributes" 3. Click "Assign Tag"
HOL-SDC-1610
Page 42
HOL-SDC-1610
Assign Tag to Virtual Machine 1. Click the "Web Server Version 2" tag 2. Click "Assign". A task is created and the tag is assigned.
Search Using Tags 1. In the Quick Search field enter "we" 2. Select the tag "Web Server Version 2"
HOL-SDC-1610
Page 43
HOL-SDC-1610
Search Results 1. Click on the "Related Objects" tab to find the list of objects which have been assigned the "Web Server Version 2" tag
HOL-SDC-1610
Page 44
HOL-SDC-1610
Understanding the Interface vRealize Operations Manager Interface Overview One of the major advantages to the new Interface in VMware vRealize Operations Manager is that the content s are extremely consistent while also being contextually relevant. In this section we will highlight a few of the major interface components, so that you can easily understand how to navigate to the objects of interest.
HOL-SDC-1610
Page 45
HOL-SDC-1610
Logging into vRealize Operations Manager To to vRealize Operations Manager (vROPs), open up the Firefox Browser on your desktop, 1. Click on the Bookmark "vROPs-01a" 2. Enter name "" 3. "VMware1!" (without quotes)
HOL-SDC-1610
Page 46
HOL-SDC-1610
Navigation When you , you will be at the Home Page. On the left of the screen we can always see the Navigation . This can be used to quickly navigate whatever information is currently on screen, and will allow you to focus down to different levels very quickly.
HOL-SDC-1610
Page 47
HOL-SDC-1610
Content On the right hand side of the screen we can see the Content , which will show whatever contextual information is currently selected in the Navigation . This will automatically change to show you the most up to date and relevant information.
HOL-SDC-1610
Page 48
HOL-SDC-1610
Quick Links By default, the Navigation will show us key links to access the various content pages, which can also be found in a handy Quick Link format at the top. These five links take us to the various control s in vRealize Operations Manager 6.0. Also of note, the Back Button will return you to previous working pages, in an intelligent way. This can be very time saving when you are navigating through the interface troubleshooting a performance problem in your environment!
HOL-SDC-1610
Page 49
HOL-SDC-1610
Home Page The Home Page is the landing page for vRealize Operations Manager 6.0. This is the primary view where an can browse and view the available Dashboards. Any 3rd party or add-on Solution which create a Dashboard will make it visible here, so this screen is a great way to get quick overviews of your environment. Dashboards can be quickly accessed using the appropriate tab if visible, or selected directly using the handy Dashboard List dropdown selector.
HOL-SDC-1610
Page 50
HOL-SDC-1610
Alerts Page The Alerts Page shows a chronologically sorted list of recent Alerts in your environment that need attention. Alerts are categorized based on their criticality, status, and impact on health, risk, or efficiency. You can quickly filter Alerts by Badge type by selecting the appropriate Badge Category from the Navigation Pane, or by typing in a search term in the Quick Filter box.
Environments Page The Environment Page helps us view our environment through a series of metrics and object relationships by using Inventory Trees. There are different types of Inventory Trees, which can be added by Adapters. Inventory Trees can have different types (ie. Storage, Hosts & Clusters, Networking, etc), and also Instances (ie. Each vCenter would create an instance of Hosts & Clusters). Each Inventory Tree shows us a series of Objects and Relationships between those Objects. Individual Objects can be part of many different Inventory Trees. InventoryTrees will quickly help you navigate your environment and visualize relationships between parent and child relationships. The Environment Page is divided up into a series of sub tabs: • Summary: Shows concerns about the currently selected object and its child objects. • Alerts: Shows all Alerts which have been raised for the currently selected object only.
HOL-SDC-1610
Page 51
HOL-SDC-1610
• Analysis: Shows us Badge scores for the current object (Workload, Anomalies, Faults, etc) • Troubleshooting: Shows detailed metrics for this object, including the extremely powerful All Metrics tab. • Details: Shows Views and Heatmaps for the currently selected object. • Environment: Shows a visualization view which can be used to quickly assess problem relationships. • Projects: Capacity Planning view. • Reports: Reporting tools. Each sub-tab can be used to quickly access the information you are interested in, to help troubleshoot the issue at hand faster and more accurately.
HOL-SDC-1610
Page 52
HOL-SDC-1610
Content Page This page is an extremely powerful tool which s can leverage to build content for vRealize Operations Manager 6.0, including Dashboards and Alerts. We will cover the creation of these tools in detail in modules.
HOL-SDC-1610
Page 53
HOL-SDC-1610
Reports From the Environment Page, we can access the reports in vRealize Operations Manager. Reports are a scheduled snapshot of views. You can create a report to represent objects and metrics. With vRealize Operations Manager reporting functions, you can generate a report to capture details related to current or predicted resource needs. You can the report in PDF or CSV file format for future and offline needs. Reports can also be scheduled to run at a defined interval and emailed to recipients. 1. Click on the "Environment" Quick Link 2. Scroll down in the Navigation and select "vSphere Hosts and Clusters"
Navigate to an Object to Run a Report We run reports from the Report Templates Tab. On the Report Templates tab, you can create, edit, delete, clone, run, schedule, export, and import templates. The Report Templates icon is available when you select an object from the Environment tab in the left pane.
HOL-SDC-1610
Page 54
HOL-SDC-1610
All templates that are applicable for the selected object are listed on the Report Templates tab. You can order them by report name, subject, date they were modified, last run, or owner. Click on the "Reports" tab 1. Click on the Small Triangle next to "vSphere World" to expand the vSphere Hosts and Clusters view. Notice the reports available in the Content . 2. Expand the tree to view Cluster Site A
Use The Report Filter and Run a Report You can filter the templates list by adding a filter from the right side of the . 1. Click on "Cluster Site A" - Notice that the reports available in the Content change to reports that are applicable to this object. 2. In the Filter Box, type "Stressed", this will filter our view to report templates that contain the search text. 3. Highlight the "Stressed VMs Report" (Do not click on "Generated reports" or "Schedules") 4. Click on the "Run Template" icon
HOL-SDC-1610
Page 55
HOL-SDC-1610
When you run the report, you will notice the Generated Reports field change from "0" to "1" indicating the report is running.
View Completed Reports The report will be shown in the Generated Reports list. 1. Click on the "Generated Reports" tab 2. The status should show as In queue or Completed, if it shows as In queue, click on the "Refresh" icon periodically until the status changes to Completed 3. Click on the "PDF" icon to open the report.
HOL-SDC-1610
Page 56
HOL-SDC-1610
Open the Report 1. Select "Google Chrome" 2. Click "OK" You can now view the report you just generated in the Google Chrome Browser.
HOL-SDC-1610
Page 57
HOL-SDC-1610
Viewing the Report The Report will open up in Google Chrome and we can view the contents. The Title page will show pertinent information regarding the report including the object it was run against, when it was run, and who ran the report.
Understanding the Report The Stressed VMs Report will show which virtual machines in our environment are under stress, and what resources are stressed. In our lab, we have provisioned the virtual machines to be as small as possible to minimize the resources we use in the HOL environment. • Effective Capacity is the current resource capacity for the VM • Recommended Size is the vROPs recommendation based on how stressed the VM is for that resource.
HOL-SDC-1610
Page 58
HOL-SDC-1610
Please Note: You can also export a report in CSV format, which depending on the report content may be a more useful format.
istration Page The istration Page contains all istration options including Solutions (Adapters), Management and tools. • Solutions - vRealize Operations Manager includes a page where you can add and manage solutions, which include the adapters that connect you to the data to monitor and manage. Solutions are delivered as management packs that include content and adapters. Adapters are how vRealize Operations Manager manages communication and integration with other products, applications, and functions • Policies - The Active Policies tab displays the policies associated with groups of objects. You can manage the active policies for the objects in your environment so that you can have vRealize Operations Manager analyze and display specific data about those objects in dashboards, views, and reports. • Inventory Explorer - vRealize Operations Manager discovers objects in your environment for each adapter instance and lists them. From the complete list of all the objects in your environment, you can quickly access and configure any object. For example, you can check if a datastore is connected or providing data, or you can power on a virtual machine. • Access Control - Each must have a unique with one or more roles assigned to enforce role-based security when they use vRealize Operations Manager. You create a , and assign the to be a member of one or more groups to allow the to inherit the roles associated with the group and to access the objects associated with the group. You assign individual role types to the to set their privileges, and select the objects in your environment that the can access. • Object Relationships - Objects in an enterprise environment are related to other objects in that environment. Objects are either part of a larger object, or they contain smaller component objects, or both. When you select a parent
HOL-SDC-1610
Page 59
HOL-SDC-1610
object, vRealize Operations Manager shows any related child objects. You can delete a child object or add more child objects from the list of objects in your environment.
HOL-SDC-1610
Page 60
HOL-SDC-1610
Dashboards vRealize Operations Dashboards present a visual overview of the performance and state of objects in your virtual infrastructure. You use dashboards to determine the nature and timeframe of existing and potential issues with your environment. When you first to vRealize Operations Manager, you will land on the Home page. From here, you can go to the Content pane and view the dashboards that provide a unified view of operations across the entire infrastructure. To access the available dashboards 1. Navigate to the "Home" page 2. Click on the dashboards listed in the content pane 3. Click on the navigation arrows at the corners of the content pane to access the additional dashboards
Enabling and Disabling Dashboards When we add a management pack, the management pack will generally include dashboards, you can select which of these dashboards are visible. For this lab, we have already installed the Management Pack for Storage Devices. This Management Pack comes with preconfigured dashboards that will be useful in monitoring your environment.
HOL-SDC-1610
Page 61
HOL-SDC-1610
This Management Pack can connect to any storage device that has a VASA provider, and SAN/NAS Switches from Brocade or Cisco using SMI-S. Performance Data is collected from host HBA's, NIC, VMs, and SAN/NAS Switches. To enable the dashboards for MPSD 1. 2. 3. 4.
Click on the "Home" icon Click on the Dashboard List dropdown Hover your cursor over "MPSD" Select the "NFS" protocol and you can see the dashboards that will be displayed
HOL-SDC-1610
Page 62
HOL-SDC-1610
View the NFS Dashboards The NFS Dashboards are now visible 1. Click on the icons to navigate to the NFS Dashboards 2. Click on the NFS Dashboards and review the information. For a more in-depth look at vRealize Operations Interface, including Dashboards, Views, and Reports, please take lab HOL-SDC-1601 Module 2.
HOL-SDC-1610
Page 63
HOL-SDC-1610
How to Install vSOM Due to the environment the Hands on Labs are running in and the high I/O it would cause, we are not able to install software. Please use the following videos to walk through the process.
Video: Installing ESXi using the Installer (4:35)
The following video will walk through the process of installing and configuring vSphere.
HOL-SDC-1610
Page 64
HOL-SDC-1610
Video: Overview of the ESXi Direct Console Interface (4:58)
This video will walk you through the Direct Console Interface (DCUI)
Video: Express Installation and Getting Started -vRealize Operations Manager 6 (6:40)
This video walks you through the express installation of vRealize Operations Manager (vROPs)
HOL-SDC-1610
Page 65
HOL-SDC-1610
Additional Information We hope you have enjoyed taking this module and have a better understanding of the basics of using vSphere with Operations Management. Be sure to take the survey at the end. For more information on vRealize Operations Management, here is a list of additional online resources you can use: • vRealize Operations Manager Video Repository https://www.vmware.com// vrealize-operations-Manager-6-video.html • VMware Feature Walkthrough vSphere with Operations Management Page http://featurewalkthrough.vmware.com/#!/vsphere-with-operationsmanagement-6 If you have time remaining, here is a list of all the Modules that are part of this lab, along with an estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to that Module in the manual. The complete listing of all eight modules are: •Module 1 - Introduction to vSOM (60 Minutes) •Module 2 - Build and Manage your Virtual Infrastructure (90 Minutes) •Module 3 - Manage Capacity Risk and Plan for the Future - (60 Minutes) •Module 4 - Optimize Workload Performance While Maintaining Business Priorities (60 Minutes) •Module 5 - Ensure Business Continuity and Availability (60 Minutes) •Module 6 - Simplified Security and Compliance (60 Minutes) •Module 7 - Log Management with vRealize sight - (60 Minutes) •Module 8 - Power CLI (60 Minutes)
HOL-SDC-1610
Page 66
HOL-SDC-1610
Module 2: Build and Manage your Virtual Infrastructure - (90 Minutes)
HOL-SDC-1610
Page 67
HOL-SDC-1610
Virtual Infrastructure - Cluster Management A vSphere cluster lets you aggregate the hardware resources of individual vSphere ESXi hosts but manage the resources as if they resided on a single host. Now, when you power on a virtual machine, it can be given resources from anywhere in the cluster, rather than be tied to a specific vSphere ESXi host. When a host is added to a cluster, the host's resources become part of the cluster's resources. Clusters enable vSphere High Availability (HA) and vSphere Distributed Resource Scheduler (DRS) solutions.
Video: Create vCenter Inventory (Datacenter, Cluster, Hosts) for VMware vSphere (2:51)
The following video will show the basics to getting started creating your VMware vCenter Server Inventory using the vSphere Web Client.
HOL-SDC-1610
Page 68
HOL-SDC-1610
Virtual Infrastructure - Create and Edit a Virtual Machine In this lesson, you will walk through creating a virtual machine and editing its settings.
Create a Virtual Machine There are several ways to create a new VM using the vSphere Web Client. We will be using the top of the hierarchy which is the vCenter Server. 1. Navigate to the "Home" icon at the top of the screen. Note that you do not need to click on the icon. 2. Select "VMs and Templates"
HOL-SDC-1610
Page 69
HOL-SDC-1610
Create a Virtual Machine 1. 2. 3. 4.
Click on the arrow to expand the vcsa-01a.corp.local tree Click on "DataCenter Site A" If necessary, scroll down in the Window. Click on "Create a new virtual machine"
HOL-SDC-1610
Page 70
HOL-SDC-1610
Start the New Virtual Machine Wizard Notice the many options for deploying a new virtual machine. For this lesson, we will use the "Create a New Virtual Machine" option. 1. Click "Next"
HOL-SDC-1610
Page 71
HOL-SDC-1610
Name the Virtual Machine Enter a name for the new virtual machine 1. Type in "linux-Web-01a" 2. Click "Next"
HOL-SDC-1610
Page 72
HOL-SDC-1610
Virtual Machine Placement Expand "DataCenter Site A" Since Distributed Resource Scheduling {DRS} is not enabled, you need to select the host to place the new virtual machine. 1. Expand the tree and select host "esx-01a" 2. Click "Next"
HOL-SDC-1610
Page 73
HOL-SDC-1610
Select the Datastore We need to select a datastore to place the new virtual machine. 1. Select the Datastore "ds-site-a-nfs01" 2. Click "Next"
HOL-SDC-1610
Page 74
HOL-SDC-1610
Select Hardware Compatibility The version of virtual hardware that your virtual machine is built on will determine which hosts it can run on. If you have older hosts (ESXi 5.x) in your environment, you would need to select the corresponding version of virtual hardware. For our environment, our hosts are ESXi 6.0, so we can use the latest virtual hardware version 11. 1. Select "ESXi 6.0 and later" from the dropdown box. Click "Next".
HOL-SDC-1610
Page 75
HOL-SDC-1610
Select Guest Operating System We need to identify which guest OS will be installed on the new virtual machine. This will allow the wizard to provide appropriate default installation parameters. 1. From the Guest OS Family dropdown select "Linux" 2. From the Guest OS Version dropdown select "Other Linux (64-bit)" 3. Click "Next"
HOL-SDC-1610
Page 76
HOL-SDC-1610
Customize Virtual Machine Hardware We can now the virtual hardware for our new virtual machine and make modifications if necessary. 1. We can easily add or modify hardware for the virtual machine including U. Memory, or Hard drive space if necessary from the corresponding dropdown boxes on this page. 2. Click "Next"
HOL-SDC-1610
Page 77
HOL-SDC-1610
Review New Virtual Machine Settings Review the settings for the new virtual machine, if you are satisfied, click "Finish" to start the creation task.
HOL-SDC-1610
Page 78
HOL-SDC-1610
Power On linux-Web-01a Once the virtual machine has been created, we can now power it on. 1. 2. 3. 4. 5.
Click on "Hosts and Clusters" Expand vcsa-01a.corp.local, DataCenter Site A, and Cluster Site A Right-click on "linux-Web-01a" Expand the menu by hovering over "Power" Click on "Power On"
HOL-SDC-1610
Page 79
HOL-SDC-1610
Power Off linux-Web-01a Let's power off our virtual machine now. 1. Right-Click on "linux-Web-01a" 2. Click on "Power" 3. Click on "Power Off" and select "Yes" in the pop-up box.
HOL-SDC-1610
Page 80
HOL-SDC-1610
Delete linux-Web-01a Let's delete linux-Web-01a now. 1. Right-Click on "linux-Web-01a" 2. Click on "Delete from Disk" and select "Yes" when prompted from the pop-up box.
HOL-SDC-1610
Page 81
HOL-SDC-1610
Video: Create VM, Install Guest OS and Install VMware Tools (4:09)
We have just completed creating our virtual machine, but at this point, there is no operating system installed. The Hands-on Lab Environment does not have sufficient resources to allow us to complete the process of installing the guest OS and VMware tools. The following video will show the remainder of the process.
HOL-SDC-1610
Page 82
HOL-SDC-1610
Edit the Settings of a Virtual Machine Once we have created a virtual machine, we can change the hardware that is associated with it, just like a physical machine. 1. Right-Click on "linux-Base-01a" 2. Click "Edit Settings" to add additional physical resources to the virtual machine.
HOL-SDC-1610
Page 83
HOL-SDC-1610
Add a New Device to the Virtual Machine We now see the hardware associated with the VM. From this screen we can add additional hardware to the VM. For this example, we will add a second network adapter. 1. Click the drop down list for "New Device" 2. Click the "Add" button to add the new network adapter.
Configure the New Hardware We have added the new network adapter, now we need to configure it. 1. Click the arrow next to the "New Network" Adapter to expand and view its settings. At this time, you will also select which network to connect the NIC to as well as what type of Adapter you would like to use. Notice that the MAC Address is blank at this point. A new MAC address will be generated once this NIC is added or we are to specify (with some rules) our own MAC address. 2. Deselect "Connect At Power On"
HOL-SDC-1610
Page 84
HOL-SDC-1610
3. Click "OK" to add the device to the VM. When you select "OK" a new task to create the network adapter is started.
HOL-SDC-1610
Page 85
HOL-SDC-1610
Clean-Up linux-Base-01a Let's power off our virtual machine now. 1. Right-Click on "linux-Base-01a" 2. Click on "Power" 3. Click on "Power Off" and select "Yes" in the pop-up box.
Prepare to Delete the New Hardware We will can also delete resources from our virtual machine. 1. Right-Click on "linux-Base-01a" 2. Click "Edit Settings"
HOL-SDC-1610
Page 86
HOL-SDC-1610
Delete the Network Adapter Now that we are done with this portion of the lab, let's remove the new network adapter since we're not going to use it. 1. Hover your cursor over "Network Adapter 2" 2. Click on the "X" that appears on the right side of the window. The device name will change and will show as "Device will be removed" 3. Click "OK"
HOL-SDC-1610
Page 87
HOL-SDC-1610
Virtual Infrastructure - Migrate a Virtual Machine VMware vMotion enables the live migration of running virtual machines from one physical server to another with no perceivable impact to the end . vMotion is a key technology for creating a dynamic, fully automated datacenter. With vMotion you can: • Perform scheduled maintenance without scheduled downtime by moving powered on virtual machines from one host to another • Proactively migrate virtual machines away from failing or underperforming servers. • Automatically optimize and allocate entire pools of resources for optimal hardware utilization and alignment with business priorities.
HOL-SDC-1610
Page 88
HOL-SDC-1610
Migrate Powered-On Virtual Machine with vMotion You can use the Migration wizard to migrate a powered-on virtual machine from one host to another using vMotion technology. To relocate the disks of a powered-on virtual machine, migrate the virtual machine using Storage vMotion. Before migrating a virtual machine with vMotion, ensure that your hosts and virtual machines meet the requirements for migration with vMotion. 1. 2. 3. 4.
In the vSphere Web Client, Click on the "Home" icon Click on the "VMs and Templates" icon Right-click on the virtual machine "linux-App-01a". Select "Migrate" from the pop-up menu.
HOL-SDC-1610
Page 89
HOL-SDC-1610
Select the Migration Type The Wizard will prompt you to select the type of migration you wish to perform: compute resource, storage, or both. For our lab, we will migrate to the other host in Cluster Site A. 1. Select "Change compute resource only" 2. Click "Next"
Select the Destination Currently, the virtual machine is running on host esx-01a.corp.local. Let's migrate it to the other host in the cluster. 1. Select host "esx-02a.corp.local" 2. Click "Next"
HOL-SDC-1610
Page 90
HOL-SDC-1610
Select Network Select the destination network from the dropdown box to provide network connectivity for the virtual machine. 1. Select "VM Network" from dropdown menu 2. Click "Next"
Select vMotion Priority Select the priority for the vMotion operation to protect the performance of virtual machines that are running in your environment. 1. Select "Schedule vMotion with high priority" 2. Click "Next"
HOL-SDC-1610
Page 91
HOL-SDC-1610
Complete the Migration Review the information in the wizard to make sure it is correct. 1. Click "Finish" The migration task is now complete. You can view the migration task in the Recent Tasks pane of the vSphere Web Client. The running virtual machine has been migrated to the other host in our cluster. You have now accomplished moving a running workload between physical hardware without interruption.
HOL-SDC-1610
Page 92
HOL-SDC-1610
Virtual Infrastructure - Working with Virtual Machine Snapshots Working with Virtual Machine Snapshots Snapshots preserve the state and data of a virtual machine at the time you take the snapshot. Snapshots are useful when you must revert repeatedly to the same virtual machine state, but you do not want to create multiple virtual machines. You can also take multiple snapshots of a virtual machine to create restoration positions in a linear process. With multiple snapshots, you can save many positions to accommodate many kinds of work processes. The Snapshot Manager in the vSphere Web Client provides several operations for creating and managing virtual machine snapshots and snapshot trees. These operations let you create snapshots, restore any snapshot in the snapshot hierarchy, delete snapshots, and more. A Virtual Machine snapshot preserves the following information: • Virtual machine settings - The virtual machine directory, which includes disks that were added or changed after you took the snapshot. • Power state - The virtual machine can be powered on, powered off, or suspended. • Disk state - State of all the virtual machine's virtual disks. • Memory state (optional) - The contents of the virtual machine's memory. In this lesson, you will create a Virtual Machine snapshot, make changes to the Virtual Machine's hardware and configuration state, and then revert back to the original state of the Virtual Machine by leveraging the vSphere Web Client Snapshot Manager.
HOL-SDC-1610
Page 93
HOL-SDC-1610
Navigate to the VMs and Templates Management Pane This step will take you to the VMs and Templates management pane. 1. Navigate to the Home Screen of the vSphere Web Client. 2. Select "VMs and Templates"
HOL-SDC-1610
Page 94
HOL-SDC-1610
Expand the Inventory Tree Expand the Inventory Tree under Datacenter Site A to view the VM inventory. From this view, we can see that there are several existing Virtual Machines in our vSphere environment. To start the VM Snapshot Wizard. 1. Select VM "linux-Base-01a" 2. Click on "Snapshots" 3. Select "Take Snapshot"
HOL-SDC-1610
Page 95
HOL-SDC-1610
Complete the VM Snapshot Wizard 1. In the VM Snapshot Wizard, provide a name for the Snapshot, enter "Snapshot 1" 2. Provide a meaningful description for the Snapshot - "Snapshot prior to settings change" 3. Click "OK" The snapshot creation will be visible in the "Recent Tasks" pane.
HOL-SDC-1610
Page 96
HOL-SDC-1610
View the VM Snapshots We can view the snapshot history of a virtual machine. 1. Select VM "linux-Base-01a" 2. Click on "Snapshots" 3. Select "Manage Snapshots.."
HOL-SDC-1610
Page 97
HOL-SDC-1610
View VM Snapshot Details Note the operational state of the VM relative to the snapshot timeline. We can see the current state of the virtual machine as well as the snapshots that are present. For our example, we will just look at our snapshot tree. 1. View details of the snapshot. 2. Click "Close"
HOL-SDC-1610
Page 98
HOL-SDC-1610
Edit the Virtual Machines Settings In this step, we will adjust the Memory Configuration for the Virtual Machine 1. Select VM "linux-Base-01a" 2. Click on "Edit Settings..."
HOL-SDC-1610
Page 99
HOL-SDC-1610
Change the Virtual Machines Settings 1. Select the drop down menu for the U Settings 2. Select "2" U 3. Select "OK"
HOL-SDC-1610
Page 100
HOL-SDC-1610
Revert Virtual Machine Settings using the Snapshot Manager In this step, you will revert the VM's U configuration back to the original state using the Snapshot Manager 1. Select VM "linux-Base-01a" 2. Click on "Snapshots" 3. Select "Manage Snapshots.."
HOL-SDC-1610
Page 101
HOL-SDC-1610
Select Snapshot to Revert To 1. 2. 3. 4.
In the Manage VM Snapshots Wizard, select "Snapshot 1" from the Snapshot tree Click "Revert to" and Click "Yes" to confirm action. Click "Yes" to Confirm Revert to Snapshot Click "Close"
HOL-SDC-1610
Page 102
HOL-SDC-1610
Monitor Task Progress Reverting to the Snapshot will take the VM back to the state it was in before we added the additional U 1. Expand the "VM Hardware" details tab 2. Note the U Configuration
HOL-SDC-1610
Page 103
HOL-SDC-1610
Delete the Snapshot 1. Select VM "linux-Base-01a" 2. Click on "Snapshots" 3. Select "Manage Snapshots.."
HOL-SDC-1610
Page 104
HOL-SDC-1610
Delete Snapshots 1. 2. 3. 4.
Select the top-level linux-Base-01a state. Click the "Delete All" button Select "Yes" to confirm the deletion at the pop-up message prompt Click the "Close" button.
It is a best practice to delete virtual machine snapshots when they are no longer needed. Over time the snapshot delta can grow to be quite large which could result in issues consolidating the virtual machine files.
HOL-SDC-1610
Page 105
HOL-SDC-1610
Video: Virtual Machine Snapshots for VMware vSphere (2:33)
For our lab, the snapshot was used to revert our virtual machine to a previous hardware state. A typical use case can be to take a snapshot of a virtual machine before the installation of a software package. If something goes wrong, you can revert to a previous state and retry the installation. The following video will provide additional insight into the value of virtual machine snapshots.
HOL-SDC-1610
Page 106
HOL-SDC-1610
Virtual Infrastructure - Cloning Virtual Machines and Using Templates VMware provides several ways to provision vSphere virtual machines. One method is to create a single virtual machine and install an operating system on it, and then use that virtual machine as a base image from which to clone other virtual machines. Cloning a virtual machine can save time if you are deploying many similar virtual machines. You can create, configure, and install software on a single virtual machine. You can clone it multiple times, rather than creating and configuring each virtual machine individually. Another provisioning method is to clone a virtual machine to a template. A template is a master copy of a virtual machine that you can use to create and provision virtual machines. Creating a template can be useful when you need to deploy multiple virtual machines from a single baseline, but want to customize each system independently of the next. A common value point for using templates is to save time. If you have a virtual machine that you will clone frequently, make that virtual machine a template and deploy your virtual machines from that template. In this lesson, you will clone an existing Virtual Machine to a Template, and deploy a new Virtual Machine from that Template.
Navigate to the VMs and Templates Management Pane From the Home Screen 1. Navigate to VMs and Templates
HOL-SDC-1610
Page 107
HOL-SDC-1610
Open the Inventory Tree 1. 2. 3. 4.
Click the drop down arrows to expand the inventory tree. Select the VM "linux-Base-01a" Select "Clone" Select "Clone to Template..."
HOL-SDC-1610
Page 108
HOL-SDC-1610
Select a Name and Folder 1. In the Clone Virtual Machine to Template wizard, provide a name for the Template - "TinyLinux Template" 2. Leave the location as "Datacenter Site A" for this lab. 3. Click "Next"
HOL-SDC-1610
Page 109
HOL-SDC-1610
Select Compute Resource 1. Expand "Cluster Site A" 2. Choose "esx-02a.corp.local" 3. Click "Next"
HOL-SDC-1610
Page 110
HOL-SDC-1610
Select Storage The datastore with the most free space is automatically chosen. 1. Keep the default"ds-site-a-nfs01" 2. Press the "Next" button.
HOL-SDC-1610
Page 111
HOL-SDC-1610
Review the VM Template Settings Review the VM Template Settings and click on "Finish"
HOL-SDC-1610
Page 112
HOL-SDC-1610
Monitor Task Progress Note the progress in the Recent Tasks pane 1. The new "TinyLinux Template" Template object will appear in the inventory pane.
HOL-SDC-1610
Page 113
HOL-SDC-1610
Deploy a Virtual Machine from a Template 1. Select the Template, "TinyLinux Template" 2. Select the "Getting Started" tab 3. Under Basic Tasks in the action pane, click "Deploy to a new virtual machine"
HOL-SDC-1610
Page 114
HOL-SDC-1610
Select a Name and Folder 1. Enter "TinyLinux-VM" for the name of the new virtual machine 2. Leave the default location "Datacenter Site A" 3. Click "Next"
HOL-SDC-1610
Page 115
HOL-SDC-1610
Select Compute Resource 1. Expand "Cluster Site A" 2. Select host "esx-02a.corp.local" 3. Click "Next"
HOL-SDC-1610
Page 116
HOL-SDC-1610
Select Storage 1. Leave the default datastore "ds-site-a-nfs01" 2. Click "Next"
HOL-SDC-1610
Page 117
HOL-SDC-1610
Select the Clone Options 1. Check the "Power on virtual machine after creation" box 2. Click "Next" In order to manage the time to complete this module, the "TinyLinux-01 Template" OS installed cannot be customized, and so it will not be possible to customize the guest settings.
HOL-SDC-1610
Page 118
HOL-SDC-1610
Ready to Complete Review the deployment options for your new VM and click "Finish"
HOL-SDC-1610
Page 119
HOL-SDC-1610
Monitor the Task Progress 1. Note the new VM "TinyLinux-VM" in the Inventory Pane
HOL-SDC-1610
Page 120
HOL-SDC-1610
Power Off TinyLinux-VM We need to remove the VM we just created to keep our lab running smoothly. 1. Click on "TinyLinux-VM" 2. Click on "Power" 3. Click on "Power Off"
HOL-SDC-1610
Page 121
HOL-SDC-1610
Delete TinyLInux-VM Let's delete this Virtual machine from our environment now. 1. Click on "TinyLinux-VM 2. Click on "Delete from Disk" and select "Yes" when prompted from the pop-up box.
HOL-SDC-1610
Page 122
HOL-SDC-1610
Video: Virtual Machine Cloning and Templates for VMware vSphere (4:03)
For additional features of cloning and templates for vSphere, please watch the following video.
HOL-SDC-1610
Page 123
HOL-SDC-1610
Virtual Infrastructure - Virtual Machine Monitoring and Remediation Introduction and Environment Overview In this lab we will review some of the features around managing vSphere environments using vRealize Operations Manager. We will generate a "problem" in our environment and quickly resolve that issue using the Remediation features that are built into vRealize Operations.
One Touch Task Remediation in vRealize Operations Manager For this lesson, we are simulating an issue with an application server that is causing high U utilization. Generally, in this situation, we are alerted to the problem by performance impacts. With vROPs, we are able to identify that there is a U utilization issue and remediate the problem quickly.
HOL-SDC-1610
Page 124
HOL-SDC-1610
Start U Load simulation on the Virtual Machines (VMs) Minimize Firefox. There is no need to close the Web Client, since we will be using it again. Next load PuTTY from the Desktop or from the Launch bar
HOL-SDC-1610
Page 125
HOL-SDC-1610
PuTTY to linux-App-01a VM 1. Select linux-App-01a. 2. Click Load. 3. Click Open.
HOL-SDC-1610
Page 126
HOL-SDC-1610
Start U Load simulation for linux-App-01a 1. At the as: prompt, type root and press enter. No will be required. 2. At the linux prompt, type /opt/ULoad.sh 1 and press enter. 3. The U load simulation is working if you see Starting U load. U load will begin to ramp up as soon as the script starts running. NOTE: Make sure you type the linux command exactly as shown as it is case sensitive.
HOL-SDC-1610
Page 127
HOL-SDC-1610
Confirm Virtual Machine U Usage Open the vSphere Web Client in the Firefox session that was minimized at the beginning of this lesson. 1. In the Search Box, type "App" 2. Select "linux-App-01a" from the search results
HOL-SDC-1610
Page 128
HOL-SDC-1610
Confirm VM U Usage 1. Highlight linux-App-01a. 2. Click the "Refresh" icon occasionally to update the screen more quickly. 3. Confirm the U USAGE is above 2 GHz. Please Note: Depending on how fast you went through the last few steps, the value may be zero or very low until the screen refreshes.
HOL-SDC-1610
Page 129
HOL-SDC-1610
to vRealize Operations Manager to vRealize Operations Manager (vROPs), open up a second tab in the Firefox Browser. 1. Click on the Bookmark "vROPs-01a" 2. Enter name "" 3. "VMware1!" (without quotes)
HOL-SDC-1610
Page 130
HOL-SDC-1610
Monitor Application on Cluster Site A in vRealize Operations Manager As our Application VM's are running on Cluster Site A, let's navigate to that object in vRealize Operations Manager Open vROPs in your Firefox browser using the "vROPs-01a" bookmark. 1. Locate the search bar at the top right corner of the vRealize Operations Manager UI and type "Site A" 2. Select "Cluster Site A"
HOL-SDC-1610
Page 131
HOL-SDC-1610
Check Alerts on Cluster Site A 1. You are brought to the Cluster Site A object and the Summary page is displayed, you can see there already some alerts for this cluster resource object. 2. Under the Health Tab review the alerts, you can see there are alerts for various problems. 3. Click on the arrows to minimize the Top Alerts windows since there are no alerts for Cluster Site A.
HOL-SDC-1610
Page 132
HOL-SDC-1610
Check U Alert In the Health Tab, you can see that we have alerts for "Top Health Alerts For Descendants" 1. If you do not see the Top Health Alerts for Descendants "Virtual machine has unexpected high U workload" click the "Refresh" icon occasionally to update the screen more quickly. 2. Click on the Alert "Virtual machine has unexpected high U workload".
Select U Alert for linux-App-01a We can see all the objects that correspond to the Alert issued. In this instance, since linux-App-01a is the only virtual machines that has triggered this alert we are brought directly to that virtual machine. 1. We can see the details for the triggered Alert, such as the resource that triggered the Alert, what Alert type it is and what impact it has on the object.
HOL-SDC-1610
Page 133
HOL-SDC-1610
2. Here we can see the metrics that would have triggered the alert, this can help us see the possible causes. In this case, you can see the Virtual Machine Workload is at 100%. 3. Here we can see Recommendations that can help us resolve the problem with the Virtual Machine. 4. Click on the icon next to "Other Recommendations" to view additional recommendations to resolve our issue.
HOL-SDC-1610
Page 134
HOL-SDC-1610
Add U to the Virtual Machine Let's follow the Recommended Action and add U resources to this Virtual Machine 1. Click on "Set U Count for VM" 2. The Set U Count for VM Wizard will open. You can see that the current U count is "1" in the New U Count box, set the U Count for the VM to have 2 U. 3. Click "Begin Action"
HOL-SDC-1610
Page 135
HOL-SDC-1610
Review the Task Once we begin the remediation, we get confirmation that the task has been created. Click on "Recent Tasks" to review the action.
HOL-SDC-1610
Page 136
HOL-SDC-1610
Review Recent Tasks Here we can see the details of the action taken (NOTE - it can take up to 2 min to complete) 1. Click on the task at the top of the list. 2. In the "Details of Task Selected" pane we can see the task to add more U to the Virtual Machine has completed. Click on "linux-App-01a" Note: If you get to this stage and the task shows as "Failed" this could be due to the load that is present in the Hands-On-Lab Environment. Since we are running this lab in an environment with a host with 2 U, if the Lights-Out Remediation task tries to add more than 2 vU to the VM this task will fail.
