Blog

The journey to the cloud has been slow but steady. Many enterprises are looking to reduce costs and at the same time add new services. Even though at some point there must be a limit to the “do more with less” mentality, the ever-moving wheel of innovation allows keeping that trend. In this post, I will present definitions of the first steps to follow the path to the cloud. There are two ways to get to the cloud, be born in the cloud or migrate to it. In the case of migrating to the cloud, the best option is to start by virtualizing the environment.

Virtualization

In computing, virtualization refers to the act of creating a virtual (rather than actual) version of a computer hardware (CPU, RAM), operating systems (Windows, Linux, etc…), storage capacity, or computer network resources.

Keep in mind that you could still have multiple virtualization platforms or multiple virtualized Silos. Migrating an enterprise from multiple physical systems, for example, the production and developer environments, to multiple virtualized systems will keep the enterprise in a “silo” style configuration, but it will start the journey to the cloud.

Virtualized Silos

To move to the Virtualized Datacenter, the system will need shared resources between those silos, and the administrators need new skills, and they would have to learn new techniques.

Virtualized Data Center (VDC)

A highly efficient and optimized data center allowing the business to do more within the confines of the available resources (servers, power, cooling, sq. ft.). It also can adapt to changes in the business and workload requirements.

The number one drive for the virtual data center is the efficiency or reducing overhead and waste. This new paradigm takes advantage of true sharing with resource pooling and standardization at its core.

Key characteristics:

• Virtualized hardware stack
• Resource pooling / shared resources
• Automation
• Standardization
• Reporting for management and chargeback/showback.
• Policy-based security

Cloud computing

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released (elastic) with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

The number one drive for the cloud is the agility. The speed and the agility that cloud brings to the business is the main reason most datacenters are on its way from the VDC to the cloud model.

Essential Characteristics:

• On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
• Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
• Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.
• Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
• Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
• Policy Based Security: an approach to security that automates the implementation of rules based on a specific criterion.

Service Models:

• Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, except for limited user-specific application configuration settings.
• Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
• Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer can deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

Deployment Models:

• Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
• Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
• Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
• Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Benefits of the Cloud

• Self service provisioning in minutes, compared to days or even weeks in the VDC or the virtualized but siloed datacenter.
• Application development and testing are flexible and self-service enabled.
• Relocation from test and development is predictable and seamless.
• Resources scale smoothly to meet growing or reduced demand.
• Service level easily adjusted after the initial provisioning.
• Resource granularity permits an optimized metering providing better utilization and reducing cost.
• Low (or even none) Capital Expense, which enables developers to start and test new ideas with ease.

As a summary, we could say the first step to this agile and efficient model is to virtualize your datacenter. The following image illustrated the path and vision for the datacenter of the future.

An enterprise can be at any stage of this journey to the cloud and still have a completely functional system that meets the requirements and produces the desired results. The closer to the cloud the enterprise gets, the closer it should be to a fully automated, self-service and elastic system.

Most of the definitions for this post were taken from the National Institute of Standards and Technology.

• Create/Edit/Remove a Host Profile from an ESXi host
• Import/Export a Host Profile
• Attach/Apply a Host Profile to an ESXi host or cluster
• Perform compliance scanning and remediation of an ESXi host using Host Profiles

Using Host Profiles
The Host Profiles feature creates a profile that encapsulates the host configuration and helps to manage the host configuration, especially in environments where an administrator manages multiple hosts or clusters in vCenter Server.

Host Profiles provide an automated and centrally-managed mechanism for host configuration and configuration compliance. Host Profiles can improve efficiency by reducing reliance upon repetitive, manual tasks. Host Profiles capture the configuration of a pre-configured and validated reference host, store the configuration as a managed object and use the catalog of parameters contained within to configure networking, storage, security and other host-level parameters. Host Profiles can be applied to either individual hosts or to a cluster; applying a Host Profile to a cluster will affect all hosts in the cluster and result in a consistent configuration across all hosts in that cluster.

Host Profiles can be used to validate the configuration of a host by checking compliance of a host or cluster against the Host Profile that is associated with that host or cluster.

Create a Host Profile
You create a new Host Profile by extracting the designated reference host’s configuration.

Note
You can also extract a host profile by navigating to the specific host or cluster.

Prerequisites
Verify that you have a working vSphere installation and at least one completely and properly configured host that will act as the reference host.
Procedure
1. Navigate to the Host profiles view.
2. Click the Extract Profile from a Host icon ( ).
3. Select the host that will act as the reference host and click Next.

The selected host must be a valid host.
4. Type the name and enter a description for the new profile and click Next.
5. Review the summary information for the new profile and click Finish.
The new profile appears in the profile list.

Note
Host profiles do not capture offline or unpresented devices. Any changes made to offline devices after extracting a host profile will not make a difference to the compliance check results.

Edit a Host Profile
You can view and edit Host Profile policies, select a policy to be checked for compliance, and change the policy name or description.

Procedure
1.vNavigate to the Host Profile that you want to edit and click the Manage tab.
2.vClick Edit Host Profile.
3. (Optional) Change the profile name and description and click Next.
4. Make changes to the profile policies.

See Edit a Policy for detailed instructions for editing a Host Profile policy. See Disable Host Profile Component for detailed instructions on enabling or disabling a policy from compliance check or remediation.
5. (Optional) Customize the hosts.

Make any changes to the available configuration values for this profile.
6. Click Finish.
The changes are made when the “Update Host Profile” task is completed in the Recent Tasks status. If you attempt to remediate the profile before the task is complete, the profile configuration does not contain the change.

Disable Host Profile Component
You can decide whether a Host Profile component is applied or considered during compliance check. This allows administrators to eliminate non-critical attributes from consideration or ignore values that, while part of the Host Profile, are likely to vary between hosts.

Procedure
1. Edit a Host Profile.
2. Expand the Host Profile Component hierarchy until you reach the desired component or component element.
3. Disable the checkbox next to a component to remove it from being applied during remediation or considered during a profile compliance check.

Note
The check box is enabled by default. If you disable the check box so this component or component element is not checked for compliance or applied during remediation, the other policies that are enabled will still be applied and checked.

Import a Host Profile
You can import a profile from a file in the VMware profile format (.vpf).

When a host profile is exported, administrator and user profile passwords are not exported. This is a security measure and stops passwords from being exported in plain text when the profile is exported. You will be prompted to re-enter the values for the password after the profile is imported and the password is applied to a host.
Procedure
1. Navigate to the Host Profiles view.
2. Click the Import Host Profile icon ( ).
3. Click Browse to browse for the VMware Profile Format file to import
4. Enter the Name and Description for the imported Host Profile, and click OK.
The imported profile appears in the profile list.

Export a Host Profile
You can export a profile to a file that is in the VMware profile format (.vpf).

When a host profile is exported, administrator and user profile passwords are not exported. This is a security measure and stops passwords from being exported in plain text when the profile is exported. You will be prompted to re-enter the values for the password after the profile is imported and the password is applied to a host.
Procedure
1. Navigate to the Host Profile you want to export.
2. Right-click the profile and select Export Host Profile.
3. Select the location and type the name of the file to export the profile.
4. Click Save.

Attach Entities to a Host Profile
After creating a Host Profile from a reference host, you must attach the host or cluster to the Host Profile.

Procedure
1. From the Profile List in the Host Profiles main view, select the Host Profile to be applied to a host or cluster.
2. Click the Attach/Detach Hosts and clusters to a host profile icon.
3. Select the host or cluster from the expanded list and click Attach.

The host or cluster is added to the Attached Entities list.
4. (Optional) Click Attach All to attach all listed hosts and clusters to the profile.
5. Click Next.
6. (Optional) You can update or change the user input parameters for the Host Profiles policies by customizing the host.

See Host Profiles and vSphere Auto Deploy.
7. Click Finish to complete attaching the host or cluster to the profile.

Detach Entities From a Host Profile
In order to remove the policy-managed configuration from a host or cluster, that host or cluster must be detached from the Host Profile.

When a Host Profile is attached to a cluster, the host or hosts within that cluster are also attached to the Host Profile. However, when the Host Profile is detached from the cluster, the association between the host or host within the cluster and that Host Profile remains.
Procedure
1. From the Profile List in the Host Profiles main view, select the Host Profile to be detached from a host or cluster.
2. Click the Attach/Detach Hosts and clusters to a host profile icon.
3. Select the host or cluster from the expanded list and click Detach.

