vSphere 4 Services

Consultant Frequently Asked Questions (FAQ)

For use only by VMware PSO and VMware Solution Providers

Consulting Service Delivery Aid – Not a Customer Deliverable
 vSphere Services Consultant FAQ

© 2010 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,075,938,
6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966,
6,880,022, 6,944,699, 6,961,806, 6,961,941, 7,069,413, 7,082,598, 7,089,377, 7,111,086, 7,111,145,
7,117,481, 7,149,843, 7,155,558, 7,222,221, 7,260,815, 7,260,82f0, 7,269,683, 7,275,136, 7,278,030,
7,277,998, 7,277,999, 7,281,102, 7,290,253, 7,356,679, 7,409,487, 7,412,492, 7,412,702, 7,424,710,
7,428,636, 7,433,951, 7,434,002, and 7,447,854; patents pending.
VMware, VMware vSphere, VMware vCenter, the VMware “boxes” logo and design, Virtual SMP and
VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other
jurisdictions. All other marks and names mentioned herein may be trademarks of their respective
companies.

VMware, Inc
3401 Hillview Ave
Palo Alto, CA 94304
www.vmware.com

© 2010 VMware, Inc. All rights reserved.

Page 2 of 69
Revision History

Date Rev. Author Description Reviewers

22 Apr. 2009 V1 Mark Ewert vSphere 4 Pang Chen

Pang Chen

13 May 2009 V2 Pang Chen Additional updates

Rupen Sheth
Chirag Patel
Mark Ewert

17 Jun. 2009 V3 Rupen Sheth Additional updates Pang Chen

Mark Ewert

17 Sep. 2009 V4 Pang Chen Reordered to match

delivery kit PPTs,
added additional
guidance

21 Feb. 2010 V5 Pang Chen VMware rebranding

Minor updates to
Converter and Upgrade
sections

© 2010 VMware, Inc. All rights reserved.

Page 3 of 69
 vSphere Services Consultant FAQ

Contents

Introduction...............................................................................................7
How to Use this FAQ............................................................................................................... 7
Tips for Effective Presentations and Discussions....................................................................7

vSphere Jumpstart Overview....................................................................7

Participant Introductions.......................................................................................................... 7
Jumpstart Format and Objectives........................................................................................... 8

vSphere Overview....................................................................................8
Virtualization and VMware...................................................................................................... 8
Key VMware vSphere Features.............................................................................................. 9
Licenses................................................................................................................................ 12
Evaluations........................................................................................................................... 13

vSphere Architecture..............................................................................13
ESX/ESXi.............................................................................................................................. 13
ESX Only.............................................................................................................................. 14
ESXi Only.............................................................................................................................. 15
vCenter Server...................................................................................................................... 16
vCenter Server Linked Mode................................................................................................17
vSphere Client....................................................................................................................... 18
vSphere Web Access............................................................................................................ 18
vMA....................................................................................................................................... 19
Standard Virtual Switch......................................................................................................... 19
Distributed Virtual Switch...................................................................................................... 22
ESX/ESXi Boot...................................................................................................................... 28
Virtual Storage...................................................................................................................... 28

vSphere Getting Started.........................................................................29

ESX/ESXi Standalone........................................................................................................... 29
Inventory............................................................................................................................... 29
Virtual Hardware................................................................................................................... 30
VMware Tools....................................................................................................................... 31
Custom VM Configuration Options........................................................................................ 31
Installing a Guest OS............................................................................................................ 32
VM Encapsulation................................................................................................................. 32

© 2010 VMware, Inc. All rights reserved.