HOL-SDC-1610
Page 137
HOL-SDC-1610
Check U Load on linux-App-01a 1. Click on the "Analysis" tab 2. If the workload is still showing as a "Warning" or "Critical", click on the "Refresh" icon 3. Looking at the virtual machine, we can see that it now has 6 GHz of U Capacity and the workload has stabilized. Our virtual machine now has sufficient U resources to run at an acceptable workload.
HOL-SDC-1610
Page 138
HOL-SDC-1610
Clean-Up linux-App-01a Now that we are done with this portion of the lab, let's stop the U load on linuxApp-01a 1. Bring the Putty session for linux-App-01a back up and press "Enter" to stop the ULoad.sh script. 2. Close Putty session for linux-App-01a.
Lights-Out Automated Task Remediation in vRealize Operations Manager We just completed a lesson showing you how to manually resolve an issue and executing a guided remediation action within vROPs using One Touch Remediation. While this is a very simple task to complete, there may be instances where you want complete Lights-Out remediation. When it comes to operationalizing your environment, you may want to automate some of these types of operations. Let's walk through how vROPs can help you by automating these tasks.
Introduction and Environment Overview In this lab module, we will review a new feature in vRealize Operations, Automated Task Remediation. In our environment, we have a virtual machine that we will create a U load on. We will create an automated task that will recognize this U load, and this U load will trigger an automated remediation task that will resolve the issue by adding U resources to the virtual machine.
HOL-SDC-1610
Page 139
HOL-SDC-1610
Access Custom Group To perform automated tasks in vRealize Operations Manager we need to create a group that we can have our actions act upon. In this instance, we have a custom group created whose configuration is nearly complete. 1. 2. 3. 4.
In vRealize Operations Manager, navigate to the "Environments" page Click on "Custom Groups" Highlight "linux-App-02a" custom group Click on the "Edit" icon
Configure Custom Group The "Edit Group" Wizard will open 1. Select "linux-App-02a" from the Policy dropdown. 2. Enter "Virtual Machine" as the Object Type. 3. Select "Properties" from the first dropdown.
HOL-SDC-1610
Page 140
HOL-SDC-1610
4. 5. 6. 7.
Select "Configuration | Name" from the second dropdown. Select "is" as the condition for the third dropdown. Type "linux-App-02a" in the fourth dropdown. Click "OK"
Please Note: We have done some of the tasks for you in this lab. We have already created a policy that will trigger on the U workload alert. When we finish this group configuration, the group high U workload alert will cause the policy to start the automated remediation action.
HOL-SDC-1610
Page 141
HOL-SDC-1610
Open PuTTY Session to linux-App-02a VM Virtual machine linux-App-02a will be the application server that is having an issue. We need to to the virtual machine and generate the U load which will trigger the alert in vROPs. Click on PuTTY from the shortcut on the bottom of the screen. 1. Select linux-App-02a. 2. Click Load. 3. Click Open.
HOL-SDC-1610
Page 142
HOL-SDC-1610
Start U Load for linux-App-02a to linux-App-02a 1. At the as: prompt, type root and press enter. No will be required. 2. At the linux prompt, type /opt/ULoad.sh 1 and press enter. 3. The U load simulation is working if you see Starting U load. U load will begin to ramp up as soon as the script starts running. Please Note: Make sure you type the linux command exactly as shown as it is case sensitive.
HOL-SDC-1610
Page 143
HOL-SDC-1610
Navigate to Recent Tasks Pane With the U load started on linux-App-02a, we may have to wait for a few minutes for the load to reach the alerting threshold. Once this happens, the Automated Remediation process will recognize that the virtual machine is experiencing a high U workload and will add additional U resources to our virtual machine automatically. 1. Click on the "istration" icon 2. Click on "Recent Tasks"
Review the Task Review that the task has completed. You may have to refresh the screen to see if the task has completed. 1. Highlight the task 2. Click on the object name "linux-App-02a" This will take us to the linux-App-02a object.
HOL-SDC-1610
Page 144
HOL-SDC-1610
Please Note: If you receive a task status of "Failed" this is due to the fact that the fully automated remediation action is asking for more resources than are allocated in the HOL Lab environment. Since our ESXi hosts only have two physical U's, and the automated remediation action is asking for more than 2 U's, the action fails. This is an artifact of the lab environment, and not the functionality of the automated remediation action.
HOL-SDC-1610
Page 145
HOL-SDC-1610
Check U Load on Linux-App-02a 1. Click on the "Analysis" tab 2. If the workload is still showing as a "Warning" or "Critical", click on the "Refresh" icon 3. Looking at the virtual machine, we can see that it now has 6 GHz of U Capacity and the workload has stabilized. Our virtual machine now has sufficient U resources to run at an acceptable workload. With this automated remediation task created, we could apply it to other virtual machines as necessary.
HOL-SDC-1610
Page 146
HOL-SDC-1610
Clean-Up linux-App-02a Now that we are done with this portion of the lab, let's stop the U load on linuxApp-02a 1. Bring the Putty session for linux-App-02a back up and press "Enter" to stop the ULoad.sh script. 2. Close Putty session for linux-App-02a.
HOL-SDC-1610
Page 147
HOL-SDC-1610
Virtual Infrastructure - Working with the Virtual Standard Switch The following lesson will walk you through the process of creating and configuring the vSphere Standard Switch
Adding a Virtual Machine Port Group with the vSphere Web Client If you are not already logged in, launch the Firefox browser from the desktop and to the vSphere Web Client. Select "Site A Web Client" from the Bookmarks Toolbar. 1. Click the "Use Windows session authentication" check box. 2. Click "".
HOL-SDC-1610
Page 148
HOL-SDC-1610
Select Hosts and Clusters In the left-hand pane, click the "Hosts and Clusters" Object.
Add Networking We will now add the Virtual Standard Switch to host esx-02a.corp.local. 1. Under vcsa-01.corp.local, expand "Datacenter Site A" and then "Cluster Site A". 2. Right-click on host esx-02a.corp.local in the Navigator and select "Add Networking"
Connection Type Select a connection type to create.
HOL-SDC-1610
Page 149
HOL-SDC-1610
1. Select "Virtual Machine Port Group for a Standard Switch". 2. Click "Next".
Target Device You will now select the target device for the new connection. 1. Select "New Standard Switch". 2. Click "Next".
Create a Standard Switch You will now assign a physical network adapter to the Standard Switch you are creating. 1. Select "Unused Adapters".
HOL-SDC-1610
Page 150
HOL-SDC-1610
2. Click the Green "+" button.
Add Physical Adapter You will now add a physical adapter to the Standard Switch. 1. Select "vmnic3". 2. Click "OK".
Add Physical Adapter You can see that physical adapter vmnic3 has been added to the Standard Switch.
HOL-SDC-1610
Page 151
HOL-SDC-1610
Click "Next".
Connection Settings You can now label your Standard Switch with an easily identifiable name. For our example, change the name to VM Network 2. Do not change the VLAN ID: leave this set to None (0). Click "Next".
HOL-SDC-1610
Page 152
HOL-SDC-1610
Complete the Wizard The Standard Switch configuration is now complete. Review the port group settings and click "Finish".
Optional Video - How to Configure a vSphere Standard Switch (VSS) (time mm:ss)
HOL-SDC-1610
Page 153
HOL-SDC-1610
Edit a Standard Virtual Switch in the vSphere Web Client In this lesson, we'll modify the Standard Switch we created on host esx-02a. vSphere standard switch settings control switch-wide defaults and switch properties such as the uplink configuration. For this lesson, we will modify the Standard Switch on host esxi-02a.corp.local. 1. 2. 3. 4. 5. 6.
Browse to esx-02a.corp.local in the vSphere Web Client object Navigator. Click on the "Manage" Tab. Select "Networking". Select "Virtual switches". Select "vSwitch0" from the list. Click on the pencil icon to edit vSwitch0.
Change the MTU Setting for vSwitch0 If you are using jumbo frames in your environment and want to leverage this on a vSphere Standard Switch, you can change the MTU setting here. You can change the size of the maximum transmission unit (MTU) on a vSphere Standard Switch to increase the amount of payload data transmitted with a single packet, that is, enabling jumbo frames. Be sure to check with your Networking team prior to making any modifications here. To realize the benefit of this setting and prevent performance issues, compatible MTU settings are required across all virtual and physical switches and end devices such as hosts and storage arrays. You will also notice the Security, Traffic shaping, and Teaming and Failover options. This is where the default settings for the virtual switch are set. As you will see later, these defaults may be overridden at the port group level as required.
HOL-SDC-1610
Page 154
HOL-SDC-1610
Click "Cancel" to continue.
Change the Speed of an Uplink Adapter in the vSphere Web Client An uplink adapter can become a bottleneck for network traffic if the speed of the uplink adapter is not compatible with the network traffic speed. You can change the connection speed and duplex setting of an uplink adapter to match the speed configured on the attached physical switch port. 1. Click on "Physical adapters". 2. Select "vmnic2". 3. click on the pencil icon to edit vmnic2 properties.
Configured Speed and Duplex The available speed and duplex settings are listed here. You can change the configured speed and/or duplex to the appropriate settings.
HOL-SDC-1610
Page 155
HOL-SDC-1610
Click "Cancel" to continue.
Add Uplink Adapters in the vSphere Web Client You can associate multiple physical network adapters to a single vSphere standard switch to increase throughput and to provide redundancy should a link fail. This is known as "NIC Teaming". To add a physical uplink to vSwitch0. 1. 2. 3. 4.
Click on the "Networking" Tab. Select "Virtual switches". Select "vSwitch0". Click on the Manage physical adapters icon.
HOL-SDC-1610
Page 156
HOL-SDC-1610
Adapters Assigned to vSwitch0 You will see the Adapters that are assigned to vSwitch0. To add an additional adapter, click on the Green Plus sign.
Add Adapter to vSwitch0 The list of available vmnics will be listed in the Network Adapters box. 1. Click on "vmnic2". 2. in the Failover order group, select "Active Adapters". 3. Click "OK".
View Adapters The selected adapter appears as an Active Adapter under the Assigned Adapters List.
HOL-SDC-1610
Page 157
HOL-SDC-1610
Click "OK" to save the changes.
HOL-SDC-1610
Page 158
HOL-SDC-1610
Editing a Standard Switch Port Group Once the vSwitch has been configured and its defaults have been set, the port group can be configured. The port group is the construct that is connected to virtual machine NICs and generally represents a VLAN or physical network partition, such as Production, Development, Staging, or DMZ. To edit the portgroup on a Standard Switch. 1. Select "Virtual switches". 2. Select "vSwitch0". 3. Click on the pencil icon to edit the portgroup.
HOL-SDC-1610
Page 159
HOL-SDC-1610
Port Group Properties The Properties setting is where the name or VLAN ID (if applicable) of the port group can be modified. No changes are needed here and you may proceed to the next step.
Port Group Security Click Security in the left pane. By ticking the Override box, you can override the default setting of the virtual switch for just this port group. In this section, you can configure the following: Promiscuous Mode • Reject— Placing a guest adapter in promiscuous mode has no effect on which frames are received by the adapter. • Accept— Placing a guest adapter in promiscuous mode causes it to detect all frames ed on the vSphere standard switch that are allowed under the VLAN policy for the port group that the adapter is connected to. MAC Address Changes • Reject— If you set the MAC Address Changes to Reject and the guest operating system changes the MAC address of the adapter to anything other than what is in the .vmx configuration file, all inbound frames are dropped. If the Guest OS changes the MAC address back to match the MAC address in the .vmx configuration file, inbound frames are ed again. • Accept— Changing the MAC address from the Guest OS has the intended effect: frames sent to the altered MAC address are received by the virtual machine.
HOL-SDC-1610
Page 160
HOL-SDC-1610
Forged Transmits • Reject— Any outbound frame with a source MAC address that is different from the one currently set on the adapter are dropped. • Accept— No filtering is performed and all outbound frames are ed. No changes are needed here and you mayproceed to the next step.
Traffic Shaping Click Traffic shaping in the left pane. by ticking the override box, you can override the default policy set at the switch level to apply to just this port group. A traffic shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can establish a traffic shaping policy for each port group. ESXi shapes outbound network traffic on standard switches. Traffic shaping restricts the network bandwidth available on a port, but can also be configured to allow bursts of traffic to flow through at higher speeds. Average Bandwidth • Establishes the number of bits per second to allow across a port, averaged over time. This number is the allowed average load. Peak Bandwidth • Maximum number of bits per second to allow across a port when it is sending or receiving a burst of traffic. This number limits the bandwidth that a port uses when it is using its burst bonus. Burst Size • Maximum number of bytes to allow in a burst. If this parameter is set, a port might gain a burst bonus if it does not use all its allocated bandwidth. When the
HOL-SDC-1610
Page 161
HOL-SDC-1610
port needs more bandwidth than specified by the average bandwidth, it might be allowed to temporarily transmit data at a higher speed if a burst bonus is available. This parameter limits the number of bytes that have accumulated in the burst bonus and transfers traffic at a higher speed. No changes are needed here and you may proceed to the next step.
Teaming and Failover Click Teaming and failover in the left pane. Again we have the option to override the default virtual switch settings. Load Balancing Policy - The Load Balancing policy determines how network traffic is distributed between the network adapters in a NIC team. vSphere virtual switches load balance only the outgoing traffic. Incoming traffic is controlled by the load balancing policy on the physical switch. • Route based on the originating virtual port - Select an uplink based on the virtual port IDs on the switch. After the virtual switch selects an uplink for a virtualmachine or a VMkernel adapter, it always forwards traffic through the same uplink for this virtual machine or VMkernel adapter. • Route based on IP hash - Select an uplink based on a hash of the source and destination IP addresses of each packet. For non-IP packets, the switch uses the data in those fields to compute the hash. IP-based teaming requires that the physical switch is configured with EtherChannel. • Route based on source MAC hash - Select an uplink based on a hash of the source Ethernet. • Route based on physical NIC load - Available for distributed port groups or distributed ports. Select an uplink based on the current load of the physical network adapters connected to the port group or port. If an uplink remains busy at 75 percent or higher for 30 seconds, the host proxy switch moves a part of the virtual machine traffic to a physical adapter that has free capacity.
HOL-SDC-1610
Page 162
HOL-SDC-1610
• Use explicit failover order - From the list of active adapters, always use the highest order uplink that es failover detection criteria. No actual load balancing is performed with this option Network Failure Detection - The method the virtual switch will use for failover detection. • Link Status only - Relies only on the link status that the network adapter provides. This option detects failures such as removed cables and physical switch power failures. • Beacon Probing - Sends out and listens for beacon probes on all NICs in the team, and uses this information, in addition to link status, to determine link failure. ESXi sends beacon packets every second. The NICs must be in an active/active or active/standby configuration because the NICs in an unused state do not participate in beacon probing. Notify Switches - specifies whether the virtual switch notifies the physical switch in case of a failover. Failover - specifies whether a physical adapter is returned to active status after recovering from a failure. • If failback is set to Yes, the default selection, the adapter is returned to active duty immediately upon recovery, displacing the standby adapter that took over its slot, if any. • If failback is set to No for a standard port, a failed adapter is left inactive after recovery until another currently active adapter fails and must be replaced. You can also override the default virtual switch setting for the Failover order of the physical adapters. No changes are needed here and you may proceed to the next step.
HOL-SDC-1610
Page 163
HOL-SDC-1610
Cancel Changes to Port Group Since we don't want to make any changes to the port group, click the Cancel button. The vSphere Standard Switch is a simple virtual switch configured and managed at the host level. This switch provides access, traffic aggregation and fault tolerance by allowing multiple physical adapters to be bound to each virtual switch. The VMware vSphere Distributed Switch builds on the capabilities of the vSS and simplifies management in large deployments by appearing as a single switch spanning multiple associated hosts. This allows changes to be made once and propagated to every host that is a member of the switch.
HOL-SDC-1610
Page 164
HOL-SDC-1610
Abstraction of Storage for More Efficient Management and Better Control vSphere Storage Overview The following lesson provides an overview of the different types of storage available in vSphere. The vSphere Hypervisor, ESXi, provides host-level storage virtualization, which logically abstracts the physical storage layer from virtual machines. A vSphere virtual machine uses a virtual disk to store its operating system, program files, and other data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied, moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple virtual disks. To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers include BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS, and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can see and access. Each virtual disk resides on a vSphere Virtual Machine File System (VMFS) datastore or an NFS-based datastore that are deployed on physical storage. From the standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI controller. Whether the actual physical storage device is being accessed through parallel SCSI, iSCSI, network, Fibre Channel, or FCoE adapters on the host is transparent to the guest operating system and to applications running on the virtual machine. The vSphere storage management process starts with storage space that your storage allocates on different storage systems prior to vSphere ESXi assignment. vSphere s two types of storage - Local and Networked. Each type is detailed in the following lesson steps.
HOL-SDC-1610
Page 165
HOL-SDC-1610
Local Storage The illustration below depicts virtual machines using Local VMFS storage directly attached to a single ESXi host. Local storage can be internal hard disks located inside your ESXi host, or it can be external storage systems located outside and connected to the host directly through protocols such as SAS or SATA.
HOL-SDC-1610
Page 166
HOL-SDC-1610
Networked Storage The illustration below depicts virtual machines using networked VMFS storage presented to multiple ESXi hosts. Networked storage consists of external storage systems that your ESXi host uses to store virtual machine files remotely. Typically, the host accesses these systems over a high-speed storage network. Networked storage devices are typically shared. Datastores on networked storage devices can be accessed by multiple hosts concurrently, and as a result, enable additional vSphere technologies such as High Availability host clustering, Distributed Resource Scheduling, vMotion and Virtual Machines configured with Fault Tolerance. ESXi s several networked storage technologies - Fiber Channel, iSCSI, NFS, and Shared SAS.
Virtual Machine Disks The illustration below depicts virtual machines using different types of virtual disk formats against a shared VMFS Datastore. When you perform certain virtual machine management operations, such as creating a virtual disk, cloning a virtual machine to a template, or migrating a virtual machine, you can specify a provisioning policy for the virtual disk file format. There are three types of virtual disk formats: Thin Provision Use this format to save storage space. For the thin disk, you provision as much datastore space as the disk would require based on the value that you enter for the disk size. However, the thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.
HOL-SDC-1610
Page 167
HOL-SDC-1610
Thick Provision Lazy Zeroed Creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when the virtual disk is created. Data remaining on the physical device is not erased during creation, but is zeroed out on demand at a later time on first write from the virtual machine. Using the thick-provision, lazy-zeroed format does not zero out or eliminate the possibility of recovering deleted files or restoring old data that might be present on this allocated space. You cannot convert a thick-provisioned, lazy-zeroed disk to a thin disk. Thick Provision Eager Zeroed A type of thick virtual disk that s clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the thick provision, lazy-zeroed format, the data remaining on the physical device is zeroed out when the virtual disk is created. In general, it takes much longer to create disks in this format than to create other types of disks.
Creating and Configuring vSphere Datastores This lab will walk you through creating and configuring an NFS datastore for use by your vSphere hosts.
HOL-SDC-1610
Page 168
HOL-SDC-1610
to the vSphere Web Client If you are not already logged into the vSphere Web Client, launch the Mozilla Firefox Web Browser and navigate to the "Site A Web Client" bookmark 1. Click the "Use Windows session authentication" check box 2. Click ""
HOL-SDC-1610
Page 169
HOL-SDC-1610
From the Home Screen 1. Select "Storage" from the inventories pane
Storage Details You will now see the datastores that are provisioned in your environment. 1. Select the "ds-site-a-nfs01" datastore 2. Click on the "Summary" tab for additional information about the datastore
Create a vSphere NFS Datastore We will now create a new vSphere NFS Datastore using a pre-provisioned NFS mount.
HOL-SDC-1610
Page 170
HOL-SDC-1610
To provision the new datastore, we just need to complete the wizard. 1. 2. 3. 4.
Select "Datacenter Site A" Click on the "Actions" dropdown Select "Storage" Select "New Datastore"
HOL-SDC-1610
Page 171
HOL-SDC-1610
New Datastore - Type The wizard will display the location of the new datastore. Select "Next" to advance the wizard to the "Type" step. 1. Select "NFS" as the type 2. Click on "Next" Please Note: You can use only one NFS version to access a given datastore. Mounting one or more hosts to the same datastore using different NFS versions can include data corruption.
HOL-SDC-1610
Page 172
HOL-SDC-1610
New Datastore - NFS Version 1. that "NFS 3" is selected 2. Click on "Next"
HOL-SDC-1610
Page 173
HOL-SDC-1610
New Datastore - Name and Configuration 1. 2. 3. 4.
In the Datastore name field enter "ds-site-a-nfs02" In the Folder field enter "/mnt/NFSA2" In the Server field enter "10.10.20.60" Click "Next"
HOL-SDC-1610
Page 174
HOL-SDC-1610
New Datastore - Host Accessibility 1. Select the checkbox to include all hosts 2. Click on "Next"
New Datastore - Ready to Complete The datastore is nearly ready to use. Review the settings on this page to make sure they are accurate. When you are satisfied, click on "Finish"
HOL-SDC-1610
Page 175
HOL-SDC-1610
Monitor Datastore Creation Progress You can now view the task that is creating the datastore. 1. 2. 3. 4.
The Recent Tasks pane will show the datastore creation Click on the "Refresh" icon to update the display Select "ds-site-a-nfs02" Select "Summary" to view the details of the datastore you just created
Storage vMotion Planned downtime typically s for over 80% of datacenter downtime. Hardware maintenance, server migration, and firmware updates all require downtime for physical servers. To minimize the impact of this downtime, organizations are forced to delay maintenance until inconvenient and difficult-to-schedule downtime windows. The vMotion. and Storage vMotion functionality in vSphere makes it possible for organizations to reduce planned downtime because workloads in a VMware environment can be dynamically moved to different physical servers or to different underlying storage without service interruption. s can perform faster and completely
HOL-SDC-1610
Page 176
HOL-SDC-1610
transparent maintenance operations, without being forced to schedule inconvenient maintenance windows. With vSphere vMotion and Storage vMotion, organizations can: • Eliminate downtime for common maintenance operations. • Eliminate planned maintenance windows. • Perform maintenance at any time without disrupting s and services. In this lab, you will learn how to work with vMotion and move virtual machines to different hosts within the cluster.
Storage View If you are not already logged into the vSphere Web Client: Click the "Mozilla Firefox" icon from the Control Center desktop Click the "Use Windows session authentication" check box Click "" 1. Go the home screen of the vSphere Web Client by clicking the "Home" icon. 2. Click the "Storage" icon.
List Virtual Machines on a Specified Datastore 1. Navigate to and click on the ds-site-a-nfs01 datastore object in the Datacenter Site A datacenter managed by the vcsa-01a.corp.local vCenter. 2. Click "Related Objects"
HOL-SDC-1610
Page 177
HOL-SDC-1610
3. Click the "Virtual Machines" tab. You should now have a list of all virtual machines on the selected datastore. Please Note: Depending on which lessons you have completed, the available datastores and virtual machines may be different than the images shown above.
Drag and Drop Storage vMotion The VM linux-App-01a is located on ds-site-a-nfs01 and needs to be moved to ds-site-anfs02. 1. Click the linux-App-01a VM and continue to hold the left mouse button while dragging the VM to the ds-site-a-nfs02 datastore object. A green + will appear near the mouse cursor (see picture) when it is pointing at objects which are suitable targets for the object being moved. Let go of the mouse button to drop the linux-App-01a VM onto the ds-site-a-nfs02 object. The Migrate wizard will launch to complete the process.
HOL-SDC-1610
Page 178
HOL-SDC-1610
Migrate Datastore 1. Select the radio button to "Change storage only". 2. Click "Next" Note that in vSphere 6.0 we do have the ability to change compute, network, and storage in the same vMotion operation.
HOL-SDC-1610
Page 179
HOL-SDC-1610
Select Storage 1. Note that the ds-site-a-nfs02 datastore is already selected because that's where we dropped the VM prior to starting the wizard. 2. Click "Next" to accept the settings for the storage move. Click "Finish" on the next screen to start the move. This operation will take a few minutes. Feel free to monitor the operation within the Recent Tasks pane or move on to the next step.
HOL-SDC-1610
Page 180
HOL-SDC-1610
Confirm Storage vMotion The Storage vMotion progress can be monitored in the Recent Tasks 1. Once complete, click on the "ds-site-a-nfs02" datastore and notice that the Linux-micro-01a virtual machine is listed under its Related Objects. The virtual machine's storage has been migrated from ds-site-a-nfs01 to ds-site-a-nfs02 storage without the need to take the virtual machine offline.
Datastore Cluster A vSphere Datastore Cluster balances I/O and storage capacity across a group of vSphere datastores. Depending on the level of automation desired, Storage Dynamic Resource Scheduler will place and migrate virtual machines in order to balance out datastore utilization across the Datastore Cluster.
HOL-SDC-1610
Page 181
HOL-SDC-1610
New Datastore Cluster 1. Navigate to "Datacenter Site A" 2. Select "Storage" 3. Select "New Datastore Cluster"
New Datastore Cluster - Name and Location 1. Enter "DatastoreCluster-01" for the name 2. Click "Next"
HOL-SDC-1610
Page 182
HOL-SDC-1610
New Datastore Cluster - Storage DRS Automation We disable Storage DRS due to the I/O characteristics of the VMware Hands-On Lab Environment. 1. Leave default settings and click "Next"
HOL-SDC-1610
Page 183
HOL-SDC-1610
New Datastore Cluster - Storage DRS Runtime Settings Storage DRS provides multiple options for tuning the sensitivity of storage cluster balancing. 1. Leave the defaults and select "Next".
HOL-SDC-1610
Page 184
HOL-SDC-1610
New Datastore Cluster - Select Clusters and Hosts 1. Select "Cluster Site A 2. Click on "Next"
HOL-SDC-1610
Page 185
HOL-SDC-1610
New Datastore Cluster - Select Datastores Select the datastores to be included in the cluster. 1. Select "ds-site-a-nfs01"and "ds-site-a-nfs02" 2. Click "Next" Please Note: If you did not create datastore "ds-site-a-nfs02" in this module, you will only see datastore "ds-site-a-nfs01" on your screen.
New Datastore Cluster - Ready to Complete Review the storage DRS settings and click "Finish"
HOL-SDC-1610
Page 186
HOL-SDC-1610
vSphere Replication Overview VMware vSphere Replication, the VMware proprietary replication engine, provides data protection and disaster recovery for the vSphere platform by replicating virtual machines within the same site and across sites. It is tightly integrated with vSphere and is managed using vSphere Web Client. It is included with vSphere Essentials Plus Kit and higher editions of vSphere. Multiple points in time recovery can be enabled to provide as many as 24 recovery points for a replicated virtual machine. vSphere Replication is used as a standalone solution and as a replication engine for VMware vCenter Site Recovery Manager and VMware vCloud Air Disaster Recovery. The recovery point objective (RPO) can be set on a per–virtual machine basis and can range from 15 minutes to 24 hours. After initial synchronization between the source and the target locations, only changes to the virtual machines are replicated, enabling vSphere Replication to minimize network bandwidth consumption. New to vSphere Replication in vSphere 6.0 to further improve efficiency is the option to compress replicated data as it is sent across the network. It is now possible to easily isolate network traffic associated with vSphere Replication. This enables vSphere s to control bandwidth by configuring more than one network interface card in a vSphere Replication virtual appliance and by using vSphere Network I/O Control to separate network traffic. The result is improved performance and security. Enhancements have been made to the way vSphere Replication performs a full synchronization. Previous versions of vSphere Replication requested and compared remote checksums with local checksums to determine the regions of a virtual disk that had to be replicated. With some storage platforms and vSphere 6.0, vSphere Replication can query vSphere for storage allocation information, to reduce the amount of time and network bandwidth required to perform a full synchronization. vSphere Replication is fully compatible with VMware vSphere Storage vMotion. at both the source and target locations. Prior to vSphere 6.0, moving a replica at the target location required vSphere Replication to perform a full synchronization. With vSphere 6.0, migrating a replica with vSphere Storage vMotion no longer requires this. That makes it much easier to balance storage utilization with vSphere Storage vMotion and VMware vSphere Storage DRS™ while avoiding RPO violations. Improvements have also been made to VMware Tools for Linux virtual machines. With some Linux OSs, VMware Tools features the ability to quiesce the guest OS during replication and backup operations. vSphere Replication can utilize this new functionality to enable file system–consistent recovery of Linux virtual machines.
Virtual Volumes Overview Virtual Volumes (VVOL) is a new integration and management framework that virtualizes SAN/NAS arrays, enabling a more efficient operational model that is optimized for virtualized environments and is centered on the application instead of the storage infrastructure. Currently, storage management is generally LUN-centric, or volume-
HOL-SDC-1610
Page 187
HOL-SDC-1610
centric. With VVOL's, we can manage our storage based on the requirements of the application. Virtual Volumes simplifies operations through policy-driven automation that enables more agile storage consumption for VMs and dynamic adjustments in real time. It simplifies the delivery of storage service levels to individual applications by providing finer control of hardware resources and native array-based data services that can be instantiated with per VM granularity.
Simplifies Storage Operations Virtual Volumes simplifies storage operations by automating manual tasks and eliminating operational dependencies between the VI and the Storage that have traditionally added complexity. Provisioning is faster and change management is simpler as the new operational model is built upon policy-driven automation. Simplifies the Delivery of Storage Service Levels Virtual Volumes simplifies the delivery of storage service levels to applications by providing s with finer control of storage resources and data services at the VM level that can be dynamically instantiated and controlled in real-time. Improves Resource Utilization Virtual Volumes improves resource utilization by enabling more flexible consumption of storage resources, when needed and with greater granularity. The precise consumption of storage resources eliminates overprovisioning.
HOL-SDC-1610
Page 188
HOL-SDC-1610
HOL-SDC-1610
Page 189
HOL-SDC-1610
Abstraction of Storage - Managing Your Storage vRealize Operations Manager has various tools that will assist you in managing your storage. Alerts that will identify when there are problems in the environment, dashboards that will allow you to monitor your environment proactively, and out of the box reports that can be fully customized.
HOL-SDC-1610
Page 190
HOL-SDC-1610
to vRealize Operations Manager If you are not already logged in to vRealize Operations Manager (vROPs), open up a second tab in the Firefox Browser. 1. Click on the Bookmark "vROPs-01a" 2. Enter name "" 3. "VMware1!" (without quotes)
HOL-SDC-1610
Page 191
HOL-SDC-1610
Navigate to Home Make sure you are on the Home screen. If not, click the Home icon.
HOL-SDC-1610
Page 192
HOL-SDC-1610
VM Running Out of Disk Space Looking at the Top Health Alerts for Descendants, we see that we have a VM running low on disk space. 1. Navigate to the "Recommendations" dashboard 2. Scroll down if necessary to view the Alerts. 3. Click on the "One or more virtual machine guest file systems are running out of disk space" Alert.
View the Recommendation You will be taken to the summary page of the affected virtual machine. 1. We can see the details for the triggered alert. 2. We can see the metrics that triggered the alert.
HOL-SDC-1610
Page 193
HOL-SDC-1610
3. Here we see the recommendations that can help us resolve the problem with the Virtual Machine. In this case, we are prompted to add a new virtual hard disk, or expand the existing disk of the virtual machine. Please Note: To expand or add an additional virtual hard disk, we would follow the same steps employed in the lab section "Virtual Infrastructure - Create and Edit a Virtual Machine"
HOL-SDC-1610
Page 194
HOL-SDC-1610
vSphere Datastore Dashboard vRealize Operations has several dashboards that we can use to help manage our storage. 1. Click on the "Dashboard List" dropdown 2. Make sure "vSphere Dashboards" is selected 3. Click on "vSphere Datastores"
HOL-SDC-1610
Page 195
HOL-SDC-1610
Explore vSphere Datastore Dashboard When we open the vSphere Datastore Dashboard, we will see several different views of the Datastore data. This Dashboard has two different heatmaps 1. Datastore Heatmap where size indicates total disk space and color indicates workload 2. Datastore Heatmap where size indicates IOPS and color indicates latency 3. Historical Views - If you click on the datastore objects in the heatmap, a historical view graph will be generated below. 4. Top 25 Graphs - Top 25 Datastores by IOPs utilization 5. Top 25 Graph - Top 25 Datastores by Average Latency
vRealize Operations Management Pack for Storage Devices For additional visibility into your storage environment, the vRealize Operations Management Pack for Storage Devices (MPSD) can be installed on any Advanced, or Enterprise edition vRealize Operations Manager. The Management Pack can connect to any storage device that has a VASA provider, and SAN/NAS Switches from Brocade or
HOL-SDC-1610
Page 196
HOL-SDC-1610
Cisco using SMI-S. Performance Data is collected from Host HBA’s, NIC, VMs, and SAN/ NAS switches. MPSD 6.0.1 provides visibility into your storage environment. Using Common Protocols you can collect performance and health data from the storage devices. Pre-defined dashboards allow you to follow the path from a VM to the storage volume and identify any problem that may exist along that path. • End to End view of the data path through the SAN and NAS; from VM to Storage Volume • for both NFS/iSCSI and FC/FCoE protocols • Access to Storage devices leveraging standardized protocols; CIM, SMI-S, & VASA • Ready to use dashboards for Health and Performance • Analytics for common APD and PDL storage conditions
HOL-SDC-1610
Page 197
HOL-SDC-1610
vSphere VMs Disk (and Network) Dashboard Using the Dashboard Dropdown menu, navigate to the "vSphere VMs Disk (and Network) Dashboard. 1. VM Heatmap where size indicates IOPs and color indicates latency. 2. VM Heatmap where size indicates Network usage and color indicates percentage of Packets dropped. 3. VM Heatmap where size indicates VM provisioned and color indicates Snapshot usage. 4. Top 25 Graph - VMs by Disk IOPs 5. Top 25 Graph - Percentage of Packets dropped 6. Top 25 Graph - VMs by Network Usage Rate
HOL-SDC-1610
Page 198
HOL-SDC-1610
Getting Started with Update Manager VMware vSphere Update Manager is a tool that simplifies and centralizes automated patch and version management for VMware vSphere and offers for VMware ESXi hosts, virtual machines, and virtual appliances. With Update Manager, you can perform the following tasks: 1. Upgrade and Patch ESXi hosts. 2. Install and update third-party software on hosts. 3. Upgrade virtual machine hardware, VMware Tools, and Virtual Appliances. Update Manager requires network connectivity with VMware vCenter Server. Each installation of Update Manager must be associated (ed) with a single vCenter Server instance. If you have multiple vCenter Server systems, and you wish to use Update Manager with each system, you must install and an Update Manager instance with each vCenter Server system. You can deploy Update Manager in a secured network without Internet access. In such a case, you can use the VMware vSphere Update Manager Service (UMDS) to updates. The Update Manager module consists of a server component, which can be installed on the same computer as the vCenter Server system (for Windows based vCenter) or on a different computer, and client components which run in the two different vSphere clients. Update Manager client components: 1. Update Manager Client plug-in for the vSphere Client - Perform patch and version management of the vSphere inventory. 2. Update Manager Web Client for the vSphere Web Client - View scan results and compliance states for vSphere Inventory. This lesson will show you the basics of using VMware Update Manager after it is installed.
to the vSphere Web Client Using the Firefox web browser, navigate to the URL for the Web client. For this lab, you can use the shortcut in the address bar. 1. Click on bookmark for "Site A Web Client" 2. Click on "Use Windows session authentication" 3. Click ""
HOL-SDC-1610
Page 199
HOL-SDC-1610
Alternatively, you could use these credentials 1. Enter name "" 2. "VMware1!" (without quotes) Please Note: All of the credentials used in this lab are listed in the REE.TXT file on the desktop.