The host or cluster is added to the Attached Entities list.
4. (Optional) Click Detach All to detach all listed hosts and clusters from the profile.
5. Click Next.
6. Click Finish to complete attaching the host or cluster to the profile.

Check Compliance
You can confirm the compliance of a host or cluster to its attached Host Profile and determine which, if any, configuration parameters on a host are different from those specified in the Host Profile.

Procedure
1. Navigate to a Host Profile.

The Objects tab lists all Host Profies, the number or hosts attached to that Host Profile, and summarized results of the last compliance check.
2. Click the Check Host Profile Compliance icon.
In the Objects tab, the compliance status is updated as Compliant, Unknown, or Non-compliant.

A non-compliant status indicates a discovered and specific inconsistency between the profile and the host. To resolve this, you should remediate the host. And unknown status indicates that the compliance of the host could not be verified; to resolve the issue, remediate the host through the Host Profile.

Note
Host profiles do not capture offline or unpresented devices. Any changes made to offline devices after extracting a host profile will not make a difference to the compliance check results.
What to do next
To see more detail on compliance failures, select a Host Profile from the Objects tab for which the last compliance check produced one or more failures. In order to see specific detail on which parameters differ between the host that failed compliance and the Host Profile, click on the Monitor tab and select the Compliance view. Then, expand the object hierarchy and select the failing host. The differing parametersare displayed in the Compliance window, below the hierarchy.

Remediate a Host
In the event of a compliance failure, use the Remediate function to apply the Host Profile settings onto the host. This action changes all Host Profile managed parameters to the values contained in the Host Profile attached to the host.

Prerequisites
Verify that the profile is attached to the host.
Procedure
1. Navigate to the profile you want to remediate to the host.
2. Select the Monitor tab, then click Compliance.
3. Right-click the host or hosts that you want remediated and select Host Profiles > Remediate

Note
Certain Host Profile policy configurations require that the host be rebooted after remediation. In those cases, you are prompted to place the host into maintenance mode.
4. (Optional) You can update or change the user input parameters for the Host Profiles policies by customizing the host, and click Next.

See Host Profiles and vSphere Auto Deploy for more information about vSphere Auto Deploy.
5. Review the tasks that are necessary to remediate the Host Profile and click Finish.
The compliance status is updated.

• Identify ESXi Autodeploy requirements
• Configure Autodeploy
• Explain PowerCLI cmdlets for Autodeploy
• Deploy/Manage multiple ESXi hosts using Autodeploy

Installing ESXi Using vSphere Auto Deploy
vSphere Auto Deploy lets you provision hundreds of physical hosts with ESXi software.

Using Auto Deploy, experienced system administrators can manage large deployments efficiently. Hosts are network-booted from a central Auto Deploy server. Optionally, hosts are configured with a host profile of a reference host. The host profile can be set up to prompt the user for input. After boot up and configuration complete, the hosts are managed by vCenter Server just like other ESXi hosts. Auto Deploy can also be used for stateless caching or stateful installs.

Important
Auto Deploy requires a secure separation between the production network and the management or deployment networks as discussed in Auto Deploy Security Considerations. Using Auto Deploy without this separation is insecure.

Stateless caching
By default, Auto Deploy does not store ESXi configuration or state on the host disk. Instead, an image profile defines the image that the host is provisioned with, and other host attributes are managed through host profiles. A host that uses Auto Deploy for stateless caching still needs to connect to the Auto Deploy server and the vCenter Server.
Stateful installs
You can provision a host with Auto Deploy and set up the host to store the image to disk. On subsequent boots, the host boots from disk.

Preparing for vSphere Auto Deploy
Before you can start to use vSphere Auto Deploy, you must prepare your environment. You start with server setup and hardware preparation. You must register the Auto Deploy software with the vCenter Server system that you plan to use for managing the hosts you provision, and install the VMware PowerCLI.

Prepare Your System and Install the Auto Deploy Server
Before you can PXE boot an ESXi host with vSphere Auto Deploy, you must install prerequisite software and set up the DHCP and TFTP servers that Auto Deploy interacts with.

Prerequisites
■ Verify that the hosts that you plan to provision with Auto Deploy meet the hardware requirements for ESXi. See ESXi Hardware Requirements.

Note
You cannot provision EFI hosts with Auto Deploy unless you switch the EFI system to BIOS compatibility mode.

■ Verify that the ESXi hosts have network connectivity to vCenter Server and that all port requirements are met. See vCenter Server Required Ports.
■ If you want to use VLANs in your Auto Deploy environment, you must set up the end to end networking properly. When the host is PXE booting, the UNDI driver must be set up to tag the frames with proper VLAN IDs. You must do this set up manually by making the correct changes in the BIOS. You must also correctly configure the ESXi port groups with the correct VLAN IDs. Ask your network administrator how VLAN IDs are used in your environment.
■ Verify that you have enough storage for the Auto Deploy repository. The Auto Deploy server uses the repository to store data it needs, including the rules and rule sets you create and the VIBs and image profiles that you specify in your rules.

Best practice is to allocate 2 GB to have enough room for four image profiles and some extra space. Each image profile requires approximately 350 MB. Determine how much space to reserve for the Auto Deploy repository by considering how many image profiles you expect to use.
■ Obtain administrative privileges to the DHCP server that manages the network segment you want to boot from. You can use a DHCP server already in your environment, or install a DHCP server. For your Auto Deploy setup, replace the gpxelinux.0 file name with undionly.kpxe.vmw-hardwired.
■ Secure your network as you would for any other PXE-based deployment method. Auto Deploy transfers data over SSL to prevent casual interference and snooping. However, the authenticity of the client or the Auto Deploy server is not checked during a PXE boot.
■ Set up a remote Syslog server. See the vCenter Server and Host Management documentation for Syslog server configuration information. Configure the first host you boot to use the remote Syslog server and apply that host’s host profile to all other target hosts. Optionally, install and use the vSphere Syslog Collector, a vCenter Server support tool that provides a unified architecture for system logging and enables network logging and combining of logs from multiple hosts.
■
Install ESXi Dump Collector, set up your first host so that all core dumps are directed to ESXi Dump Collector, and apply the host profile from that host to all other hosts. See Configure ESXi Dump Collector with ESXCLI.
■ Verify that the Auto Deploy server has an IPv4 address. Auto Deploy does not support a pure IPv6 environment end-to-end. The PXE boot infrastructure does not support IPv6. After the deployment you can manually reconfigure the hosts to use IPv6 and add them to vCenter Server over IPv6. However, when you reboot a stateless host, its IPv6 configuration is lost.
Procedure
1. Install vCenter Server or deploy the vCenter Server Appliance.

The Auto Deploy server is included with the management node.
2. Configure the Auto Deploy service startup type.

a. Log in to your vCenter Server system by using the vSphere Web Client.
b. On the vSphere Web Client Home page, click Administration.
c. Under System Configuration click Services.
d. Select Auto Deploy, click the Actions menu, and select Edit Startup Type.

■ On Windows, the Auto Deploy service is disabled. In the Edit Startup Type window, select Manual or Automatic to enable Auto Deploy.
■ On the vCenter Server Appliance, the Auto Deploy service by default is set to Manual. If you want the Auto Deploy service to start automatically upon OS startup, select Automatic.

3. Configure the TFTP server.

a. In a vSphere Web Client connected to the vCenter Server system, go to the inventory list and select the vCenter Server system.
b. Click the Manage tab, select Settings, and click Auto Deploy.
c. Click Download TFTP Boot Zip to download the TFTP configuration file and unzip the file to the directory in which your TFTP server stores files.

4. Set up your DHCP server to point to the TFTP server on which the TFTP ZIP file is located.

a. Specify the TFTP Server’s IP address in DHCP option 66, frequently called next-server.
b. Specify the boot file name, which is undionly.kpxe.vmw-hardwired in the DHCP option 67, frequently called boot-filename.

5. Set each host you want to provision with Auto Deploy to network boot or PXE boot, following the manufacturer’s instructions.
6. Locate the image profile that you want to use and the depot in which it is located.

In most cases, you point to an image profile that VMware makes available in a public depot. If you want to include custom VIBs with the base image, you can use the vSphere ESXi Image Builder to create an image profile and use that image profile.
7. Write a rule that assigns an image profile to hosts.
8. (Optional) If you set up your environment to use Thumbprint mode, you can use your own Certificate Authority (CA) by replacing the OpenSSL certificate rbd-ca.crt and the OpenSSL private key rbd-ca.key with your own certificate and key file.