Page of
 vSphere Services Consultant FAQ

vApps.................................................................................................................................... 32
Cloning and Templates......................................................................................................... 33
VM Snapshots....................................................................................................................... 35

vSphere Using vSphere..........................................................................35

Migrating VMs....................................................................................................................... 35
Enhanced VMotion Compatibility (EVC)................................................................................37
VMware DRS........................................................................................................................ 38
ESX/ESXi Advanced Memory Management.........................................................................40
Resource Management......................................................................................................... 41
VMware HA........................................................................................................................... 43
VMware FT........................................................................................................................... 44
Guided Consolidation............................................................................................................ 47

vSphere Administration...........................................................................47
Permissions.......................................................................................................................... 47
Tasks, Alarms and Monitoring...............................................................................................48
Maps..................................................................................................................................... 48
Host Profiles.......................................................................................................................... 49
Update Manager................................................................................................................... 49

Converter-P2V Jumpstart Overview.......................................................50

Jumpstart Objectives............................................................................................................. 50

Converter Overview................................................................................50
Converter Functionality......................................................................................................... 50
P2V....................................................................................................................................... 51
Conversion Steps.................................................................................................................. 52
Cloning Options..................................................................................................................... 53
P2V Motion........................................................................................................................... 53

Converter Architecture............................................................................54
Live Windows........................................................................................................................ 54
Live Linux.............................................................................................................................. 54
VM Import............................................................................................................................. 54
Cold Clone............................................................................................................................ 55

Converter Usage.....................................................................................55
Conversion Checklist............................................................................................................ 55

vSphere Upgrade Project Kickoff............................................................57

Upgrade Engagement Scope................................................................................................57

© 2010 VMware, Inc. All rights reserved.

Page of
 vSphere Services Consultant FAQ

vSphere Upgrade Overview....................................................................57

ESX/ESXi Upgrade............................................................................................................... 57
vSphere Client....................................................................................................................... 57
What’s Different – Licenses.................................................................................................. 58
What’s Different – ESX......................................................................................................... 58
What’s Different – vCenter.................................................................................................... 59
What’s Different – CLIs, APIs, SDKs.....................................................................................60
What’s Different – Backups................................................................................................... 60
What’s Different – VMware HA..............................................................................................61
What’s Different – VMware Update Manager........................................................................61

vSphere Upgrade Planning.....................................................................61

Upgrade Considerations....................................................................................................... 61

vShield Zones Overview.........................................................................64

Features................................................................................................................................ 64

vShield Zones Architecture.....................................................................65

Components.......................................................................................................................... 65

vShield Zones Admin and Usage...........................................................66

User Management................................................................................................................. 66
Firewall Management............................................................................................................ 66
VM Discovery........................................................................................................................ 68
VM Flow................................................................................................................................ 68

vSphere Known Issues...........................................................................69

ESX/ESXi.............................................................................................................................. 69
Storage................................................................................................................................. 69
vCenter................................................................................................................................. 69
VMs....................................................................................................................................... 70

© 2010 VMware, Inc. All rights reserved.

Page of
Introduction
How to Use this FAQ
 The sections in this document correspond to the components in the vSphere 4
Fundamentals services kit.
 Review the detailed guidance in each section prior to your presentation of the
corresponding component presentation/document. Have this document handy for
reference during and after your presentation when fielding questions.

Tips for Effective Presentations and Discussions

 While presenting, take time to ask the participants questions to reaffirm they understood
key concepts. “Why?” is always a good question, such as why something matters.
 Go beyond simply “what?” and “how?” and explore “what if?” If the group is drawing
blanks, encourage discussion by tossing suggestions or playing devil’s advocate.
 It’s OK to skip certain topics that are either not applicable to the customer, or items that
do not interest them. It’s a good idea to ask the customer if they are using or plan to use
certain capabilities before skipping. When skipping, mention that they can always refer
back to the presentation.
 Keep focused on what you anticipate will be useful and helpful for the customer, in
particular, best practices. As a consultant, it’s your job to anticipate customer needs and
questions.
 Keep a running list of customer questions and issues, either on a white board or written.
Refer to these at the end of each day to determine what outstanding items need follow-
up.

vSphere Jumpstart Overview

Participant Introductions
What are typical items to obtain during participant introductions?
 Go around the room and get everyone’s name, email address, and role.
 Ask each participant why they are here and what they personally want to get out of the
discussions.
 Get a sense of the overall project direction and timeline. It may be useful to help
determine what the customer needs to have a successful deployment.
 The first part of a Jumpstart focuses on terminology and overview. While we encourage
all participants to be involved for the duration of the Jumpstart, the occasional “curious
onlookers” (e.g. senior management) who want to understand the high level concepts
would want to participate in the overview sections and then leave during the installation
sections (and come back to see everything working).
 Introduce yourself and highlight your VMware expertise.