HOL-SDC-1610
Page 200
HOL-SDC-1610
Navigate to Update Manager Now we need to navigate to the Update Manager icon. 1. Scroll down in the Main content area until you the Update Manager icon. 2. Click on the Update Manager icon.
Navigate to Update Manager Server 1. Select updatemgr.corp.local in the Navigator pane.
HOL-SDC-1610
Page 201
HOL-SDC-1610
Baselines and Baseline Groups Baselines can be upgrade, extension, or patch baselines. Baselines contain a collection of one or more patches, extensions, or upgrades. Baseline groups are assembled from existing baselines, and might contain one upgrade baseline per type of upgrade baseline, and one or more patch and extension baselines. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance. By default, Update Manager contains two predefined dynamic patch baselines and three predefined upgrade baselines. • Critical Host Patches - Checks ESXi hosts for compliance with all critical patches • Non-Critical Host Patches - Checks ESXi hosts for compliance with all optional patches • VMware Tools Match Host - Checks virtual machines for compliance with the latest VMware Tools version on the host. • VM Hardware Match Host - Checks the virtual hardware of a virtual machine for compliance with the latest version ed by the host. • VA Latest - Checks virtual appliance compliance with the latest released virtual appliance version.
Create a Patch Baseline We will now create a patch baseline to apply to our ESXi hosts. 1. Make sure the "Manage" tab is selected.
HOL-SDC-1610
Page 202
HOL-SDC-1610
2. Under "Host Baselines", click on the Green Plus sign to create a new Baseline.
HOL-SDC-1610
Page 203
HOL-SDC-1610
New Baseline 1. Type the name "HOL Host Baseline", and a description of the baseline. 2. Under Baseline type, select "Host Patch" 3. Click "Next"
HOL-SDC-1610
Page 204
HOL-SDC-1610
Baseline Type Select baseline type, fixed or dynamic. • Fixed Baseline - A specific set of patches that do not change as patch availability changes. • Dynamic Baseline - A set of patches that meet certain criteria. The contents of a dynamic baseline varies as the available patches change. You can also exclude or add specific patches. Patches you select to add or exclude do not change with new patch s. 1. For our example, we will select a Fixed Baseline 2. Click "Next"
Select Patches Add patches to the Baseline 1. In the Filter box, type in "5.5 2. Select the patch "Updates esx-base" 3. Click "Next"
HOL-SDC-1610
Page 205
HOL-SDC-1610
If we were creating a Dynamic Patch Baseline, we would specify criteria to define the patches to include.
HOL-SDC-1610
Page 206
HOL-SDC-1610
Complete Patch Baseline Review the settings of the patch baseline you created before finishing the wizard 1. Click "Finish" to complete the Patch Baseline
HOL-SDC-1610
Page 207
HOL-SDC-1610
Attach Patch Baseline to Host To attach the Baseline to a Host 1. 2. 3. 4.
Make sure that host esx-01a.corp.local is selected. Select "Attach Baseline" A new window will open, click on "HOL Baseline" Click on "OK"
HOL-SDC-1610
Page 208
HOL-SDC-1610
Select the object to scan in the vSphere Web Client Before remediation, a scan should be initiated on an object against the attached baselines and baseline groups. For the purposes of this lab, we have chosen to scan a single host. We could also scan a datacenter or a cluster as well. 1. Select "Home/Hosts and Clusters" 2. From the inventory object navigator, expand the tree and select the host esx-01a.corp.local
HOL-SDC-1610
Page 209
HOL-SDC-1610
Scan the Host in the vSphere Web Client To initiate the scan on our Host 1. Select "Update Manager" 2. Select "Scan for Updates" 3. A popup box will appear, choose to scan for Patches and Extensions, or Upgrades (or both). 4. Click "OK" 5. The scan will begin, which you can follow in the Recent Tasks pane.
Remediate Host The host has now been scanned against the patch baseline we had previously attached. We can now remediate the host. With the host esx-01a.corp.local highlighted 1. Click on "Remediate", note that the "HOL Host Baseline" baseline group is attached. A wizard will open up, and you will notice the "HOL Baseline" patch baseline available. To complete patching, you would follow the wizard to complete this process and apply the patch.
HOL-SDC-1610
Page 210
HOL-SDC-1610
Please note that for the purposes of this lab, we do not want to patch our ESXi hosts (which is why selected a patch earlier that does not apply to our host!).
Video: Upgrading VMware Tools Using vSphere Update Manager (5:14)
vSphere Update Manager can also be used to update the VMware tools on a virtual machine. The following video outlines the process.
HOL-SDC-1610
Page 211
HOL-SDC-1610
Build and Manage your Virtual Infrastructure - Scale Out vSphere with Operations Manager is suitable for small environment and scales up to meet the demands of large enterprises. With a scale up and scale out architecture vSOM can grow with your environment. The flexible architecture allows for geographical deployments.
vCenter Server • vCenter Server - architected to provide larger than ever scale for the biggest virtual environments ◦ Hosts per vCenter Server System: 1,000 ◦ Powered-on Virtual Machines per vCenter Server System: 10,000 ◦ Hosts per Cluster: 64 ◦ Virtual Machines per Cluster: 8,000
vRealize Operations - Architecture Overview - Video
HOL-SDC-1610
Page 212
HOL-SDC-1610
vRealize Operations Manager • vR Ops - vR Ops provides a scalable cluster/node architecture that can scale to the largest environments. ◦ Max 64,000 Objects - 5 times better than 5.8.x!!! (12,000 objects in 5.8.x) ◦ Max 8 node cluster (1 master and 7 data) ◦ HA requires DOUBLE the nodes needed (Still a max of 8!) ◦ Max Certified 30 Remote Collectors per cluster ◦ Max 30 Adapter Instances per cluster ◦ 4 concurrent s per node (or better!)
vRealize Operations - Scalability
vRealize Operations Manager Installation vRealize Operations Manager is made up of a virtual appliance that is deployed. Additional nodes can be deployed to provide high availability and to scale out the environment. Due to time restraints in the lab we have produced a video showing how to build out the vRealize Operations Manager cluster. This video will walk you through the basics of deploying vRealize Operations Manager.
HOL-SDC-1610
Page 213
HOL-SDC-1610
Additional Information We hope you have enjoyed taking this module and have a better understanding of the basics of using vSphere with Operations Management. Be sure to take the survey at the end. For more information on vRealize Operations Management, here is a list of additional online resources you can use: • vRealize Operations Manager Video Repository https://www.vmware.com// vrealize-operations-Manager-6-video.html • VMware Feature Walkthrough vSphere with Operations Management Page http://featurewalkthrough.vmware.com/#!/vsphere-with-operationsmanagement-6 If you have time remaining, here is a list of all the Modules that are part of this lab, along with an estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to that Module in the manual. The complete listing of all eight modules are: •Module 1 - Introduction to vSOM (60 Minutes) •Module 2 - Build and Manage your Virtual Infrastructure (90 Minutes) •Module 3 - Manage, Optimize, and Plan Infrastructure Capacity (60 Minutes) •Module 4 - Optimize Workload Performance While Maintaining Business Priorities (60 Minutes) •Module 5 - Ensure Business Continuity and Availability (60 Minutes) •Module 6 - Simplified Security and Compliance (60 Minutes) •Module 7 - Log Management with vRealize sight - (60 Minutes) •Module 8 - Power CLI (60 Minutes)
HOL-SDC-1610
Page 214
HOL-SDC-1610
Module 3: Manage Capacity Risk and Plan for the Future - (60 Minutes)
HOL-SDC-1610
Page 215
HOL-SDC-1610
Manage Capacity and Risk With virtualization visibility into the capacity of the virtual infrastructure can be difficult to determine. Furthermore, with things like over commitment, Transparent Page Sharing (TPS) and Thin Provisioning understanding the true capacity of the environment is near impossible. vCenter provides some tools to help determine this but in environments larger than a few virtual machines this can be a difficult time consuming task to manage. vRealize Operations Manager tracks the capacity usage of the environment using data provided through solutions. As it collects the raw data on virtual machines, hosts, networks and storage it will determine trends in the environment. Capacity Remaining badge is calculated as the percentage of capacity remaining compared to the total capacity of a selected object. Through forecasting and based on the policy that is defined by the vRealize Operations Manager s can be notified of capacity shortfalls that may turn into health or performance problems. This allows s to identify issues before they become a problem. As capacity levels falls risk is introduced. The Risk badge is determined by alerts from Capacity Remaining, Time Remaining and Stress. Risk identifies things that may become a health problem if not addressed in the near future. Before we get started with the lab it is good to have a basic understanding of the for capacity planning in vRealize Operations Manager. This video will provide a quick overview.
vRealize Operations - Capacity Planning Basics
HOL-SDC-1610
Page 216
HOL-SDC-1610
Capacity Management Policies Understanding capacity and having the ability to quickly assess capacity and capacity risk in any environment is critical in today’s software defined data center. vRealize Operations Manager helps you apply demand & allocation capacity planning principles while managing the capacity of your virtual and cloud environments across any object type. The great thing is vRealize Operations Manager allows you to leverage both of these capacity models via policies that you assign to workload containers or groups of resources. You can set up the policy to best manage the environment for performance (e.g. production), or for higher density and utilization (e.g. test/dev), or BOTH. Here’s a video on how this all works in vRealize Operations Manager.
Capacity Planning
HOL-SDC-1610
Page 217
HOL-SDC-1610
to vRealize Operations Manager Console 1. Launch Firefox from the tool bar 2. Click on the shortcut for vROPs-HVM 3. using the credentials Authentication Source: "Local " Name: "" : "VMware1!" 4. Click "" NOTE: vROPs-HVM has been placed in historical view mode (HVM) to show how an environment that has been running for some time with actual data looks and can be viewed.
Navigate to vSphere World 1. Click the globe icon to take you to the environment screen in the left pane 2. Scroll down and select "vSphere Hosts and Clusters" section
HOL-SDC-1610
Page 218
HOL-SDC-1610
This section represents all of the vCenters, Hosts and Clusters within the environment that are connected to the vRealize Operations instance.
View the vSphere World Capacity Remaining 1. Select the "Analysis" tab across the top. 2. Select the "Capacity Remaining" tab.
HOL-SDC-1610
Page 219
HOL-SDC-1610
The right pane will load the capacity remaining badge. The badge number is the percentage of usable capacity within the object, in this case vSphere World. The badge color is determined by the policy. The default policy is set to 0, 25, 50, 75. Where 0 is red and anything above 75 is green. This can be adjusted for each object. We are also presented with a graph to the right of the badge. This graph is the capacity trend for the object over 30 days by default. This can also be adjusted for the environment.
Related Objects Capacity Scroll down and you will see the Capacity Remaining in Related Objects view. This can be used to identify if there are related objects in the environment that may also have low capacity.
HOL-SDC-1610
Page 220
HOL-SDC-1610
View Cluster Capacity Remaining Badge and Trend 1. Drill down to east-mgmt. vRealize Operations Manager will keep you on the Capacity Remaining Badge as you drill down. Here we see the Capacity Remaining badge for the cluster. Note that the shape is the same. The Capacity Remaining badge will always be a hexagon. We can also see the Capacity Remaining Trend for the last 30 days. Again this is set in policy. Each object type can have its own data range policy.
HOL-SDC-1610
Page 221
HOL-SDC-1610
View Cluster Capacity Remaining Capacity Remaining Breakdown: This section will identify how many more virtual machines will fit within the cluster. There are four categories of VM's Small, Medium Large and Average. Average is based off of the average size of the VM's deployed within the environment. You may also select With or Without committed projects. This allows you to take into any projects in the pipeline that have resources reserved. These numbers also take into the use of HA and the settings determined there, in addition to the reservation buffers defined in vRealize Operations policy settings.
HOL-SDC-1610
Page 222
HOL-SDC-1610
Understand Growth Trends and Burn Rates 1. 2. 3. 4. 5.
Select the "Details" tab Select "Views" Enter "trend" and click "Enter" on the keyboard Select "Cluster U Demand Forecast Trend" Click the arrow on pane border to shrink the left pane.
HOL-SDC-1610
Page 223
HOL-SDC-1610
Cluster U Demand Forecast Trend From this graph we can identify using the solid line, the U Demand on the cluster. The dotted line is the U Demand forecast. From this we can identify the if we will need additional hosts for future demand. 1. Adjust the data range using the calendar icon to see more historical data. 2. Adjust the forecast time by click the clock icon. This can be used to forecast further out into the future than the default 30 days. Select other trend graphs: • • • • • • • •
Cluster Cluster Cluster Cluster Cluster Cluster Cluster Cluster
Badge Analysis Forecast Trend IOPs Trend View Memory Usage and Demand (%) Trend View Networking Usage (KBps) Trend View VM Growth Trend View Average Latency (ms) Trend View U Demand (%) Trend View Disk I/O Demand Forecast Trend
(When finished reviewing, click the small arrow on pane border from point 5 in the previous step, to bring back the navigator windows on the left)
vSphere Risk Dashboard 1. Click the Home icon 2. Select the "Recommendations" tab 3. View the Risk Risk is likelihood of a negative consequence based on the current, stress, capacity and time remaining of an object. For example, if a datastore is filling up at a pace of 100 GB
HOL-SDC-1610
Page 224
HOL-SDC-1610
per week we know that the risk of it running out of space in x days is likely. We can trigger an alert on this and proactively fixing a potential problem. In the past we may have waited for a vCenter alert to show 95% used or for an to notice and resolve the issue. More than likely an issue such as this would go without notice until the datastore was full and all the VM's stopped causing an outage. The risk displays alerts on the environment and decedents of the selected object in the hierarchy.
HOL-SDC-1610
Page 225
HOL-SDC-1610
Virtual Machine has continuous high U usage 1. Scroll to the bottom of the Top Risk Alerts for Descendants and select "Virtual machine has continuous high U usage causing stress". Here we see all the Risk alerts for the entire environment. Clicking on any alert will take you to the alert and give you more information.
HOL-SDC-1610
Page 226
HOL-SDC-1610
Risk Issues Here we can see a summary of all the VMs that are exhibiting this issue. 1. Click on the 'View Details' link next for the bna-west entry.
HOL-SDC-1610
Page 227
HOL-SDC-1610
Oversubscribed Storage Pool Alert This lets us see: 1. More details on the alert. We are able to see an explanation and why it occurs. 2. A recommendation, with the option of a simple click to fix button. 3. What is causing the issue and in our case a recommendation on how many U to add.
vSphere World Details 1. Select the Environment icon 2. In the left pane select "vSphere Hosts and Clusters"
HOL-SDC-1610
Page 228
HOL-SDC-1610
This view will show us the Health, Risk and Efficiency for the vSphere World. vSphere World is a grouping of all vCenters and their clusters.
HOL-SDC-1610
Page 229
HOL-SDC-1610
Cluster Capacity and Risk 1. Click "Details" tab 2. Enter "Cluster" into the search bar and click "Enter" 3. Select the "Cluster Capacity Risk Forecast" view This report will give a list of the clusters, number of running virtual machines, and capacity remaining for the next 30, 60 and 90 days. This list can be used to easily determine if the cluster is running low on resources.
HOL-SDC-1610
Page 230
HOL-SDC-1610
Datastore disk I/O Diagnose List 1. Clear the "Cluster" filter 2. Enter "Datastore" and click "Enter" on the keyboard 3. Select the "Datastore Disk I/O Diagnose List" view This view provides a list of datastores with their Workload, Stress and I/O information. This report can be used to determine if a datastore is being over utilized or having potential performance problems.
Health Alerts Navigate to the recommendations dashboard 1. Click the Home icon 2. Select the "Recommendations" dashboard Here we see the Health column. The health score is the "Health" for the entire environment. The Health badge color will change depending on the alerts. If an alert is triggered that is set to affect the overall environment health the color will change. Health alerts are alerts that may currently be causing a performance impact or outage.
HOL-SDC-1610
Page 231
HOL-SDC-1610
Such as Virtual Machine guest file systems out of disk space. This could cause an immediate outage if not remedied.
HOL-SDC-1610
Page 232
HOL-SDC-1610
Top Health Alerts Select the "One or more virtual machine guest file systems are running out of disk space" alert under the health badge.
HOL-SDC-1610
Page 233
HOL-SDC-1610
Guest File System Health Alert Click "View Details" next to "vrbe-01a"
HOL-SDC-1610
Page 234
HOL-SDC-1610
Virtual Machine Guest File System Health Alerts 1. Expand out the What is Causing this Issue section Here we see the alert page for this specific virtual machine. The alert page is made up of a set of symptoms and recommendations. There can be more than one recommendation for an alert and they can be customized for your organizations specific needs. The symptom section includes all of the symptoms that make up this alert. The Guest File System warning alert is triggered when the operating system has a drive that has greater than 85% of its capacity used. 2. When you are finished reviewing the alert, click the "Home" icon.
vSphere Datastore Dashboard 1. Click the drop-drown arrow for the Dashboard List 2. Select vSphere Dashboards 3. vSphere Datastores.
HOL-SDC-1610
Page 235
HOL-SDC-1610
From here we can quickly get a heatmap displaying the datastores. Heatmaps graphically display information to allow the to quickly identify points of interest. This dashboard displays the datastores by capacity using the size of the boxes to display the total capacity of the datastore. The color is represented by datastore workload. As the datastore workload is increased the color will change from green to red.
Conclusion Capacity Remaining provides s with a view of the available capacity of the environment. This information which traditional took many hours to compile and track can now be monitored in near real time allowing s to quickly provide data to management on capacity trends, and future capacity shortfalls. Capacity Remaining can be tracked at many levels to provide granularity. Understanding of object relationship can provide further detail to scope of capacity short falls. Risk alerts can be used to see potential capacity shortfalls in capacity. Health alerts can provide information on immediate issues that could cause performance or availability issues.
HOL-SDC-1610
Page 236
HOL-SDC-1610
Increase Operational Efficiency In a virtual environment the ability to quickly instantiate a virtual machine or expand a virtual machines resources is very simple and convenient. This could lead to virtual machines that are over provisioned and under others that utilized. This is not efficient and can have large costs associated with it in the form of CapEx for additional hardware and OpEx in managing that hardware. Reclaiming these over-committed resources can reduce operational costs through differing or avoiding purchases of additional hardware. By understanding potential density ratios, we can identify opportunities to consolidate clusters.
HOL-SDC-1610
Page 237
HOL-SDC-1610
Efficiency Alerts 1. Select the "Recommendations" dashboard The Efficiency shows at a glance how the environment is using available resources. Efficiency allows s to get the most out of the resources they have already purchased. This can result in delaying hardware purchases. Efficiency alerts do not require immediate attention; these alerts will just help improve the environment.
HOL-SDC-1610
Page 238
HOL-SDC-1610
Environment - vSphere Hosts and Clusters 1. Click on the Environment tab (the globe). 2. Select 'vSphere Hosts and Clusters' from the left hand navigation pane.
HOL-SDC-1610
Page 239
HOL-SDC-1610
Reports Reports are a great way to consume efficiency information since this information generally does not need to be reacted on right away. Reports may be generated at any level. Depending on the object type selected different reports will become available under the reports tab. 1. Select the "Reports" tab.
Oversize VM Report 1. 2. 3. 4.
Search for "oversized" in filter box Select the Oversized VMs Report Click "Run Template" button The Generated reports number will update to 1.
View Reports 1. Select the "Generated Reports" section 2. You will see the report you just generated listed Reports can be viewed either as a PDF or a CSV. Other reports relating to Efficiency:
HOL-SDC-1610
Page 240
HOL-SDC-1610
• Idle VMs Report • Oversized VMs Report • Power Off VMs Report
Open PDF 1. Once the status shows 'Completed', click the PDF icon next to the report 2. Select "Open with Google Chrome" 3. Click OK The report will open in Google Chrome. Reports are a great way to share the information with vRealize Operations with another team or a manager. Reports are generated from the object level where the report template is run. For example, if you have a vCenter Folder of all the finance VMs. A report could be generated for just those objects. Making the report relevant to that specific group. Close the report when you finish reviewing it.
HOL-SDC-1610
Page 241
HOL-SDC-1610
Reclaimable Capacity at vSphere World 1. Select the "Analysis" tab 2. Select the "Reclaimable Capacity" section. (May have to scroll to the right) The reclaimable capacity badge indicates if there are resources that may be recovered. The top level badge is for the whole environment and indicates how well resources are being utilized as a whole. By reclaiming capacity resources can be redistributed to other virtual machines. Objects that are rated critical have large amounts of resources available for reclamation.
HOL-SDC-1610
Page 242
HOL-SDC-1610
Future Analysis Select the "Virtual Machine Reclaimable Capacity" in the Further Analysis pane.
HOL-SDC-1610
Page 243
HOL-SDC-1610
Virtual Machine Reclaimable Capacity This will take you to the Details tab where you will be presented with a table of the reclaimable U/Memory/Filesystem and Old Snapshots for all the virtual machines in the environment. From here you can see opportunities to reclaim available resources from specific virtual machines in your environment. This list can be exported to a CSV by selecting the Export icon. These numbers should be used as a guide to determine the actual resources needed.
Reclaimable Capacity at Cluster 1. 2. 3. 4.
Expand vSphere World, vc east and then msbu-east in the left pane Select the cluster "east-apps" from the list Select the "Analysis" tab Select the "Reclaimable Capacity" section (May have to scroll to the right)
The cluster level will show the reclaimable capacity for all the virtual machines in that cluster. This metric will take into the HA Failover setting in vCenter. For
HOL-SDC-1610
Page 244
HOL-SDC-1610
example, if you are using N+1 failover the vRealize Operations will add an additional host for failover into the calculation for Reclaimable Capacity. It will also take into any capacity reservation Buffers defined in vRealize Operations policy. The default policy is 25% this can be adjusted for your specific environment to be as aggressive or conservative on capacity reclamation as your organization feels comfortable with.
HOL-SDC-1610
Page 245
HOL-SDC-1610
Idle and Powered Off VMs Scroll down to the "Child Objects with Reclaimable Capacity"pane. From here we get a break down of Oversized, Idle and Powered Off VMs. Oversized VMs are Virtual Machines that have been over provisioned and have resources that may be reclaimed. Idle VMs are the VM's that appear to be doing nothing and all of its resources are considered reclaimable. Powered Off VMs are just as it sounds, virtual machines that are not powered on at this time and therefore have storage that could be reclaimed as well as allocated U and Memory.
Cluster Dashboard 1. Click Home in the left pane 2. Click the arrow next to the "Dashboard List" and select the "vSphere Clusters" dashboard under "vSphere Dashboards".
HOL-SDC-1610
Page 246
HOL-SDC-1610
There are several preconfigured dashboards. The vSphere clusters dashboard provides a place to compare cluster utilization by U demand and memory usage. There are other pre-configured dashboards that are available for viewing specific data within the environment. 3. Click on "west-mgmt" in the "Top 25 Clusters by U Demand(%) (24h)" widget. Notice the sparkline information populates in the widget below.
HOL-SDC-1610
Page 247
HOL-SDC-1610
Open west-mgmt Let's look a bit more into the west-mgmt cluster. Double click on the "west-mgmt".
HOL-SDC-1610
Page 248
HOL-SDC-1610
Density View 1. 2. 3. 4.
Select the "Analysis"tab Select the "Density"badge (May need to scroll to the right) Expand the "U" section Expand the "Demand" section
The table shows the Average to Optimal ratios for the virtual machines U resources in this cluster. This means that our average virtual U (what's used in the virtual machines) to physical U (what's installed in the ESXi hosts) is close to what vRealize Operations has calculated as optimal.
to vROPs-01a Navigate and to the vRealize Operations Appliance, vROPS-01a. 1. Click the bookmark to "vROPS-01a"
HOL-SDC-1610
Page 249
HOL-SDC-1610
2. using name "" and "VMware1!" 3. Click
HOL-SDC-1610
Page 250
HOL-SDC-1610
Custom Datacenters 1. Click on the "Environment" globe 2. Next, click the "Custom Datacenters" link in the left-hand navigation pane.
HOL-SDC-1610
Page 251
HOL-SDC-1610
Custom Datacenter View 1. Expand out the 'Shared' dashboard and click on 'Cluster Site A' 2. Select the "Analysis" tab 3. Select "Reclaimable Capacity" Custom Datacenters is a new object container within vRealize Operations. Custom Datacenters can be used to place, hosts, clusters, virtual datacenters from multiple vCenters into a single group. For example, a set of clusters that are licensed for SQL may be placed into a custom datacenter to provide data on all SQL VM's and hosts from a single view.
Conclusion The Efficiency badge represents how well resources are being used. The badge is affected by the Capacity related analysis badges. Efficiency generally does not need immediate attention but identifies areas of optimization opportunity within the environment. Reclaimable capacity can be a key indicator of an environments overall capacity. Identifying reclaimable capacity can help to defer or avoid cost directly saving on CapEx. Reports can be utilized to find areas of opportunity and to create a plan to reclaim capacity from the environment. Density can be used to determine if a capacity provider object is meeting its optimal density goals (optimal VM to Host ration).
HOL-SDC-1610
Page 252
HOL-SDC-1610
Ensure Future Capacity Through Capacity Modeling to vROPs-01a If you are not already logged in to vROPS-01a, please navigate and to the vRealize Operations Appliance, vROPS-01a. Otherwise, please proceed to the next step. 1. Click the bookmark to "vROPS-01a" 2. using name "" and "VMware1!" 3. Click
HOL-SDC-1610
Page 253
HOL-SDC-1610
Navigate to Custom Profile 1. Click the "Content" icon on the top of the left pane (Note: you may have to use the ">>" to see it). 2. Select "Custom Profiles" 3. Click the green plus to create a profile.
HOL-SDC-1610
Page 254
HOL-SDC-1610
Custom Profile 1. Enter a Profile Name of "Web-Server-P2". 2. Select Object Type of "Virtual Machine" from the drop down. (TIP - type 'Virtual' the search will show the available options - select 'Virtual Machine' from the list of options 3. Enter a vU (1), Memory (512 MB) and Disk Space Allocation (5 GB) as seen above. This profile is based on an allocation. A reference machine can also be used by using the "Populate metrics from..." button. Additionally, you can remove the "Allocation" from the Filter and create a more specific workload.
Capacity Remaining Navigate to Cluster Site A under Environment 1. Click the globe icon titled "Environment" 2. Navigate to "vSphere Hosts and Clusters", "vSphere World", "vCenterMonitor", "DataCenter Site A", "Cluster Site A"
HOL-SDC-1610
Page 255
HOL-SDC-1610
3. Select the "Analysis" tab from the top. 4. Select "Capacity Remaining" 5. View the Custom Profiles How many additional Web Servers can be added? The Custom Profiles calculate how many additional workloads of a certain configuration the environment can handle. This is based off of current usage as well as committed projects. Additional Profiles can be created by clicking the plus sign next to the "WebServer-P2" profile. NOTE: If you see a question mark instead of a number the calculation has not happened yet. Calculations in this environment have been sped up to occur every minute but the number can take 5 minutes or more to appear. Generally, these happen on a 24-hour period so it may take longer to appear in your environment. If the number does not appear move on and check back.
Project Creation Customers are always adding and removing virtual machines from their environment and it is not always easy to track all the projects that are taking place and how they will affect the capacity of the virtual infrastructure. Let's create a project to look at how adding additional VM's and Hosts will affect our clusters resources. 1. Select the "Projects" Tab at the top of the page. As you can see from the graph, where the green and blue lines intersect, at the current rate we will run out of U on August 18th. This is based on the current U Demand trend. If a VM starts to use more or less of the allocated U the date may change.
HOL-SDC-1610
Page 256
HOL-SDC-1610
2. Currently "Most Constrained" is selected as the "Capacity Container" this can be changed to see how other resources are being used. 3. Click the green plus to create a project. NOTE: The screenshots in the lab manual may differ from the graphs in your lab environment.
HOL-SDC-1610
Page 257
HOL-SDC-1610
Create a Project 1. Give the project the name 'Add 2 VMs' and something descriptive. 2. Select the Scenarios section
Add VM Project 1. Drag "add Virtual Machine" to the right pane where it says "Drop scenarios here" 2. Change the "Implementation Date" to 1 week forward 3. Click the up arrow to increment the servers to "2" Virtual Machine 4. Change the "Memory - Allocation model" to "512" MB Change the "U - Allocation model" to "2" vUs
HOL-SDC-1610
Page 258
HOL-SDC-1610
5. Click the "Save project and continue editing" button. The graph at the top will change to show the effects of the project. You can see when the project is implemented how it will affect the most constrained resource. You can see from the graph above by adding two VMs we will run out of resources. 6. Click Save
HOL-SDC-1610
Page 259
HOL-SDC-1610
Create an Add Host Project 1. Click the green plus to start a new project 2. Give the project the name "Add 2 Hosts" and something descriptive 3. Select the "Scenarios" section
HOL-SDC-1610
Page 260
HOL-SDC-1610
Add Host Project 1. 2. 3. 4.
Select "add Host System" and drag it to the right pane Click the up arrow to increment the number of Host Systems to "2" Click "Populate metrics from..." button. Select "esx-01a.corp.local" Click Save
HOL-SDC-1610
Page 261
HOL-SDC-1610
Visualize the Add 2 VMs Project 1. Drag the "Add 2 VM's" to the section below the graph 2. (if you don't see Memory Allocation select from the drop-down) We can see on the graph that now we have a capacity shortfall of memory allocation. Your screen may show U Demand or a different resource as being the most constrained. You can adjust the "Capacity Container" to see how other resources are affected by adding two VMs. The RED indicates capacity shortfall.
HOL-SDC-1610
Page 262
HOL-SDC-1610
View both of the Projects Now that we have a capacity shortfall lets fix it by adding additional capacity resources. 1. Select the "Add 2 Hosts" and drag it to the section below the graph by the "Add 2 VM's" project. 2. Change the "Capacity Container" to view the effect on different resources. The green line indicates an addition of resources while the blue line indicates resources being consumed. The graph above shows that we added two additional hosts before the demand crossed the green line so there will not be a short fall.
HOL-SDC-1610
Page 263
HOL-SDC-1610
Edit the Project 1. Select the "Add 2 VM's" 2. Click the pencil to edit the project
Commit the Changes 1. Select "Committed - badges affected" 2. Click Save
HOL-SDC-1610
Page 264
HOL-SDC-1610
View the Graph Committing the project will affect the Capacity Remaining and the Time Remaining badges as if the two VM's were actually added to the cluster immediately.
HOL-SDC-1610
Page 265
HOL-SDC-1610
Navigate to Custom Datacenters 1. Select Environment icon 2. Click Custom Datacenters 3. Expand Shared Custom Datacenters is a new object container construct within vRealize Operations. Custom Datacenters can be used to group hosts, clusters, virtual datacenters from multiple vCenters into a single group for capacity management and planning capabilities. These might be used to combine multiple clusters licensed for SQL together. This way a project can look at how it affects just that set of clusters. The projects we already created are available. You can also try creating additional scenarios and see how it affects the Custom Datacenter.
Conclusion Capacity Remaining can be used to determine how many additional virtual machines can be added to a cluster. Using the Custom Profile the can specify a specific configuration profile specific to their environment to have an easy way to determine how many more VM's there is room for. Using projects, you can plan out adding of resources and demand to determine when additional resources need to be added and what resources will be constrained. The projects can be scheduled out into the future or committed to show the actual effects on Time and Capacity remaining.
HOL-SDC-1610
Page 266
HOL-SDC-1610
Module 4: Optimize Workload Performance while Maintaining Business Priorities - (60 Minutes)
HOL-SDC-1610
Page 267
HOL-SDC-1610
Module Preparation In this module we will be covering SDRS (Storage Distributed Resource Scheduler), SPBM (Storage Policy Base Management), Right Sizing, DRS (Distributed Resource Scheduler) and Workload Placement. Several of these topics require load and this load needs to exist for a period of time to help keep this module running smoothly. The next couple of steps will walk you through generating that load.
Start U Load simulation on the Virtual Machines (linuxU-Load-01a and 02a) Minimize any running applications. Next load PuTTY from the Desktop or from the Launch bar.
HOL-SDC-1610
Page 268
HOL-SDC-1610
PuTTY to linux-U-Load-01a VM 1. Select linux-U-Load-01a 2. Click Load 3. Click Open
HOL-SDC-1610
Page 269
HOL-SDC-1610
Start U Load simulation for linux-U-Load-01a 1. At the as: prompt, type root and press enter. No will be required 2. At the linux prompt, type /opt/ULoad.sh 4 and press enter 3. The U load simulation is working if you see Starting U load Note: If you see ash -lt: argument expected, you did not type the "4" at the end of the command. If you got a message ending not found, you did not type the command with the correct case. Simply press the Enter key and retype /opt/ULoad.sh 4, with the 4 and matching the letters that are lower case and upper case. The command can also be copied from the REE.txt file on the desktop, which has an example of the command.
HOL-SDC-1610
Page 270
HOL-SDC-1610
Start 2nd PuTTY session To start a 2nd PuTTy session simply: 1. Right Click on linux-U-Load-01a 2. And select PuTTY
HOL-SDC-1610
Page 271
HOL-SDC-1610
PuTTY to linux-U-Load-02a VM 1. 2. 3. 4.
Use the scroll bar to scroll down to linux-U-Load-02a Select linux-U-Load-02a Click Load Click Open
Note: If you see ash -lt: argument expected, you did not type the "4" at the end of the command. If you got a message ending not found, you did not type the command with the correct case. Simply press the Enter key and retype /opt/ULoad.sh 4, with the 4 and matching the letters that are lower case and upper case. The command can also be copied from the REE.txt file on the desktop, which has an example of the command.
HOL-SDC-1610
Page 272
HOL-SDC-1610
Start U Load simulation for linux-U-Load-02a 1. At the as: prompt, type root and press enter. No will be required 2. At the linux prompt, type /opt/ULoad.sh 4 and press enter 3. The U load simulation is working if you see Starting U load
HOL-SDC-1610
Page 273
HOL-SDC-1610
Confirm two PutTTY session Once completed you should see: 1. 2. 3. 4.
The linux-U-Load-01a.corp.local session in the background The linux-U-Load-02a.corp.local session in the foreground The linux-U-Load-02a load simulator running Minimize both PuTTY sessions and leave running
HOL-SDC-1610
Page 274
HOL-SDC-1610
Open Firefox 1. Open Mozilla Firefox from the Desktop or Quick Launch.
HOL-SDC-1610
Page 275
HOL-SDC-1610
to the vSphere Web Client 1. 2. 3. 4.
Insure you are logging into the vSphere Web Client Enter the name:
[email protected] Enter the : VMware1! Click
HOL-SDC-1610
Page 276
HOL-SDC-1610
Navigate to Hosts and Clusters view 1. Click on Hosts and Clusters in the navigation pane on in the Home tab
HOL-SDC-1610
Page 277
HOL-SDC-1610
Adjusting VM Resource Settings - linux-U-Load-01a 1. Toggle the swizzles, so esx-01a.corp.local, esx-02a.corp.local and the VMs are visible 2. Right click on linux-U-Load-01a 3. Click Edit Resource Settings...
HOL-SDC-1610
Page 278
HOL-SDC-1610
Adjusting VM Resource Settings - linux-U-Load-01a (continued)... 1. 2. 3. 4.
Click the Pull Down and select Custom Enter 1250 for the Custom Shares Enter 1800 for the Reservations (MHz) Click OK to save the changes to linux-U-Load-01a
HOL-SDC-1610
Page 279
HOL-SDC-1610
Adjusting VM Resource Settings - linux-U-Load-02a 1. Right click on linux-U-Load-02a 2. Click Edit Resource Settings...
HOL-SDC-1610
Page 280
HOL-SDC-1610
Adjusting VM Resource Settings - linux-U-Load-02a (continued)... 1. 2. 3. 4.
Click the Pull Down and select Custom Enter 1250 for the Custom Shares Enter 1800 for the Reservations (MHz) Click OK to save the changes to linux-U-Load-02a
Things to / Watch For To keep the lab experience positive, there are a few things to point out.