■ On Windows, the files are in the SSL subfolder of the Auto Deploy installation directory. For example, on Windows 7 the default is C:\ProgramData\VMware\VMware vSphere Auto Deploy\ssl.
■ On the vCenter Server Appliance, the files are in /etc/vmware-rbd/ssl/.

By default, vCenter Server 6.0 and later uses vSphere Certificate Authority.
When you start a host that is set up for Auto Deploy, the host contacts the DHCP server and is directed to the Auto Deploy server, which provisions the host with the image profile specified in the active rule set.
What to do next
■ Install vSphere PowerCLI. See Install vSphere PowerCLI and Prerequisite Software.
■ Use the vSphere PowerCLI cmdlets to define a rule that assigns an image profile and optional host profile to the host.
■ (Optional) Configure the first host that you provision as a reference host. Use the storage, networking, and other settings you want for your target hosts to share. Create a host profile for the reference host and write a rule that assigns both the already tested image profile and the host profile to target hosts.
■ If you want to have Auto Deploy overwrite existing partitions, set up a reference host to do auto partitioning and apply the host profile of the reference host to other hosts. See Consider and Implement Your Partitioning Strategy.
■ If you have to configure host-specific information, set up the host profile of the reference host to prompt for user input. See Host Customization in the vSphere Web Client.

Auto Deploy PowerCLI Cmdlet Overview
You specify the rules that assign image profiles and host profiles to hosts using a set of PowerCLI cmdlets that are included in VMware PowerCLI.

If you are new to PowerCLI, read the PowerCLI documentation and review Using Auto Deploy Cmdlets. You can get help for any command at the PowerShell prompt.

■ Basic help: Get-Help cmdlet_name
■ Detailed help: Get-Help cmdlet_name -Detailed
Note
When you run Auto Deploy cmdlets, provide all parameters on the command line when you invoke the cmdlet. Supplying parameters in interactive mode is not recommended.
Rule Engine PowerCLI Cmdlets

Using Auto Deploy Cmdlets
Auto Deploy cmdlets are implemented as Microsoft PowerShell cmdlets and included in vSphere PowerCLI. Users of Auto Deploy cmdlets can take advantage of all vSphere PowerCLI features.

Experienced PowerShell users can use Auto Deploy cmdlets just like other PowerShell cmdlets. If you are new to PowerShell and vSphere PowerCLI, the following tips might be helpful.

You can type cmdlets, parameters, and parameter values in the vSphere PowerCLI shell.

■ Get help for any cmdlet by running Get-Helpcmdlet_name.
■ Remember that PowerShell is not case sensitive.
■ Use tab completion for cmdlet names and parameter names.
■ Format any variable and cmdlet output by using Format-List or Format-Table, or their short forms flfl or ft. For more information, run the Get-Help Format-List cmdlet.
Passing Parameters by Name
You can pass in parameters by name in most cases and surround parameter values that contain spaces or special characters with double quotes.

Copy-DeployRule -DeployRule testrule -ReplaceItem MyNewProfile
Most examples in the vSphere Installation and Setup documentation pass in parameters by name.
Passing Parameters as Objects
You can pass parameters as objects if you want to perform scripting and automation. Passing in parameters as objects is useful with cmdlets that return multiple objects and with cmdlets that return a single object. Consider the following example.

1. Bind the object that encapsulates rule set compliance information for a host to a variable.

$tr = Test-DeployRuleSetCompliance MyEsxi42

2. View the itemlist property of the object to see the difference between what is in the rule set and what the host is currently using.

$tr.itemlist

3. Remediate the host to use the revised rule set by using the Repair-DeployRuleSetCompliance cmdlet with the variable.

Repair-DeployRuleSetCompliance $tr

The example remediates the host the next time you boot the host.

Provisioning ESXi Systems with vSphere Auto Deploy
vSphere Auto Deploy can provision hundreds of physical hosts with ESXi software. You can provision hosts that did not previously run ESXi software (first boot), reboot hosts, or reprovision hosts with a different image profile, host profile, or folder or cluster location.

The Auto Deploy process differs depending on the state of the host and on the changes that you want to make.

Provision a Host (First Boot)
Provisioning a host that has never been provisioned with Auto Deploy (first boot) differs from subsequent boot processes. You must prepare the host and fulfill all other prerequisites before you can provision the host. You can optionally define a custom image profile with Image Builder PowerCLI cmdlets.

Prerequisites
■ Make sure your host meets the hardware requirements for ESXi hosts.

See ESXi Hardware Requirements.
■ Prepare the system for vSphere Auto Deploy (see Preparing for vSphere Auto Deploy).
■ Write rules that assign an image profile to the host and optionally assign a host profile and a vCenter Server location to the host. See Managing Auto Deploy with PowerCLI Cmdlets.

When setup is complete, the Auto Deploy server and PowerCLI are installed, DHCP setup is complete, and rules for the host that you want to provision are in the active rule set.
Procedure
1. Turn on the host.

The host contacts the DHCP server and downloads iPXE from the location the server points it to. Next, the Auto Deploy server provisions the host with the image specified by the rule engine. The Auto Deploy server might also apply a host profile to the host if one is specified in the rule set. Finally, Auto Deploy adds the host to the vCenter Server system that is specified in the rule set.
2. (Optional) If Auto Deploy applies a host profile that requires user input such as an IP address, the host is placed in maintenance mode. Reapply the host profile with the vSphere Web Client and provide the user input when prompted.
After the first boot process, the host is running and managed by a vCenter Server system. The vCenter Server stores the host’s image profile, host profile, and location information.

You can now reboot the host as needed. Each time you reboot, the host is reprovisioned by the vCenter Server system.
What to do next
Reprovision hosts as needed. See Reprovisioning Hosts.

If you want to change the image profile, host profile, or location of the host, update the rules and perform a test and repair compliance operation. See Test and Repair Rule Compliance.

Section 9: Configure and Administer vSphere Availability Solutions

Objective 9.3: Setup and Configure App HA. In this objective we should be covering these topics:

• Identify vSphere App HA requirements
• Identify available services protected by vSphere App HA
• Add applications to vSphere App HA
• Configure vSphere App HA policies

vSphere App HA Overview
vSphere App HA is a plug-in to the vSphere Web Client. vSphere App HA allows you to define high availability for the applications that are running on your virtual machines in your environment.

 Setting Up vSphere App HA

After you deploy vSphere App HA, you must set up vSphere App HA and connect to the vCenter Hyperic server.

Prerequisites
■  Your vCenter Server license must include the vSphere App HA feature.
■  vCenter Hyperic server must be installed on vCenter Server.

Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials at root level.
2. From the Inventory menu, navigate to Administration > vSphere App HA.
3. Click the Settings tab.
4. Type the following parameters to configure the vCenter Hyperic server and click Apply.

5. Approve the vCenter Hyperic certificate.
A connection to the vCenter Hyperic server is established.

Access vSphere App HA Using vSphere Web Client
You can access vSphere App HA through the vSphere Web Client. vSphere App HA is compatible only with the vSphere Web Client.

Prerequisites
Deploy the vSphere App HA plug-in on vSphere Web Client. For more information, see the vSphere App HA Installation and Configuration Guide.
Procedure
1. Open a Web browser and type the URL for accessing the vSphere Web Client, https://client-hostname:port/vsphere-client.

You can use the IP address of the vSphere Web Client as an alternative to the client host name.

By default the port is 9443, but this can be changed during vSphere Web Client installation.
2. Type the credentials in the Username and Password text boxes.
3. Click Login.
If vSphere App HA is deployed correctly, vSphere App HA is listed on the Administration page of vSphere Web Client. Also, the Applications Availability tab appears under the Monitor tab.

Enable a vSphere App HA Plug-In
You can enable a disabled vSphere App HA plug-in.

When you deploy a vSphere App HA plug-in, it is enabled by default. If you have had to disable the plug-in, you can re-enable it.
Procedure
1. Log in to the vSphere Web Client with vSphere administrator credentials.
2. From the Inventory menu, click Administration.
3. Click Solutions > Client Plug-ins.
4. Right-click the vSphere App HA plug-in and click Enable.

Disable a vSphere App HA Plug-In
You can disable the vSphere App HA plug-in.

Procedure
1. Log in to the vSphere Web Client with vSphere administrator credentials.
2. From the Inventory menu, click Administration.
3. Click Solutions > Client Plug-ins.
4. Right-click the vSphere App HA plug-in and click Disable.

Disabling the plug-in does not remove the plug-in from the vSphere Web Client. You must uninstall the plug-in to remove it.