© 2010 VMware, Inc. All rights reserved.

Page 7 of 69
 Jumpstart Format and Objectives
Is the instance installed during a PoC production-ready?
 The installation instances should not be considered production-ready. We highly
recommend that the customer understands all the components and implications and has
a separate and documented design session prior to going live with production hosts and
VMs. The customer should also document the specific processes necessary to recreate
ESX/ESXi hosts for future installations. The hosts we leave behind are ideal for
prototyping and reference purposes. This comprehensive work can be done by
undertaking a Plan and Design service, for example. However, certain customers with
small operations may feel OK to leave the instances running and deem them production-
ready. These situations can be acceptable especially if the customers have already
attended in-depth VMware training classes.

What are some tips for a successful Jumpstart?

 The Jumpstart format should be very informal and you should serve as a knowledgeable
tour guide. Remind the participants that the standard presentation is merely an outline
that contains most topics necessary to ensure everyone can speak at an educated level
about VMware vSphere. You should tailor your discussion as necessary and focus in
detail on items that interest the customer. This could mean skipping some slides (except
for items that are building blocks to understand later topics) while having considerable
discussions around particular slides. Encourage the customer to stop you and ask
questions or seek clarification as needed.
 Time-permitting, you may want to adapt your presentation and add/modify/edit slides as
appropriate for your customer situation.
 It’s often more effective to have a customer participant “drive” while you help him/her
navigate. The customer certainly gets more out of it this way.
 It can often be very effective to interleave slides with references to the actual screens on
the vSphere Client or web site resources, or diagrams on white boards. Participants can
absorb material better if they can visualize and associate tangible objects rather than
theoretical intangible terminology. This means switching around between slides and
consoles potentially after every slide, rather than going through an entire section or
sections before switching to the running system.
 The Jumpstart is designed such that one person is driving while everyone else is
watching, rather than each participant having an individual terminal and learning
environment. Customers interested in having each attendee participate separately rather
than in a group would be best served going to a class.

vSphere Overview
Virtualization and VMware
How can you describe virtualization in basic terms?
 USA Today once had a great article describing virtualization. “Imagine you had 3
daughters and only one bedroom. What if you could trick each daughter into thinking that
she had her own room exclusively while all 3 technically shared the same room?”
 The goal of virtualization from VMware vSphere’s perspective, is to logically represent, or
“virtualize” physical hardware resources. By doing so, the underlying physical hardware
can be shared. Sharing gives us not only the potential for higher utilization of resources,
but also more flexibility in their use and their management.
 A virtual machine is really just a small collection of files (we call this attribute
“encapsulation”). These files can be easily copied or moved to other physical hosts. The
state of VMs can easily be captured as “snapshots” at a point in time which can be useful
© 2010 VMware, Inc. All rights reserved.
Page of
 for testing purposes or reverting to last known good states. Such data management and
manipulation serves as the foundation of the advanced options you get with running VMs
rather than physical machines.
 Virtualization is not new as it dates back to the late 1960’s with the IBM S/360 mainframe
computers. VMware’s virtualization technology traces back to research done at Stanford
University.

Why is VMware a leader in virtualization?