HOL-SDC-1610
Page 281
HOL-SDC-1610
Clear Alarms The ESXi hosts are 2 Us for the purposes of the Lab. This is compared to a real work ESXi host that can have 80+ cores! it is very easy to over-stress the lab and have hard alerts set, which has been done intentionally to demonstrate learning objectives. The manual warns you to clear them in a later section, but if they pop up at any time while you are in the vSphere Client, clear them by clicking on the Reset to Green link. It is on the summary tab for both Cluster Site A and each individual VM's summary tab. For this module it should only be linux-U-Load-01a or linux-U-Load-02a.
HOL-SDC-1610
Page 282
HOL-SDC-1610
Using the Refresh buttons The Refresh buttons for both the vSphere Web Client and vRealize Operations Manager will help clear stale data and limit the amount of time you are waiting for data to refresh. Most items in the lab have been accelerated, so generally it takes between 1 and 5 minutes to get the expected results. The manual does a good job of warning where timing / refresh issues might arise and does have a valid screen shot of what you would see, so you do not have to wait for the update cycle to occur and can continue on with the next lesson / step. You can also resort to refreshing with the Firefox refresh as well.
Close Firefox 1. Click the Firefox "x" to close Firefox
Preparation Conclusion You have successfully started the U load simulators. Continue with the next lesson and go enjoy the content in this module.
HOL-SDC-1610
Page 283
HOL-SDC-1610
Storage DRS Storage DRS (SDRS) is automatic disk placement for balancing I/O and Disk Space requirements for your virtual environment. For those familiar with DRS, SDRS is to the VMDK (virtual disk) as DRS is to the VM (virtual machine). And much like DRS uses the Cluster construct to aggregate hosts for a pooled compute resource, Datastore Cluster is a construct to aggregate datastores into a pooled storage resource for Storage DRS.
Visualizing Storage DRS (SDRS) The image is a graphical representation of SDRS. "Like" datastores are group together to form a Datastore Cluster. In the image, eight VMDKs (circled in the middle are introduced into the Datastore Cluster and balanced for disk space across the three datastores in the Datastore Cluster. in the right most image, the middle datastore (red and circled) has excessive I/O so SDRS uses Storage vMotion to rebalance the load maintaining both disk capacity and performance. Storage DRS functions to handle realtime spikes / congestion.
HOL-SDC-1610
Page 284
HOL-SDC-1610
What Is VMware vSphere Storage DRS? (5:08)
This is an excellent short video covering all of the SDRS concepts like Datastore Clusters, Load Balancing, Affinity Rules and Datastore Maintenance mode. Note: to press the play button (right arrow in the lower left hand corner) to start the video.
Improving Storage Utilization while maintaining Service Level Agreements (SLAs) Storage is one of the most over-provisioned resources. Many disks are allocated at over double their used capacity. In a thick provisioned environment this leads to waste. Thin Provisioning was developed in vSphere v4 to resolve this waste, but lacked automation to migrate storage workloads as the physical datastore space diminished. Storage DRS combined with Thin Provisioning is an excellent way to improve the utilization of your storage resources while automatically maintaining any SLAs. For those not familiar with Thin Provisioning, it is the ability to over-provisioning allocated storage by presenting the configured storage (say 1 TB) to the virtual machine and only allocated the used storage (say 512 GB) on the specific datastore. This can be combined with vRealize Operations Capacity Management capabilities to forecast when additional storage capacity is necessary.
HOL-SDC-1610
Page 285
HOL-SDC-1610
Creating a Datastore Cluster with Storage DRS (3:23)
This video demonstrates the creation of a Datastore Cluster and specific settings for SDRS. Note: to press the play button (right arrow in the lower left hand corner) to start the video.
Conclusion This concludes the Storage DRS lesson.
HOL-SDC-1610
Page 286
HOL-SDC-1610
Storage Policy Based Management (SPBM) Storage Policy Based Management (SPBM) is the control plane for Software Defined Storage (SDS). vSphere sits between the storage consumers (VMs / applications) and the storage providers (storage arrays / disks). This enables vSphere to act as the control plane between the application’s requirements and the storage’s capabilities. SPBM is a policy-driven control plane and it has the ability to integrate with vRealize Automation, vSphere APIs, PowerShell, and even OpenStack.
HOL-SDC-1610
Page 287
HOL-SDC-1610
Taking a look at Virtual Machine Storage Policies Virtual machine storage policies evolved from the Virtual machine storage profile. The storage policies are used to guarantee that virtual machines are placed on storage that meet specific levels of performance, capacity, availability and other storage based capabilities. As the above diagram depicts, the Storage Policy Management control plane allows the VMs to be automatically and consistently matched with the correct storage. Although storage policies can be applied against traditional storage, the strength and automation come from applying the storage profile against Software-Defined Storage like Virtual SAN (VSAN) and Virtual Volumes.
Additional training from VMware Education VMware Education provides both Fee and Non-Fee based education. The link to Free (Non-Fee) Self-paced eLearning in Local Languages is
HOL-SDC-1610
Page 288
HOL-SDC-1610
https://mylearn.vmware.com/mgrReg/plan.cfm?plan=33611&ui=www_edu. The print screen above shows the education that is available (in multiple languages). Highlighted is Software-Defined Storage self-paced training, which is 2 hours in length and covers Profile Driven Storage along with numerous other Software Defined Storage (SDS) fundamentals. The print screen also shows additional training that is available.
Deeper look at Storage Policy Based Management (and SDS) via Hands on Labs (HOL) If you are interested in learning more about SPBM, take the HOL-SDC-1627 lab which provides a more in-depth look at SDS / SPBM. This concludes the Storage Policy Based Management lesson.
HOL-SDC-1610
Page 289
HOL-SDC-1610
Right Size Right Sizing is the art of maximizing resource utilization, while minimizing resource contention and maintaining SLAs. vSphere remains the best method to manage basic contention, but does not gather the necessary data required for long term analysis. vRealize Operations has specific functions that are geared towards reducing Risk and improving Efficiency in your environment. For this lesson, we will be using vRealize Operations (vR Ops) to analyze VMs for Right Sizing. As a point of reference, vRealize Operations calculates certain Dynamic Thresholds (DTs), Metrics and Badges nightly (default is 9 PM), which is not conducive to a Lab where modules are completed in less than 90 minutes. For the purposes of this lab, these values have been accelerated, however this would not be ed in a Production environment.
Reviewing the Summary tab (Overview) In this section, we will cover how to utilize the Summary and Analysis Tabs to Right Size Virtual Machines (VMs).
HOL-SDC-1610
Page 290
HOL-SDC-1610
Open Firefox. Minimize any running applications and load Firefox from the Desktop or from the Launch bar.
HOL-SDC-1610
Page 291
HOL-SDC-1610
to vRealize Operations (vROPs-01a) 1. 2. 3. 4. 5. 6.
Select vROPs-01a from bookmarks Ensure the URL is to vrops-01a.corp.local Confirm Authentication Source is set to Local s In the name field enter . In the field enter VMware1!. Click the button.
Note: The authentication source for the lab is Local s. Additional authentication sources can come from LDAP sources.
HOL-SDC-1610
Page 292
HOL-SDC-1610
Navigate to Environment Overview In the navigation pane, click on either the Environment Icon or Environment in the navigation tree. Note: The Home, Alerts, Environment, Content and istration icons (at the top of the navigation pane) are always visible, but the navigation tree will differ based on where you have navigated to.
HOL-SDC-1610
Page 293
HOL-SDC-1610
Navigate to vSphere Hosts and Clusters 1. In the navigation pane, click on vSphere Hosts and Clusters. Note: It's beyond the scope of this lab to cover all the grouping constructs, but vRealize Operations has numerous ways to group / view objects and metrics. Module 2 did cover a quick overview of Custom Groups and the last lesson in this module will cover Custom Datacenters. This is a functioning lab, so feel free to navigate through the different grouping constructs under Environment Overview (if time permits).
Summary Tab Click on the swizzles to expand the vSphere World, vCenter-Monitor, Datacenter Site A and Cluster Site A and stay highlighted on Cluster Site A. The Summary tab should automatically be selected. if not, select the Summary tab. 1. The first thing to notice is the two Alert boxes for each major badge (Health, Risk and Efficiency). The top row boxes apply to the object highlighted in the
HOL-SDC-1610
Page 294
HOL-SDC-1610
navigation pane (in this case Cluster Site A). The lower alert boxes apply to all the decedents of the selected object. The Health Badge color can vary. Sufficient load was generated to cause Health to go "red" in the example above. Since this is a lab, you might also see slightly different alerts. Alerts in vRealize Operations are smart and can combine multiple symptoms and intervals prior to triggering. vCenter alerts should still be used for immediate issues like Network link down, ESXi host failures, HA events and the like that are immediate in nature. vR Ops alerts are based on data collected at 5 minute intervals (default setting that should only be altered in rare circumstances) and augment vSphere by being able to correlate issue over time like chronic high workload (stress). Although the focus is Right Sizing, the following will provide a brief description of the major badges and associated alerts. 2. The Health alerts most closely relate to vSphere. For this badge, vR Ops can augment vSphere by being able to correlate issue like high workload and high anomalies as an identification of abnormal VM behavior. Health and the associated alerts would be more suited for daily operations management activities rather than a Right Sizing activity. The minor badges associated with Health are Workload, Anomalies and Faults. 3. The Risk alerts are an excellent starting point for any Right Sizing activity focused on Undersized VMs. The minor badges associated with Risk are Capacity Remaining,Time Remaining and Stress. Capacity Remaining and Time Remaining are functions of Capacity Management. The Stress minor badge is an excellent indicator for Right Sizing objects monitored by vR Ops that are undersized. If you are new to vRealize Operations, Right Sizing undersized VMs (versus Oversized VMs) is an excellent place to start in your virtualized environment. 4. The Efficiency alerts are focused on optimization. For any Right Sizing exercise focused on Oversized VMs, Efficiency is the place to go. The minor badges associated with Efficiency are Reclaimable Capacity, Density and Compliance. Focus around the Reclaimable Capacity minor badge would help identify Oversized, Powered Off and idle VM capacity that could be reclaimed.
HOL-SDC-1610
Page 295
HOL-SDC-1610
HOL-SDC-1610
Page 296
HOL-SDC-1610
Viewing a Stress Alert The U Load generated at the beginning of this module should now be long enough to trigger the continuous high U usage.. alert. You should have an alert similar to the one in the screen shot above. Click on this alert to drill into the details. If for some reason this alert is not available, you can open any generated alert for an understanding of viewing the alert details.
HOL-SDC-1610
Page 297
HOL-SDC-1610
Stress Alert (Summary screen) The summary screen only appears if multiple objects have triggered the specific alert. If you selected an alert that did not have multiple objects, that screen will be explained on the next step. In this example, the summary pane shows all VMs that have the continuous high U usage.. alert. For this lesson, we are going to click on View Details for linux-U-Load-01a. Note: Continue to the next step if you selected an alert with only one object.
HOL-SDC-1610
Page 298
HOL-SDC-1610
Stress Alert (Details) The Alerts Detail page is very powerful and had a considerable amount of data. 1. 2. 3. 4.
The navigation pane provides the Alert Details and the Impacted Object. On the right, there is detailed information on the Alert. in the middle, the Summary tab has the symptom(s) causing the alert. If Recommendations were created for the Alert, they will also be displayed potentially with a one-click remediation button if an action is associated. 5. As a final step, you can click on the impacted Object Symptoms, Timeline and Relationships tabs. The Metric Charts tab allows you to drill into detail metrics for the impacted object and the Notes tab will contain any notes that have been added to this specific alert.
HOL-SDC-1610
Page 299
HOL-SDC-1610
Navigating back to the Cluster view 1. in the navigation pane, click on the Go Back button to return to the Cluster view.
Right Sizing using Reports 1. Confirm you are highlighted on Cluster Site A 2. Note: While building this document, you can see that the Cluster Health alert cancelled and the Cluster Health has gone back to green. 3. Click on the Reports tab.
Reports Tab 1. From the reports tab, use the scroll bar to show the Virtual Machine report Stressed VMs Report. The reports are in alphabetical order. 2. Click on the Stressed VMs Report and avoid clicking on the Generate Reports or Scheduled links.if you click on either, just navigate back to the Report Templates tab. 3. Click on the Run Template button. This will start the report generation. 4. Click on the Generated Reports link. You could also click on the Generated Reports tab, (at the top of the screen) but this will not filter to just the Stressed VMs Report. For the lab, this is not critical but when you have dozens of generated reports it becomes important to filter to reduce the time it takes to find a specific report.
HOL-SDC-1610
Page 300
HOL-SDC-1610
Note: For the purposes of this lab, we are only looking at a single report. As you can see there are dozens of reports available at the Cluster level. The reports will change based on where you navigate to in the navigation bar, but you could run this report at the vSphere World level to capture all stressed VMs identified in vR Ops. We only have a single cluster with two ESXi hosts, so we just ran the report at the cluster level.
HOL-SDC-1610
Page 301
HOL-SDC-1610
Generated Reports Tab You should now be on the Generated Reports tab. 1. Press the Refresh button if the report does not show Completed. 2. Since we selected the Generated Reports link from the specific report, a filter was set. if there were additional reports within this cluster you wanted to see, you can click the expand icon and delete filters. 3. The detail line for each report will contain information about the specific report generated. 4. Click on the PDF icon to view the report. Note: Reports can be output as either PDF or CSV.
HOL-SDC-1610
Page 302
HOL-SDC-1610
Opening the Report 1. Select the radio button for Open with. 2. Confirm Google Chrome is in the drop down box. 3. Click OK to open the PDF in Chrome. Note: To keep the lab compact, we are using Chrome to view PDFs rather than loading up a more feature rich PDF viewer.
HOL-SDC-1610
Page 303
HOL-SDC-1610
Viewing the Report 1. Use the scroll bar to scroll down to the details page 2. Locate the page with the header 1. Virtual machine Recommended U and Memory Size 3. Although additionalVMs may be on the report, you should be able to locate linuxU-Load-01a and 02a Note: We are not going to attempt to remediate. This capability was demonstrated in Module 2 of this Lab. Your report should show that both vVM (virtual VMs) are undersized due to the load we are generating and would benefit from an additional vU being added.
HOL-SDC-1610
Page 304
HOL-SDC-1610
Close down Chrome and the Report 1. Close down Google Chrome and the report by clicking on the x Note: There are some 30+ OOTB (Out of the Box) reports. Although this is a lab with limited data, most will populate with some level of content. if time permits, you are welcome to generate and review other reports in vRealize Operations.
Reviewing the Analysis tab and Stress sub-tab (Overview) In this section, we will review the content available for reviewing Right Sizing in the Stress minor badge tab within the Analysis tab.
Navigate to the Analysis / Stress tabs Go back to Firefox and insure you are on: 1. The cluster Cluster Site A. 2. The Analysis Tab. 3. The Stress Tab within the Analysis Tab.
Analysis tab and Stress sub-tab Overview The Analysis Tab covers all the minor badges for Health, Risk and Efficiency. For the purposes of this lesson, we will focus on the Stress Tab within the Analysis tab. The Stress Tab is well organized and contains a wealth of information:
HOL-SDC-1610
Page 305
HOL-SDC-1610
1. At the top, the highest stressed resource is displayed. In many cases, the level of stress for the object will be low and the Stress minor badge will be green. Since we are generating U load, U Demand will be displayed in this box. 2. Worth noting is the What is Stress? link and See video link. Click the What is Stress? link to get a better understanding of this minor badge.After reading the definition of Stress, click the X to close the informational window. Do not bother clicking the See video link in the upper corner or in the What is Stress? link. Due to the configuration of this lab environment, these links will not work. 3. The Workload Graph is a great graphical representation of when demand is the highest. Since this is a lab environment with no historical data, this does not do justice to the graphical load over time that will be displayed in a Production deployment where data has been collected for week/months. 4. The links in Further Analysis will navigate you to the Details tab and the specific View selected. You can click on any of the links to see the Details view. Once complete, just navigate back to the Analysis / Stress tabs. Note: In the screen shot above you will notice the stress minor badge is Red and at 235, while in your lab could be Green. As you see in the top box (circled), stress is trended on a 30-day basis. Without playing with the Lab's date/time or tweaking the stress trending, there isn't sufficient time for the system to calculate and update for issues that persist over multiple days and the analytics engine to determine a stress score other than zero. The purpose of this lesson is to demonstrate the content available and not the specific values.
HOL-SDC-1610
Page 306
HOL-SDC-1610
Analysis tab and Stress sub-tab Overview (continued) 1. Use the scroll bar to display Stress Breakdown and Cluster Computer Resource Resources. 2. The Cluster Computer Resource Resources provides details on the number of running ESXi Host and Virtual Machines, along with the Stress Policy Settings. 3. The Stress Breakdown box shows compute (U and Memory) with anything exhibiting Stress in Red. By default, Network and Disk stress are disabled. This is a policy setting, so disk and network stress calculations can be enabled. Keep in mind that this will increase load on the vROps Analytic Cluster and monitor the cluster for sufficient resources. Note: Again, you may not see stress in your lab due to multiple lab environment factors.
HOL-SDC-1610
Page 307
HOL-SDC-1610
Analysis tab and Stress sub-tab Overview (continued) 1. Use the scroll bar to display Child Objects with Stress. 2. The Child Objects with Stress box displays the breakdown for stress of the child objects. It is very valuable to be able to view the correlation of stress between Parent and Child objects to see if stress with one is affecting the other.
HOL-SDC-1610
Page 308
HOL-SDC-1610
Analysis tab and Stress sub-tab Overview (continued) 1. Use the scroll bar to scroll all the way to the bottom and display Stress in Related Objects. 2. The Stress in Related Objects boxprovides details on whether peer objects are exhibiting stress. in this example we can see that both of the child objects (ESXi Hosts) of the parent cluster are exhibiting stress. This may also vary in your lab based on where all the VMs currently reside. 3. Hover over the skittle and all of the minor badges (along with the object name) will be displayed. Note: Although we did not cover all the minor badge tabs, it is worth noting that considerable effort was made to maintain consistency for each minor badge panes. For example, there is a What is ?? and See video link for each minor badge (although the videos will not work in the lab). And the object driving the value of the badge will always be displayed at the top. These types of efforts should help minimize the learning curve with navigating the different minor badges.
Conclusion This lesson demonstrated the power of Alerts, Reports and the Analysis Tab / Stress subtab as it relates to Stress and Right Sizing. This concludes this lesson on Right Size.
HOL-SDC-1610
Page 309
HOL-SDC-1610
Demonstrate automatic load balancing for assuring proper resource allocation The VMware vSphere function that allows for automatic load balancing of cluster compute resources is DRS (Dynamic Resource Scheduler). When configured, DRS can dynamically balances compute (U / Memory) capacity across hardware resources aggregated in a DRS enabled Cluster. DRS continuously monitoring utilization across the cluster and intelligently allocates available resources among the virtual machines based on resource pools and pre-defined rules that reflect business needs and changing priorities. When a virtual machine experiences an increased load, VMware DRS can automatically provide additional resources by redistributing virtual machines among the physical servers in the aggregated pool. VMware DRS allows IT organizations to: • Prioritize resources to the most critical workloads / applications in order to align resources with business goals • Optimize hardware utilization automatically and continuously to respond to changing workload demands • Provide dedicated resources to business units while still benefiting from higher hardware utilization through resource pooling • Conduct zero-downtime server maintenance by migrating workloads to other hosts in the cluster
HOL-SDC-1610
Page 310
HOL-SDC-1610
DRS Demonstration pre-check This lesson assumes you completed the module preparation, which was to turn on the U load with the linux servers. The purpose of this task is to insure the load generators are both running on esx-01a. if you did not start the ULoad.sh scripts, please go back to lesson one of this module and complete. If Firefox is not already running, double click the Firefox icon on the ControlCenter Desktop or single click the Firefox icon on the Quick Launch bar.
HOL-SDC-1610
Page 311
HOL-SDC-1610
to the VMware vSphere Web Client 1. 2. 3. 4.
Click Site A Web Client from the Firefox bookmark Enter name:
[email protected] Enter : VMware1! Click
HOL-SDC-1610
Page 312
HOL-SDC-1610
Navigate to Hosts and Clusters 1. Click Hosts and Clusters in the Navigation pane or the icon on the Home tab
Confirm VMs are running on the same ESXi host 1. Navigate to esx-02a.corp.local. You may have to toggle the swizzles to see esx-02a.corp.local. 2. Click the Related Objects tab. 3. Click the Virtual Machines tab. 4. Confirm both VMs (linux-U-Load-01a and linux-U-Load-02a) are both on this host. 5. Confirm both VMs are Powered On. Note: It is possible that one of the other modules migrated a VM. It is also okay if both are on esx-01a-corp.local, but we do need both VMs on one host to demonstrate automated DRS. Skip to the Enabling Distributed Resource Scheduler (DRS) step if both VMs are on the same host. Otherwise continue with the next step. If you have
HOL-SDC-1610
Page 313
HOL-SDC-1610
never performed a manual vMotion (Migrate..), you can continue through the next steps to see the screens and options that are presented in the wizard.
Virtual Machines are not on the same ESXi hosts In this example linux-U-Load-02a is on esx-01a.corp.local 1. Click on esx-01a.corp.local 2. Click the Related Objects and Virtual Machines tabs for esxi-01a. Right click on the VM in the list (in this example linux-U-Load-02a). 3. Click the Migrate... link to start the migration process. Note: You will most likely see other VMs. Their location should not affect the goal of this lesson.
HOL-SDC-1610
Page 314
HOL-SDC-1610
Migration Wizard (Step 1) 1. Confirm the Change compute resource only radio button is selected. 2. Click Next. Note: As a point of reference, the Migration Wizard covers both vMotion (Change compute resources only) and Storage vMotion (Change storage only). There is also an option to do both.
HOL-SDC-1610
Page 315
HOL-SDC-1610
Migration Wizard (Step 2) 1. 2. 3. 4.
Confirm the filter is on Host. Confirm the radio button for esx-02a.corp.local is selected. Confirm you have the Compatibility checks succeeded message. Click Next.
Note: vMotion now allows cross Cluster, Resource Pools and vApps vMotions. The wizard allows this by selecting the appropriate filter. These types of enhancements are in of "Any workload... Anywhere..."
HOL-SDC-1610
Page 316
HOL-SDC-1610
Migration Wizard (Step 3) 1. Confirm the VM Network is selected. 2. Confirm you have the Compatibility checks succeeded message. Unlike step 2, this is a compatibility check for networking rather than the compute resource. 3. Click Next.
HOL-SDC-1610
Page 317
HOL-SDC-1610
Migration Wizard (Step 4) 1. Confirm the radio button for Schedule vMotion with high priority (recommended) is selected. 2. Click Next.
HOL-SDC-1610
Page 318
HOL-SDC-1610
Migration Wizard (Step 5) 1. Confirm Settings. 2. Click Finish.
HOL-SDC-1610
Page 319
HOL-SDC-1610
Migration Wizard (Confirmation) 1. Confirm you are still highlighted on esx-01a.corp.local 2. Confirm that the Virtual Machine tab no longer shows linux-U-Load-01a or linux-U-Load-02a 3. You can also confirm in Recent Tasks that the vMotion completed successfully. This can be completed by clicking the Recent Tasks tab
Enabling Distributed Resource Scheduler (DRS) This section will walk through the steps required to enabled DRS to automatically balance compute workloads.
HOL-SDC-1610
Page 320
HOL-SDC-1610
Navigate to the Cluster Manage tab 1. 2. 3. 4. 5.
If not already expanded, click the swizzles and highlight Cluster Site A. Click on the Manage Tab. Then the Settings Tab. And finally the vSphere DRS options. The values should be greyed out, which would mean DRS is not enabled.
Resource Pools Assuming DRS is disabled on Cluster Site A, select the Actions pull down and notice that New Resource Pool option is greyed out. This is because Resource Pools require DRS to be enabled. Resource Pools are just one of the powerful constructs that allow for the prioritization of resources. Click anywhere outside of the pull down options and the Actions pull down will close.
HOL-SDC-1610
Page 321
HOL-SDC-1610
Editing DRS (Distributed Resource Scheduler) settings Insure you are highlighted on Cluster Site A, the Manage tab, the Settings tab (within Manage) and highlighted on vSphere DRS. 1. Click Edit
HOL-SDC-1610
Page 322
HOL-SDC-1610
Editing DRS (Distributed Resource Scheduler) settings 1. Click the Turn ON vSphere DRS check box 2. Toggle the DRS Automation swizzle to expand the detail settings 3. Ensure the Fully Automated radio button is selected. Take a minute to read each of the Automation Levels to understand the difference. Most Production clusters with DRS enabled run at the Fully Automated level 4. Migration Threshold allows granular control of when DRS will execute a vMotion. This is provided since there is a cost associated with a vMotion (both network bandwidth and ESXi host compute). For the purposes of this lab and to insure an Automated vMotion occurs, slide the slider to Aggressive. This would not be a recommendation in a production environment due to the cost (overhead) associated with vMotion 5. DRS also allows you to set granular control at the VM level as well. And this can be combined with Affinity and Anti-Affinity rules 6. DRS Detail Settings include Power Management (DPM) and Advanced Options. DPM is an excellent "Green" feature for migrating workloads to other ESXi hosts in the cluster and putting some of the hosts in Sleep Mode. This can reduce Power and Cooling costs in the datacenter. Prior to enabling this feature in a Production environment, thoroughly test the ESXi host for the ability to come in and out of sleep mode. In rare circumstances Advanced Options may be required to customize the functionality of DRS. This should only be done in rare circumstances and generally at the guidance of Global Services (GSS). 7. Click the OK button to save and close.
HOL-SDC-1610
Page 323
HOL-SDC-1610
Automation Levels The chart shows how DRS affects placement and migration according to the setting Manual, Partially Automated or Fully Automated.
Switch to the Cluster Summary page 1. Confirm you are still on the Host and Clusters tab in the navigation pane
HOL-SDC-1610
Page 324
HOL-SDC-1610
2. Click on Cluster Site A 3. Click the Summary Tab 4. Find the vSphere DRS pane and toggle the window size. For better viewing you need to maximize the vSphere DRS pane. If you are unable to see the maximize button, drag vSphere DRS to the left column. This is a limitation of the screen size in the lab environment 5. Hover over the information icon. This lets you know what the Current and Target Standard Deviations are set to. This is directly affected by the Migration Threshold slider that we moved to Aggressive. in the image above, you can see that "Aggressive" sets the Target to a standard deviation of 0.050.If DRS is in an N/A status, the values will be dash marks. Just continue with the lab 6. Since DRS was just configured, the bubble should be to the right and showing Imbalanced like the screen shot above. DRS checks every five minutes to determine if vMotions are necessary based on the standard and target deviation between the ESXi hosts in the Cluster. If your lab is showing N/A or Balanced this will be explained later in this lesson 7. If your Cluster is showing alerts, click Reset to Green to clear them. Continue to the next page
Adjusting the Panes in the vSphere Web Client Since it can take up to five minutes for DRS to configure and rebalance the load, we'll cover adjusting the Web Client panes for improved viewing to allow time for DRS to do its thing.
HOL-SDC-1610
Page 325
HOL-SDC-1610
Adjusting the vSphere Web Client Panes (pane to outer edge) This step will demonstrate how to move panes to one of the sizes or top/bottom for customized viewing. 1. Your screen is most likely not at the default pane like the print screen above. To reset, click the down arrow beside the
[email protected] and select Reset To Factory Defaults. 2. Click and hold down the mouse button on the Alarms pane. 3. Drag the Alarms pane and your cursor to the right double arrow icon so it highlights. The screen shot above shows the left, top and bottom are greyed out compared to the right double arrows. 4. Since my cursor is inside the Work in Progress pane, the single left, right, top & bottom arrows also appear. The cursor is not on these arrows, so they are greyed out and do not have any effect. Release the mouse button to complete the move of the Alarm pane.
Adjusting the vSphere Web Client panes (pane beside pane) This step will demonstrate how to put two panes side by side.
HOL-SDC-1610
Page 326
HOL-SDC-1610
1. Click and hold down the mouse button on the Alarms pane. 2. Drag the Alarms pane into the Recent Tasks pane. 3. Once dragged into the Recent Tasks pane, the arrow buttons will appear. Hovering over the Left arrow with your mouse will put the Alarm pane next to the Recent Task pane. Release the mouse button to complete the move of the Alarm pane.
HOL-SDC-1610
Page 327
HOL-SDC-1610
Adjusting the vSphere Web Client Panes (collapse Work in Progress and Alarms panes) This step will walk you through collapsing Work in Progress, Alarms and Recent Tasks for maximum viewing space in the main display pane. 1. Unpin Work in Progress, by toggling the Push Pin. 2. Unpin Alarms, by toggling the Push Pin. 3. Unpin Recent Tasks by toggling the Push Pin as well.
Additional Layout Options Should your layout get entirely messed up, you have the ability to reset to default. 1. Select the Pull Down associated with your logon name (
[email protected]) 2. Do not click Reset To Factory Defaults as this will reset all the panes, however it is available should the need arise 3. You also have a Layout Settings option. This allows you to completely remove (toggle on or off) the Recent Tasks and Alarms panes
HOL-SDC-1610
Page 328
HOL-SDC-1610
Note: Customize the Web Client to suit your needs. This layout is nice because it maximizes the real estate, while still informing you if there are any Alarms, Work in Progress or Recent Tasks. In the screen shot, you can see we have one Alarms and zero Work In Progress and Recent Tasks. Your lab may differ in the number of Alarms, Work in Progress or Recent Tasks.
Demonstrating automatic load balancing with DRS This section will now walk you through a demonstration of automatic load balancing.
Host and Clusters View 1. Click the Home icon 2. Select Hosts and Clusters
HOL-SDC-1610
Page 329
HOL-SDC-1610
Viewing DRS status 1. If necessary, toggle the swizzles and highlight Cluster Site A 2. Click the Summary tab 3. Note: The Alerts can re-appear based on the amount of time it takes to complete the lab. If they reappear, click Reset to Green 4. Click the Maximize icon for vSphere DRS
Monitoring DRS from the Summary tab - N/A status By now, the vMotion(s) should have occurred to balance the cluster compute load to the best of its ability. The vSphere DRS screen on the summary page lets you know how well balanced your cluster is. It will have three status options; Balanced, Imbalanced and N/A. It will also provide status on settings, recommendations and faults. 1. If your lab is showing N/A, you can attempt to refresh with Web Client Refresh button or by refreshing Firefox. Ultimately, it will clear itself but can take a couple of 5 minute cycles. This issue can be caused by several lab factors. Rather than waiting, continue with the next step. Ultimately, the bubble and Current standard deviation should still be accurate. 2. Note: It is worth mentioning that in this lab with only two ESXi hosts, a decent number of VMs and the migration threshold on "aggressive" that the cluster will probably never be in a "balanced" state. DRS is smart enough to know that moving VMs from one ESXi host to the other will only push the imbalance the other way and will not attempt to balance the cluster even if the setting is aggressive. DRS is a very mature feature and has many advancements that ensure it is highly accurate and efficient. In the example above, DRS has gotten the ESXi hosts to a standard deviation of .376. This is actually very good for only
HOL-SDC-1610
Page 330
HOL-SDC-1610
two ESXi hosts and moving the Migration threshold to "Conservative" with a standard deviation of .3 would not put the cluster in a balanced state.
Confirm DRS vMotion (View ESX-01a) 1. 2. 3. 4.
Click esx-01a.corp.local Click the Related Objects tab Click the Virtual Machines tab You should now see only one of the U-Load VMs. In this case it is linux-ULoad-01a.
HOL-SDC-1610
Page 331
HOL-SDC-1610
Switch to the Task Console 1. Select the Home Icon 2. Select Tasks
HOL-SDC-1610
Page 332
HOL-SDC-1610
Confirm DRS vMotion (View Tasks) 1. As you can see, multiple DRS initiated vMotions occurred. Note: DRS did not attempt to continue vMotioning VMs even though the Cluster never reached a balanced state. Your lab should show similar results.
HOL-SDC-1610
Page 333
HOL-SDC-1610
Disable DRS To insure DRS does not interfere with other modules, you will now disable DRS for the cluster. 1. 2. 3. 4. 5. 6. 7.
Confirm you are highlighted on Cluster Site A. Click the Manage tab. Click the Settings tab (within Manage). Click on vSphere DRS. Click Edit. Uncheck the check box for Turn ON vSphere DRS. Click the OK button.
HOL-SDC-1610
Page 334
HOL-SDC-1610
Reset linux-U-Load-01a Resource Settings 1. Right click on linux-U-Load-01a 2. Click Edit Resource Settings..
HOL-SDC-1610
Page 335
HOL-SDC-1610
Reset linux-U-Load-01a Resource Settings (Continued) 1. Click the Shares Pull Down and set it to Normal 2. Click the Reservations Pull Down and set it to 0 MHz 3. Click OK to save the changes
HOL-SDC-1610
Page 336
HOL-SDC-1610
Reset linux-U-Load-01a Resource Settings 1. Right click on linux-U-Load-02a 2. Click Edit Resource Settings..
HOL-SDC-1610
Page 337
HOL-SDC-1610
Reset linux-U-Load-02a Resource Settings (Continued) 1. Click the Shares Pull Down and set it to Normal 2. Click the Reservations Pull Down and set it to 0 MHz 3. Click OK to save the changes
Analyzing DRS efficiency with vRealize Operations Cluster reports In this section, we'll cover two reports from vRealize Operations that help analyze the efficiency of DRS and the over-all balance between Memory and U.
HOL-SDC-1610
Page 338
HOL-SDC-1610
to vRealize Operations (vROPs-01a) 1. 2. 3. 4. 5.
Switch to vRealize Operations by selecting the bookmark for vROPs-01a. Confirm Authentication Source is Local s, Type for the Name. Type VMware1! for the . Click the button.
HOL-SDC-1610
Page 339
HOL-SDC-1610
Select Environment Overview Select Environment from the Navigation pane or the button bar.
Select vSphere Host and Clusters Select vSphere Host and Clusters from the navigation pane.
HOL-SDC-1610
Page 340
HOL-SDC-1610
Cluster Reports 1. Toggle the swizzles for vSphere World,vcsa-01a.corp.local and Datacenter Site A. 2. Highlight Cluster Site A, 3. Select the Reports tab. 4. Confirm the Reports Templates tab is selected. 5. Type the word Distribution in the filter and press the Enter key. 6. Highlight Host U Demand (%) Distribution Report. Be careful not to select the Generated reports or Schedules links. 7. Click the Run Template icon. 8. Highlight Host Memory Usage (%) Distribution Report. Again, be careful not to select the Generated reports or Schedules links. Click the Run Template icon for this report as well (repeating step 7) Note: You can go to the Generated reports link and view the reports, but they will be covered in the screen shot in the next step. This report is looking at 7 days worth of data and with the Lab only running for an hour, the results will not be completely accurate.
Using the Host Distribution Reports to analyze Cluster Compute balance 1. For illustrator purposes the two reports have been combine onto a single screen shot and were generated after the Lab had been up and running for nearly a week. 2. The Y Axis denotes the number of ESXi hosts. For this lab there are 2 ESXi hosts. in a real world example this could easily be showing the distribution of a 16 node cluster (or larger). 3. The X axis denotes the usage in 10% Increments.
HOL-SDC-1610
Page 341
HOL-SDC-1610
4. We have small Linux VMs with the same workloads driving the utilization, so it is very easy for the ESXi hosts to have comparable workloads. in this example both are using 40-50% Memory Usage and 40-50% U Demand. if you saw this in the real world, your ESXi hosts are using similar amount of RAM / U and this would not be considered optimal for a Production Environment. Memory tends to be more static and can run in the 70-90% usage range, while U demand tends to be more dynamic and is better keep in the 40-60% range. Ultimately, reports like these give you the necessary visibility to make capacity decisions for any type of environment. 5. In the real world, you are more likely to see Memory Usage in a Bell Shaped curve ranging from 60-90% while U Demand is a Bell Shaped curve ranging from 10-30%. If you saw a cluster distribution like this, you could use it for justification of adding more physical memory to the servers in the cluster. This would allow more workloads in the Cluster to raise your U Demand towards 50% (or higher) without exceeding physical memory capacity leading to contention. Note: vSphere with Operations Manager provides needed visibility. Most organizations have a general idea on what is considered an acceptable usage/demand percentage to meet SLAs and Business priorities. vRealize Operations allows an organization to make those decisions and then monitor the infrastructure to insure the environment is not exceeding or grossly under those target goals.