Managing Services
You can use view the services in your virtual environment and perform management tasks, such as assigning policies and putting services into maintenance mode.

Service Availability Summary
The summary status of the services is displayed on the Monitor > Applications Availability tab.

Services can be designated as available, unavailable, of unknown status, unsynchronized, or in maintenance mode.

The Availability Status Summary icon above the table indicates the most critical status of the all the services in the table. A summary of all services that are not categorized as Available are listed below the icon.

Availability Status Summary

Services Availability Status
The Services Availability Status table provides details of all the application services that are running in your environment, including essential information such as the virtual machine name and install path of each service, its availability status and any remediation policy that is assigned to the service. You can also manage services such as assigning or changing a policy for a service, putting a service into maintenance mode, and so on. manage services.

You can filter and sort the table.

Services Availability Table

Assign a Policy to Application Services
You can assign a policy to one or more application services that are of the same service type.

Prerequisites
■ Define a policy. For more information about policy creation, see Create a Policy.
■ Verify that you have vSphere App HA.Modify privileges for each virtual machine on which the services to which you will apply a policy are running.
Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials.
2. On the Monitor tab, click the Application Availability tab.
3. Select the services for the applications to which you want to assign a policy.

If you select one or more services that are incompatible with the service type, the Assign Policy icon disappears.
4. Click the Assign Policy icon .

The Assign Policy window appears, which filters and lists all the policies according to service type in a tabular form.
5. Select a policy.
6. Click OK.
The selected policy is assigned to the application services that you specified.

Unassign a Policy
You can unassign a policy from one or more application services. The unassigned policy is removed from the application service.

Prerequisites
Verify that you have vSphere App HA.Modify privileges for each virtual machine on which the services from which you are unassigning a policy are running.
Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials.
2. On the Monitor tab, click the Application Availability tab.
3. Select the services for the applications from which you want to unassign a policy.

Services do not have to be of the same service type.
4. Click the Unassign Policy icon .
The policy is unassigned from the selected application services.

Policies in vSphere App HA
A policy is an object that defines the service type, and the remediation actions to occur when a service becomes unavailable .

You can assign a policy to multiple services.

The service type that you define in the policy must be compatible with the service it is assigned to.

You can view all the policies in the policies table on the Policies tab. The policies can be filtered and sorted.

You can also delete policies on the Policies tab.

Create a Policy
You can create a policy in which you define the remediation actions to take place when the service is unavailable or unstable.

Prerequisites
■ To get email notifications, you must have configured the vCenter Server mail server, using vSphere Web Client.
■ To trigger alarms, you must have configured the VMware vCenter AppHA Plug-in on thevCenter Hyperic server.
Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials at root level.
2. Navigate to Administration > vSphere App HA.
3. On the Policies tab, click the Create Policy icon (+).
4. Type the Policy Name and Description, and click Next.

The policy name must be unique. The description is optional.
5. From the Application Service drop-down menu, select an application service type.
6. Complete the information in the service configuration text boxes, or verify that the Use current configuration check boxes are selected, and click Next.
7. (Optional) Select the remediation actions that take place when the service is unavailable or unstable.

8. Click Next.
9. (Optional) Create a vCenter Server alarm for the policy by selecting the Service has stopped event to trigger the vCenter Server alarm.
10. (Optional) Type comma separated email addresses for notification purposes, and click Next.
11. In the Ready to Complete screen, verify the settings and click Finish.
A policy is created and is listed in the policy definition table. You can assign this policy to services of the same type.

View a Policy
You can view details that you specified for a policy.

Procedure
1. Log in to the vSphere Web Client.
2. Navigate to Administration > vSphere App HA.
3. On the Policies tab, click the View Policy icon .
In the policy wizard you can view all the information that was specified for the policy. You can select wizard screens in random order. The data is read only.

Edit a Policy
You can change the values in a policy, including policies that have already been assigned to services.

If a conflict occurs between the changes that you make to an assigned policy and the required settings of the service, the policy is detached from that service and an error appears in the Policy column of the Service Availability table.

Some of the key reasons that might cause this issue are:

■ bad configuration in the edited policy
■ inability to communicate with the vCenter Hyperic server
■ the VMware vCenter AppHA Plug-in not being configured.

You can edit the policy again and reassign it, or assign a new policy to the services.
Prerequisites
■ When the policy that you are editing is assigned to services, you must have vSphere App HA.Modify privileges for each virtual machine on which the services are running.
■ When the policy that you are editing is assigned to services, those services must be in maintenance mode before you edit the policy.
Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials at root level.
2. Navigate to Administration > vSphere App HA.
3. On the Policies tab, select the policy to edit and click the Edit Policy icon .
4. Change the values of the policy as required, and click Next.
5. In the Ready to Complete screen, verify the settings and click Finish.

Duplicate a Policy
You can use an existing policy as a template for a new policy, using the Duplicate Policy function.

When you duplicate a policy, the default name is Copy of original policy name. All other details are the details of the original policy.
Procedure
1. Log in to the vSphere Web Client using the vSphere App HA.Modify credentials at root level.
2. Navigate to Administration > vSphere App HA.
3. On the Policies tab, click the Duplicate Policy icon .
4. (Optional) If required, change any of the values provided in the wizard.
5. In the Ready to Complete screen, verify the settings and click Finish.
The policy is created and is listed in the policy definition table. You can assign this policy to services of the same type.

Delete a Policy
You can delete a policy and remove it from the policy definition table.

Prerequisites
If a policy is assigned to a service, you must unassign the policy before you can delete it.
Procedure
1. Log in to the vSphere Web Client using vSphere App HA.Modify credentials at root level.
2. Navigate to Administration > vSphere App HA.
3. On the Policies tab, select the policy to be deleted in the policy definition table.
4. Click the Delete Policy icon .
5. Click Yes on the confirmation message.
The policy is deleted from the policy definition table.

Section 9: Configure and Administer vSphere Availability Solutions

Objective 9.2: Configure Advanced vSphere DRS Features. In this objective we should be covering these topics:

• Identify Distributed Resource Scheduler (DRS) affinity rules
• Enable/Disable Distributed Resource Scheduler (DRS) affinity rules
• Identify Distributed Resource Scheduler (DRS) Automation levels
• Configure Distributed Resource Scheduler (DRS) Automation levels

Create a DRS Cluster
When you add a host to a DRS cluster, the host’s resources become part of the cluster’s resources. In addition to this aggregation of resources, with a DRS cluster you can support cluster-wide resource pools and enforce cluster-level resource allocation policies.

The following cluster-level resource management capabilities are also available.

Load Balancing
The distribution and usage of CPU and memory resources for all hosts and virtual machines in the cluster are continuously monitored. DRS compares these metrics to an ideal resource utilization given the attributes of the cluster’s resource pools and virtual machines, the current demand, and the imbalance target. It then performs (or recommends) virtual machine migrations accordingly. See Virtual Machine Migration. When you first power on a virtual machine in the cluster, DRS attempts to maintain proper load balancing by either placing the virtual machine on an appropriate host or making a recommendation. See Admission Control and Initial Placement.
Power management
When the vSphere Distributed Power Management (DPM) feature is enabled, DRS compares cluster- and host-level capacity to the demands of the cluster’s virtual machines, including recent historical demand. It places (or recommends placing) hosts in standby power mode if sufficient excess capacity is found or powering on hosts if capacity is needed. Depending on the resulting host power state recommendations, virtual machines might need to be migrated to and from the hosts as well. See Managing Power Resources.
Affinity Rules
You can control the placement of virtual machines on hosts within a cluster, by assigning affinity rules. See Using DRS Affinity Rules.
Prerequisites
You can create a cluster without a special license, but you must have a license to enable a cluster for vSphere DRS (or vSphere HA).
Procedure
1. Right-click a data center in the vSphere Web Client and select New Cluster.
2. Name the cluster in the Name text box. This name appears in the vSphere Web Client navigator.
3. Select the DRS Turn ON check box.
4. Select a default automation level for DRS.

5. Set the migration threshold for DRS.
6. (Optional) Select the vSphere HA Turn ON check box to enable vSphere HA.

vSphere HA allows you to:

■ Enable host monitoring.
■ Enable admission control.
■ Specify the type of policy that admission control should enforce.
■ Adjust the monitoring sensitivity of virtual machine monitoring.
7. If appropriate, enable Enhanced vMotion Compatibility (EVC) and select the mode it should operate in.
8. Click OK to complete cluster creation.
A new cluster does not include any hosts or virtual machines.