 VMware was founded in 1998. VMware was acquired by EMC Corporation in December
2004 and spun off as a public company in 2007. VMware maintains hardware vendor
neutrality to ensure VMware products run on a broad range of server hardware and
storage options.
 VMware is headquartered in Palo Alto, CA (Silicon Valley) and has offices worldwide.
 VMware Workstation first shipped in 1999, and VMware entered the server market in
2001 with VMware ESX Server (now called VMware ESX) and VMware GSX Server
(succeeded by VMware Server). VMware launched the first commercially available free
virtualization products, VMware Player and VMware Server. VMware ESXi is also
available for free.
 VMware products are mature, having gone through several generations. Some of
VMware’s customers have reported running ESX host instances for many years without a
single reboot. For a list of awards garnered by VMware, go to:
http://www.vmware.com/company/news/awards.html
 Virtualization is not just about server virtualization. VMware offers a broad portfolio of
virtualization products and solutions, including desktop, application, mobile, and
application delivery framework virtualization.

What is cloud computing?

 Cloud computing is a term used to describe the vision of an abstract form of computing
where applications run seamlessly and dynamically with resources that are available
whenever and wherever you want. Contrast that to tying down applications to specific
hardware in specific locations.

Key VMware vSphere Features

Is VCB/vStorage API available for sale?
 No, VCB/vStorage API is not a product per se. VCB is an underlying component of
VMware Infrastructure 3. With vSphere 4, the VCB framework has evolved into a formal
vStorage API. The intent is to provide an interface for backup vendors to use to provide
complete solutions that facilitate VM backups that take advantage of virtualization.

Must Update Manager be used to apply patches for both ESX/ESXi hosts and VMs?
 No. Some customers who already have patch management systems for VMs use
Update Manager just for patching hosts.

Can VMware HA protect against application failure?

 No. HA will detect host failures and restart the VMs on other surviving hosts in a cluster.
HA can also check a heartbeat through VMware Tools inside the guest OS of VMs, but it
is conceivable that an application may hang or fail within a running VM and not trigger
HA.

What are the trade-offs for using thin provisioning?

© 2010 VMware, Inc. All rights reserved.

Page of
 When using thin provisioning, there is a chance of overcommiting disk usage, meaning
more disk is reserved than actually available. vSphere will warn you through disk
thresholds if disk usage is approaching what is actually needed.
 Using thin provisioning does involve some overhead versus thick provisioning, but the
performance impact is minimal, as ESX/ESXi employs techniques to opportunistically
allocate and zero out additional disk space needed. The impact is minimal especially in
situations where the storage array where VMFS is located also supports thin provisioning
at the LUN level.
 Thick provisioning is required for VMware FT and is recommended for very high I/O
workloads.

What are the requirements for VMotion?

 A dedicated Gigabit network is required for supported configurations. VMotion may work
with a network with slower speeds, but is not supported if the VMotion fails. VMotion is
also supported across long distances using certain networking products that can help
ensure the latency is not an issue.

Does VMware have a patent for VMotion?

 Yes.

Does VMotion offer absolutely zero downtime?

 Technically, there is a slight “hiccup” when a VM migrates from one host to another. The
quick but brief changeover usually appears as a tiny loss of packets and is usually
recoverable by most applications running in a VM and therefore downtime is
imperceivable.

Can you hot add a CPU to a VM any time?

 The first time you have to go into the VM settings to enable hot add of CPUs. This may
involve rebooting the VM. Once the setting is activated, you can add additional virtual
CPUs.
 Additional CPUs can be added in any number of increments.
 Hot add CPU requires a supported guest OS.

Once you hot add memory, can you remove it?

 No.

Can you protect a VM using FT by placing a shadow copy on the same host?
 Yes, but there is no real benefit. FT was intended to use DRS anti-affinity rules to ensure
that FT pairs run on different VMs to protect against host failures.

Can FT protect against failures within a VM?

 No.

Can Data Recovery be run for large enterprises?

 Yes, as it is included in the higher licenses of vSphere. However, Data Recovery is
positioned for the small/medium business market and enterprise customers are assumed
to already have a backup solution in place that can utilize VCB/vStorage API.
 The limit of 100 VMs is a physical limit of Data Recovery.

What is Data Recovery based on?

 Data Recovery is an evolution of technology acquired from the EMC Dantz backup
product and VCB. It combines VM backup functionality with storage data de-duplication.
 Data Recovery ships in the form of a virtual appliance.