Module Clean-up To insure the VMs do not interfere with other modules, please stop the U load and close all the applications.
HOL-SDC-1610
Page 342
HOL-SDC-1610
Close Firefox 1. From the Task Bar, right click on Firefox. 2. Select Close Window.
HOL-SDC-1610
Page 343
HOL-SDC-1610
Close PuTTY sessions 1. On the Task Bar, click on the PuTTY session for linux-U-Load-01a. 2. Press the Enter key and insure you see four Terminated. This shows that all four workers stopped. 3. Type exit and press the Enter key. 4. Repeat steps 1-3 for linux-U-Load-02a.
Conclusion DRS is a very mature / battle tested feature that should be enabled on Clusters and set to fully automated. And based on Cluster requirements, DRS provides granular control. As demonstrated, DRS handles real time cluster balancing against random spikes and
HOL-SDC-1610
Page 344
HOL-SDC-1610
insuring workloads are balanced in the short term. This can be further augmented with Cluster analysis via vRealize Operations insuring optimal performance and a higher level of visibility over a longer period of time. This concludes Demonstrate automatic load balancing for assuring proper resource allocation.
HOL-SDC-1610
Page 345
HOL-SDC-1610
Workload Placement (WLP) Rebalance More and more, the concept of 'Any Workload.. Anywhere..' is becoming prevalent in IT. VMware has been addressing this concept with vSphere functionality such as cross vCenter, Datacenter, Cluster, Storage and even virtual switch vMotions. With the underlying infrastructure capable of extending beyond the Cluster boundary, the next logical step is to implement enhanced analysis and automation for workload placement, moves and rebalancing beyond the confines of a single Cluster. Workload Placement (WLP) is a new feature for vRealize Operations v6.1and beyond that brings this to a reality. With WLP come a new construct called Custom Datacenter.
What is a "Custom Datacenter" A Custom Data Center is a new logical container (introduced in vROps v6.1) that allows Data Centers, Clusters and Hosts from one or more vCenters to be combined into a logically aggregated Datacenter. The Custom Data Center construct is a first class citizen of vRealize Operations and brings capacity management / planning for this object type. This includes for all badges equivalent to Data Centers and Clusters.
Creating a Custom Datacenter This section will walk you through how to create a Custom Datacenter. If you are not already in Firefox and logged into vRealize Operations (vROPs-01a), go ahead and start Firefox and to vROPs-01a (2nd icon in Bookmark). As a reminder the credentials are ( Name) and VMware1! ()
HOL-SDC-1610
Page 346
HOL-SDC-1610
Navigate to Environment Overview In the navigation pane, click on either the Environment Icon or Environment in the navigation tree. Note: The Home, Alerts, Environment, Content and istration icons are always visible, but the navigation tree will differ based on where you have navigated to.
HOL-SDC-1610
Page 347
HOL-SDC-1610
Custom Datacenter 1. Confirm you are on Environment Overview in the navigation pane. Selecting the Custom Datacenters (see arrow in the navigation pane) will take you to the currently defined Custom Datacenters for Viewing and Analysis. 2. Select the Custom Datacenters tab in the details pane. This pane allows you to Add, Edit, Clone or Delete Custom Datacenters. 3. As an example, there is a Custom Datacenter called Shared. As you can see, the Major Badges for Health, Risk and Efficiency are displays with their current color status. 4. Select the Plus icon to create a new Custom Datacenter.
New Custom Datacenter Wizard 1. Enter a Name and Description. Name is required, but Description is optional. We will not be using it anywhere else in the lab, so you can be creative or just type example in one or both. 2. Toggle the swizzles (arrows), so your screen matches the screen shot above. The only swizzles that do not need to be toggled are the ones associated with the esxi hosts (esx-01a.corp.local and esx-02a.corp.local). VMs reside under Hosts and are consumers and not providers, so they cannot be selected n a Custom Datacenter. 3. Check the boxes for Cluster Site A and Cluster Site B. As you see, by checking Cluster Site A, the esxi hosts are automatically selected. You could go all the way up to the vSphere World level and then everything would be selected. 4. Click OK to close the wizard and save the changes. After clicking OK, you will notice all the badges have ? (question marks). This is expected behavior. Some badges only calculate / update nightly.
HOL-SDC-1610
Page 348
HOL-SDC-1610
Note: The most important concept for Custom Datacenters to understand is that it is a Container construct. ThevSphere World container contains all objects being collected. Even the ESXi Hosts are containers that contain Virtual Machines (VMs). Ultimately, the Custom Datacenter construct is focused on the VMs that reside within the selected containers and doing analysis on where best to locate VMs within the selected object container. In this example we have selected Cluster Site A (and inherited esx-01a, esx-02a and the associated VMs) and Cluster Site B, so any monitoring or analysis would be for both Clusters. Cluster Site B is an empty cluster due to limitations imposed in the lab. In a Production environment, there could easily be hundreds of objects selected. A great real world example is common compute clusters in a Production environment. Many companies have multiple shared clusters. Combining these into a single Custom Datacenter and allowing vRealize Operations to rebalance the workloads across multiple clusters is an excellent use-case for WLP rebalance.
WLP complements DRS In the previous section Demonstrate automatic load balancing for assuring proper resource allocation, we covered DRS. As mentioned in that section, DRS is focused on real time balancing within the confines of a single cluster. The WLP
HOL-SDC-1610
Page 349
HOL-SDC-1610
rebalance feature complements DRS by addressing workload placement beyond the confines of the Cluster.The rebalance capability is fully configurable with Policies. For vRealize Operations v6.1/v6.2, the rebalance function is limited to a single vCenter although the Custom Data Center object can extend to multiple vCenters. WLP is fully integrated with DRS and utilizes DRS for the actual workload placement within the cluster for version 6.2. WLP does not conflict with DRS and does not make single cluster recommendations/placement.
HOL-SDC-1610
Page 350
HOL-SDC-1610
Workload Placement (Initial Placement) Although not a focus of this section, it is worth noting that WLP has an API driven Initial Placement function. This will help simplify the provisioning process through a vROps REST API query to determine the best placement for a VM workload. VMware and third party products will be able to utilize the APIs. The example shows how vR Ops is queried and returns a Placement Recommendation for the new VM workload.
Workload Placement Policy Settings This section will walk you through modifying the Policy Settings to change how WLP addresses rebalance.
HOL-SDC-1610
Page 351
HOL-SDC-1610
Navigate to istration 1. In the navigation pane, click the istration Icon. If you hover over the icon, it will display the associated icon name in yellow. Depending on your screen resolution, you may need to click the >> to see the istration Icon. Note: Since we have navigated down in the tree, we do not have the ability to use the navigation tree without first selecting the Home icon.
HOL-SDC-1610
Page 352
HOL-SDC-1610
Navigate to Policies pane 1. 2. 3. 4.
Select Policies in the Navigation pane Select the Policy Library tab Highlight on Default Policy Click the edit icon
Note: We navigated to the Default Policy because this is the active policy. You can click on the Active Policies tab to see the active policies. vRealize Operations allows for granular control of how objects are analyzed and displayed bases on groups and policies. Policies is a very extensive function of vROps and should be thoroughly thought out prior to building a Policy Hierarchy and asg Objects via Groups.
Workload Automation Your screen will probably not show everything in the screen shot. Use the scroll bars to view all items in the pane. 1. As you can see there are 8 sections to the Policy Wizard. It is beyond the scope of this lesson to cover all eight sections. It is worth pointing out that section 8 (Apply Policy to Groups) is how you make a policy active. Once a policy is
HOL-SDC-1610
Page 353
HOL-SDC-1610
2. 3.
4.
5.
associated with a group, the changes made to the policy will now take affect for that group Select Workload Automation. We are going to focus on #4, Workload Automation. The first thing to point out is the Lock / Unlock toggle. You cannot edit the properties while the specific section is locked. Balance Workloads had already been modified to Aggressive. For Virtual Machines selected to move during balance, which is all the way at the bottom,toggle the lock icon to unlocked. You can now select the radio button for Virtual Machines with lowest demand Worth noting is the graphical representation of the settings. Unlock Consolidate Workloads and click near Maximum. You can't click on the slider and drag it. Notice the change in the graphical representation and how it shows hosts evacuated (no VMs). Now toggle the lock and it will reset it to None and change the graphical representation back. Click the Save button to save the changes.
Note: There are three sections that affect Workload Placement. They are Balance Workloads, Consolidate Workloads and Advanced Setting. They are very much self-explanatory. Balance Workloads is focused on balancing workloads across Hosts associated with this policy. Consolidate Workloads will attempt to evacuate hosts so workloads are running on as few hosts as possible based on the setting. The default is none, so no consolidation will happen. The final section is Advanced Settings. The two check box options are Virtual Machine with lowest demand and Virtual Machine with highest demand. Since it is a radio button, you can only select one. For the purposes of this lab select the radio button for Virtual Machine with lowest demand.
HOL-SDC-1610
Page 354
HOL-SDC-1610
Workload Placement - Video (4:06)
This Introduction Lab is not large enough to properly demonstrate WLP. VMware has an excellent WLP YouTube Video to watch.
HOL-SDC-1610
Page 355
HOL-SDC-1610
Note: to press the play button (right arrow in the lower left hand corner) to start the video.
Conclusion This concludes the lesson on Workload Placement (WLP) Rebalance.
HOL-SDC-1610
Page 356
HOL-SDC-1610
Module 5: Ensure Business Continuity and Availability - (60 Minutes)
HOL-SDC-1610
Page 357
HOL-SDC-1610
Show automatic restart of virtual machines after a host failure This lab shows how to use the VMware vSphere web client to enable and configure High Availability (HA). HA protects from down time by automating recovery in the event of a host failure.
What is vSphere High Availability? vSphere HA increases the availability for virtual machine by monitoring hosts within a vSphere cluster. In the event of a host, storage connectivity, or OS failure, the virtual machines are restarted on the remaining healthy hosts. When you create a vSphere HA cluster, a single host is automatically elected as the master host. The master host communicates with vCenter Server and monitors the state of all protected virtual machines and of the slave hosts. Different types of host failures are possible, and the master host must detect and appropriately deal with the failure. The master host must distinguish between a failed host and one that is in a network partition or that has become network isolated. The master host uses network and datastore heartbeating to determine the type of failure. Also note that vSphere HA is a host function which means there is not a dependency on vCenter in order to effectively fail over VMs to other hosts in the cluster.
HOL-SDC-1610
Page 358
HOL-SDC-1610
HA Primary Components
HOL-SDC-1610
Page 359
HOL-SDC-1610
The Master Role
HOL-SDC-1610
Page 360
HOL-SDC-1610
The Slave Role
HOL-SDC-1610
Page 361
HOL-SDC-1610
The Master Election Process
Enable and Configure vSphere High Availability (HA) This lesson will walk through the steps required to enable vSphere HA.
Prepare for this module You prepare for the lab if you have closed windows or logged out of the VMware vSphere® Web Client interface and VMware vRealize Operations.
HOL-SDC-1610
Page 362
HOL-SDC-1610
Launch Firefox from the ControlCenter Desktop If not already running, double click the Firefox icon on the ControlCenter Desktop or single click the Firefox icon on the Quick Launch bar
HOL-SDC-1610
Page 363
HOL-SDC-1610
to the VMware vSphere Web Client 1. Enter the name: CORP\. 2. Enter the : VMware1!. 3. Click .
HOL-SDC-1610
Page 364
HOL-SDC-1610
Navigate to Hosts and Clusters 1. First, go to the Home button. 2. Select Hosts and Clusters.
HOL-SDC-1610
Page 365
HOL-SDC-1610
Settings for High Availability On the vSphere Web Client tab: 1. Click Cluster Site A. 2. Click Actions to bring up the drop down menu. 3. Click Settings.
HOL-SDC-1610
Page 366
HOL-SDC-1610
Cluster Settings 1. Click vSphere HA under Services to bring up the settings for high availability. Note that you may need to scroll to the top of the list. 2. Click Edit.
HOL-SDC-1610
Page 367
HOL-SDC-1610
Enable High Availability 1. 2. 3. 4.
Check the box Turn ON vSphere HA. Check the box Protect against Storage Connectivity Loss. Change the VM Monitoring section to VM and Application Monitoring. Expand the ission Control section by selecting the >.
HOL-SDC-1610
Page 368
HOL-SDC-1610
ission Control Settings Scroll down and check the radio button Define failover capacity by reserving a percentage of the cluster resources and accept the default settings of 25%.
HOL-SDC-1610
Page 369
HOL-SDC-1610
VM Monitoring and Datastore Heartbeating 1. Expand the Datastore Heartbeating section. 2. Select the radio button for Automatically select datastores accessible from the host.
HOL-SDC-1610
Page 370
HOL-SDC-1610
Failure conditions and VM response 1. Scroll up and expand the Failure condition and VM response 2. Click the Response for Datastore with All Path Down (APD) drop list and select Power off and restart VMs (aggressive). 3. Change the Delay for VM failover for APD to 1 minute. 4. In the Response forAPD recovery after APD timeout drop-down list, select Reset VMs. 5. Click OK.
HOL-SDC-1610
Page 371
HOL-SDC-1610
Use the Summary Tab to that HA Is Enabled 1. Click the Summary tab 2. Locate and expand the vSphere HA in the data area: click on the > to the left of the 's name to expand it. 3. Note the handy icon that lets you know vSphere HA is enabled Note: The bars that display resource usage in blue, protected capacity in light gray, and reserve capacity using stripes.
Demonstrating HA response to a host failure This section will walk you through a demonstration of vSphere High Availability response to a host failure. Note: For this lesson to work, the virtual machines have to be connected to the VM Network portgroup on the virtual distributed switch vds-site-a.
HOL-SDC-1610
Page 372
HOL-SDC-1610
Host Failure Types and Detection The master host of a vSphere HA cluster is responsible for detecting the failure of slave hosts. Depending on the type of failure detected, the virtual machines running on the hosts might need to be failed over. In a vSphere HA cluster, three types of host failure are detected: • Failure- A host stops functioning. • Isolation- A host becomes network isolated. • Partition- A host loses network connectivity with the master host. The master host monitors the liveness of the slave hosts in the cluster. This communication is done through the exchange of network heartbeats every second. When the master host stops receiving these heartbeats from a slave host, it checks for host liveness before declaring the host to have failed. The liveness check that the master host performs is to determine whether the slave host is exchanging heartbeats with one of the datastores. See Datastore Heartbeating. Also, the master host checks whether the host responds to ICMP pings sent to its management IP addresses. If a master host is unable to communicate directly with the agent on a slave host, the slave host does not respond to ICMP pings, and the agent is not issuing heartbeats it is considered to have failed. The host's virtual machines are restarted on alternate hosts. If such a slave host is exchanging heartbeats with a datastore, the master host assumes that it is in a network partition or network isolated and so continues to monitor the host and its virtual machines. See Network Partitions. Host network isolation occurs when a host is still running, but it can no longer observe traffic from vSphere HA agents on the management network. If a host stops observing this traffic, it attempts to ping the cluster isolation addresses. If this also fails, the host declares itself as isolated from the network. The master host monitors the virtual machines that are running on an isolated host and if it observes that they power off, and the master host is responsible for the virtual machines, it restarts them. Note: If you ensure that the network infrastructure is sufficiently redundant and that at least one network path is available at all times, host network isolation should be a rare occurrence. In this lesson we will experiment with a Host failure.
Confirm VM Placement 1. Ensure you are on the Host and Clusters navigation tab. 2. Drill down and highlight esx-01a.corp.local. 3. Select the Related Objects tab
HOL-SDC-1610
Page 373
HOL-SDC-1610
4. Click the Virtual Machines tab 5. Confirm that you have at least one running virtual machine hosted on the selected ESXi host. Note: If for any reason no virtual machines are hosted on the selected host, please select the esx-02a.corp.local and migrate at least one virtual machine on esx-01a ESXi host.
HOL-SDC-1610
Page 374
HOL-SDC-1610
Connect to the ESXi host 1. 2. 3. 4.
Double click the Puttyicon on the ControlCenter Desktop. Select esx-01a.corp.local in the Saved Sessions list. Click Load Click Open
HOL-SDC-1610
Page 375
HOL-SDC-1610
Force a host reboot Confirm you are connected to esx-01a and type reboot and hit enter
HOL-SDC-1610
Page 376
HOL-SDC-1610
Observe vSphere HA in action 1. 2. 3. 4.
Go back to Firefox and click the Host and Clusters tab in the navigation pane Select Cluster Site A. Select the Summary tab. Click the Refresh icon until you start receiving information about the vSphere HA host status and any failover actions being initiated.
After a few seconds you should start receiving alerts telling you about the vSphere HA host status for esx-01a.corp.local host. Few seconds later the vSphere HA failover will start giving you some progress status telling you information on how many virtual machine in the current cluster are being restarted. Note: Depending on the number of VMs you had running on esx-01a, the warning message will differ from the screenshot.
HOL-SDC-1610
Page 377
HOL-SDC-1610
Confirm a failover has taken place 1. 2. 3. 4. 5.
Ensure you are on the Host and Clusters navigation tab. Drill down and highlight esx-02a.corp.local. Select the Related Objects tab Click the Virtual Machines tab Confirm that all your running virtual machine are now hosted on the selected ESXi host.
Open a New Firefox tab We will now see how vRealize Operations Manager react to a failover situation. We should be able to quickly see the updated VMs placement. Click the + icon at the top of the Firefox window
HOL-SDC-1610
Page 378
HOL-SDC-1610
to vRealize Operations Manager 1. 2. 3. 4.
Click the vROPs-01a favorite. Enter the name: . Enter the : VMware1!. Click .
HOL-SDC-1610
Page 379
HOL-SDC-1610
Confirm VMs placement using vROPS 1. Using the search field, type esx-02a. 2. Select the Host Systemesx-02a.corp.local. Note: in vRealize Operations Manager, it is often faster to navigate through objects using the search field rather than navigating using the navigation tree from the environment tab.
HOL-SDC-1610
Page 380
HOL-SDC-1610
Using the Analysis tab 1. Click the Analysis tab. 2. Note the number at the right of the Summary | Number of running VMs field. You should now see that vROPs has updated the information that all VMS are now running on esx-02a. Note: vROPs will always display a summary of the running configuration on the right pane for any type of objects.
Demonstrate vSphere HA response to a Datastore with All Paths Down event This section will walk you through a demonstration of vSphere High Availability response to a Datastore with All Paths Down event.
HOL-SDC-1610
Page 381
HOL-SDC-1610
VM Component Protection If VM Component Protection (VM) is enabled, vSphere HA can detect datastore accessibility failures and provide automated recovery for affected virtual machines. VM provides protection against datastore accessibility failures that can affect a virtual machine running on a host in a vSphere HA cluster. When a datastore accessibility failure occurs, the affected host can no longer access the storage path for a specific datastore. You can determine the response that vSphere HA will make to such a failure, ranging from the creation of event alarms to virtual machine restarts on other hosts. Types of Failure There are two types of datastore accessibility failure: • PDL (Permanent Device Loss) is an unrecoverable loss of accessibility that occurs when a storage device reports the datastore is no longer accessible by the host. This condition cannot be reverted without powering off virtual machines. • APD (All Paths Down) represents a transient or unknown accessibility loss or any other unidentified delay in I/O processing. This type of accessibility issue is recoverable. In this lesson we will experiment with an APD failure.
HOL-SDC-1610
Page 382
HOL-SDC-1610
Confirm VMs placement On the vSphere Web Client tab: 1. 2. 3. 4. 5.
Ensure you are on the Host and Clusters navigation tab. Drill down and highlight esx-02a.corp.local. Select the Related Objects tab Click the Virtual Machines tab Confirm that you have at least one running virtual machine hosted on the selected ESXi host.
Note: If for any reason no virtual machines are hosted on the selected host, please select the esx-01a.corp.local and migrate at least one virtual machine on esx-02a ESXi host.
HOL-SDC-1610
Page 383
HOL-SDC-1610
Connect to the ESXi host 1. 2. 3. 4.
Double click the Puttyicon on the ControlCenter Desktop. Select esx-02a.corp.local in the Saved Sessions list. Click Load Click Open
Break storage communication In the Putty window, type
HOL-SDC-1610
Page 384
HOL-SDC-1610
esxcli network ip interface ipv4 set -i vmk1 -t dh
HOL-SDC-1610
Page 385
HOL-SDC-1610
Confirm an All Paths Down event Switch back to the vSphere Web client. 1. 2. 3. 4. 5.
Ensure you are on the Host and Clusters navigation tab. Drill down and highlight Cluster Site A. Select the Monitor tab. Click the vSphere HA sub-tab. Confirm that the datastore ds-site-a-nfs01 has been declared APD (All Paths Down).
Note: I might take a few seconds before vSphere Web Client display the APD condition. If it's not yet displayed, click refresh until the condition is displayed and proceed to the next step.
HOL-SDC-1610
Page 386
HOL-SDC-1610
Confirm VM Placement After the minimal delay previously configured in the vSphere HA settings (1 minute), the VMs will be shutdown on the host experiencing an All Paths Down event and will be restarted on one of the available hosts in the Cluster. 1. 2. 3. 4. 5.
Ensure you are on the Host and Clusters navigation tab. Drill down and highlight esx-01a.corp.local. Select the RelatedObjects tab. Click the Virtual Machines tab. Confirm that you have at least one running virtual machine hosted on the selected ESXi host.
NOTE: After 1 minute of esx-02a.corp.local's storage being inaccessible, the VM's that were running on it will start to shut down and be restarted on esx-01a.corp.local. The overall process will take longer than 1 minute.
HOL-SDC-1610
Page 387
HOL-SDC-1610
Restore Storage Connectivity Switch back to your Putty session. Once you rebooted esx-02a.corp.local, Putty lost connectivity. In order to re-establish the connect back to storage, we will need to reconnect. If you haven't already, click OK.
HOL-SDC-1610
Page 388
HOL-SDC-1610
Restart session From the Putty menu in the top left hand corner, select 'Restart Session'.
Reconnect Storage Issue the following command to re-establish the storage connection: esxcli network ip interface ipv4 set -i vmk1 -I 10.10.20.52 -N 255.255.255.0 -t static
Minimize Putty and let's the connection!
Storage is Connected Back in the vSphere Web Client, navigate to: 1. Make sure you are on 'esx-02a.corp.local' 2. Click on the 'Summary' tab
HOL-SDC-1610
Page 389
HOL-SDC-1610
3. Click the 'Refresh' button You should see the error message 'All shared datastores failed on the host esx-02a.corp.local' cleared.
Demonstrate vSphere HA response to VM failure This section will walk you through a demonstration of vSphere High Availability response to a virtual machine failure.
VM and Application Monitoring VM Monitoring restarts individual virtual machines if their VMware Tools heartbeats are not received within a set time. Similarly, Application Monitoring can restart a virtual machine if the heartbeats for an application it is running are not received. You can enable these features and configure the sensitivity with which vSphere HA monitors non-responsiveness. When you enable VM Monitoring, the VM Monitoring service (using VMware Tools) evaluates whether each virtual machine in the cluster is running by checking for regular heartbeats and I/O activity from the VMware Tools process running inside the guest. If no heartbeats or I/O activity are received, this is most likely because the guest operating system has failed or VMware Tools is not being allocated any time to complete tasks. In
HOL-SDC-1610
Page 390
HOL-SDC-1610
such a case, the VM Monitoring service determines that the virtual machine has failed and the virtual machine is rebooted to restore service. Occasionally, virtual machines or applications that are still functioning properly stop sending heartbeats. To avoid unnecessary resets, the VM Monitoring service also monitors a virtual machine's I/O activity. If no heartbeats are received within the failure interval, the I/O stats interval (a cluster-level attribute) is checked. The I/O stats interval determines if any disk or network activity has occurred for the virtual machine during the previous two minutes (120 seconds). If not, the virtual machine is reset. This default value (120 seconds) can be changed using the advanced option das.iostatsinterval. To enable Application Monitoring, you must first obtain the appropriate SDK (or be using an application that s VMware Application Monitoring) and use it to set up customized heartbeats for the applications you want to monitor. After you have done this, Application Monitoring works much the same way that VM Monitoring does. If the heartbeats for an application are not received for a specified time, its virtual machine is restarted. You can configure the level of monitoring sensitivity. Highly sensitive monitoring results in a more rapid conclusion that a failure has occurred. While unlikely, highly sensitive monitoring might lead to falsely identifying failures when the virtual machine or application in question is actually still working, but heartbeats have not been received due to factors such as resource constraints. Low sensitivity monitoring results in longer interruptions in service between actual failures and virtual machines being reset. Select an option that is an effective compromise for your needs. After failures are detected, vSphere HA resets virtual machines. The reset ensures that services remain available. To avoid resetting virtual machines repeatedly for nontransient errors, by default, virtual machines will be reset only three times during a certain configurable time interval. After virtual machines have been reset three times, vSphere HA makes no further attempts to reset the virtual machines after subsequent failures until after the specified time has elapsed. You can configure the number of resets using the Maximum per-VM resets custom setting. In this lesson, we will experiment with a VM failure.
HOL-SDC-1610
Page 391
HOL-SDC-1610
Demonstrate vSphere HA response to VM failure 1. 2. 3. 4.
Ensure you are on the Host and Clusters navigation tab. Drill down and highlight linux-App-01a virtual machine. Select the Summary tab Validate that the virtual machine and the VMware Tools are running
HOL-SDC-1610
Page 392
HOL-SDC-1610
Open a SSH session to a Linux VM 1. 2. 3. 4.
Double click the Puttyicon on the ControlCenter Desktop. Select linux-App-01a in the Saved Sessions list. Click Load Click Open
Make the Linux VM crash 1. as root 2. Enter echo c > /proc/sysrq-trigger 3. Press Enter This will trigger a kernel panic in the VM. vSphere HA will detect that the Linux OS has crashed and trigger the proper response based on the settings previously entered in the vSphere HA configuration.
HOL-SDC-1610
Page 393
HOL-SDC-1610
NOTE : You will not see a response from the PuTTY window. It will become unresponsive and you will eventually receive a network error from Putty.
Monitor the vSphere HA response Go back to the vSphere client and refresh the screen until you receive a vSphere HA virtual machine monitoring action
HOL-SDC-1610
Page 394
HOL-SDC-1610
the event log for more information 1. Select the Monitor tab 2. Click the Event option 3. Look for the event highlighted in this example The virtual machine has been reset as expected once vSphere HA has stopped receiving heartbeats from the VMware Tools.
HOL-SDC-1610
Page 395
HOL-SDC-1610
Clear the warning message 1. Select the Summary tab. 2. Click the Reset to Green hyperlink to clear off the warning message.
Video: vRealize Operation Manager : Fault Analysis Badge (3:54)
The following video will show the basics to managing vSphere fault in vRealize Operation Manager.
Conclusion This concludes the vSphere HA lesson. We were able to successfully demonstrate vSphere response to the following events:
HOL-SDC-1610
Page 396
HOL-SDC-1610
• Host Failure • Datastore All Paths Down failure • VM failure
HOL-SDC-1610
Page 397
HOL-SDC-1610
Demonstrate resilience to network component failures This lab shows how to use the VMware vSphere web client to enable and configure network redundancy to protect the systems against network failures.
Launch Firefox from the ControlCenter Desktop If not already running, double click the Firefox icon on the ControlCenter Desktop or single click the Firefox icon on the Quick Launch bar
HOL-SDC-1610
Page 398
HOL-SDC-1610
to the VMware vSphere Web Client 1. Enter the name: CORP\ 2. Enter the : VMware1! 3. Click
HOL-SDC-1610
Page 399
HOL-SDC-1610
Navigate to Hosts and Clusters 1. First, go to the "Home" button 2. Select "Hosts and Clusters"
HOL-SDC-1610
Page 400
HOL-SDC-1610
the Teaming and failover virtual switch 1. 2. 3. 4. 5.
Ensure you are on the Networking navigation tab. Click VM Network. Select the Manage tab. Click the Settings menu. Observethe Teaming and Failover configuration for the VM Network portgroup.
Here we can see that the portgroup has been configured to distribute the network traffic across all available uplinks using the Route based on originating virtual port policy. It will detect a network failure only if a link is declared down at the layer 2 level. We can also see that if an uplink comes back online again after a failure, it will be automatically added to the network team.
the virtual switch uplinks configuration on the hosts 1. 2. 3. 4. 5. 6. 7.
Ensure you are on the Hosts and Clusters navigation tab. Click esx-01a.corp.local. Select the Manage tab. Click the Networking menu. Select Virtual switches. click vds-site-a . Expand the first and the second uplink of the vds-site-a virtual switch
From that screen you can easily observe that there are two active uplinks for vds-site-a on that host. The first uplink is vmnic0. As we can see, the Management Network, the
HOL-SDC-1610
Page 401
HOL-SDC-1610
Storage Network and the vMotion Network rely on the two uplinks to communicate with storage, other ESXi hosts and allow remote management. We will simulate an uplink failure, where one of the two uplinks will get disconnected.
HOL-SDC-1610
Page 402
HOL-SDC-1610
Simulate and network link failure Using the vSphere Web Client, we can easily trace the network interfaces being used by a virtual machine for example. In this case we can see that virtual machine linuxApp-01a has his network traffic being routed through vmnic0 and vmnic1.
HOL-SDC-1610
Page 403
HOL-SDC-1610
Test network connectivity 1. Click the Command Prompt icon on the ControlCenter Desktop. 2. Type ping192.168.110.123-t and press Enter. 3. Confirm that you are receiving a response fromlinux-App-01a. Let the ping command continue sending requests.
HOL-SDC-1610
Page 404
HOL-SDC-1610
Connect to the ESXi host 1. 2. 3. 4.
Double click the Puttyicon on the ControlCenter Desktop. Select esx-01a.corp.local in the Saved Sessions list. Click Load Click Open
HOL-SDC-1610
Page 405
HOL-SDC-1610
Change the link status of the uplink vmnic0 Type esxcli network nic down -n vmnic0
and press Enter.
HOL-SDC-1610
Page 406
HOL-SDC-1610
Network response time Switch back to the Command Prompt and stop the ping command by pressing CTRL-C Scroll up until you can spot slightly longer response time. In this example we were consistently getting our response under 1ms. At the moment we disabled the uplink, the response time increased to 14ms.
Taking note of the error message Switch back to Firefox 1. Select Cluster Site A. 2. Click on the Summary tab. 3. Observe the error message being displayed.
HOL-SDC-1610
Page 407
HOL-SDC-1610
the uplink state on the host 1. 2. 3. 4. 5. 6.
Select esx-01a.corp.local. Select the Manage tab. Click Networking. Select Virtual switches. Select vds-site-a. Scroll to see the uplinks status.
Here we can see that the state of the uplink is being reflected on that screen.
HOL-SDC-1610
Page 408
HOL-SDC-1610
Physical adapter status 1. Click on Physical adapters 2. Observe the detailed information for the vmnic that we disabled.
Change the link status of the uplink vmnic0 back to normal Type esxcli network nic up -n vmnic0
HOL-SDC-1610
Page 409
HOL-SDC-1610
and press Enter.
Conclusion This concludes the Teaming and Failover lesson. We were able to successfully demonstrate the vSphere is able to transparently balance network traffic and failover in the advent of a network link failure. Lesson clear up - please close the command prompt and putty session.
HOL-SDC-1610
Page 410
HOL-SDC-1610
vSphere Data Protection and vSphere Replication vSphere® Data Protection is a backup and recovery solution designed for vSphere environments. Powered by EMC Avamar, it provides agent-less, image-level virtual machine backups to disk. It also provides application-aware protection for businesscritical Microsoft applications (Exchange, SQL Server, SharePoint) along with WANefficient, encrypted backup data replication. vSphere Data Protection is fully integrated with vCenter Server and vSphere Web Client. VMware vSphere Replication is a hypervisor-based, asynchronous replication solution for vSphere virtual machines. It is fully integrated with VMware vCenter Server and the vSphere Web Client. vSphere Replication delivers flexible, reliable and cost-efficient replication to enable data protection and disaster recovery for all virtual machines in your environment. For a deeper level of understanding of vSphere Data Protection and vSphere Replication, please consider the following lab: VMware Business Continuity and Disaster Recovery (BC/DR) solutions drive automation, efficiency, data protection, and validation of an organization's enterprise-level BC/DR strategy. Learn how to reduce downtime and increase availability for your applications and services with Site Recovery Manager (SRM) and VMware Data Protection Advanced (VDP-A). HOL-SDC-1605 High Availability and Resilient Infrastructure
HOL-SDC-1610
Page 411
HOL-SDC-1610
Module 6: Simplify Security and Compliance (60 Minutes)
HOL-SDC-1610
Page 412
HOL-SDC-1610
Introduction to vSphere Hardening vSphere Hardening Guides The vSphere Hardening Guide provides guidance on how to securely deploy VMware vSphere in a production environment. The vSphere Hardening Guide also serves as a foundation upon which regulatory compliance objectives are built. These organizations map compliance guidelines with vSphere Hardening Guide guidelines. Guides for vSphere are provided in an easy to consume spreadsheet format, with rich metadata to allow for guideline classification and risk assessment. They also include script examples for enabling security automation. Comparison documents are provided that list changes in guidance in successive versions of the guide. Hardening Guides are an industry recognized method of implementing stricter security to meet regulatory and local security standards above and beyond frameworks like Common Criteria.
Prepare for this lesson You prepare for the lab if you have closed windows or logged out of the VMware vSphere® Web Client interface and VMware vRealize Operations.
HOL-SDC-1610
Page 413
HOL-SDC-1610
Launch Firefox from the ControlCenter Desktop If not already running, double click the Firefox icon on the ControlCenter Desktop or single click the Firefox icon on the Quick Launch bar
HOL-SDC-1610
Page 414
HOL-SDC-1610
to the VMware vSphere Web Client 1. If the page does not automatically bring you to the vSphere Web Client, click the 'Site A Web Client' shortcut on the button bar. 2. Tick the box for 'Use Windows session authentication' 3. Click .
vSphere Update Manager compliance VMware vSphere Update Manager automates patch management and eliminates manual tracking and patching of vSphere hosts and virtual machines. It compares the state of vSphere hosts with baselines, then updates and patches to enforce compliance. • Gain visibility into patch status across the virtual infrastructure with a patch compliance dashboard. • Stage and schedule patching for remote sites. • Deploy offline patch bundles ed directly from vendor websites.
HOL-SDC-1610
Page 415
HOL-SDC-1610
Navigate to Hosts and Clusters 1. First, go to the "Home" button 2. Select "Hosts and Clusters"
Attach the VMware Update Manager baselines 1. 2. 3. 4.
Click Click Click Click
HOL-SDC-1610
Cluster Site A. Manage. Update Manager. the Attach Baseline... button.
Page 416
HOL-SDC-1610
Attach Baseline or Group In this step, we will assign the two default hosts patch baselines to the Cluster Site A cluster. Any hosts participating in this cluster will inherit these patches baselines. 1. Select the two existing Patch Baselines. 2. Click OK (or press Enter).
Scan the hosts for compliance status Notice that the two newly attached baselines are Non-Compliant. We will need first to start a scan on each individual hosts first. This could be done one host at a time or like in this example, we will scan the whole cluster at once. Click the 'Scan for Updates...' button.
HOL-SDC-1610
Page 417
HOL-SDC-1610
Confirm Scan Make sure both boxes are checked and click OK to start the scan.
Confirm the task has started Since we are only scanning two hosts, the scan should be fairly quick. If you would like to track the progress, you can click the 'Recent Tasks' tab. When the task has completed, click the 'Recent Tasks' tab again to collapse it.
HOL-SDC-1610
Page 418
HOL-SDC-1610
Confirm the hosts compliance status 1. Click one of the baselines that we have just scanned the hosts for. We can see that both of our hosts are compliant with both Critical and Non-Critical patches. If they were not, they would be listed in the Non-Compliant tab. Click the esx-01a.corp.local link to get more details about the patches it has installed.