Set a Custom Automation Level for a Virtual Machine
After you create a DRS cluster, you can customize the automation level for individual virtual machines to override the cluster’s default automation level.

For example, you can select Manual for specific virtual machines in a cluster with full automation, or Partially Automated for specific virtual machines in a manual cluster.

If a virtual machine is set to Disabled, vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as pinning the virtual machine to its registered host.

Note
If you have not enabled Enhanced vMotion Compatibility (EVC) for the cluster, fault tolerant virtual machines are set to DRS disabled. They appear on this screen, but you cannot assign an automation mode to them.

Procedure
1. Browse to the cluster in the vSphere Web Client navigator.
2. Click the Manage tab and click Settings.
3. Under Services, select vSphere DRS and click Edit. Expand DRS Automation.
4. Select the Enable individual virtual machine automation levels check box.
5. To temporarily disable any individual virtual machine overrides, deselect the Enable individual virtual machine automation levels check box. Virtual machine settings are restored when the check box is selected again.
6. To temporarily suspend all vMotion activity in a cluster, put the cluster in manual mode and deselect the Enable individual virtual machine automation levels check box.
7. Select one or more virtual machines.
8. Click the Automation Level column and select an automation level from the drop-down menu.

Note
Other VMware products or features, such as vSphere vApp and vSphere Fault Tolerance, might override the automation levels of virtual machines in a DRS cluster. Refer to the product-specific documentation for details.

Using DRS Affinity Rules
You can control the placement of virtual machines on hosts within a cluster by using affinity rules.

You can create two types of rules.

■  VM-Host Affinity Rules
A VM-Host affinity rule specifies whether or not the members of a selected virtual machine DRS group can run on the members of a specific host DRS group.

Unlike a VM-VM affinity rule, which specifies affinity (or anti-affinity) between individual virtual machines, a VM-Host affinity rule specifies an affinity relationship between a group of virtual machines and a group of hosts. There are ‘required’ rules (designated by “must”) and ‘preferential’ rules (designated by “should”.)

A VM-Host affinity rule includes the following components.

■ One virtual machine DRS group.
■ One host DRS group.
■ A designation of whether the rule is a requirement (“must”) or a preference (“should”) and whether it is affinity (“run on”) or anti-affinity (“not run on”).

Because VM-Host affinity rules are cluster-based, the virtual machines and hosts that are included in a rule must all reside in the same cluster. If a virtual machine is removed from the cluster, it loses its DRS group affiliation, even if it is later returned to the cluster.

Create a VM-Host Affinity Rule
You can create VM-Host affinity rules to specify whether or not the members of a selected virtual machine DRS group can run on the members of a specific host DRS group.

Prerequisites
Create the virtual machine and host DRS groups to which the VM-Host affinity rule applies.
Procedure
1. Browse to the cluster in the vSphere Web Client navigator.
2. Click the Manage tab.
3. Click Settings and click DRS Rules.
4. Click Add.
5. In the Create DRS Rule dialog box, type a name for the rule.
6. From the Type drop down menu, select Virtual Machines to Hosts.
7. Select the virtual machine DRS group and the host DRS group to which the rule applies.
8. Select a specification for the rule.

■ Must run on hosts in group. Virtual machines in VM Group 1 must run on hosts in Host Group A.
■ Should run on hosts in group. Virtual machines in VM Group 1 should, but are not required, to run on hosts in Host Group A.
■ Must not run on hosts in group. Virtual machines in VM Group 1 must never run on host in Host Group A.
■ Should not run on hosts in group. Virtual machines in VM Group 1 should not, but might, run on hosts in Host Group A.
9. Click OK.

Using VM-Host Affinity Rules
You use a VM-Host affinity rule to specify an affinity relationship between a group of virtual machines and a group of hosts. When using VM-Host affinity rules, you should be aware of when they could be most useful, how conflicts between rules are resolved, and the importance of caution when setting required affinity rules.

One use case where VM-Host affinity rules are helpful is when the software you are running in your virtual machines has licensing restrictions. You can place such virtual machines into a DRS group and then create a rule that requires them to run on a host DRS group that contains only host machines that have the required licenses.

Note
When you create a VM-Host affinity rule that is based on the licensing or hardware requirements of the software running in your virtual machines, you are responsible for ensuring that the groups are properly set up. The rule does not monitor the software running in the virtual machines nor does it know what non-VMware licenses are in place on which ESXi hosts.

If you create more than one VM-Host affinity rule, the rules are not ranked, but are applied equally. Be aware that this has implications for how the rules interact. For example, a virtual machine that belongs to two DRS groups, each of which belongs to a different required rule, can run only on hosts that belong to both of the host DRS groups represented in the rules.

When you create a VM-Host affinity rule, its ability to function in relation to other rules is not checked. So it is possible for you to create a rule that conflicts with the other rules you are using. When two VM-Host affinity rules conflict, the older one takes precedence and the newer rule is disabled. DRS only tries to satisfy enabled rules and disabled rules are ignored.

DRS, vSphere HA, and vSphere DPM never take any action that results in the violation of required affinity rules (those where the virtual machine DRS group ‘must run on’ or ‘must not run on’ the host DRS group). Accordingly, you should exercise caution when using this type of rule because of its potential to adversely affect the functioning of the cluster. If improperly used, required VM-Host affinity rules can fragment the cluster and inhibit the proper functioning of DRS, vSphere HA, and vSphere DPM.

A number of cluster functions are not performed if doing so would violate a required affinity rule.

■ DRS does not evacuate virtual machines to place a host in maintenance mode.
■ DRS does not place virtual machines for power-on or load balance virtual machines.
■ vSphere HA does not perform failovers.
■ vSphere DPM does not optimize power management by placing hosts into standby mode.

To avoid these situations, exercise caution when creating more than one required affinity rule or consider using VM-Host affinity rules that are preferential only (those where the virtual machine DRS group ‘should run on’ or ‘should not run on’ the host DRS group). Ensure that the number of hosts in the cluster with which each virtual machine is affined is large enough that losing a host does not result in a lack of hosts on which the virtual machine can run. Preferential rules can be violated to allow the proper functioning of DRS, vSphere HA, and vSphere DPM.

Note
You can create an event-based alarm that is triggered when a virtual machine violates a VM-Host affinity rule. In the vSphere Web Client, add a new alarm for the virtual machine and select VM is violating VM-Host Affinity Rule as the event trigger. For more information about creating and editing alarms, see the vSphere Monitoring and Performance documentation.

■ VM-VM Affinity Rules

A VM-VM affinity rule specifies whether selected individual virtual machines should run on the same host or be kept on separate hosts. This type of rule is used to create affinity or anti-affinity between individual virtual machines that you select.

When an affinity rule is created, DRS tries to keep the specified virtual machines together on the same host. You might want to do this, for example, for performance reasons.

With an anti-affinity rule, DRS tries to keep the specified virtual machines apart. You could use such a rule if you want to guarantee that certain virtual machines are always on different physical hosts. In that case, if a problem occurs with one host, not all virtual machines would be placed at risk.

When you add or edit an affinity rule, and the cluster’s current state is in violation of the rule, the system continues to operate and tries to correct the violation. For manual and partially automated DRS clusters, migration recommendations based on rule fulfillment and load balancing are presented for approval. You are not required to fulfill the rules, but the corresponding recommendations remain until the rules are fulfilled.

To check whether any enabled affinity rules are being violated and cannot be corrected by DRS, select the cluster’s DRS tab and click Faults. Any rule currently being violated has a corresponding fault on this page. Read the fault to determine why DRS is not able to satisfy the particular rule. Rules violations also produce a log event.

Note
VM-VM and VM-Host affinity rules are different from an individual host’s CPU affinity rules.

Create a VM-VM Affinity Rule
You can create VM-VM affinity rules to specify whether selected individual virtual machines should run on the same host or be kept on separate hosts.

Note
 If you use the vSphere HA Specify Failover Hosts admission control policy and designate multiple failover hosts, VM-VM affinity rules are not supported.

Procedure
1. Browse to the cluster in the vSphere Web Client navigator.
2. Click the Manage tab.
3. Click Settings and click DRS Rules.
4. Click Add.
5. In the Create DRS Rule dialog box, type a name for the rule.
6. From the Type drop-down menu, select either Keep Virtual Machines Together or Separate Virtual Machines.
7. Click Add.
8. Select at least two virtual machines to which the rule will apply and click OK.
9. Click OK.