What is the advantage of using vShield Zones?

© 2010 VMware, Inc. All rights reserved.

Page of
 vShield Zones provides firewall capabilities to protect virtual switch networks. Without it,
you would normally need to route traffic from vSphere to a physical network and firewall
to inspect and filter.

Can you perform a Storage VMotion and VMotion at the same time?
 No. Storage VMotion is about keeping a VM running on the same host while relocating
the underlying VM files from one storage location to another. VMotion is about keeping a
VM running and moving it from one host to another without relocating the underlying VM
files. In order to relocate a VM from one host to another and the VM files at the same
time, the VM must be powered off (and technically not running on a host, although
associated with a host).

What are the advantages of DRS and DPM?

 DRS provides automated or suggested VMotion based on load analysis.
 DRS will help spread workloads so that resource utilization is used evenly across
available resources.
 DPM works in conjunction with DRS by consolidating workloads to as few hosts as
needed to enable powering down hosts to standby. Doing so conserves energy (for
example during nighttime). Hosts are awakened gradually and activated for workloads as
needed based on workload demand.

What licensing requirement is needed for a Distributed Virtual Switch?

 vSphere Enterprise Plus.

Why would a distributed virtual switch be used over a standard switch?

 A distributed virtual switch manages virtual networking across hosts at the vCenter level
rather than on a per host basis. This simplifies network management and avoids
configurations that are different between hosts which can lead to networking-related
issues (e.g. cannot VMotion between two hosts).
 Distributed virtual switches support additional features.

What do you get with a Distributed Virtual Switch that you don’t with a standard vSwitch?
 Virtual networking configuration down to the port level.
o Promiscuous mode can be activated for a single port rather than at the entire port
group level.
o Network statistics provided at port level.
 Required to support third-party switches such as the Cisco Nexus 1000v.
 Easier network management.
o Networking at the vCenter/datacenter level, not per host.
o Simply add new hosts with new physical adapters to the Distributed Virtual
Switch without having to ensure each host is configured the same.
o When you lose a host or the host is powered off, the state, statistics, and
properties of the Distributed Virtual Switch and its ports assigned to VMs remain.
o Note: because of the multi-host dependency, mis-configuration of a Distributed
Virtual Switch can impact multiple hosts, unlike mis-configuring a standard
vSwitch.
 Network VMotion.
o A VM’s network state including statistics and policies remain with the VM as it
moves from host to host. This is necessary for accurate virtual network
monitoring and such technologies that rely on accurate network state such as
IDS/IPS and firewalls.
 Inbound traffic shaping.
 PVLANs.

© 2010 VMware, Inc. All rights reserved.

Page of
 How do private VLANS (PVLANs) differ from regular VLANs?
 PVLANs isolate traffic to prevent communication between ports on the same switch. A
common uplink enables connectivity between these isolated ports and non-isolated
networks. An example use case would be a hotel where connectivity between rooms
served by the same switch would not be desired while enabling all to access the Internet
through a common uplink.

How are host profiles created?

 You designate the configuration of a specified host as the “master” and use this to be
applied to other hosts.
 The host profiles abstracts configuration items and settings that can be applied across a
number of hosts, such as host memory settings, networking, time/date configuration, and
firewall details.
 Host profiles can be used to easily determine configuration differences between hosts by
running a compliance check.

What are the advantages of vCenter Server Linked Mode?

 Single pane of glass. See all vCenter Servers in the inventory together, with their related
VMs.
 Connect to any vCenter Server installed in Linked Mode and manage the inventory of all
vCenter Servers linked.
 Authenticate automatically to all linked vCenter Servers through a single sign-on.
 Shared license database to simplify assigning and tracking licenses to vCenter Servers
and ESX/ESXi hosts.
 Searching inventory across multiple vCenter Servers.
 Replicated roles and permissions through Microsoft ADAM
 Status of all vCenter Server services at a glance

What is vCenter Orchestrator?

 vCenter Orchestrator allows you to create logical workflows that can coordinate vCenter-
related tasks and dependencies. It goes beyond simply scheduling jobs, but will allow
you to create detailed workflows using a vCenter plug-in. For example, if you want to
automate procedures for requesting and deploying VMs, you can create a workflow to run
these steps.
 vCenter Orchestrator ships with vCenter Server.
 vCenter Orchestrator is the current version of technology previously acquired from
Dunes.