HOL-SDC-1610
Page 419
HOL-SDC-1610
Make sure we are in the right spot! Make sure you are brought to: 1. esx-01a.corp.local 2. Manage 3. Update Manager
HOL-SDC-1610
Page 420
HOL-SDC-1610
Get compliance detailed status for a host Click the Critical Host Patches (Predefined) baseline and observe the status of each patches for that host.
Host compliance in vRealize Operations The vSphere Hardening Guide alerts notify you when settings or properties on your hosts or virtual machines are not configured in compliance with the guide. To use the alerts, override the policy setting so that Local is enabled. The alert-based compliance does not work until you enable one or both of the vSphere Hardening Guide alerts. One alert is for ESXi hosts and one is for virtual machines. The Hardening Guide checks the collected data do determine if the recommended settings on configured so that your ESXi hosts and virtual machines operate in a secure manner.
HOL-SDC-1610
Page 421
HOL-SDC-1610
Open a new tab 1. Open a new tab in Firefox. 2. Click the vROPs-01a shortcut on the buttonbar.
to vRealize Operations Manager 1. Enter the name: . 2. Enter the : VMware1!. 3. Click .
HOL-SDC-1610
Page 422
HOL-SDC-1610
Default Policy Click on the istrative tab (the gear) and click on Policies in the left-hand navigation pane. NOTE: Depending on your screen size, you may need to click the '>>' in order to select the istration tab.
HOL-SDC-1610
Page 423
HOL-SDC-1610
Customize a Policy to Enable the vSphere Hardening Guide Alerts 1. Click the Policy Library tab and expand the Base Settings (if needed). 2. Select the Default Policy policy that you want to customize. 3. Click the pencil to edit the policy.
Edit Monitoring Policy 1. In the workspace navigation, click Alert and Symptom Definitions. 2. In the Alert Definitions pane, enter hardening in the Filter text box. 3. The list displays ESXi Host is Violating vSphere Hardening Guide and Virtual Machine is Violating vSphere Hardening Guide alerts.
HOL-SDC-1610
Page 424
HOL-SDC-1610
Change the Local status for vSphere Hardening alerts 1. For each alert, click the State drop-down menu and click Local. 2. Click Save. Note: The alerts and the associated symptom definitions are enabled. When the configured policy is active, Hardening Guide alerts are generated when the configured symptom definitions are found to be true for hosts or virtual machines.
Ensure Your Host Objects Are In Compliance Using AlertBased Compliance As a virtual infrastructure , you use vRealize Configuration Manager to monitor the objects in your environment, including ESXi hosts on which you run your company's virtual machines. You review the Compliance tab for one or more of your hosts and discover that several of them are violating the VMware vSphere Hardening Guide standard, and you need to identify the problems and fix them. The alert-based compliance for some of the rules in the VMware vSphere Hardening Guide are included in vRealize Configuration Manager.
HOL-SDC-1610
Page 425
HOL-SDC-1610
Check for Alerts Click on the 'Environment' tab and click on 'vSphere Hosts and Clusters'.
HOL-SDC-1610
Page 426
HOL-SDC-1610
Check the Recommendations Dashboard In the left pane, Click the Home button and look at the Risk column for any alerts regarding vSphere hardening guide. You should, by now, have received two alerts: • One that list the number of hosts not compliant with the vSphere Hardening Guide • On that list all the VMs not compliant with the vSphere Hardening Guide.
Select one of the ESXi hosts In the Search box, at the far right of the screen, type esx-01a.corp.local.
HOL-SDC-1610
Page 427
HOL-SDC-1610
Scroll down to the bottom of the list. Click the esx-01a.corp.local Host System. Note: Using the Search box is usually the fastest way to navigate to an object. If more than one object has the same name, they will be differentiated by a category name.
HOL-SDC-1610
Page 428
HOL-SDC-1610
Listing vSphere Hardening Guide Alerts On the Summary tab, click the ESXi host is violating vSphere 5.5 Hardening Guide.
HOL-SDC-1610
Page 429
HOL-SDC-1610
Review The Alert Review the page to determine the criticality and pervasiveness of non-compliant standards for this host and in your environment. It includes the violated rules as symptoms and the recommendations to resolve the alert. In the Recommendations area, click the link to the vSphere 5.5 Hardening Guide. • The hardening guide is ed to the system you are using to access vRealize Configuration Manager. • In the Hardening Guide workbook, click the ESXi tab and locate the Disable DCUI to prevent local istrative control rule. • Review the information on the row and implement the appropriate remediation method. • For this rule, you can use the ESXi Shell Command, PowerCLI Command, or the steps provided in the VMware vSphere Documentation Center to change the setting.
HOL-SDC-1610
Page 430
HOL-SDC-1610
Conclusion We identified and resolved and out of compliance rule for the host object. Four or more collection cycles after you make the change to the host settings, the rule should no longer be included in the list of violated rules for the host
HOL-SDC-1610
Page 431
HOL-SDC-1610
Ensure auditability of istrative actions Lockdown Mode To increase the security of your ESXi hosts, you can put them in lockdown mode. In lockdown mode, operations must be performed through vCenter Server by default. Starting with vSphere 6.0, you can select normal lockdown mode or strict lockdown mode, which offer different degrees of lockdown. vSphere 6.0 also introduces the Exception list. Exception s do not lose their privileges when the host enters lockdown mode. Use the Exception list to add the s of third-party solutions and external applications that need to access the host directly when the host is in lockdown mode. In normal lockdown mode the DCUI service is not stopped. If the connection to the vCenter Server system is lost and access through the vSphere Web Client is no longer available, privileged s can to the ESXi host's Direct Console Interface and exit lockdown mode. Only the following s can access the Direct Console Interface: Normal Lockdown Mode • s in the Exception list for lockdown mode who have istrative privileges on the host. The Exception s list is meant for service s that perform very specific tasks. Adding ESXi s to this list defeats the purpose of lockdown mode. • s defined in the DCUI.Access advanced option for the host. This option is for emergency access to the Direct Console Interface in case the connection to vCenter Server is lost. These s do not require istrative privileges on the host. Strict Lockdown Mode In strict lockdown mode, which is new in vSphere 6.0, the DCUI service is stopped. If the connection to vCenter Server is lost and the vSphere Web Client is no longer available, the ESXi host becomes unavailable unless the ESXi Shell and SSH services are enabled and Exception s are defined. If you cannot restore the connection to the vCenter Server system, you have to reinstall the host. Lockdown Mode and the ESXi Shell and SSH Services Strict lockdown mode stops the DCUI service. However, the ESXi Shell and SSH services are independent of lockdown mode. For lockdown mode to be an effective security
HOL-SDC-1610
Page 432
HOL-SDC-1610
measure, ensure that the ESXi Shell and SSH services are also disabled. Those services are disabled by default. When a host is in lockdown mode, s on the Exception s list can access the host from the ESXi Shell and through SSH if they have the role on the host. This access is possible even in strict lockdown mode. Leaving the ESXi Shell service and the SSH service disabled is the most secure option. Note: The Exception s list is meant for service s that perform specific tasks such as host backups, and not for s. Adding s to the Exception s list defeats the purpose of lockdown mode.
Prepare for this lesson You prepare for the lab if you have closed windows or logged out of the VMware vSphere® Web Client interface.
Launch Firefox from the ControlCenter Desktop If not already running, double click the Firefox icon on the ControlCenter Desktop or single click the Firefox icon on the Quick Launch bar
HOL-SDC-1610
Page 433
HOL-SDC-1610
to the VMware vSphere Web Client 1. If the page does not automatically bring you to the vSphere Web Client, click the 'Site A Web Client' shortcut on the button bar. 2. Tick the box for 'Use Windows session authentication' 3. Click .
HOL-SDC-1610
Page 434
HOL-SDC-1610
Navigate to Hosts and Clusters 1. First, go to the "Home" button 2. Select "Hosts and Clusters"
HOL-SDC-1610
Page 435
HOL-SDC-1610
Enable Lockdown Mode Using the vSphere Web Client 1. 2. 3. 4. 5. 6.
On the left pane, click the Host and Clusters tab. Navigate to Cluster Site A and click esx-01a.corp.local. Click the Manage tab Click Settings. Under System, select Security Profile. In the Lockdown Mode , click Edit.
HOL-SDC-1610
Page 436
HOL-SDC-1610
Configure Lockdown Mode 1. Select the Strict option. 2. Click Exception s. Note: The host can only be accessed through vCenter Server. If SSH or the ESXi Shell are enabled, running sessions for s in the DCUI.Access advanced option and for Exception s that have privileges remain enabled. All other sessions are terminated. Click OK when prompted to Enable strict lockdown mode for this host.
HOL-SDC-1610
Page 437
HOL-SDC-1610
Add an Exception 1. 2. 3. 4. 5.
Click on the Exception s tab. Click the green + button. Select the root . Click Add. Click Ok.
Note: If Active Directory authentication would have been activated on the host, you would also be able to choose a from the Active Directory domain.
HOL-SDC-1610
Page 438
HOL-SDC-1610
settings If everything matches the image, click OK to continue.
HOL-SDC-1610
Page 439
HOL-SDC-1610
Confirm Lockdown Mode Configuration that the Lockdown Mode is enabled and strict and that the root is part of the Exception s list.
Track and Audit changes in vCenter Web Client vSphere includes a -configurable events and alarms subsystem. This subsystem tracks events happening throughout vSphere and stores the data in log files and the vCenter Server database. This subsystem also enables you to specify the conditions under which alarms are triggered. Alarms can change state from mild warnings to more serious alerts as system conditions change, and can trigger automated alarm actions. This functionality is useful when you want to be informed, or take immediate action, when certain events or conditions occur for a specific inventory object, or group of objects.
HOL-SDC-1610
Page 440
HOL-SDC-1610
Audit vSphere Changes 1. 2. 3. 4.
On the left pane, click the Host and Clusters tab. Navigate to vcsa-01a.corp.local. Click the Monitor tab Click Events.
Search for the modifications that you just completed when you activated Lockdown Mode and look at the details of the related events. Note: You can view events associated with a single object or view all vSphere events. The events list for a selected inventory object includes events associated with child objects. vSphere keeps information about tasks and events for 30 days. Alternatively, you could select any object in the inventory tree if you want to narrow the search scope.
Track and Audit activity in vRealize Operations Manager The activity report helps you understand the scope of activities in your vRealize Operations Manager instance, such as when s logged in, actions they took on clusters and nodes, changes they made to system s, when they activated certificates, and when they logged out.
HOL-SDC-1610
Page 441
HOL-SDC-1610
Open a new tab 1. Open a new tab in Firefox. 2. Click the vROPs-01a shortcut on the buttonbar.
to vRealize Operations Manager 1. Enter the name: . 2. Enter the : VMware1!. 3. Click .
HOL-SDC-1610
Page 442
HOL-SDC-1610
Audit s and the Environment in vRealize Operations Manager 1. Click istration(NOTE: you may have to use the '>>' to see the istration tab) 2. Click Audit
HOL-SDC-1610
Page 443
HOL-SDC-1610
Activity Audit The activity report helps you understand the scope of activities in your vRealize Operations Manager instance, such as when s logged in, actions they took on clusters and nodes, changes they made to system s, when they activated certificates, and when they logged out.
HOL-SDC-1610
Page 444
HOL-SDC-1610
Permissions Audit A permissions audit report provides an overview of the local s and LDAP imported s in your vRealize Operations Manager instance, and a list of groups to which each belongs. This report helps you understand the scope of the s and their roles, access groups, and access privileges in your environment. The report displays the access group associated with each local and LDAP imported and the access privileges granted to the in each access group. This report does not include vCenter Server s, roles, or privileges. When a is a member of a specific group, the associated access group could provide the with access to configuration, dashboards, and templates, or to specific navigation areas in the interface such as istration. The access rights associated with the access group include actions for each access group, such as the ability to add, edit, or delete dashboards, or to view, configure, or manage objects.
System Audit for vRealize Operations Manager A system audit report provides an overview of the counts of objects, metrics, super metrics, applications, and custom groups in your vRealize Operations Manager instance. This report can help you understand the scale of your environment. The system audit report displays the types and number of objects that vRealize Operations Manager manages. Reported objects include those that are configured and collecting data, the types of objects, object counts for adapters, the metrics that are configured and being collected, super metrics, vRealize Operations Manager generated metrics, the number of applications used, and the number of custom groups.
HOL-SDC-1610
Page 445
HOL-SDC-1610
You can use this report to help determine whether the number of objects in your environment exceeds a ed limit.
HOL-SDC-1610
Page 446
HOL-SDC-1610
Track License usage 1. Click istration. 2. Click Licensing. Here we can track license entitlements and usage for every solution installed. License keys activate the solution or product and are available in varying levels. Higher levels typically allow vRealize Operations Manager to monitor more objects.
Conclusion We demonstrated how to restrict access to vSphere ESXi host using the Lockdown Mode option. We also demonstrated how to track changes on any objects managed by vCenter Server. Additionally, we demonstrated the audit feature of vRealize Operation and how to track license usage.
HOL-SDC-1610
Page 447
HOL-SDC-1610
Demonstrate authorization capabilities VMware recommends that you create roles to suit the access control needs of your environment. If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the changes that you make are propagated to all other vCenter Server systems in the group. A role is a predefined set of privileges. Privileges define rights to perform actions and read properties. For example, the Virtual Machine role consists of read properties and of a set of rights to perform actions. The role allows a to read and change virtual machine attributes. When you assign permissions, you pair a or group with a role and associate that pairing with an inventory object. A single or group can have different roles for different objects in the inventory vCenter Server provides system roles and sample roles by default: System roles - System roles are permanent. You cannot edit the privileges associated with these roles. Sample roles - VMware provides sample roles for certain frequently performed combination of tasks. You can clone, modify or remove these roles. Note: Changes to roles and privileges take effect immediately, even if the s involved are logged in. The exception is searches, where changes take effect after the has logged out and logged back in.
Create a Role in the vSphere Web Client You can create vCenter Server custom roles to suit the access control needs of your environment. If you create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems, the VMware Directory Service (vmdir) propagates the changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific s and objects are not shared across vCenter Server systems.
HOL-SDC-1610
Page 448
HOL-SDC-1610
istration In the vSphere Web Client, click the Home icon and select istration.
Roles the Roles tab is selected.
HOL-SDC-1610
Page 449
HOL-SDC-1610
Create a Role Click the green + to create a role.
Role name 1. Name the role HOL Role 2. Tick the All Privileges box 3. Click the OK button to create the new role
Edit a Role in the vSphere Web Client When you edit a role, you can change the privileges selected for that role. When completed, these privileges are applied to any or group that is assigned the edited role. In Linked Mode, the changes you make are propagated to all other vCenter Server systems in the group. However, assignments of roles to specific s and objects are not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 450
HOL-SDC-1610
Edit HOL Role 1. Click on the role HOL Role to select it 2. Click the Edit button
HOL-SDC-1610
Page 451
HOL-SDC-1610
Remove Permissions Let's say that your company has separate teams to manage networking and storage, so the HOL Role does not need access to either of them. Uncheck the boxes for Networking and Storage views and click OK.
Clone a Role in the vSphere Web Client You can make a copy of an existing role, rename it, and edit it. When you make a copy, the new role is not applied to any s, groups or objects -- it does not inherit anything from the parent except the settings. In Linked Mode, the changes are propagated to all other vCenter Server systems in the group, but assignments of roles to specific s and objects are not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 452
HOL-SDC-1610
Clone a Role 1. Click on the role HOL Role to select it 2. Click the Clone button
HOL-SDC-1610
Page 453
HOL-SDC-1610
Role name and privileges 1. Name the cloned role HOL Dev Role Since we cloned the role, it is missing the Network and Storage views privileges that the HOL Dev s require. 2. Tick the All Privileges box to restore full istrative privileges to this role. 3. Click OK to complete the clone
HOL-SDC-1610
Page 454
HOL-SDC-1610
New Role Cloned
Rename a Role in the vSphere Web Client You might rename a role when you change the role's purpose. When you rename a role, no changes occur to that role’s assignments. In Linked Mode, the changes you make to the roles are propagated to other vCenter Server systems in the group, however roles assignments are not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 455
HOL-SDC-1610
Edit Role Name Click on the role HOL Role to select it and then click the Edit button.
HOL-SDC-1610
Page 456
HOL-SDC-1610
New Name 1. Rename the role to HOL Role 2. Click OK
Remove a Role in the vSphere Web Client When you remove a role that is not assigned to any s or groups, the definition of the role is removed from the list of roles. When you remove a role that is assigned to a or group, you can remove assignments or replace them with an assignment to another role. NOTE:
HOL-SDC-1610
Page 457
HOL-SDC-1610
Before removing a role from a vCenter Server system that is part of a connected group in Linked Mode, check the use of that role on the other vCenter Server systems in the group. Removing a role from one vCenter Server system also removes that role from all other vCenter Server systems in the group, even if you reassign permissions to another role on the current vCenter Server system.
Delete Role 1. Click on the role HOL Role to select it. 2. Click the Delete button.
Confirm Deletion Click Yes to confirm you want to delete this role.
HOL-SDC-1610
Page 458
HOL-SDC-1610
Role Deleted We can see that the role named HOL Role has been deleted. Creating unique and granular roles for s in your organization enables better security for your vSphere infrastructure. This concludes this lesson on Access and Authentication Roles.
SSO Configuration in the vSphere Web Client You can use identity sources to attach one or more domains to vCenter Single Sign-On. A domain is a repository for s and groups that the vCenter Single Sign-On server can use for authentication. An identity source is a collection of and group data. The and group data is stored in Active Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is installed. After installation, every instance of vCenter Single Sign-On has the identity source your_domain_name, for example vsphere.local. This identity source is internal to vCenter Single Sign-On. A vCenter Single Sign-On can add identity
HOL-SDC-1610
Page 459
HOL-SDC-1610
sources, set the default identity source, and create s and groups in the vsphere.local identity source.
Log out of the vSphere Web Client From the
[email protected] menu, select ''.
HOL-SDC-1610
Page 460
HOL-SDC-1610
with elevated privileges You configure vCenter Single Sign-On from the vSphere Web Client. To configure vCenter Single Sign-On, you must have vCenter Single Sign-On privileges. Having vCenter Single Sign-On privileges is different from having the role on vCenter Server or ESXi. By default, only the
[email protected] in the Name field. 2. Enter VMware1! in the field. 3. Click .
HOL-SDC-1610
Page 461
HOL-SDC-1610
istration In the vSphere Web Client, click the Home icon and select istration.
HOL-SDC-1610
Page 462
HOL-SDC-1610
Edit a vCenter Single Sign-On Identity Source vSphere s are defined in an identity source. You can edit the details of an identity source that is associated with vCenter Single Sign-On. 1. 2. 3. 4.
In the left pane, Select Configuration. Click on the Identity Sources tab Select the corp.local identity source. Click the Pencil button to edit the identity source.
HOL-SDC-1610
Page 463
HOL-SDC-1610
Edit Identity source In our scenario, we only have access to one Active Directory domain and integration has already been completed. We only have the possibility to change the domain name. Use the Use machine option if you do not expect to rename this machine. If you expect to rename the local machine, you must specify an SPN, a who can authenticate with the identity source, and a for the . Cancel out of the Edit Identity Source Wizard (or press the 'Esc' key if the Cancel button is not visible).
HOL-SDC-1610
Page 464
HOL-SDC-1610
HOL-SDC-1610
Page 465
HOL-SDC-1610
Add a vCenter Single Sign-On Group 1. Click s and Groups. 2. Click the Group tab in the right pane. 3. Click the green + button to add a new vCenter Single Sign-On Group. Note: In the vCenter Single Sign-On, groups listed on the Groups tab are internal to vCenter Single Sign-On. A group lets you create a container for a collection of group (principals).
Name the New Group 1. Enter HOL DEV s in the Group Name field. 2. Click Ok. Note: You cannot change the group name after you create the group.
HOL-SDC-1610
Page 466
HOL-SDC-1610
Add to a vCenter Single Sign-On Group 1. Select the HOL Dev s group. 2. Click the Add button. Note : of a vCenter Single Sign-On group can be s or other groups from one or more identity sources. You can add new from the vSphere Web Client. Groups listed on the Groups tab in the vSphere Web Client are part of the vsphere.local domain.
HOL-SDC-1610
Page 467
HOL-SDC-1610
Add Principals 1. 2. 3. 4. 5. 6.
In the Domain drop list, select corp.local as the identity source. Select Show Group first. In the Search box, type dev. Select the Private Cloud Developers group. Click Add. Click OK.
Note: You can simultaneously add multiple .
Add a Global Permission You can use global permissions to give a or group privileges for all objects in all inventory hierarchies in your deployment. 1. In the left pane, select Global Permissions.
HOL-SDC-1610
Page 468
HOL-SDC-1610
2. Click the Manage tab. 3. Click the green + button to add a new permission. Note: Use global permissions with care. that you really want to assign permissions to all objects in all inventory hierarchies.
HOL-SDC-1610
Page 469
HOL-SDC-1610
Assign an existing group Click the Add button.
HOL-SDC-1610
Page 470
HOL-SDC-1610
Select s or Groups 1. 2. 3. 4. 5.
In the Domain drop list, select vsphere.local as the identity source. In the Search box, type dev. Select the HOL Dev s group that we recently created. Click Add. Click OK.
Select a Role 1. Select the HOL Dev Role from the Assigned Role drop-down menu. 2. Leave the Propagate to children check box selected. 3. Click OK. Note: The roles that are assigned to the object appear in the menu. The privileges contained in the role are listed in the section below the role title. If you assign a global and do not select Propagate, the s or groups associated with this permission do not
HOL-SDC-1610
Page 471
HOL-SDC-1610
have access to the objects in the hierarchy. They only have access to some global functionality such as creating roles.
HOL-SDC-1610
Page 472
HOL-SDC-1610
the Global Permissions Confirm the new permission created is listed in the Global Permission view.
Managing s and Access Control in vRealize Operations Manager Each must have a to use vRealize Operations Manager. s can assign each to be a member of one or more groups, and apply roles to assign specific privileges to each for authorization to perform actions. Access Control To ensure security of the objects in your vRealize Operations Manager instance, as a system you can manage all aspects of access control. You create s, assign each to be a member of one or more groups, assign roles to each or group to set their privileges, and select the objects in your environment that each can access. A role is a collection of action privileges that grants a or group the permission to access objects. Roles do not include privileges to view or configure objects. You must assign privileges to objects separately when you add or edit a .
Switch Tab to vROPs-01a 1. Move to the vRealize Operations Manager tab.
HOL-SDC-1610
Page 473
HOL-SDC-1610
2. If the tab is not opened or you closed it, simply click the 'vROPS-01a' shortcut and use and VMware1! to log back in. 3. If you were logged out, use and VMware1! to log back in.
Authentication Sources You can obtain s from external sources so that you can use them in your vRealize Operations Manager instance. Open Firefox and to vROPS-01a using the bookmarked shortcut, = '' = 'VMware1!' if not already open.
HOL-SDC-1610
Page 474
HOL-SDC-1610
External sources include any identity source that uses the Lightweight Directory Access Protocol (LDAP), such as Active Directory and OpenLDAP. The external sources provide the authentication for these s. 1. Click the istration icon (you may need to use the '>>' to see the istration icon). 2. Select Authentication Sources. 3. Click the green + icon to add a new authentication source.
HOL-SDC-1610
Page 475
HOL-SDC-1610
Add New Source 1. 2. 3. 4. 5. 6. 7.
In the Source Display Name field, enter corp.local. Select Active Directory as the Source Type. Enter corp.local in the Domain/Subdomain field. In the field, enter
[email protected] In the field, enter VMware1!. Click the Test button to confirm the settings and click Ok to close the info box. Click OK.
vRealize Operations Manager is now ready to import s or groups from the newly created external authentication source.
HOL-SDC-1610
Page 476
HOL-SDC-1610
Roles You can assign s specific roles to perform actions and view features and objects in vRealize Operations Manager. With role-based access, s can only perform the actions that their permissions allow as designated by a system . 1. In the vRealize Operations Manager Client, click the istration icon. 2. Select Access Control. 3. Select Roles.
HOL-SDC-1610
Page 477
HOL-SDC-1610
Create a Role 1. On the left pane, select Access Control. 2. Click the Roles tab. 3. Click the green + to create a role.
Role Name 1. Name the role HOL Role 2. Click the OK button to create the new role Note: Once a name has been given to a role, it cannot be changed.
Edit HOL Role 1. Scroll down
HOL-SDC-1610
Page 478
HOL-SDC-1610
2. Click on the role HOL Role to select it. 3. Click the Edit button
HOL-SDC-1610
Page 479
HOL-SDC-1610
Edit Permissions Let's say that your company has separate teams to monitor and manage content for vRealize Operations, the HOL Role does not need access to any of the content management permissions. 1. Tick the istrative Access - all permission box 2. Untick the Content box. 3. Click Update.
Clone a Role in the vRealize Operations You can make a copy of an existing role, rename it, and edit it. When you make a copy, the new role is not applied to any s, groups or objects -- it does not inherit anything from the parent except the settings.
HOL-SDC-1610
Page 480
HOL-SDC-1610
Clone a Role 1. Click on the role HOL Role to select it. 2. Click the Clone button.
Role Name 1. Name the cloned role HOL Dev Role. 2. Click OK to complete the clone.
HOL-SDC-1610
Page 481
HOL-SDC-1610
New Role Cloned
Remove a Role in the vRealize Operations When you remove a role that is not assigned to any s or groups, the definition of the role is removed from the list of roles. When you remove a role that is assigned to a or group, you can remove assignments or replace them with an assignment to another role.
HOL-SDC-1610
Page 482
HOL-SDC-1610
Delete Role 1. Click on the role HOL Dev Role to select it. 2. Click the Delete button.
Confirm Deletion Click Yes to confirm you want to delete this role.
HOL-SDC-1610
Page 483
HOL-SDC-1610
Role Deleted We can see that the role named HOL Dev Role has been deleted. This concludes this lesson on Access and Authentication Roles.
Import a group from an External Source You can assign an imported to one or more groups, assign roles to the imported , and associate the imported with objects in the vRealize Operations Manager environment that s are allowed to access.
HOL-SDC-1610
Page 484
HOL-SDC-1610
Access the Group Configuration 1. In the left pane, Click Access Control. 2. Select the Groups tab. 3. Click the Import Group icon.
HOL-SDC-1610
Page 485
HOL-SDC-1610
Import Groups 1. 2. 3. 4. 5.
Select corp.local in the Import From drop list. Select the Basic option. Enter Private Cloud Developers in the Search String field and press Enter. Tick the check box beside the Private Group Developers group in the list. Click Next.
Roles and Objects 1. Select HOL Role in the Select Role drop list. 2. Tick the Assign this role to the group check box. 3. Select vSphere Hosts and Clusters object in the Select Object Hierarchies pane. 4. Click Finish.
HOL-SDC-1610
Page 486
HOL-SDC-1610
To further restrict or control which object are accessible to this group we could use a vRealize Operations Manager container such as a Custom Group or a Custom Datacenter for instance. Note: To allow the to access all objects in the vCenter Server inventory of the vRealize Operations Manager instance, click the Allow access to all objects in the system check box. For example, click the check box to allow a , such as an , to access all objects.
Conclusion Creating unique and granular roles for s in your organization enables better security for your vSphere infrastructure and vRealize Operations Manager. This concludes this lesson on Access and Authentication Roles.
HOL-SDC-1610
Page 487
HOL-SDC-1610
Managing and Tracking Change Start U Load simulation on the Virtual Machine(linuxU-Load-01a) Minimize any running applications. Next load PuTTY from the Desktop or from the Launch bar.
PuTTY to linux-U-Load-01a VM 1. Select linux-U-Load-01a.
HOL-SDC-1610
Page 488
HOL-SDC-1610
2. Click Load. 3. Click Open.
HOL-SDC-1610
Page 489
HOL-SDC-1610
Start U Load simulation for linux-U-Load-01a 1. At the as: prompt, type root and press enter. No will be required. 2. At the linux prompt, type /opt/ULoad.sh 2 and press enter. 3. The U load simulation is working if you see Starting U load.
HOL-SDC-1610
Page 490
HOL-SDC-1610
Confirm Workload status for Virtual Machine linux-ULoad-01a Open vRealize Operations Manager 1. 2. 3. 4.
Enter linux-U-Load-01a in the Search box. Select the linux-U-Load-01a virtual machine the the result box. Click the Analysis Tab. Select the Workload Tab.
If you successfully completed the previous task, you should see the Workload score at 99 and U Usage at around 3GHz. Take note that there is no U limit configured on that virtual machine. NOTE: It may take a couple of minutes for the U to ramp up. You can click the Refresh (6) button to see it start to spike.
HOL-SDC-1610
Page 491
HOL-SDC-1610
Open vCenter Web Client in Virtual Machine Context 1. Click the Action menu. 2. Select Open Virtual Machine in vSphere Web Client... Note: If Firefox warns you, saying that this connection is untrusted. Simply Expand the I Understand the Risks and Click the Add Exception... button. Confirm the Security Exception by pressing the associated button.
HOL-SDC-1610
Page 492
HOL-SDC-1610
Edit Resource Settings In the vSphere Web Client: 1. Click Action to bring the Action menu. 2. Click Edit Resource Settings...
HOL-SDC-1610
Page 493
HOL-SDC-1610
Add U Limit 1. In the U Limit box, enter 200. 2. Click OK.
HOL-SDC-1610
Page 494
HOL-SDC-1610
U Limit impact Switch back to vRealize Operation Manager and observe the Workload which should now be around 45%. U usage should be around 200 Mhz as it is expected since we have set a U limit for that virtual machine. Note: You might have to wait a minute or two before the Workload adjusts itself to the current U usage. Again, you can use the 'Refresh' (4) button to monitor the changes.
HOL-SDC-1610
Page 495
HOL-SDC-1610
Track Configuration Changes in Timeline 1. Click the Troubleshooting tab. 2. Select the Timeline option. 3. Click the Select Criticality Level button to narrow our search. (deselect all other options, leaving info) You should now see a Property Symptom telling you that a Virtual Machine U Limit has been set. Hover over the description of the event to display more details.
Be notified by configuration changes 1. Click the Content button on the left pane (you may need to use the '>>' button to see the Content button. 2. Select Alert Definitions. 3. Click the green + button to create a new alert.
HOL-SDC-1610
Page 496
HOL-SDC-1610
Name The Alert 1. Enter HOL - Virtual machine has limits set and is demanding more U than the configured limit in the name box. 2. Click Base Object Type.
HOL-SDC-1610
Page 497
HOL-SDC-1610
Specify the Object Type For The Alert 1. Select an Object Type by typing virtual machine in the search box. 2. Click Virtual Machine. 3. Click Alert Impact.
HOL-SDC-1610
Page 498
HOL-SDC-1610
Specify The Alert Type And Subtype Leave all configurations to their default values except for Alert Type and Subtype. 1. Select Hardware (OSI) : Configuration. 2. Click Add Symptom Definition.
HOL-SDC-1610
Page 499
HOL-SDC-1610
Configure the Alert symptoms 1. Enter u limit in the Filter box. 2. Drag the two displayed symptoms to the right pane. 3. Click Save. What we just did is create an alert that will get triggered when the two selected conditions are met. If any virtual machine has a U limit set and when the U demand exceeds the configured limit we, the alert will be trigger.
Back to linux-U-Load-01a Navigate back to linux-U-Load-01a virtual machine by typing 'linux-U-Load-01a' in the search box. Click on the link for linux-U-Load-01a.
HOL-SDC-1610
Page 500
HOL-SDC-1610
The Alert gets triggered Navigate back to linux-U-Load-01a virtual machine 1. Click the Alerts Tab. 2. Select the Alert you just created. Note: It could take a minute or so before the error show up.
HOL-SDC-1610
Page 501
HOL-SDC-1610
Check the Alert Details Observe the details of the alert. Expand the highlighted symptoms to reveal more details for each of them. Note: It would also have been possible to configure some remediations and actions for this alert.
HOL-SDC-1610
Page 502
HOL-SDC-1610
Clean up for the Next Module 1. Bring back the Putty session connected to Linux-U-Load-01a and click enter to stop the U load script 2. Close the Putty application.
Switch to the vSphere Web Client tab Switch back to the vSphere Web Client so we can remove the Resource limit on linuxU-Load-01a.
HOL-SDC-1610
Page 503
HOL-SDC-1610
Resource Settings From the 'Actions' menu, select 'Edit Resource Settings'.
HOL-SDC-1610
Page 504
HOL-SDC-1610
Change the U Limit Set the U Limit back to '0' and click 'OK'.
Conclusion We demonstrated the capabilities of vRealize Operations to track changes executed in vCenter Server. We also demonstrated that it was possible to get alerted when a change was made and that change affected the health of a managed object.
HOL-SDC-1610
Page 505
HOL-SDC-1610
Module 7: Log Management with vRealize sight - (60 Minutes)
HOL-SDC-1610
Page 506
HOL-SDC-1610
Overview of vRealize sight vRealize sight delivers real-time log management for VMware environments, with machine learning-based Intelligent Grouping, high performance search and better troubleshooting across physical, virtual, and cloud environments. High Performance Ingestion vRealize sight can process any type of log or machine generated data. vRealize sight s very high throughput rates and low latency. vRealize sight possesses a collection framework, which accepts data through syslog, Windows and Linux agents, or via a RESTful Ingestion API. Scalability vRealize sight can scale out by using multiple virtual appliance instances. This enables linear scaling of the ingestion throughput, increases query performance and allows for ingestion high availability. In cluster mode, vRealize sight provides master and worker nodes. Both master and worker nodes are responsible for a subset of data. Master nodes can query all subsets of data and aggregate the results. vRealize sight provides an internal Load Balancer for scale out, allowing you to load balance and scale out from out of the box. Real-Time Search Data ingested by vRealize sight is available for search within seconds. Also, historical data can be searched from the same interface with the same low latency. vRealize sight s complete keyword queries. Keywords are defined as any alpha-numeric, hyphen, or underscore characters. In addition to the complete keyword queries, vRealize sight s glob queries (for example, erro?, vm*) and field based filtering (for example, hostname does NOT match test*, IP contains "10.64"). Furthermore, log message fields that contain numeric values can be used to define selection filters (for example, U>80, 10
<100, and so on). Search results are presented as individual events. Each event comes from a single source, but search results may come from multiple sources. You can use vRealize sight to correlate the data on one or multiple dimensions (for example, time and request identifiers) providing a coherent view across the stack. This way, root cause analysis becomes much easier. vRealize sight Agent vRealize sight uses a native Windows and Linux agent to gather log data from Windows and Linux servers as well as desktops. You can collect events from Windows event channels and log files, and forward them to the vRealize sight server. Some of the benefits are centralized configuration, ease of use, data compression, and
HOL-SDC-1610
Page 507
HOL-SDC-1610
encryption. 3rd party agents are ed as well, but those benefits listed above provide unique advantages by using our native agent. Intelligent Grouping vRealize sight uses a new machine learning technology. Intelligent Grouping scans incoming unstructured data and quickly groups messages together by problem type in order to give you the ability to rapidly understand issues that may span your physical, virtual, and hybrid cloud environments. The Event Trends tab in the Interactive Analytics page provides automatic analysis of your events with context around new insights and anomaly detection. We can now see how events are trending in a specified time interval and easily detect ones that are potentially affecting the health of your environment or application. Aggregation Fields that are extracted from log data can be used for aggregation. This is similar to the functionality that GROUP-BY queries provide in a relational database or pivot-tables in Microsoft Excel. The difference is that there is no need for extract, transform, and load (ETL) processes and vRealize sight scales to any size of data. You can generate aggregate views of the data and identify specific events or errors without having to access multiple systems and applications. For example, while viewing an important system metric, for example the number of errors per minute, you can drill down to a specific time-range of events and examine the errors that occurred in the environment. Runtime Field Extraction Raw log data is not always easy to understand, and you might need to process some data to identify the fields that are important for searching and aggregation. vRealize sight extracts most fields automatically, and you can dynamically extract a new field from the data. It is as easy as double-clicking the message text and selecting “Extract Field”. The regex is provided automatically based on your selection. The extracted fields can be used for selection, projection, and aggregation. Dashboards You can create dashboards of useful metrics that you want to monitor closely. Any query can be turned into a dashboard widget and summarized for any range in time. You can check the performance of your system for the last five minutes, hour, or day. You can view a breakdown of errors by hour and observe the trends in log events. Security Considerations IT decision makers, architects, s, and others who must familiarize themselves with the security components of vRealize sight must read the VMware vRealize sight Security Guide. For more information, you can visit the vRealize Log
HOL-SDC-1610
Page 508
HOL-SDC-1610
Insight Documentation found at https://www.vmware.com//pubs/log-insightpubs.html The Security Guide contains concise references to the security features of vRealize sight. Topics include the product external interfaces, ports, authentication mechanisms, and options for configuration and management of security features.