VM-VM Affinity Rule Conflicts
You can create and use multiple VM-VM affinity rules, however, this might lead to situations where the rules conflict with one another.

If two VM-VM affinity rules are in conflict, you cannot enable both. For example, if one rule keeps two virtual machines together and another rule keeps the same two virtual machines apart, you cannot enable both rules. Select one of the rules to apply and disable or remove the conflicting rule.

When two VM-VM affinity rules conflict, the older one takes precedence and the newer rule is disabled. DRS only tries to satisfy enabled rules and disabled rules are ignored. DRS gives higher precedence to preventing violations of anti-affinity rules than violations of affinity rules.

Create a Host DRS Group
A VM-Host affinity rule establishes an affinity (or anti-affinity) relationship between a virtual machine DRS group with a host DRS group. You must create both of these groups before you can create a rule that links them.

Procedure
1. Browse to the cluster in the vSphere Web Client navigator.
2. Click the Manage tab.
3. Click Settings, and click DRS Groups.
4. In the DRS Groups section, click Add.
5. In the Create DRS Group dialog box, type a name for the group.
6. Select Host DRS Group from the Type drop down box and click Add.
7. Click the check box next to a host to add it. Continue this process until all desired hosts have been added.
8. Click OK.
What to do next
Using this host DRS group, you can create a VM-Host affinity rule that establishes an affinity (or anti-affinity) relationship with an appropriate virtual machine DRS group.

Create a Virtual Machine DRS Group
Affinity rules establish an affinity (or anti-affinity) relationship between DRS groups. You must create DRS groups before you can create a rule that links them.

Procedure
1. Browse to the cluster in the vSphere Web Client navigator.
2. Click the Manage tab.
3. Click Settings, and click DRS Groups.
4. In the DRS Groups section, click Add.
5. In the Create DRS Group dialog box, type a name for the group.
6. Select VM DRS Group from the Type drop down box and click Add.
7. Click the check box next to a virtual machine to add it. Continue this process until all desired virtual machines have been added.
8. Click OK.

Section 9: Configure and Administer vSphere Availability Solutions

Objective 9.1: Configure Advanced vSphere HA Features: In this objective we should be covering these topics:

• Explain Advanced vSphere HA settings
• Enable/Disable Advanced vSphere HA settings
• Explain how vSphere HA interprets heartbeats
• Interpret and correct errors during conversion
• Identify virtual machine override priorities
• Identify Virtual Machine Component Protection (VMCP) settings

vSphere HA Advanced Options
You can set advanced options that affect the behavior of your vSphere HA cluster.

vSphere HA Advanced Options

Note
If you change the value of any of the following advanced options, you must disable and then re-enable vSphere HA before your changes take effect.

■ das.isolationaddress[…]
■ das.usedefaultisolationaddress
■ das.isolationshutdowntimeout

For a complete list of vSphere HA advanced options, see the VMware knowledge base article at http://kb.vmware.com/kb/2033250.

Set Advanced Options
To customize vSphere HA behavior, set advanced vSphere HA options.

Prerequisites
Verify that you have cluster administrator privileges.
Procedure
1. In the vSphere Web Client, browse to the vSphere HA cluster.
2. Click the Manage tab and click Settings.
3. Under Settings, select vSphere HA and click Edit.
4. Expand Advanced Options.
5. Click Add and type the name of the advanced option in the text box. You can set the value of the option in the text box in the Value column.
6. Repeat step 5 for each new option that you want to add and click OK.
The cluster uses the options that you added or modified.
What to do next
Once you have set an advanced vSphere HA option, it persists until you do one the following:

■ Using the vSphere Web Client, reset its value to the default value.
■ Manually edit or delete the option from the fdm.cfg file on all hosts in the cluster.

Customize an Individual Virtual Machine
Each virtual machine in a vSphere HA cluster is assigned the cluster default settings for VM Restart Priority, Host Isolation Response, VM Component Protection, and VM Monitoring. You can specify specific behavior for each virtual machine by changing these defaults. If the virtual machine leaves the cluster, these settings are lost.

Procedure
1. In the vSphere Web Client, browse to the vSphere HA cluster.
2. Click the Manage tab and click Settings.
3. Under Settings, select VM Overrides and click Add.
4. Use the + button to select virtual machines to which to apply the overrides.
5. Click OK.
6. (Optional) You can change other settings, such as the Automation level, VM restart priority, Host isolation response, VMCP settings,VM Monitoring, or VM monitoring sensitivity settings.

Note
You can view the cluster defaults for these settings by first expanding Relevant Cluster Settings and then expanding vSphere HA.
7. Click OK.
The virtual machine’s behavior now differs from the cluster defaults for each setting that you changed.

Datastore Heartbeating
When the master host in a vSphere HA cluster can not communicate with a slave host over the management network, the master host uses datastore heartbeating to determine whether the slave host has failed, is in a network partition, or is network isolated. If the slave host has stopped datastore heartbeating, it is considered to have failed and its virtual machines are restarted elsewhere.

vCenter Server selects a preferred set of datastores for heartbeating. This selection is made to maximize the number of hosts that have access to a heartbeating datastore and minimize the likelihood that the datastores are backed by the same LUN or NFS server.

You can use the advanced option das.heartbeatdsperhost to change the number of heartbeat datastores selected by vCenter Server for each host. The default is two and the maximum valid value is five.

vSphere HA creates a directory at the root of each datastore that is used for both datastore heartbeating and for persisting the set of protected virtual machines. The name of the directory is .vSphere-HA. Do not delete or modify the files stored in this directory, because this can have an impact on operations. Because more than one cluster might use a datastore, subdirectories for this directory are created for each cluster. Root owns these directories and files and only root can read and write to them. The disk space used by vSphere HA depends on several factors including which VMFS version is in use and the number of hosts that use the datastore for heartbeating. With vmfs3, the maximum usage is approximately 2GB and the typical usage is approximately 3MB. With vmfs5 the maximum and typical usage is approximately 3MB. vSphere HA use of the datastores adds negligible overhead and has no performance impact on other datastore operations.

vSphere HA limits the number of virtual machines that can have configuration files on a single datastore. See Configuration Maximums for updated limits. If you place more than this number of virtual machines on a datastore and power them on, vSphere HA protects a number of virtual machines only up to the limit.

Note
A Virtual SAN datastore cannot be used for datastore heartbeating. Therefore, if no other shared storage is accessible to all hosts in the cluster, there can be no heartbeat datastores in use. However, if you have storage that can be reached by an alternate network path that is independent of the Virtual SAN network, you can use it to set up a heartbeat datastore.

VM Component Protection
If VM Component Protection (VMCP) is enabled, vSphere HA can detect datastore accessibility failures and provide automated recovery for affected virtual machines.

VMCP provides protection against datastore accessibility failures that can affect a virtual machine running on a host in a vSphere HA cluster. When a datastore accessibility failure occurs, the affected host can no longer access the storage path for a specific datastore. You can determine the response that vSphere HA will make to such a failure, ranging from the creation of event alarms to virtual machine restarts on other hosts.

Types of Failure
There are two types of datastore accessibility failure:

PDL
PDL (Permanent Device Loss) is an unrecoverable loss of accessibility that occurs when a storage device reports the datastore is no longer accessible by the host. This condition cannot be reverted without powering off virtual machines.
APD
APD (All Paths Down) represents a transient or unknown accessibility loss or any other unidentified delay in I/O processing. This type of accessibility issue is recoverable.

Configuring VMCP
VM Component Protection is enabled and configured in the vSphere Web Client. To enable this feature, you must select the Protect against Storage Connectivity Loss checkbox in the edit cluster settings wizard. The storage protection levels you can choose and the virtual machine remediation actions available differ depending on the type of database accessibility failure.

PDL failures
A virtual machine is automatically failed over to a new host unless you have configured VMCP only to Issue events.
APD events
The response to APD events is more complex and accordingly the configuration is more fine-grained.

After the user-configured Delay for VM failover for APD period has elapsed, the action taken depends on the policy you selected. An event will be issued and the virtual machine is restarted conservatively or aggressively. The conservative approach does not terminate the virtual machine if the success of the failover is unknown, for example in a network partition. The aggressive approach does terminate the virtual machine under these conditions. Neither approach terminates the virtual machine if there are insufficient resources in the cluster for the failover to succeed.

If APD recovers before the user-configured Delay for VM failover for APD period has elapsed, you can choose to reset the affected virtual machines, which recovers the guest applications that were impacted by the IO failures.