Licenses
Can the same vSphere license key be used for multiple hosts?
 Yes. The 25-character key is encoded with the number of hosts allowed. vCenter will
keep track of the number of hosts licensed.

If an upgrade to a higher edition is made, is a new license key required?

 Yes. A 25-character key is encoded with all entitled features. A replacement key will be
needed to expose entitled features. Unlike VI3, a key contains all features, whereas VI3
required new incremental licenses for incremental features.

Is vCenter licensing part of vSphere licensing?

© 2010 VMware, Inc. All rights reserved.

Page of
  No. vCenter licenses are sold separately from regular vSphere license editions
(Standard, Advanced, Enterprise, Enterprise Plus). They are required to enable vSphere
features, however.
 vCenter Server comes in 2 editions—Standard and Foundation. Foundation is limited to
managing 3 ESX/ESXi hosts.
 vCenter licenses are included in small business editions (Essentials, Essentials Plus).
Such vCenter licenses are not the same as vCenter Foundation because the ones with
Essentials/Essentials Plus come only in the package and do not allow for optional
vCenter management add-ons.

Evaluations
Can ESX/ESXi be run in evaluation mode?
 Leave the license key field blank during installation, and ESX/ESXi runs in evaluation
mode that expires after 60 days. Reinstalling ESX/ESXi with no license mode can restart
the evaluation mode.
 Evaluation mode is equivalent to the vSphere Enterprise Plus License. No feature
restrictions are enforced.
 Any VMs left running after the evaluation period expires will continue to run but cannot be
powered on again after being powered off.
 The evaluation period starts counting the first time the host is powered on, even if you are
not using evaluation mode. For example, if you initially input a license key during the
installation but then switched to evaluation mode 10 days later, you only have 50 days
remaining for the evaluation mode period.

Can vCenter Server be run in evaluation mode?

 Leave the license key field blank during installation, and vCenter Server runs in
evaluation mode that expires after 60 days. Reinstalling vCenter Server with no license
mode can restart the evaluation cycle.
 After the evaluation period for vCenter Server ends, ESX/ESXi hosts cannot be added to
the inventory.
 The evaluation mode is fully featured and equivalent to a vSphere Enterprise Plus
license. No features are restricted.

vSphere Architecture
ESX/ESXi
Can ESX/ESXi be installed on most systems?
 No. Customers should always refer to the online VMware Compatibility Guide for
guidance.
 The hypervisor includes the proprietary kernel, VMkernel, and runs on top of physical
hardware. Because the VMkernel runs directly “on bare metal” via specialized device
drivers, not all server hardware and adapters are supported.

What does the VMkernel contain?

 Hardware interface layer that includes all necessary storage and network device drivers
 Resource Manager, which partitions, allocates, and manages the underlying physical
resources relative to their need by the VMs

© 2010 VMware, Inc. All rights reserved.

Page of
 How long does a typical installation and configuration take for a host? (Not including
advanced configuration using the vSphere Client.)
 ESX: about 8 to 15 minutes to run through the installation wizard, and about another 10
minutes for the actual install.
 ESXi embedded: about 10 minutes to configure the host using the direct console. Host
comes preinstalled already—just turn it on.
 ESXi installable: about 10 minutes to install, and an additional 10 minutes to configure
the host using the direct console.

Can hosts be mixed and matched between ESX and ESXi in an environment?
 Yes. However, the best practice is to create host clusters that are all ESX or ESXi.
Doing so will avoid some potential compatibility and manageability issues pertaining to
HA.