Dashboards Overview Dashboards– Think of the dashboards page as an overview section. Dashboards provide the ability to quickly visualize log data and determine potential issues within an environment. sight provides two different types of widgets inside a dashboard: charts and queries. Charts are a visual representation of data and the most commonly used widget. Queries are saved pieces of information that provide both a visual and textual representation of data on the Interactive Analytics page, but they are listed only by a defined name on the dashboards page. Query widgets are typically used when a chart widget does not necessarily provide useful information. Interactive Analytics– Allows s and engineers to perform searches using plain language or REGEX strings and view log message detail to determine problem areas and perform root cause analysis.
HOL-SDC-1610
Page 509
HOL-SDC-1610
Interactive Analytics Overview The Interactive Analytics page allows s and engineers to drill down into log messages, to determine problem areas, and to perform root cause analysis. At the top of the page, just below the navigation bar, you will notice a section with a black background. This section gives you a visual representation of your log data. The chart in this section should look similar to the chart widgets that you saw on the Dashboards page. By default, the overview chart is a bar chart that displays the count of all events over time for the log messages seen over the last five minutes. sight refers to ingested data as events. The events visually represented on the overview chart can be manipulated in a variety of ways, but most commonly are changed through the use of functions and groupings. There are many options available once you have created a custom query in the Interactive Analytics page: • Add current query to favorites - You can save your current query and time range in sight to view it later. Saved queries can only be loaded from the Interactive Analytics page. • Add current query to dashboard - You can save lists of search queries to your custom dashboards by creating query list widgets. • Export or share current query - In addition to saving a dashboard you can also choose to save a query. NOTE: A saved query stores the time range in addition to the query. This is different than how all other pieces of information are saved in sight (i.e. everything else you can save does not include the time range.) • Create or Manage Alerts - When you find a query you care about you might want to configure an alert when that query returns one or more results. sight allows for alerts to be sent via email or vCenter Operations. • Manage Extracted Fields - This is important if you wish to find an extracted field that does not appear on the current query page.
HOL-SDC-1610
Page 510
HOL-SDC-1610
Content Packs Overview Content packs provide a powerful way to extend sight through pre-defined knowledge about particular events. To browse to the Content Packs section, select the three bars icon in the navigation bar and select Content Packs. A content pack is made up of various components. These components can include: • Dashboards – the dashboard groups (i.e. pages) that make up the selected dashboard • Queries ◦ Chart widgets ◦ Saved queries – located under Saved Searches • Alerts – always disabled when exported • Agent Groups - contain configuration for monitoring, parsing, and tagging event to be sent to sight • Fields – labeled as Extracted Fields
istration Overview The istration section provides health information as well as allows for the modification of configuration settings. All information displayed during the initial
HOL-SDC-1610
Page 511
HOL-SDC-1610
configuration wizard of the product can be modified from the istration section. There are other aspects of the istration section that are not configurable during the initial configuration wizard such as where cluster and agents can be managed.
Configuring vRealize sight Now that we understand the purpose of vRealize sight, the next step is to configure our environment.
HOL-SDC-1610
Page 512
HOL-SDC-1610
Configuring vCenter & vSphere Integration Before you configure sight to collect alarms, events, and tasks data from your vSphere environment, you must connect sight to one or more vCenter Server systems. sight can collect two types of data from vCenter Server instances and the ESXi hosts that they manage: • Events, tasks, and alerts are structured data with specific meaning. If configured, sight pulls events, tasks, and alerts from the ed vCenter Server instances. • Logs contain unstructured data that can be analyzed in sight. ESXi hosts or vCenter Server Appliance instances can push their logs to sight through syslog. In this lab section we will configure sight to integrate with our vCenter and the two hosts that it manages.
HOL-SDC-1610
Page 513
HOL-SDC-1610
Keyboard Shortcuts To aid in typing some of the entries in the lab, we have added a REE.txt file on the ControlCenter desktop to help for the variations in keyboard layouts. Where applicable you can also use the REE file to copy and paste commands included in steps.
Launching the vRealize sight Interface On the ControlCenter Desktop, launch Firefox.
HOL-SDC-1610
Page 514
HOL-SDC-1610
Browser Zoom Setting If you have trouble navigating through any of the wizards we will use in this module, use Firefox zoom to adjust the UI screen. 1. Click to open Firefox Menu 2. Use the '+' and '-' to zoom in or out as appropriate to fit the screen
HOL-SDC-1610
Page 515
HOL-SDC-1610
sight Bookmark 1. Click the sight Folder and select sight-01a
Connect to the sight-01a Appliance 1. name: 2. : VMware1! 3. Click
HOL-SDC-1610
Page 516
HOL-SDC-1610
Ready to Ingest Data The sight appliance was prepared previously and is ready to configure log collection. We can now move ahead to the vSphere integration section. 1. Click Configure vSphere Integration
Configuring vCenter & vSphere Integration Enter the following configuration information. 1. Hostname: vcsa-01a.corp.local 2. name:
[email protected] 3. : VMware1!
HOL-SDC-1610
Page 517
HOL-SDC-1610
4. Click Test Connection Note: Collect vCenter Server events, task, and alarms and Configure ESXi hosts to send logs to sight are checked by default. These options will reconfigure vCenter and associated ESXi hosts to send syslog data to sight. Additional configuration is required to send further vCenter syslog data. We will cover the additional configuration steps later in this section.
HOL-SDC-1610
Page 518
HOL-SDC-1610
Test successful you receive a Test successful message before continuing. Note: If you do not receive a Test successful, please return to the previous step and your configuration. 1. Click Save
Wait for vCenter and ESXi Host Configuration to Complete As the screenshot states, this step may take a few moments. Please proceed to the next step once this completes.
HOL-SDC-1610
Page 519
HOL-SDC-1610
Configuration Completed Successfully 1. Click OK to continue
Look at Help Information 1. If you click the ? next to Collect vCenter Server events, tasks, and alarms, you will notice that we need to configure vCenter to send logs to sight. Leave this tab open for now. We will return to the sight interface shortly. Please move to the next step.
Forwarding vCenter Logs in vCSA 6.0 The VMware vCenter Server Virtual Appliance (vCSA) provides an alternative option for organizations that chose not to run the Windows vCenter Server but still require centralized management of VMware vSphere deployments in the enterprise. vCSA provides exactly the same functionality as the traditional Windows vCenter Server, but packaged in a Linux distribution. With vCSA 6.0, there is partial for native remote syslog, which is configurable through the VMware Syslog Service under the new vCenter Server System Configuration found within the vSphere Web Client.
HOL-SDC-1610
Page 520
HOL-SDC-1610
There are currently two major sets of logs, that are forwarded to a remote syslog server when the new syslog service is configured: 1. All logs from ESXi hosts that are connected to the vCenter Server will be forwarded 2. A partial set of vCenter Server service logs will be forwarded. The specific service logs that are forwarded are found in /etc/vmware-syslog/custom-file-location.conf
Launch the vSphere Web Client Open a new Tab in your browser to go to the vSphere Web Client. 1. 2. 3. 4.
Click the vSphere Web Client bookmark in your browser name:
[email protected] : VMware1! Click
HOL-SDC-1610
Page 521
HOL-SDC-1610
Navigate to istration 1. Click istration to open the section of the Web Client
HOL-SDC-1610
Page 522
HOL-SDC-1610
System Configuration 1. Click System Configuration
HOL-SDC-1610
Page 523
HOL-SDC-1610
Services 1. Click Services
HOL-SDC-1610
Page 524
HOL-SDC-1610
VMware Syslog Service Settings Next, we will browse to the System Configuration Services in order to edit the VMware Syslog Service using the following procedures: 1. You will see two services named "VMware Syslog Service (..." - You want to select the SECOND service 2. To you selected the correct one, the summary tab displays VMware Syslog Service (vcsa-01a.corp.local)
HOL-SDC-1610
Page 525
HOL-SDC-1610
Edit VMware Syslog Service Settings 1. Select the Manage tab 2. Select Edit
HOL-SDC-1610
Page 526
HOL-SDC-1610
Update Values There are four settings that you will need to configure: 1. 2. 3. 4. 5.
Common Log Level - Enter info Host - Enter sight-01a.corp.local Port - Enter 514 Protocol - Enter UDP Click OK
A restart is not required when configuring the syslog service. Logs will automatically be forwarded to the remote syslog server.
HOL-SDC-1610
Page 527
HOL-SDC-1610
Forward vCenter Server log (vpxd.log) The vCenter log file vpxd.log is not being forwarded. Over the next several steps, we will make a configuration change, which allows this log to be forwarded to sight. This change will require a restart.
Navigate to vCenter Inventory Lists 1. Click the Home icon. 2. Click vCenter Inventory Lists
HOL-SDC-1610
Page 528
HOL-SDC-1610
Open vCenter Object list 1. Click vCenter Servers
Edit Advanced Settings We must now navigate to the advanced settings and edit them. 1. 2. 3. 4. 5.
Click Click Click Click Click
on vCenter Object vcsa-01a.corp.local Manage tab Settings tab Advanced Settings section in left pane Edit button
Modify and Save Advanced vCenter Server Settings 1. You will need to change the vCenter Server advanced setting "config.alert.log.outputToSyslog" property from false to true.
HOL-SDC-1610
Page 529
HOL-SDC-1610
2. Click OK
Back out of the configuration page using the Navigator 1. Click the Home button 2. Click istration
HOL-SDC-1610
Page 530
HOL-SDC-1610
Open System Configuration 1. Click System Configuration
Open Actions for vcsa-01a.corp.local 1. Click on Nodes 2. Right-click vcsa-01a.corp.local 3. Click Reboot
HOL-SDC-1610
Page 531
HOL-SDC-1610
Confirm Reboot 1. Enter a reason for rebooting: Changed SysConfig 2. Click OK
HOL-SDC-1610
Page 532
HOL-SDC-1610
Restart It will take a few minutes for the restart to complete. If you click the Web Browser Refresh, you will either see the above Print Screen or potentially error messages within the Web Client as the browsers attempts to cache specific screens and the VCSA shuts down. You do not need to wait for the Unable to connect screen to appear. While the vCenter is rebooting, continue to the next section.
Section Complete You are now finished with this section of the module; you may now continue to the next section.
HOL-SDC-1610
Page 533
HOL-SDC-1610
sight Standalone Instance to sight Cluster sight provides a clustering option for scenarios where the number of ingested log events, or events per second, increases above the amount a single node s or when business requirements dictate, such as the need to prevent gestion downtime. In those situations, a clustered configuration addresses the scale and High Availability requirements. sight offers for up to 6 nodes per cluster instance and the ability to retain up to 2 terabytes of searchable log data per node (12 terabytes total for a cluster instance). Clustering enables ingestion high availability when used with the included Internal Load Balancer (ILB) or a ed external load balancer. In this section we will walk through how to configure a sight cluster and enable the Internal Load Balancer (ILB). Important notes: • For most environments, running multiple, separate sight instances should not be necessary • A sight cluster must be in the same data center and same layer 2 network • If you have multiple datacenters, then you should consider using sight forwarders in each datacenter. Depending on business requirements the forwarder in each datacenter may need to be a cluster • You cannot already configured standalone nodes together, but you can new nodes to an already configured standalone node • Devices should connect to sight via the Fully Qualified Domain Name (FQDN) • Standalone nodes do not provide redundancy, any downtime to a standalone node will result in an outage For the purposes of this lab, we will only be configuring a 2 node cluster. In a production instance, a 3-node cluster is the minimum ed.
HOL-SDC-1610
Page 534
HOL-SDC-1610
Open sight-02a First, let's open a new browser tab to navigate to our new sight appliance that has already been deployed for you. Â Go to your browser window that you already have open. 1. Click + icon to open a new tab. 2. Click sight in the bookmark bar 3. Click the sight-02a link
Deploy New sight Appliance 1. Click Next
HOL-SDC-1610
Page 535
HOL-SDC-1610
Choose Deployment Type 1. Select Existing Deployment.
Existing Deployment 1. Enter the fully qualified domain name (FQDN) of the sight master: sight-01a.corp.local. 2. Click Go
HOL-SDC-1610
Page 536
HOL-SDC-1610
Request to was Received Successfully The above message should appear with a successful attempt to the cluster. 1. Click the link that says "Click here to access the Cluster Management page" and you will be redirected to the Cluster Management page of the master node. You may need to re-authenticate to sight. Please ignore the next step if reauthentication is NOT required.
HOL-SDC-1610
Page 537
HOL-SDC-1610
Re-Authenticate to sight-02a Appliance if Required 1. name: 2. : VMware1! 3. Click
Accept Worker Request 1. Click Allow to accept the request from the new worker node to the cluster. This process may take a few moments.
HOL-SDC-1610
Page 538
HOL-SDC-1610
Cluster Mode is Now Enabled Notice the page has updated and created an additional node 192.168.120.121 (sight-02a).
HOL-SDC-1610
Page 539
HOL-SDC-1610
Enable Integrated Load Balancer At the bottom of the same page, complete the following to enable the Integrated Load Balancer. 1. Selectthe check box next to "Enable Integrated Load Balancer". 2. Enter the IP (192.168.120.123)of the ILB. The FQDN (optional) of this IP Address is sight.corp.local. 3. Select Save.You should a "Status In Progress" appear under the IP Address. This will take a few moments to complete so be patient.
Note: You must enter the IP address here and not the FQDN, which is optional.
HOL-SDC-1610
Page 540
HOL-SDC-1610
Cluster Page The Cluster Page should now appear as the image above. You have now created a cluster with an internal load balancer. Note the warning message shown. We have one more step to complete before things are finalized to make the warning message disappear.
HOL-SDC-1610
Page 541
HOL-SDC-1610
Reconfigure vSphere Integration Notice that the Syslog target is configured to sight Master. 1. Navigate to vSphere Integration section by clicking vSphere in the left pane. 2. Click Unconfigure.
Unconfigure ESXi Hosts 1. Click Continue
HOL-SDC-1610
Page 542
HOL-SDC-1610
Configuration Change Complete 1. Click OK to continue
Save vSphere Integration 1. Click Configure ESXi hosts to send logs to sight. Notice the Internal Load Balancer IP is listed. 2. Click Save to commit the changes. This may take a few moments.
Confirm Update 1. Click OK to complete the configuration change.
HOL-SDC-1610
Page 543
HOL-SDC-1610
Finalized Cluster Configuration 1. Select Cluster under the Management section in the left side menu. Note: The warning message about reconfiguring vSphere Integration is no longer present. The cluster status is now set to Available. Congratulations, you have successfully created a cluster and reconfigured the vSphere integration. Remain on this tab for the next section.
HOL-SDC-1610
Page 544
HOL-SDC-1610
Event Forwarding Any sight instance, whether standalone or clustered, can be configured to forward events. When forwarding events, the sight instance still ingests and stores events locally. Archiving is also an option once configured. In addition, queries can be issued from sight instances configured for event forwarding. Forwarders are also often used for the following reasons: • To send log data up to 10 destinations, including a Security information and event management (SIEM) solution. • Compress log data to reduce bandwidth requirements. • Enhance security by minimizing the number of devices which send events to a primary sight destination. • Forwarders are a complete sight instance, which provides backup for log events in the event connectivity is lost to the destination • Filtering events before forwarding to a primary sight destination Important: • There is no way to configure sight to ONLY forward events (i.e. not ingest and store logs locally) • Events that the sight instance has previously ingested are not forwarded after event forwarding has been configured.
Browse to Event Forwarding 1. Select Event Forwarding. 2. Click New Destination. NOTE: You might see the red escalation mark in the upper right corner of the console. The warning is due to the lab environment not including an SMTP server.
HOL-SDC-1610
Page 545
HOL-SDC-1610
New Destination Upon selecting the option to create a new destination you will be prompted to provide information including: • Name: Destination (meaningful -friendly name or alias) • Host: The FQDN for the remote destination. • Protocol: How events should be sent to the remote destination ◦ Ingestion API (default) if the remote destination is another sight instance ◦ Syslog (T) if the remote destination is something other than sight ◦ Note: Syslog forwarding over UDP is not ed today. • Tags (optional): Let you add fields with predefined values to events for easier querying. ◦ One or more fields to with the event. ◦ Tags are only available when using Ingestion API. • Filters (optional): What events you would like to forward ◦ By default, all events are sent ◦ Filters only static fields such as syslog metadata fields or ingestion API tags There are also several advanced options, which include: • Port: In case you have a non-standard port requirement • Cache: Disk-based cache in case the remote destination is unavailable (maximum allowed = 2000) Note: We recommend always changing this to the maximum allowed (2000)
• Workers: Number of worker threads per node (in most cases should not be changed)
HOL-SDC-1610
Page 546
HOL-SDC-1610
HOL-SDC-1610
Page 547
HOL-SDC-1610
Enter New Destination Information When setting up a sight forwarder you have the option of specifying specific events to forward using filters, and in this example we will filter on messages containing the word error. 1. 2. 3. 4.
Enter Name: LI Forwarded Events Enter Host: sight-03a.corp.local Click Add Filter Modify Filter: Change hostname to text, set filer to does not match then enter error as the filter word 5. Click Test and confirm Test event forwarded successfully 6. Click Save Note: Optionally, you can select Run in Interactive Analytics to show a sample of events that would be forwarded based on the filter that you created.
HOL-SDC-1610
Page 548
HOL-SDC-1610
Configuration Complete 1. Click the Web Browser Refresh if no data is presented. 2. You should not see events. Now that the configuration is complete, let's take a look at the events coming over to our destination on sight-03a.corp.local
Open sight-03a 1. Click the + icon to open a new browser tab 2. Click sight on the bookmark bar 3. Click the sight-03a link
HOL-SDC-1610
Page 549
HOL-SDC-1610
to sight-03a 1. name: 2. : VMware1! 3. Click
HOL-SDC-1610
Page 550
HOL-SDC-1610
View Interactive Analytics 1. Click on the Interactive Analytics tab The forwarded events are now available in the Interactive Analytics of sight-03a.corp.local. Note: Due to differences in time there may be differences in what is shown.
Section Complete At this point, you have completed a basic configuration of the Event Forwarder.
HOL-SDC-1610
Page 551
HOL-SDC-1610
Exploring vSphere Log Events In this section we will use sight explore the logs of a vSphere environment. Often, without a log analysis tools such as sight, log errors are not viewed until production workloads have degraded or failed and the business is impacted. With sight we can uncover log events and patterns that may ultimately lead to problems so we can take action beforehand. In this section we will focus on log analysis and dashboards, though you can use these same principles to create alerts and forward them to vRealize Operations or via SMTP.
sight Bookmark 1. If you are not already logged into sight server sight-01a, click the sight folder and select sight-01a
HOL-SDC-1610
Page 552
HOL-SDC-1610
to sight-01a 1. Enter name: 2. Enter : VMware1! 3. Click
sight Dashboard General Overview If you have successfully connected to a vCenter, earlier in this module, the first screen you will see is the General Overview dashboard. 1. If you are not already at this screen click the Dashboard tab. 2. This is the dashboard category tile; it tells you the source of the dashboards that are available (to see a complete list of installed dashboards click the down arrow next to the category title). Dashboards are either created within sight or come as part of a Content Pack. By default, the vSphere Content Pack comes preinstalled. Dashboards from any other content pack that you install can be found by clicking the arrow. 3. This section is a list of actual dashboards for the current category - The image above shows the dashboards from the VMware - vSphere content Pack. 4. This section of the screen allows you to apply a date/time range filter to limit the data you are viewing within the dashboard.
HOL-SDC-1610
Page 553
HOL-SDC-1610
5. This section shows the filters which are available as part of this dashboard. The filters allow you to quickly focus the dashboard on a specific object/item of interest. 6. Widgets, the widget in sight are configured to query the consolidated log database and show specific areas of regular interest. In this case, the widget is showing a graphical representation of all the vSphere log messages and when they were generated. Widgets can be arranged in multiple ways and sizes.
Switch to Interactive Analytics 1. Click the Interactive Analytics tab
HOL-SDC-1610
Page 554
HOL-SDC-1610
The Interactive Analytics Screen The following describes the different sections of the Interactive Analytics Screen: 1. This area shows the graphical representation of the current Query, because we have not specified anything as a query or filter all the events are being shown. 2. This section modifies how the graph displays the data. 3. With the Search box, you can enter anything here you would like to search for within the logs. For example, this could be a host name, error message or number. 4. With Data Range, sight auto-correlates all log data, in this field you can specify a specific time range you would like to search for log entries. By default, the time range field is set to Latest 5 minutes of data. Be advised: large date ranges will take a longer time to return the complete set of data, but that data will stream in as the query result is returned. In this lab we have only just connected to the vCenter thus we have a limited time range where data is available. 5. Events are the log entries which match the query and will be displayed here. The key words (Fields) contained in each of the log messages will be called out in blue below the log message. By default, sight understands all the Syslog defined fields. As part of content packs Fields are added which are specific to their domain. In this case all the vSphere and Syslog Fields are available. 6. The Field List is all the defined fields from all the log messages which are part of the result set from the query. You can click on any one of them and they will show you a graphical representation of the number of log messages which are associated to that field.
HOL-SDC-1610
Page 555
HOL-SDC-1610
HOL-SDC-1610
Page 556
HOL-SDC-1610
Searching Log Events As you enter keyword searches inside the search box, sight will provide auto complete options as you type. 1. In the search field type vcsa* ( to type in the asterisk), in this case we are looking for all messages which are related to the vCenter vcsa-01a. In English, simply type in what you are looking for and add an asterisk as the wildcard. 2. Enter the data range, Latest 5 minutes of data. 3. Click the search Icon.
Event Types Event Types are used when troubleshooting to quickly narrow down the resulting set of log messages into pattern matched clusters. This capability allows you to quickly eliminate irrelevant log messages. 1. Click the Event Types Tab. This will sort the result set of log messages by Event type. 2. The Events column will provide the count of messages of the pattern matched type 3. Click the x to remove this message type from the result set and automatically creates a filter for that message type (you must hover the mouse over the area for the "x" to display.
HOL-SDC-1610
Page 557
HOL-SDC-1610
Note: The lab you are taking is a live dynamic environment. What you see will differ from what is captured in the screenshot. Please choose any event in the window and proceed to the next step.
Filters After deleting the Event Type, the log messages are retained. They are only removed from this query and the system automatically creates a filter or constraint excluding that specific event type.
Creating a Filter Now we will create a new filter to only include log messages based on the text api invocations. This will show the number of api connections to your vCenter server.
HOL-SDC-1610
Page 558
HOL-SDC-1610
1. Click Add Filter
Set Filter Constraints
1. 2. 3. 4. 5.
Set Filter to text. Set the Operator to contains Type API invocations Click the search button At this point the result list will only show log messages related to the text API invocations that are not event_type you filtered.
NOTE: Now we have narrowed down our results. Prior to adding filters there were over a dozen different event types.
HOL-SDC-1610
Page 559
HOL-SDC-1610
Field Extraction Extracted fields provide a powerful way to construct queries in sight. You can also create your own custom extracted fields. 1. Switch back to the Events tab. 2. Highlight the value next to "API invocations:". In the example above, its listed as 1, but this number could be different. 3. A pop up window appears, select Extract field.
HOL-SDC-1610
Page 560
HOL-SDC-1610
Fields configuration A Fields configuration will appear on the right side of your screen. We now need to name the extracted field, determine who can use the field, then save the field for use in the future. You will use this extracted field later in this module when we integrate with vRealize Operations Manager. 1. In the Field Name input box, type vmw_vc_api. 2. Under Available for drop down, you have the option to make this extracted field available to just yourself or all s. Leave this as Me Only. 3. Click Save.
Extracted Field Complete Notice that we now have a new field called vmw_vc_api. We will leverage this later in the module. For now, we will move to the next step.
HOL-SDC-1610
Page 561
HOL-SDC-1610
Grouping Events Now we want to group these events which add some additional data into our graph. 1. Select over time drop down 2. Place a check next to vmw_vc_auth_source (VMware - vSphere) and vmw_vc_auth_ (VMware - vSphere) 3. Click Apply
Legend Created Notice that a legend has been created on the right side of the graph to display the IP address and the name for who was connecting to the vCenter appliance.
HOL-SDC-1610
Page 562
HOL-SDC-1610
Add Query to Dashboard Now we will create a new dashboard called API Invocation Events based on our search results. 1. Click Add to Dashboard.
Add Chart to Dashboard 1. Enter API Invocation Events in the Name field, replacing the default content 2. Ensure the Dashboard 1 is selected. You can change the dashboard you are adding this query to any dashboard you have rights to modify or create a new dashboard 3. Click Add
HOL-SDC-1610
Page 563
HOL-SDC-1610
Navigate to the Dashboards page 1. Click the Dashboards tab
Select My Dashboards 1. Click the drop down arrow for the dashboard list 2. Select My Dashboards
HOL-SDC-1610
Page 564
HOL-SDC-1610
Observe the Modified Dashboard Observe that a new widget named API Invocation Events is now included with Dashboard 1.
Section Complete You now know how to use sight to explore the logs of a vSphere environment. You can leave the browser open for the next section.
HOL-SDC-1610
Page 565
HOL-SDC-1610
Installing Content Packs Content packs contain dashboards, extracted fields, saved queries, and alerts that are related to a specific product or set of logs. Some content packs such as the VMware - vSphere content pack are loaded by default, while others can be ed from sight Content Pack Marketplace (Solutions Exchange). In this section we will: • Investigate available Content Packs • Import Content Pack for vRealize Operations 6.x
Managing Content Packs We will continue to use sight-01a for this exercise. On the top right corner of the sight UI: 1. Click the menu icon 2. Click Content Packs
HOL-SDC-1610
Page 566
HOL-SDC-1610
sight Content Pack Marketplace The lab environment isn't connected to the internet, so the vRealize Operations content pack file was ed previously to the lab environment.
HOL-SDC-1610
Page 567
HOL-SDC-1610
sight Content Pack Marketplace The screenshot depicts the sight Content Pack Marketplace when the appliance is connected to the Internet. The Marketplace includes a large number of VMware and 3rd party created Content Packs, which provides extensibility around how log messages are viewed, queried, and used for alerts.
Solutions Exchange (Marketplace) for sight Additionally, you can browse Solution Exchange and view the content and documentation. For sight: 1. You can see there are 47 Content Packs (the number of packs and page format style may change over time) 2. With 47 Content Packs, there is a search feature to reduce the number of displayed content pack
HOL-SDC-1610
Page 568
HOL-SDC-1610
Note: There is considerable amount of content and it is worth visiting Solutions Exchange for sight, vRealize Operations and other VMware related extensible content.
HOL-SDC-1610
Page 569
HOL-SDC-1610
VMware - vSphere Content Pack 1. Click VMware - vSphere in the left navigation pane 2. Observe that the VMware - vSphere Content Pack version 3.0 is installed 3. Click the different tabs to gain information about the installed content
sight General Content Pack 1. Click General in the left hand navigation pane, which is the second content pack installed by default 2. Observe that the GeneralContent Pack version 2.5 is installed
Import the vCenter Operations Manager Content Pack On the bottom of the left hand navigation pane:
HOL-SDC-1610
Page 570
HOL-SDC-1610
1. Click the Import Content Pack button
Import Content Pack 1. Click Browse
HOL-SDC-1610
Page 571
HOL-SDC-1610
File 1. Browse to C:\LabFiles\ 2. Click VMware - vR Ops 6.x.vl 3. Click Open
Import Content Pack Continued There are two options when installing a content pack. Install as content pack Description - The content is imported as a read-only content pack that is visible to all s of the sight instance.
HOL-SDC-1610
Page 572
HOL-SDC-1610
Note: Content pack dashboards are read-only. You cannot delete or rename them. However, you can clone content pack dashboards to your custom dashboard. You can clone whole dashboards or individual widgets. Import into My Content Description - The content is imported as custom content to your space, and is visible only to you. You can edit the imported content without having to clone it. Note: Content pack metadata, such as name, author, icon, and so on, are not displayed in this mode. Once imported in My Content, the content pack cannot be uninstalled as a pack. If you want to remove a content pack from My Content, you have to individually remove each of its elements, such as dashboards, queries, alerts, and fields. 1. Choose Install as content pack. 2. Click Import.
HOL-SDC-1610
Page 573
HOL-SDC-1610
Success - VMware - vCenter Operations Manager Content Pack Installed Observe that VMware - vR Ops 6.x specific widgets, queries, alerts, agent groups, and fields are now available in Installed Content Packs. Each element of the content pack helps to highlight specific issues with a vRealize Operations Manager appliance. The content pack simplifies the process of finding and viewing relevant log data as well as facilitates integration of alerts between sight and vRealize Operations Manager. With Internet access (not possible with the Lab environment), you will be notified regarding updates. In the sample printscreen, you can see that one update is available.
HOL-SDC-1610
Page 574
HOL-SDC-1610
Updating a Content Pack To view the update(s), you would click the Update link in the navigation pane and then Update the specific content pack or Update All, if multiple updates were available. For the purposes of this sight introduction, not having the latest vROps Content Pack will not affect the features being demonstrated.
Configure vRealize Operations Manager to send logs to sight Now that we have the content pack for vRealize Operations Manager 6 installed, let's configure vrops-01a.corp.local to send its logs to the sight cluster (sight.corp.local) If you are running vRealize Operations 6.0.1 or later - the sight agent is already pre-installed on your appliance - all you have to do is configure it! We have already provided a completed configuration file in the C:\LabFiles directory. In this lab, we will be manually copying over the agent configuration but you can centrally manage agent configuration via the sight UI using Agent Groups which can be found in the istration section of the UI.
Configuration parameters Note: If you have a multi-tier deployment, you will need to customize the below config file for each node. Here are the parameters that need to be changed:
HOL-SDC-1610
Page 575
HOL-SDC-1610
• hostname - This is the IP or FQDN of your sight server. Note that this only needs to be changed in the [server] section at the top of the file, and not throughout the entire file. Below, it is set to
• vmw_vr_ops_clustername - This is the *name* of your vRealize Operations cluster. This can be anything you like here and can be used to distinguish one cluster from another if you have multiples. Below, it is
• vmw_vr_ops_clusterrole - This is the role that the node you are installing this file on fills. The choices are "Master", "Replica", "Data", or "RemoteCollector" - on a single-node installation, use Master. Below, it is set to Master. This value can be found on the istration > Cluster Management page in the vRealize Operations Manager UI (see above image) • vmw_vr_ops_hostname - This is the hostname of your vRealize Operations Manager cluster. This hostname can also be found on the istration > Cluster Management page in the vRealize Operations Manager UI (see above image). Below, it is set to
• vmw_vr_ops_nodename - This is the node name of the node you are installing this file on. This name can be found on the istration > Cluster Management page in the vRealize Operations Manager UI (see above image). Below, it is set to
HOL-SDC-1610
Page 576
HOL-SDC-1610
Open WinS
1. Open the Windows Start screen 2. Click WinS
HOL-SDC-1610
Page 577
HOL-SDC-1610
WinS to vrops-01a.corp.local 1. Select vrops-01a.corp.local 2. Click
HOL-SDC-1610
Page 578
HOL-SDC-1610
Update Unknown Server, Security or Banner Message If you see this unknown server message.... 1. Select Yes Note: You may also see a Security Message or Banner message. Accept or Continue to clear the messages.
HOL-SDC-1610
Page 579
HOL-SDC-1610
Browse to Directories The correct directory paths may already appear within WinS. If you do not see the correct paths, please proceed with the steps below. Otherwise, you can move to the next step. 1. Browse to C:\LabFiles\ (left frame). This can easily be completed by using the toolbar up-directory navigation and then once at C:\, select the LabFiles folder. 2. Browse to /var/lib/sight-agent on vrops-01a.corp.local (right frame). This can be accomplished by using the up-folder toolbar button to get to root and then navigate to the sight-agent folder.
Drag liagent.ini to /var/lib/sight-agent directory Click-Drag the file liagent.ini from left pane to right pane
HOL-SDC-1610
Page 580
HOL-SDC-1610
Overwrite liagent.ini Overwrite /var/lib/sight-agent/liagent.ini with C:\LabFiles\liagent.ini by dragging liagent.ini from the left frame to the right frame. 1. Click Yes
Close WinS 1. Click the X in the upper right corner to close WinS
Complete close of WinS 1. Click OK to finish closing WinS
HOL-SDC-1610
Page 581
HOL-SDC-1610
Open Putty 1. From the Task Bar select the Putty shortcut
to vrops-01a.corp.local 1. 2. 3. 4.
Scroll to the bottom of the list Select vrops-01a.corp.local Select Load Click Open
Enter root credentials 1. Enter as: root
HOL-SDC-1610
Page 582
HOL-SDC-1610
2. Enter : VMware1! and press Enter
Restart sight Agent Run the following command to restart the sight Agent: 1. Type: /etc/init.d/liagentd restart and press Enter 2. Confirm the liagentd stops and restarts 3. Type: exit and press Enter
View Log Content from VMware - vRealize Operations Manager 6.x Content Pack The logs from vrops-01a.corp.local will now begin being sent to the sight cluster (sight.corp.local). 1. Select the Dashboards tab if you are not already in this location 2. Select the drop down arrow 3. Select VMware - vR Ops 6.x from under the Content Pack Dashboards section
HOL-SDC-1610
Page 583
HOL-SDC-1610
4. After navigating to the dashboard, please refresh the view using the Update button
Conclusion This concludes installing content packs. Please proceed to the next section where we will complete works with installing and managing sight agents.
HOL-SDC-1610
Page 584
HOL-SDC-1610
Installing & Managing sight Agents Earlier in this lab, we configured the Linux Agent on our vRealize Operations Manager appliance which featured the capabilities of the Linux agent. The sight Linux Agent collects events from log files on Linux machines and forwards them to the vRealize sight server. In a Linux system, applications can store log data in flat text files on the file system. The sight Linux Agent runs as a daemon and starts immediately after installation. We also have a sight Windows Agent which collects events from Windows event channels and log files, and forwards them to the sight server. A Windows event channel is a pool for collecting related events in a Windows system. By default, the sight Windows Agent collects events from the Application, System, and Security channels. The sight Windows Agent runs as a Windows service and starts immediately after installation. Both agents can monitor directories and collect events from flat text log files During and after installation, you can configure the following options for the sight Windows Agent: ■ Select the target sight server to which the sight Windows Agent forwards events. ■ Select the communication protocol and port that the sight Windows Agent uses. ■ Add additional Windows event channels from which the sight Windows Agent collects events to. ■ Select Windows directories to monitor and add flat log files to collection. 3rd party agents are also ed, but our own native agents (for Windows and Linux) offer significant advantages, such as easy/central configuration through the sight UI, data compression, and encryption over SSL (available in version 3.0). In this lab section we will install the Windows Agent on the ControlCenter Server. In real world deployments you could deliver the agent with your favorite application delivery management methodology including vRealize Configuration Manager, Microsoft System Center Configuration Manager, Active Directory GPO's, etc...
Select the Agents Management Page Note: Ensure that you are on the sight browser tab.