Configure Virtual Machine Responses
The Failure conditions and VM response page allows you to choose settings that determine how vSphere HA responds to host failures and isolations. These settings include the VM restart priority, host isolation response, settings for VM Component Protection, and VM monitoring sensitivity.

Virtual Machine Response page is editable only if you enabled vSphere HA.
Procedure
1. In the vSphere Web Client, browse to the vSphere HA cluster.
2. Click the Manage tab and click Settings.
3. Under Settings, select vSphere HA and click Edit.
4. Expand Failure Conditions and VM Response to display the configuration options.

5. Click OK.
Your Virtual Machine Response settings take effect.

vSphere HA Checklist
The vSphere HA checklist contains requirements that you must be aware of before creating and using a vSphere HA cluster.

Review this list before you set up a vSphere HA cluster. For more information, follow the appropriate cross reference.

■ All hosts must be licensed for vSphere HA.
■ A cluster must contain at least two hosts.
■ All hosts must be configured with static IP addresses. If you are using DHCP, you must ensure that the address for each host persists across reboots.
■ All hosts must have at least one management network in common. The best practice is to have at least two management networks in common. You should use the VMkernel network with the Management traffic checkbox enabled. The networks must be accessible to each other and vCenter Server and the hosts must be accessible to each other on the management networks. SeeBest Practices for Networking.
■ To ensure that any virtual machine can run on any host in the cluster, all hosts must have access to the same virtual machine networks and datastores. Similarly, virtual machines must be located on shared, not local, storage otherwise they cannot be failed over in the case of a host failure.

Note
vSphere HA uses datastore heartbeating to distinguish between partitioned, isolated, and failed hosts. So if some datastores are more reliable in your environment, configure vSphere HA to give preference to them.
■ For VM Monitoring to work, VMware tools must be installed. See VM and Application Monitoring.
■ vSphere HA supports both IPv4 and IPv6. See Other vSphere HA Interoperability Issues for considerations when using IPv6.
■ For VM Component Protection to work, hosts must have the All Paths Down (APD) Timeout feature enabled.
■ To use VM Component Protection, clusters must contain ESXi 6.0 hosts or later.
■ Only vSphere HA clusters that contain ESXi 6.0 or later hosts can be used to enable VMCP. Clusters that contain hosts from an earlier release cannot enable VMCP, and such hosts cannot be added to a VMCP-enabled cluster.
■ If your cluster uses Virtual Volume (vVol) datastores, when vSphere HA is enabled a configuration vVol is created on each vVol datastore by vCenter Server. In these containers, vSphere HA stores the files it uses to protect virtual machines. vSphere HA does not function correctly if you delete these containers. Only one container is created per vVol datastore.

Troubleshooting checklist for VMware Converter (1016330)

Section 10: Administer and Manage vSphere Virtual Machines

Objective 10.2: Create and Manage a Multisite Content Library: In this objective we should be covering these topics:

• Configure Content Library to work across sites
• Configure Content Library authentication
• Set/Configure Content Library roles
• Add/Remove Content Libraries

Libraries store content on a file system or a datastore. To ensure optimal performance, use file systems for libraries that are published, and use datastores for local and subscribed libraries.

6. Click Next.
7. Enter the path to a storage location where to keep the contents of this library.

8. Review the information on the Ready to Complete page, and click Finish.

4. Click OK.

Edit the Settings of a Subscribed Library
You can edit the settings of a subscribed library to optimize storage space and network bandwidth by switching between the options to download content from the published library. You might also need to update the password for authentication to the library if the administrator of the published library changes the password.

Prerequisites
Required privileges: Content library. Update subscribed library and Content library. Probe subscription information on the subscribed library.
Procedure
1. In the vSphere Web Client navigator, select vCenter Inventory Lists > Content Libraries.
2. Right-click a subscribed library and select Edit Settings.
3. Edit the settings of the subscribed library.

■ Enable or disable the automatic synchronization with the published library.
■ Update the password for authentication to the published library.
■ Select a download method. You can either download all library content immediately or download library content only when needed.

If you switch from the option to download content only when needed to the option to immediately download all library content, after confirming the dialog a synchronization task starts and content starts to download. The number and size of items in the published library determine the amount of time and network bandwidth that the task requires.
4. Click OK.

Delete a Content Library
You can delete a content library that you no longer want to use.

Prerequisites
Required privilege: Content library. Delete subscribed library or Content library. Delete local library on the type of library you want to delete.
Procedure
1. In the vSphere Web Client navigator, select vCenter Inventory Lists > Content Libraries.
2. Right-click a content library from the list and select Delete.
3. In the Delete library confirmation dialog box, click Yes.
The content library and all its contents are deleted.

Hierarchical Inheritance of Permissions for Content Libraries
vSphere objects inherit permissions from a parent object in the hierarchy. Content libraries work in the context of a single vCenter Server instance. However, content libraries are not direct children of a vCenter Server system from an inventory perspective.

The direct parent for content libraries is the global root. This means that if you set a permission at a vCenter Server level and propagate it to the children objects, the permission applies to data centers, folders, clusters, hosts, virtual machines, and so on, but does not apply to the content libraries that you see and operate with in this vCenter Server instance. To assign a permission on a content library, an Administrator must grant the permission to the user as a global permission. Global permissions support assigning privileges across solutions from a global root object.

The figure illustrates the inventory hierarchy and the paths by which permissions can propagate.

vSphere Inventory Hierarchy

To let a user manage a content library and its items, an Administrator can assign the Content Library Administrator role to that user as a global permission. The Content Library Administrator role is a sample role in the vSphere Web Client.

Users who are Administrators can also manage libraries and their contents. If a user is an Administrator at a vCenter Server level, they have sufficient privileges to manage the libraries that belong to this vCenter Server instance, but cannot see the libraries unless they have a Read-Only role as a global permission.

For example, a user has an Administrator role that is defined at a vCenter Server level. When the Administrator navigates to Content Libraries in the object navigator, he sees 0 libraries despite there are existing libraries in the vSphere inventory of that vCenter Server instance. To see the libraries, the Administrator needs a Read-Only role assigned as a global permission.

Administrators whose role is defined as a global permissions can see and manage the libraries in all vCenter Server instances that belong to the global root.

Because content libraries and their children items inherit permissions only from the global root object, when you navigate to a library or a library item and click Manage tab, you can see there is no Permissions tab. An Administrator cannot assign individual permissions on different libraries or different items within a library.

Sample User Role for Working with Content Libraries
vSphere Web Client provides a sample role that lets you be an administrator of content libraries. You can modify the role or use it as an example to create custom roles for specific tasks you want to allow other users to perform.

Content Library Administrator

Content Library Administrator role is a predefined role that gives a user privileges to monitor and manage a library and its contents.

A user who has this role can perform the following tasks:

■ Create, edit, and delete local or subscribed libraries.
■ Synchronize a subscribed library and synchronize items in a subscribed library.
■ View the item types supported by the library.
■ Configure the global settings for the library.
■ Import items to a library.
■ Export library items.

Section 10: Administer and Manage vSphere Virtual Machines

Objective 10.1: Configure Advanced vSphere Virtual Machine Settings

• Identify available virtual machine configuration settings

Virtual Machine Option Overview

You can view or change virtual machine settings from the vSphere Web Client. Not all options are available to every virtual machine and some options rarely need to change from their defaults.

The host that the virtual machine runs on and the guest operating system must support any configurations that you make.

When you select Edit Settings from a virtual machine right-button menu and click VM Options, you can select one of the following options.

When you select Edit Settings from a virtual machine right-button menu, click VM Options, and click Advanced, you can select one of the following options.

• Interpret virtual machine configuration files (.vmx) settings

View the Virtual Machine Configuration and Working File Location

You can view the location of the virtual machine configuration and working files. You can use this information when you configure backup systems.

Prerequisites

Verify that the virtual machine is powered off.

Procedure

1. Right-click a virtual machine in the inventory and select Edit Settings.

2. Click VM Options tab and expand General Options.

The path to the location of the virtual machine configuration file appears in the VM Config File text box. The path to the virtual machine working location appears in the VM Working Location text box.

What Is a Virtual Machine?

A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. The virtual machine consists of a set of specification and configuration files and is backed by the physical resources of a host. Every virtual machine has virtual devices that provide the same functionality as physical hardware are more portable, more secure, and easier to manage.