ESX Only
Is ESX based on Linux?
 No. The core VMkernel is proprietary. ESX does ship with a service console based on
Linux, which is often the component that confuses customers because they erroneously
think that the service console = Linux = ESX. The service console helps with certain
functions, but is not a critical part of ESX, as ESXi is a service console-less version of
ESX.
 The service console, while it appears as a variant of Red Hat Enterprise Linux, is not a
standalone OS. Changes to it are not advised by VMware. Updates to the service
console are made as part of updates to ESX.

Does it matter if ESX is installed on a SAN?

 If installing ESX on a SAN, make sure it is on a LUN that is zoned and masked
exclusively to the host. The esxconsole.vmdk should also be placed on a dedicated LUN
or boot from SAN LUN.

What are typical reasons for accessing the service console directly for ESX, instead of using
the vSphere Client?
 Logging into the service console directly is typically required when making customizations
or installing software, which in itself is not normally recommended as doing so may run
into supportability and management issues. Example customizations include:
o Installing supported third-party agents
o Grooming logs and/or changing logfile rotation sizes and settings
o Enabling sudo and implementing other security hardening best practices
o Configuring Pluggable Authentication Module (PAM) Active Directory
authentication
o Configuring BMC firmware
o Permitting root login via SSH (for convenience; this is not recommended for
security)
 Starting with vSphere, the service console is no longer a supported environment for
development.

In addition to root, what other ESX service console accounts are recommended?
 At least one non-root account should be created and used with sudo. Doing so will follow
best practices in administration, specifically creating an audit trail and limiting super user
privileges.
 Named accounts should be created for each individual granted access to the service
console.

© 2010 VMware, Inc. All rights reserved.

Page of
 How can I determine the BIOS and firmware level of an ESX host?
 From the service console, dmidecode | more.

ESXi Only
What is different between ESX and ESXi?
 ESXi lacks a service console. The service console and vmkernel network types are
combined in a management network type.
 ESXi comes in OEM embedded (preinstalled) and installable form, whereas ESX must be
installed.
 ESXi has a dramatically smaller footprint compared to ESX. ESXi embedded can fit on a
USB flash disk as small as 1GB. ESXi installable uses approximately 800MB except that
it also creates a 4GB VMFS partition for use (3 hypervisor volumes and a datastore1
volume). ESX takes approximately 10GB of disk space.

What is different between ESXi embedded vs. installable?

 Functionally they are equivalent. Installable ESXi is installed via CD-ROM and expects to
install on a hard drive or SAN LUN. Embedded ESXi is loaded on a USB flash media
device.

What is the proper way to reinstall/restore an ESXi installation?

 For ESXi embedded, refer to the OEM. If no update is available, a standard update can
be downloaded from vmware.com and transferred using dd.
 For ESXi installable, simply reinstall.
 ESXi installable may not be used to reinstall an ESXi embedded server because ESXi
installable expects a disk and not flash media.
 An upgrade or update of an existing ESXi installation can be performed using vCenter
Update Manager.

What are typical reasons for accessing the direct console, instead of using the vSphere
Client?
 When calling VMware Technical Support, a Technical Support Engineer may request you
to access the direct console in Tech Support mode. Going in under Tech Support mode
is not advised except in conjunction with a Technical Support consultation.
 If an ESXi host becomes impaired so that it cannot be accessed via the vSphere Client,
the quickest and most straightforward remedy is to reinstall the ESXi host.

What commands and tools exist in the ESXi direct console?