HOL-SDC-1610
Page 585
HOL-SDC-1610
1. On the upper right, click the drop down 2. Select istration 3. Select Agents from the left hand navigation pane
HOL-SDC-1610
Page 586
HOL-SDC-1610
Agents Click sight Agent Version 3.0.0
sight Agent Version 3.0.0 1. Click on Windows MSI (32-bit/64-bit)
HOL-SDC-1610
Page 587
HOL-SDC-1610
Save file 1. Click Save File
Launch the sight Agent Installer 1. Click on the s arrow in Firefox 2. Click on VMware-vCenter-Log-Insight-Agent.....
HOL-SDC-1610
Page 588
HOL-SDC-1610
Open File - Security Warning 1. Click Run
HOL-SDC-1610
Page 589
HOL-SDC-1610
VMware vCenter sight Agent Setup - EULA 1. Click the check box next to I accept the of the License Agreement 2. Click Next
HOL-SDC-1610
Page 590
HOL-SDC-1610
VMware vCenter sight Agent Setup - Server Configuration 1. Confirm/Enter "sight.corp.local"in the host context box. This is the integrated load balancer address 2. Click Install
HOL-SDC-1610
Page 591
HOL-SDC-1610
VMware vCenter sight Agent Setup - Finish 1. Click Finish
Close the Agents Selection Box 1. Click X to close the agent's selection box
HOL-SDC-1610
Page 592
HOL-SDC-1610
Refresh the Agents information page 1. Refresh the browser page by pressing F5 or click the Refresh button 2. Observe that the ControlCenter Server is now configured for sending its logs to sight
HOL-SDC-1610
Page 593
HOL-SDC-1610
Centralized Agent Configuration A new feature is the ability to create an agent group. In the “Agents” page of the “istration” section of the UI, one can configure an agent group and centrally manage disparate groups of agent configurations for linux, windows, and vSphere solutions. We will create a new group for Windows Agents to apply specific configuration changes to our windows agents. 1. Select All Agents 2. Select New Group
HOL-SDC-1610
Page 594
HOL-SDC-1610
New Agent Group 1. Type Windows Agents in the Name Field 2. Click New Group
HOL-SDC-1610
Page 595
HOL-SDC-1610
Save New Group An alternative to modifying the .ini file is to use the Agent Configuration Utility. Changes made in the Agent Configuration Utility can be propagated to All Agents. Configuration information that does not apply to the local agent is ignored. I.e. The Linux agents would ignore the configuration for the Windows Firewall. We will now create a filter rule for the agents running a Windows Operating System and apply an agent configuration specific to Windows. 1. In the filter rule, click on the dropdown and change hostname to OS 2. In the filter, type windows 3. Add the following text to the Agent Configuration Window [winlog|Events_Firewall] channel=Microsoft-Windows-Windows Firewall With Advanced Security/Firewall enabled=yes 4. Click Save New Group
HOL-SDC-1610
Page 596
HOL-SDC-1610
Agent configuration saved successfully The agent configuration is now saved and you will see an "Agent configuration saved successfully" popup window that will automatically disappear.
HOL-SDC-1610
Page 597
HOL-SDC-1610
Windows Agent Group Complete 1. Click on Windows Agents drop down menu 2. You should now see the Windows Agents listed under Active Groups in the agent's dropdown
Conclusion This concludes Installing and Managing sight Agents.
HOL-SDC-1610
Page 598
HOL-SDC-1610
Integrate vRealize sight with vRealize Operations Manager The integration between vRealize sight and vRealize Operations Manager is extremely powerful. This section will explore the integration to illustrate how the two products work together. As you may know, there are two primary types of data in your environment: • Structured: vRealize Operations Manager is meant to collect primarily structured data, think metrics like performance, directly from applications (e.g. vSphere) or monitoring products (e.g. Hyperic). Without sight integration, vR Ops does not have any insight into unstructured data such as log messages. • Unstructured: sight is meant to collect primarily unstructured data directly from applications (e.g. vSphere), but more commonly being fed by devices via syslog or API. While a primary use case for sight is syslog events, structured text such as CSV and JSON including metrics such as performance are also ed. It is important to collect and analyze both types of data within your environment. This can be done seamlessly by integrating sight with vRealize Operations Manager. In the following section, you will complete the following items: • • • •
Install the Management Pack for sight Configure vRealize Operations Integration Open in Context Create an alarm and send to vRealize Operations Manager
After performing the items below to install the management pack and configure the integration, we will be able to have 2-way launch in context between the two solutions, as well as alerts integration and inventory unification - to aid in your troubleshooting workflow.
HOL-SDC-1610
Page 599
HOL-SDC-1610
Installing the Management Pack for sight 1. Click the + icon to open a New Tab in the firefox browser 2. Click the bookmark vROps-01a
to vRealize Operations Manager the following credentials to to the system. 1. 2. 3. 4.
Authentication Source: Local s name: : VMware1! Click
HOL-SDC-1610
Page 600
HOL-SDC-1610
Navigate to the istration tab 1. Select istration from the navigation pane or select the istration button
Add Solution 1. Ensure the Solutions section is highlighted 2. In the right frame, select the green plus icon
HOL-SDC-1610
Page 601
HOL-SDC-1610
Select a Solution to Install 1. Click Browse
HOL-SDC-1610
Page 602
HOL-SDC-1610
Browse to LabFiles Directory Complete the following steps: 1. Select the C:\LabFiles directory, if not already highlighted 2. Select the vmware-vcops-6.0-MPforsight-1.0... pak file 3. Click Open
Management Pack for sight 1. Click the check boxes for Install the PAK file even if it is already installed and Reset predefined content to a newer version provided by this update. Although not necessary for the first installation, this guarantees content is fully installed during upgrades.
HOL-SDC-1610
Page 603
HOL-SDC-1610
2. Click the OK button for the Warning: modifications to predefined Alerts... This brings up an important "Best Practice". When modifying vROps content (Dashboards, Views, Reports, Alerts, etc), always clone and make changes to cloned content. This insures you benefit from new content in future releases without losing custom content that you have created.
HOL-SDC-1610
Page 604
HOL-SDC-1610
Install Management Pack for sight
1. Click . It will take a minute or so for the proces to complete and the Next button to no longer be greyed out 2. Click the Next button once available
HOL-SDC-1610
Page 605
HOL-SDC-1610
Accept EULA 1. Click the Check Box to accept the of this agreement 2. Click Next
HOL-SDC-1610
Page 606
HOL-SDC-1610
Complete Installation The installation will take a few minutes to complete 1. Click Finish when the installation is complete and the Finish button is no longer greyed out
HOL-SDC-1610
Page 607
HOL-SDC-1610
Installation The Management Pack for sight is now installed. There is no further configuration needed within the vRealize Operations Manager product UI. We will now switch to the sight product UI to complete the integration.
HOL-SDC-1610
Page 608
HOL-SDC-1610
Configuring vRealize Operations Integration 1. Select the sight browser tab. This assumes you left the browser open from the previous section. If you closed the browser, select sight-01a from the FireFox bookmark, and navigate to the istration pane. 2. Click the vRealize Operations link in the navigation pane.
HOL-SDC-1610
Page 609
HOL-SDC-1610
Configuring vRealize Operations Integration 1. 2. 3. 4. 5. 6.
Enter 192.168.110.70 in the Hostname field Enter in the name field Enter VMware1! in the field Ensure both checkboxes are enabled Select Test Connection and confirm Test Successful Select Save
ing with vRealize Operations Manager Be patient as the initial configuration can take several minutes to complete.
HOL-SDC-1610
Page 610
HOL-SDC-1610
Registration Successful 1. Once the registration completes, click OK.
Navigate to vRealize Operations 1. Return to vrops-01a.corp.local within the Firefox browser.
Environment 1. Click the Environment icon (looks like earth) in the Navigation pane
HOL-SDC-1610
Page 611
HOL-SDC-1610
vSphere Hosts and Clusters 1. Click vSphere Hosts and Clusters
HOL-SDC-1610
Page 612
HOL-SDC-1610
esx-01a.corp.local 1. Click the swizzles (small triangle) next to each object for World, vCenter, Datacenter Site A and Cluster Site A 2. Click esx-01a.corp.local 3. Click the Actions dropdown 4. Select Search for logs in vRealize sight. Selecting this option will launch vRealize sight in context i.e. only show logs for esx01-a
HOL-SDC-1610
Page 613
HOL-SDC-1610
This Connection is Untrusted Note: If you do not get this warning message, please move on to the next step. 1. Click I Understand the Risks (Same risks as always; itchy watery eyes, dry mouth, insomnia, trouble focusing, and a sudden and inexplicable desire to watch re-runs of the Full House!) 2. Click Add Exception
HOL-SDC-1610
Page 614
HOL-SDC-1610
Confirm Security Exception 1. If required, click Confirm Security Exception.
HOL-SDC-1610
Page 615
HOL-SDC-1610
to sight Authenticate to sight again, if required. 1. name: 2. : VMware1! 3. Click
HOL-SDC-1610
Page 616
HOL-SDC-1610
Interactive Analytics Launch in context can be useful when you are troubleshooting an object in vRealize Operations and you need to quickly check the relevant logs for that object. 1. 2. 3. 4.
A constraint is automatically added with the vR Ops identifier (vmw_vr_ops_id) Note: the vR Ops identifier for esx-01a already added to the constraint. Only log events specific to esx-01a are presented within the events tab. Click Interactive Analytics to clear the constraint. Alternatively, you can click the "x" next to the constraint. Clicking Interactively Analytics is useful when you want to clear all constraints from a query.
Create alerts in sight Now that sight and vRealize Operations are integrated we can also create alerts in sight and send them to vRealize Operations. We will examine the alert functionality over the next several steps. 1. Click Add Filter
HOL-SDC-1610
Page 617
HOL-SDC-1610
2. 3. 4. 5. 6.
Select the drop down with the word text and type vmw_vc_api_invocations Select the drop down with the "=" sign and select the ">" sign Type in the value "1" in the last input box Click the query magnifying glass Notice only log events with greater than 1 API invocation appear in the list
Create Alert from Query We would like to send an alert over to the vRealize Operations dashboard for vcsa-01a, based on the API query, so our Operations team becomes aware of issues in a timely fashion. 1. To the right of the search bar, click the Red alert icon 2. Click Create Alert from Query
HOL-SDC-1610
Page 618
HOL-SDC-1610
New Alert Fill out the Alert: 1. 2. 3. 4.
Name: API Invocation Alert Enable Email: Uncheck Enable Send to vRealize Operations Manager: Check Click Select
Select the vRealize Operations Manager Resource to Receive Alert 1. Type: vCenter 2. Select All Objects from the drop down 3. Choose the last vCenter (vCenter-Actions) in the list.
HOL-SDC-1610
Page 619
HOL-SDC-1610
Note: The resource option is used as the default object in vRealize Operations Manager that will receive the LI alert assuming inventory mapping returns no information for an event triggered by the sight alert (e.g. non-vSphere events). If the event does have inventory mapping information, then the sight alert will automatically get mapped to the correct object in vRealize Operations Manager regardless of what the resource parameter is set to in sight.
HOL-SDC-1610
Page 620
HOL-SDC-1610
Finalize Alert Type a note to remind the team why we created this alert. You can type whatever you want. 1. The notes field provides the ability to add information to the notification. Information could, for example, include resolution steps or a kb article link. 2. Click Save Alert integration is configured with the query information that was used previously. Note: sight alerts are sent to vRealize Operations Manager as notification events. Notification events in vRealize Operations Manager are accessible from a variety of locations including: • Summary - Top Alerts under the Health badge • Alerts - A dedicated section for alerts as well as an alerts section per object • Object - Shows sight alerts in Troubleshooting > Events
HOL-SDC-1610
Page 621
HOL-SDC-1610
HOL-SDC-1610
Page 622
HOL-SDC-1610
Conclusion Due to the dynamic nature of the lab environment, an alert may not be available in vRealize Operations. For this exercise we will treat the alert as configured and display an example.
HOL-SDC-1610
Page 623
HOL-SDC-1610
Conclusion Thank you for completing the vRealize sight Module! For additional sight content check out HOL-SDC-1635 (vRealize sight) and HOL-SDC-1601(Cloud Management with vRealize Suite Standard).
HOL-SDC-1610
Page 624
HOL-SDC-1610
Module 8: From Beginner to Advanced Features with PowerCLI - (60 Minutes)
HOL-SDC-1610
Page 625
HOL-SDC-1610
Module overview This module will introduce you to VMware vSphere PowerCLI. Novice s will easily learn to use the tool and more advanced s will get familiar with the new functionality available in the latest releases of the product like configuring an OVA before deploying it and filtering objects by their tags. Both new and experienced s are sure to learn something new.
HOL-SDC-1610
Page 626
HOL-SDC-1610
Getting Started With PowerShell and PowerCLI In this lesson you'll learn the basics of PowerShell and PowerCLI. You'll learn how to start the PowerCLI console and PowerShell ISE, how to list available commands and view their help.
Starting PowerCLI After installation, PowerCLI can be started by double clicking the desktop icon labeled "VMware vSphere PowerCLI". This will open the PowerShell console and load all PowerCLI modules.
HOL-SDC-1610
Page 627
HOL-SDC-1610
Using Powershell ISE As an alternative to the simple console, you can use Powershell ISE script editor, which provides a better experience. You can start the editor by double clicking its icon on the desktop (1). The upper pane (2) is for viewing/editing script files, and the lower pane (3) is for running individual commands and displaying their output (an analog of the standard PowerShell console).
HOL-SDC-1610
Page 628
HOL-SDC-1610
Using Powershell ISE During this lab you will execute various PowerCLI commands in the lower pane of PowerShell ISE or in the PowerShell console. You can either type the commands yourself or copy-paste them from the "Module7.ps1" files located on the desktop. The most convenient way to go through the lab is to open Module7.ps1 in the upper pane of Powershell ISE. This file contains all commands you will call in this module. Each command can be selected (1) and executed by pressing F8 (or "Run Selection" button (2)). Before executing a new command make sure the previous one is completed - you will see "Completed" message (3) at the bottom of the console.
Listing Available Commands Let's explore what we can do with PowerCLI. PowerCLI's snapins provide more than 500 commands (called cmdlets in PowerShell) for managing vSphere, vCloud Air, SRM, vR Ops, and VUM. You can view the available PowerCLI commands by typing: Get-VICommand
HOL-SDC-1610
Page 629
HOL-SDC-1610
This will list all PowerCLI commands. As the list is quite large, you may want to narrow it down to something more specific, for example all commands for managing VMs: Get-VICommand *VM
Hint: You can use autocomplete for faster typing - just start typing the beginning of the command/parameter and press "Tab".
Connecting to vSphere The first thing we need to do in order to manage our vCenter Server is to connect to it. This is done by using the Connect-VIServer command. Our vCenter is named "vcsa-01a" and here's how to connect to it: Connect-VIServer vcsa-01a - corp\ - VMware1!
The command will connect to the vCenter with the specified 's credentials.
Getting Help If you are unsure how to use a specific cmdlet, you can easily view its help by typing Get-Help (or for short - just "help") and the name of the cmdlet: help Connect-VIServer
If you want to see the full help with example usages of the cmdlet and parameter descriptions you should open the full help of the cmdlet: help Connect-VIServer -Full
If you want to see only the examples, you can use -examples switch like this:
HOL-SDC-1610
Page 630
HOL-SDC-1610
help Connect-VIServer -Examples
You can also search for a specific word in the entire help archive. Let's try searching for a cmdlet that vmotions VMs: help vmotion
The result contains the cmdlet we need - Move-VM. We'll use it later in this module. Feel free to check the help of any cmdlet we demonstrate in this lab.
HOL-SDC-1610
Page 631
HOL-SDC-1610
Using PowerCLI for reporting With more than 100 Get-* cmdlets PowerCLI is also a powerful reporting tool. In this lesson, you'll learn more about this usage of PowerCLI.
HOL-SDC-1610
Page 632
HOL-SDC-1610
Retrieving VMs One of the most common things to do is list the VMs in your vCenter Server. This is useful for browsing the inventory and reporting as well as for further processing of specific VMs (e.g. batch modification of VMs). You can retrieve all VMs with: Get-VM
You can also retrieve one or more VMs by name. Try out the following: Get-VM linux-U-Load-01a
Get-VM linux*
HOL-SDC-1610
Page 633
HOL-SDC-1610
Retrieving specific properties of an object When you call a cmdlet (like Get-VM) the result you get is an object or array of objects (in this case it's a VM object). To see what properties the object(s) have you can use Get-Member cmdlet like this: Get-VM linux-U-Load-01a | Get-Member -MemberType property
This will list all the available properties of the VM object. Note: Here we use a PowerShell functionality called "pipeline" (or "piping"). Get-Member cmdlet actually has a parameter called "InputObject" that accepts VM objects (as well as all other PowerShell objects). Instead of retrieving our VMs, storing them in a variable and ing them to that parameter of Get-Member, we simply "pipe" the output of GetVM to Get-Member. This way the output of the first cmdlet becomes the input of the second. Then you can use PowerShell's 'select' command to retrieve only the properties you need from resulting object: Get-VM linux-U-Load-01a | Select Name, NumU, MemoryMB, PowerState, VMHost
HOL-SDC-1610
Page 634
HOL-SDC-1610
Filtering report results When the Get-* cmdlet has no parameter to filter the objects by the property you need, you can use PowerShell's 'where' command to filter the results from a cmdlet call: Get-VM | Where {$_.Powerstate -eq "PoweredOn"} | Select Name, NumU, MemoryMB, PowerState, VMHost
Hint: $_ is a reserved powershell variable that holds the current object from the pipeline
HOL-SDC-1610
Page 635
HOL-SDC-1610
Exporting report results to various formats To present the data to your manager or another team or to transfer them to another system that your company uses you need them formatted in some way. In this lesson you'll learn how to export the data, generated by your PowerCLI reports to various different formats (txt, csv, xml, html).
HOL-SDC-1610
Page 636
HOL-SDC-1610
Exporting to txt Let's start with the most basic export - to txt file. To export your report to txt use OutFile PowerShell cmdlet: Get-VM | Select Name, NumU, MemoryMB, PowerState, VMHost | Out-File c:\myPowerCLIReport.txt
Open the text file to check the result.
Exporting to csv Now let's export the same data to csv format. We'll use Export-Csv cmdlet to do that: Get-VM | Select Name, NumU, MemoryMB, PowerState, VMHost | Export-Csv c:\myPowerCLIReport.csv -NoTypeInformation
HOL-SDC-1610
Page 637
HOL-SDC-1610
Check the result in the csv file
HOL-SDC-1610
Page 638
HOL-SDC-1610
Exporting to xml The next format that you'll export to is XML. The PowerShell cmdlet we'll use is ConvertTo-Xml. Since this cmdlet returns XMLDocument object we need to call its Save method to write formatted data to file: (Get-VM | Select Name, NumU, MemoryMB, PowerState, VMHost | ConvertTo-Xml -NoTypeInformation).Save("c:\myPowerCLIReport.xml")
Check the result in the xml file
Exporting to HTML You can also export the data in HTML format by using ConvertTo-Html cmdlet. Since this command just formats the data in HTML you also need Set-Content cmdlet to write formatted data to file:
HOL-SDC-1610
Page 639
HOL-SDC-1610
Get-VM | Select Name, NumU, MemoryMB, PowerState, VMHost | ConvertTo-Html | Set-Content "c:\myPowerCLIReport.html"
Now go to 'c:\' folder and open the report.
Adding formatting to the HTML page If we want to make our HTML report look a bit better, we can apply some styles on it like this: $a = "<style>" $a = $a + "BODY{background-color:Gainsboro;}" $a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}" $a = $a + "TH{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:SkyBlue}" $a = $a + "TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:PaleTurquoise}" $a = $a + "" Get-VM | Select Name, NumU, MemoryMB, PowerState, VMHost | ConvertTo-Html -head $a | Set-Content "c:\myPowerCLIReport.html"
If you open the report, now you'll see that it looks much better
HOL-SDC-1610
Page 640
HOL-SDC-1610
HOL-SDC-1610
Page 641
HOL-SDC-1610
Setting up and configuring a cluster In the next few lessons you'll setup a small virtual environment of a fictional company Nephosoft. You'll start with creating and configuring a cluster. Then you'll setup networking by creating and configuring a virtual distributed switch (VDS). At the end you'll create several virtual machines based on a predefined specification, tag them accordingly and then do a batch update of multiple VM specifications, based on their tag. In this lesson we'll start with information on how to create and configure a cluster with PowerCLI. You'll setup its EVC, HA and DRS settings.
Creating a cluster To create a new cluster we'll use the New-Cluster cmdlet. We have to specify the name and the location of the new cluster: $cluster1 = New-Cluster -Name "Nephosoft Cluster 1" -Location "Datacenter Site A"
Configuring cluster's Enhanced vMotion Compatibility Mode Now let's configure the cluster's enhanced vMotion compatibility mode to ensure U compatibility for vMotion. To do that we'll first determine what EVC modes are ed by our hosts: $evcModes = Get-VMHost | Select MaxEVCMode
Now inspect the content of the $evcModes variable. Just type the name of the variable ($evcModes) and its value will be printed to the screen. You'll notice that both hosts have the same evc mode. Note: The EVC mode might be different from the one on the screenshot above, because it depends on the physical hardware that your lab environment runs on. Let's set that EVC mode to the cluster to make sure that any other hosts that might be added to the cluster in the future will have to match this EVC mode: Set-Cluster $cluster1 -EVCMode $evcModes[0].MaxEVCMode
When you are prompted for confirmation - click yes.
HOL-SDC-1610
Page 642
HOL-SDC-1610
Hint: Prompting for confirmation is good for interactive usage, however it is undesired in scripts since it will halt them. You can automatically confirm the operation by appending "-Confirm:$false" parameter to your cmdlet call.
Enabling HA on the cluster The next step is to enable HA on our cluster to ensure that our VMs are protected in case of host failure: Set-Cluster $cluster1 -HAEnabled:$true -Confirm:$false
HOL-SDC-1610
Page 643
HOL-SDC-1610
Enabling DRS on the cluster and configuring DRS settings Now let's enable DRS on this cluster and set its automation level to "manual" to make it generate recommendations for VM placement and migration (you can retrieve and apply those recommendations with Get-DrsRecommendation and Apply-DrsRecommendation cmdlets): Set-Cluster $cluster1 -DRSEnabled:$true -DRSAutomationLevel "Manual" -Confirm:$false
HOL-SDC-1610
Page 644
HOL-SDC-1610
Moving hosts to the cluster In this lesson you'll learn how to move our hosts to the already created cluster.
HOL-SDC-1610
Page 645
HOL-SDC-1610
Moving hosts to the cluster To move the hosts into the new cluster we need to put them in maintenance mode first. To put them in maintenance mode we have to shut down all the running VMs before that. So, let's retrieve all the running VMs and then stop them: $vmsToStop = Get-VM | Where {$_.Powerstate -eq "PoweredOn"}
Stop-VM $vmsToStop -Confirm:$false
Now let's put the hosts in maintenance mode: Get-VMHost | Set-VMHost -State Maintenance
Next we'll use the Move-Host cmdlet to move the hosts to the cluster: Get-VMHost | Move-VMHost -Destination $cluster1
And at the end let's take the hosts out of maintenance mode: Get-VMHost | Set-VMHost -State Connected
HOL-SDC-1610
Page 646
HOL-SDC-1610
Setting up and configuring virtual distributed switch In this lesson you'll learn how to create a distributed switch and migrate host networking to the distributed switch.
Creating a VDS (virtual distributed switch) We'll start by creating a VDS with the New-VDSwitch cmdlet: $vds = New-VDSwitch -Name "Nephosoft VDS" -Location "Datacenter Site A"
You can check the content of the $vds variable.
Adding ESX hosts to the VDS Next step is to add both our ESX hosts to the distributed switch: Add-VDSwitchVMHost -VDSwitch $vds -VMHost esx-01a.corp.local, esx-02a.corp.local
You can ESX hosts are successfully added in the distributed switch: Get-VMHost -DistributedSwitch $vds
HOL-SDC-1610
Page 647
HOL-SDC-1610
Creating distributed portgroups Now let's create portgroups for the management, storage, vMotion and VM networks with the New-VDPortGroup cmdlets: $pgManagement = New-VDPortGroup $vds -Name "management" $pgvMotion = New-VDPortGroup $vds -Name "vMotion" $pgStorage = New-VDPortGroup $vds -Name "storage" $pgVM = New-VDPortGroup $vds -Name "VM"
You can that portgroups are successfully created: Get-VDPortGroup -VDSwitch $vds
Migrating host networking to the VDS We'll migrate our hosts' networking host by host. First we'll save both our hosts in a variable: $hosts = Get-VMHost
esx-01a.corp.local, esx-02a.corp.local
Then we'll migrate the networking for each one of them by using PowerShell's foreach loop. For each host we'll first retrieve its physical nics and then its management, storage, and vMotion VMKernel nics. Then we'll migrate them together by using the AddVDSwitchPhysicalNetworkAdapter cmdlet, while specifying the distributed portgroups for each VMKernel nic with the VirtualNiortGroup parameter:
HOL-SDC-1610
Page 648
HOL-SDC-1610
foreach ($vmhost in $hosts) { $pNics = Get-VMHostNetworkAdapter -VMHost $vmhost -Physical $vNicManagement = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk0 $vNicStorage = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk1 $vNicvMotion = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk2 Add-VDSwitchPhysicalNetworkAdapter -DistributedSwitch $vds -VMHostPhysicalNic $pNics -VMHostVirtualNic $vNicManagement,$vNicStorage,$vNicvMotion -VirtualNiortGroup $pgManagement,$pgStorage,$pgvMotion -Confirm:$false }
Migrating VM networking to the VDS In the end let's migrate the VM networking as well. First we'll get the network adapters of all the VMs: $vmNetworkAdapters = Get-VM | Get-NetworkAdapter
Next we'll migrate these network adapters to the "VM" portgroup that we created in the previous step: Set-NetworkAdapter -NetworkAdapter $vmNetworkAdapters -Portgroup $pgVM -Confirm:$false
Now the network traffic of all the VMs is going through the VDSwitch.
HOL-SDC-1610
Page 649
HOL-SDC-1610
Creating a VM and vMotioning it between the hosts In this lesson you'll learn how to create a VM and vMotion it between the two hosts in the cluster.
Creating a VM from scratch Let's start by creating a VM with the New-VM cmdlet. We'll specify the VM's name, hard disk and memory size, the host and the datastore, on which we want to create it. Also we'll specify the portgroup for the VM network to be in the distributed switch, created earlier. We'll place the VM on our NFS datastore, which is shared between our two hosts. $vm = New-VM -Name 'jsmith' -VMHost esx-01a.corp.local -DiskGB 10 -MemoryMB 512 -Datastore ds-site-a-nfs01 -Portgroup $pgVM
Let's start that VM: $vm | Start-VM
vMotioning the VM between the host Now let's move the VM to the other host to make the workload more equally distributed: Move-VM $vm -Destination esx-02a.corp.local
Note: If this is not the first module you're doing in this session, there is a chance that you may have some disconnected datastores in your environment. In this case you'll receive an error that Move-VM is unable to access the virtual machine configuration. If this happens you'll have to reconnect the NFS datastore on one of your hosts. To do so we'll use Get-EsxCli cmdlet: Retrieve EsxCLli for esx-02a.corp.local:
HOL-SDC-1610
Page 650
HOL-SDC-1610
$esxCli = Get-EsxCli -VMhost esx-02a.corp.local
NFS datastore isn't accessible: $esxCli.storage.nfs.list()
... Accessible
: false
...
Disconnect NFS datastore: $esxCli.storage.nfs.remove('ds-site-a-nfs01')
Reconnect NFS datastore: $esxCli.storage.nfs.add('10.10.20.60', $false, $false, '/mnt/NFSA', 'ds-site-a-nfs01')
If needed repeat the same procedure for esx-01a.corp.local Tip: Since Move-VM operation could take significantly long time, you may want to move the VMs asynchronously and continue your work in the meantime. You can do that by specifying -RunAsync parameter of Move-VM. Many other cmdlets that may take long time to complete also -RunAsync.
HOL-SDC-1610
Page 651
HOL-SDC-1610
Creating multiple VMs and tagging them appropriately In this lesson you'll learn how to create multiple VMs with PowerCLI by a specification saved in csv file. You'll also tag the VMs according to the same specification.
Reviewing the specification First of all let's review the specification that we'll follow when creating the VMs. Open the 'vmspec.csv' file located on your desktop. For every VM we have the name, memory size (in MB), disk size (in GB), department and type ( or server VM).
HOL-SDC-1610
Page 652
HOL-SDC-1610
Reading the information from the csv file to an array Now let's import that file to a PowerShell variable: $spec = Import-Csv 'C:\s\\Desktop\vmspecs.csv'
Inspect the content of the $spec variable. You'll find out that it contains an array of objects (one object for each VM) and each one of these objects has a corresponding property for name, memory size, disk size, department and type.
Creating VMs based on the specification Now let's create the VMs based on the specification. We'll use the foreach PowerShell loop again: foreach ($vmSpec in $spec) { New-VM -Name $vmSpec.Name -MemoryMB $vmSpec."Memory size" -DiskGB $vmSpec."Disk size" -VMHost esx-01a.corp.local -Portgroup $pgVM }
Creating tag categories Our next task is to tag our newly created VMs appropriately. To do that we'll start by creating two different tag categories - "Department" and "Type":
HOL-SDC-1610
Page 653
HOL-SDC-1610
New-TagCategory -Name Department New-TagCategory -Name Type
HOL-SDC-1610
Page 654
HOL-SDC-1610
Creating tags based on the specification Let's retrieve the unique department names first: $departmentTagNames = $spec | select -Unique Department
Now let's create tag for each department: foreach ($departmentTagName in $departmentTagNames) { New-Tag -Name $departmentTagName.Department -Category Department }
Next we have to do the same for the VM types: $vmTypes = $spec | select -Unique Type foreach ($vmType in $vmTypes) { New-Tag -Name $vmType.Type -Category Type }
You can check what tags were defined as a result by calling: Get-Tag
HOL-SDC-1610
Page 655
HOL-SDC-1610
HOL-SDC-1610
Page 656
HOL-SDC-1610
Asg tags to the VMs based on the specification Now when we have the tags and tag categories properly defined it's time to tag the VMs appropriately. We'll use the New-TagAssignment to assign a tag to a VM: foreach ($vmSpec in $spec) { $departmentTag = Get-Tag $vmSpec.Department $typeTag = Get-Tag $vmSpec.Type $vm = Get-VM -Name $vmSpec.Name New-TagAssignment -Entity $vm -Tag $departmentTag New-TagAssignment -Entity $vm -Tag $typeTag }
HOL-SDC-1610
Page 657
HOL-SDC-1610
Modifying multiple VMs based on their tag In this lesson you'll learn how to modify multiple VMs simultaneously with PowerCLI, based on their tags.
HOL-SDC-1610
Page 658
HOL-SDC-1610
Updating VMs memory capacity based on their tags A new application will be deployed in the Nephosoft sales department and that requires the memory on the machines to be updated to 1GB. Now that we have our VMs properly tagged it's easier to make a mass update of the VMs. Let's retrieve all the VMs from the sales department first: $salesVMs = Get-VM -Tag sales
Next let's retrieve all the VMs: $VMs = Get-VM -Tag
Note: We cannot use "Get-VM -Tag sales, ", because that will return all the VMs are either from the sales department, or VMs and what we actually want is to get the VMs that are both from the sales department and are VMs Now let's select all VMs that have both tags assigned. For that purpose we'll use Compare-Object Powershell cmdlet: $salesVMs = Compare-Object $salesVMs $VMs -IncludeEqual -ExcludeDifferent -Thru
Before we can update the VMs memory we need to make sure that they are all stopped: $salesVMs | where {$_.PowerState -eq "PoweredOn"} | Stop-VM -Confirm:$false
Finally we'll update the VM's memory capacity with the Set-VM cmdlet: Set-VM $salesVMs -MemoryGB 1 -Confirm:$false
HOL-SDC-1610
Page 659
HOL-SDC-1610
Configuring and deploying an OFV template In this lesson you'll learn how you can apply configuration to an OVF template, when deploying one.
Retrieve OvfConfiguration object The OVF configuration in PowerCLI is represented as an OvfConfiguration object, which can be retrieved from an ovf file by Get-OvfConfiguration cmdlet. Note that you have to be connected to a vCenter server in order to use this cmdlet, as it needs the connection to parse the OVA properties. $linuxMicroConfig = Get-OvfConfiguration -Ovf C:\OVF\linux-micro-01a\linux-micro-01a.ovf
Take a look at the object inside the $linuxMicroConfig variable. It contains one property, which points to the source ovf file and second, which is the actual configurable property for the selected ovf file - NetworkMapping. When we take a look inside the NetworkMapping object we'll see that it contains single property VM_Network, which is the only configuration that can be applied to that ovf tempalte.
Update OVF configuration You can update the retrieved configuration just by asg values to the object properties, matching the configurations you want to apply. In our case we will assign value to the "VM_Network" $linuxMicroConfig.NetworkMapping.VM_Network.Value = 'VM'
HOL-SDC-1610
Page 660
HOL-SDC-1610
Import vApp applying configuration When you import your vApp you can apply its configuration using the new Import-VApp parameter "OvfConfiguration". Import-VApp -Source 'C:\linux-micro-01a\linux-micro-01a.ovf' -OvfConfiguration $linuxMicroConfig -Name 'LinuxMicro' -VMHost 'esx-01a.corp.local'
Let's that configuration has been applied: $linuxMicroVM = Get-VM 'LinuxMicro' $linuxMicroVM | Get-NetworkAdapter
As you can see, the vApp has been deployed with the correct network mapping.
HOL-SDC-1610
Page 661
HOL-SDC-1610
Further Reading This lesson is for information purpose only and lists some of the more advanced features of PowerCLI, useful reading materials for both novice and advanced s as well as information for other PowerCLI related labs. Feel free to experiment with these if you like.
Other PowerCLI related labs HOL-SDC-1602 vSphere with Operations Management - Advanced Topics: Module 8 will introduce you to the new PowerCLI cmdlets for managing vRealize Operation Manager. HOL-HBD-1683 Managing Your Hybrid Cloud: Module 3 is all about managing vCloud Air with VMware vSphere PowerCLI.
Accessing the entire vSphere API Although PowerCLI offers more than 300 cmdlets for managing vSphere they don't cover the entire functionality of the platform. Despite that you are still able to access all of the functionality by using the Get-View cmdlet. This special cmdlet is an access point to the entire vSphere API. The objects returned by the cmdlet are known as "Views" and represent an exact copy of the vSphere API objects. You can find more information about these objects in the vSphere API Reference Documentation: http://pubs.vmware.com/vsphere-60/index.jsp Using this cmdlet you will be able to write scripts directly against the API in an objectoriented manner.
Onyx for the Web Client Onyx for the Web Client is a Fling that translates actions taken in the vSphere Web Client to PowerCLI.Net code. This Fling was the winning entry in last year’s 2014 Fling Contest. It’s an update, of sorts, to the Onyx fling, as it allows for similar functionality in the web client. The Onyx for the Web Client Fling provides the ability to record actions taken in the vSphere Web Client and turn these actions into PowerCLI.Net code. The resulting code can then be used to understand how VMware performs an action in the API and also better define functions. You could also input the resulting code into search engines to find the API documentation and information on how to use this area of the vSphere API.
HOL-SDC-1610
Page 662
HOL-SDC-1610
https://labs.vmware.com/flings/onyx-for-the-web-client
Useful materials to get you started with advanced PowerCLI scripting If you are new to PowerCLI or want to learn more about the product then here are a few blogs you can follow. There you can find great articles and scripts about PowerCLI: • The official PowerCLI blog: http://blogs.vmware.com/PowerCLI/ • Alan Renouf's blog: http://www.virtu-al.net • Luc Dekens' blog: http://www.lucd.info
HOL-SDC-1610
Page 663
HOL-SDC-1610
Conclusion Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online. Lab SKU: HOL-SDC-1610 Version: 20160804-125633
HOL-SDC-1610
Page 664