A virtual machine consists of several files that are stored on a storage device. The key files are the configuration file, virtual disk file, NVRAM setting file, and log file. You configure virtual machine settings through the vSphere Web Client, one of the vSphere command-line interfaces (PowerCLI, vCLI) or the vSphere Web Services SDK.

VMX files – a VMX file is the primary configuration file for a virtual machine. When you create a new virtual machine and answer questions about the operating system, disk sizes, and networking, those answers are stored in this file. As you can see from the screenshot below, a VMX file is actually a simple text file that can be edited with Notepad. Example:

config.version = "8"
virtualHW.version = "3"
guestOS = "otherlinux"
displayname = "IPFire"
memsize = "256"
MemAllowAutoScaleDown = "FALSE"
usb.present = "TRUE"
ide0:0.present = "TRUE"
ide0:0.filename = "primaryMaster.vmdk"
#ide1:0.autodetect = "TRUE"
#ide1:0.filename = "auto detect"
#ide1:0.deviceType = "cdrom-raw"
ide1:0.present = "true"
ide1:0.deviceType = "cdrom-image"
ide1:0.filename = "ipfire-2.9.i586-full-core48.iso"
ide1:0.startConnected = "TRUE"
floppy0.present = "FALSE"
sound.present = "FALSE"
ethernet0.present = "TRUE"
ethernet0.addressType = "generated"
ethernet0.connectionType= "nat"
ethernet1.present = "TRUE"
ethernet1.addressType = "generated"
ethernet1.connectionType= "nat"

• Identify virtual machine DirectPath I/O feature

DirectPath I/O allows virtual machine access to physical PCI functions on platforms with an I/O Memory Management Unit.

The following features are unavailable for virtual machines configured with DirectPath:

■ Hot adding and removing of virtual devices
■ Suspend and resume
■ Record and replay
■ Fault tolerance
■ High availability
■ DRS (limited availability. The virtual machine can be part of a cluster, but cannot migrate across hosts)
■ Snapshots

The following features are only available for virtual machines configured with DirectPath I/O on Cisco Unified Computing Systems (UCS) through Cisco Virtual Machine Fabric Extender (VM-FEX) distributed switches.

■ vMotion
■ Hot adding and removing of virtual devices
■ Suspend and resume
■ High availability
■ DRS
■ Snapshots

Enable DirectPath I/O with vMotion on a Virtual Machine
You can enable DirectPath I/O with vMotion for virtual machines in a datacenter on a Cisco UCS system that has at least one supported Cisco UCS Virtual Machine Fabric Extender (VM-FEX) distributed switch.

Prerequisites

1. Enable high performance network I/O on at least one Cisco UCS port profile on a supported Cisco VM-FEX distributed switch. For supported switches and switch configuration, see Cisco’s documentation at http://www.cisco.com/go/unifiedcomputing/b-series-doc.

2. Launch the vSphere Client and log in to a vCenter Server system.

3. Power off the virtual machine.

Procedure
1. Log in to the vSphere Client and select the VMs and Templates inventory view.
2. Right-click the virtual machine to modify and click Edit Settings.
3. On the Resources tab, select Memory.
4. Select Unlimited.
5. On the Hardware tab, select the network adapter to configure as a passthrough device.
6. Select a port profile with high performance enabled from the network label drop-down menu, and click OK.
7. Power on the virtual machine.

After the virtual machine is powered on, DirectPath I/O appears as Active on the Hardware tab of the virtual machine properties dialog box.

DirectPath I/O vs SR-IOV
SR-IOV offers performance benefits and tradeoffs similar to those of DirectPath I/O. DirectPath I/O and SR-IOV have similar functionality but you use them to accomplish different things.

SR-IOV is beneficial in workloads with very high packet rates or very low latency requirements. Like DirectPath I/O, SR-IOV is not compatible with certain core virtualization features, such as vMotion. SR-IOV does, however, allow for a single physical device to be shared amongst multiple guests.

With DirectPath I/O you can map only one physical function to one virtual machine. SR-IOV lets you share a single physical device, allowing multiple virtual machines to connect directly to the physical function.

• Enable/Disable Advanced virtual machine settings

Edit Configuration File Parameters
You can change or add virtual machine configuration parameters when instructed by a VMware technical support representative, or if you see VMware documentation that instructs you to add or change a parameter to fix a problem with your system.

Prerequisites

Verify that you have the following privileges:

Virtual machine.Configuration.Advanced on the destination folder or datacenter, if you are configuring advanced virtual machine settings.

Procedure
1. Right-click a virtual machine in the inventory and select Edit Settings.
2. Click the VM Options tab and expand Advanced.
3. Click Edit Configuration.
4. (Optional) To add a parameter, click Add Row and type a name and value for the parameter.
5. (Optional) To change a parameter, type a new value in the Value text box for that parameter.
6. Click OK.

Disable Virtual Machine Acceleration

You might find that when you install or run software in a virtual machine, the virtual machine appears to stop responding. The problem occurs early in the program’s execution. You can get past the problem by temporarily disabling acceleration in the virtual machine.

This setting slows down virtual machine performance, so use it only for getting past the problem with running the program. After the program stops encountering problems, deselect Disable acceleration. You might be able to run the program with acceleration.

You can enable and disable acceleration when the virtual machine is running.

Procedure

1  Right-click a virtual machine in the inventory and select Edit Settings.
2  Click the VM Options tab and expand Advanced.
3  Click VM Options and expand Advanced.
4  Select Disable acceleration.
5  Click OK.
You should be able to install or run the software successfully.

Enable Virtual Machine Logging

You can enable logging to collect log files to help troubleshoot problems with your virtual machine.

ESXi hosts store virtual machine log files in the same directory as the virtual machine’s configuration files. By default, the log file name is vmware.log. Archived log files are stored as vmware-n.log, where n is a number in sequential order beginning with 1.

Prerequisites

Required privilege: Virtual machine.Configuration.Settings
Procedure

1  Right-click a virtual machine in the inventory and select Edit Settings.
2  Click the VM Options tab and expand Advanced.
3  In the Settings row, select Enable logging and click OK.
You can view and compare log files in the same storage location as the virtual machine configuration files.

Configure Virtual Machine Debugging and Statistics

You can run a virtual machine so that it collects additional debugging information that is helpful to VMware technical support in resolving issues.

Prerequisites

Power off the virtual machine.

Procedure

1  Right-click a virtual machine in the inventory and select Edit Settings.
2  Click the VM Options tab and expand Advanced.
3  Select a debugging and statistics option from the drop-down menu.

• Run normally
• Record Debugging Information
• Record Statistics
• Record Statistics and Debugging Information

The number of debugging and statistics options available depends on the host software type and version. On some hosts, some options are not available.

4 Click OK.
Change the Swap File Location

When a virtual machine is powered on, the system creates a VMkernel swap file to serve as a backing store for the virtual machine’s RAM contents. You can accept the default swap file location or save the file to a different location. By default, the swap file is stored in the same location as the virtual machine’s configuration file.

Procedure

1. Right-click a virtual machine in the inventory and select Edit Settings.
2. Click the VM Options tab and expand Advanced.
3. Select a swap file location option.
4. Click OK.

Edit Configuration File Parameters

You can change or add virtual machine configuration parameters when instructed by a VMware technical support representative, or if you see VMware documentation that instructs you to add or change a parameter to fix a problem with your system.

IMPORTANT Changing or adding parameters when a system does not have problems might lead to decreased system performance and instability.

The following conditions apply:

• To change a parameter, you change the existing value for the keyword/value pair. For example, if you start with the keyword/value pair, keyword/value, and change it to keyword/value2, the result is keyword=value2.
• You cannot delete a configuration parameter entry.

CAUTION You must assign a value to configuration parameter keywords. If you do not assign a value, the keyword can return a value of 0, false, or disable, which can result in a virtual machine that cannot power on.

Procedure

1  Right-click a virtual machine in the inventory and select Edit Settings.
2  Click the VM Options tab and expand Advanced.
3  Click Edit Configuration.
4  (Optional) To add a parameter, click Add Row and type a name and value for the parameter.
5  (Optional) To change a parameter, type a new value in the Value text box for that parameter.
6  Click OK.

Enabling the latency-sensitivity feature for a given VM.

The latency-sensitivity feature is applied per VM, and thus a vSphere host can run a mix of normal VMs and VMs with this feature enabled. To enable the latency sensitivity for a given VM from the UI, access the Advanced Settings from the VM Options tab in the VM’s Edit Settings pop-up window and select High for the Latency Sensitivity