 /bin/busybox, which provides:
o addgroup, adduser, ash, awk, basename, cat, chgrp, chmod, chown, chroot,
chvt, cksum, clear, cp, crond, cut, date, dd, delgroup, deluser, df, diff, dirname,
echo, egrep, env, expr, false, fdisk, fgrep, find, ftpget, ftpput, getty, grep,
groupadd, groupdel, groups, gunzip, gzip, halt, head, hexdump, hostname, id,
inetd, init, kill, ln, loadkmap, lockfile, logger, login, ls, md5sum, mkdir, mkfifo,
mknod, mktemp, more, mount, mv, nohup, nslookup, od, passwd, patch,
poweroff, printf, readlink, reboot, reset, resize, rm, rmdir, sed, seq, setsid, sh,
sha1sum, sleep, sort, stat, stty, su, sum, sync, syslogd, tail, tar, tee, telnetd, test,
time, touch, true, umount, uname, uniq, uptime, useradd, userdel, usermod,
usleep, vi, wc, wget, which, whoami, xargs, zcat
 /sbin/vmkvsitools, which provides:
o ps, Amldump, bootOption, hwclock, hwinfo, lspci, pidof, vmksystemswap
 esxcfg commands, including:

© 2010 VMware, Inc. All rights reserved.

Page of
 o esxcfg-advcfg, esxcfg-dumppart, esxcfg-hwiscsi, esxcfg-info, esxcfg-init, esxcfg-
loglevel, esxcfg-module, esxcfg-mpath, esxcfg-nas, esxcfg-nics, esxcfg-pciid,
esxcfg-rescan, esxcfg-resgrp, esxcfg-route, esxcfg-scsidevs, esxcfg-wiscsi,
esxcfg-vmknic, esxcfg-volume, esxcfg-vswitch
 Shell commands, including:
o cim-diagnostic.sh, host_reboot.sh, host_shutdown.sh, ipkg, less, ping, ping6,
python, scp, sfcbdump, sfcbmof, sfcbmofpp, sfcbrepos, sfcbstage, sfcbunstage,
sfcbuuid, vim-cmd, vmware, vmware-vimdump, xmltest, BootModuleConfig.sh,
InstallHelper.sh, authd, auto-backup.sh, backup.sh, bootbankstage-install.sh,
chkconfig, cim-install.sh, cim-preinst.sh, configLocker, configRP, dcui, dhclient-
uw, dosfsck, dropbearmultiesxcli, esxtop, esxupdate, ethtool, firmwareConfig.sh,
generate-certificates.sh, generateSLPReg.sh, grabCIMData, hostd, initterm.sh,
licensecheck, net-cdp, net-dvs, notifyvc, ntpd, openwsmand, partedUtil,
pyVmomiServer, randomSeed, scantools, services.sh, sfcbd, shutdown.sh, slpd,
smbiosDump, techsupport.sh, tmpwatch.sh, upgrade.sh, vib-env, vm-support,
vmcp, vmdumper, vmkchdev, vmkerrcode, vmkfstools, vmkgdbd, vmkiscsi-tool,
vmkiscsiadm, vmkiscsid, vmkload_mod, vmklogger, vmkmicrocodeintel,
vmkmod-install.sh, vmkmod-preinst.sh, vmkperf, vmkping, vmkramdisk,
vmkvsitools, vmtar, vmware-autostart.sh, vobd, vsi_traverse, vsish, watchdog.sh

vCenter Server
What are the optional extensions available to vCenter Server?
 Optional extensions include: vCenter Converter, vCenter Guided Consolidation Service,
vCenter Update Manager.

After installing an optional extension for vCenter Server, does the installer remind you to
install a corresponding client plug-in, if available?
 No.

Do all optional server extensions for vCenter Server have corresponding client plug-ins and
vice versa?
 No. For example, some plug-ins are automatically installed: vSphere Client Storage,
Hardware Status, vCenter Server status.

What is automatically installed with vCenter Server?

 vCenter Orchestrator Client and Server
 vCenter Linked Mode Configuration Utility and Setup Utility to remove linked mode or
uninstall vCenter Server (if Linked Mode selected)
 Tomcat Server

What is automatically installed with vSphere Client?

 vCenter Client Storage (client plug-in)
 Hardware Status (client plug-in)
 vCenter Service Status (client plug-in)

What are optional components that can be installed with vSphere Client?
 Host Update Utility
 Client plug-ins for optional vCenter Server extensions

What optional vCenter components can be installed separately?

 vSphere CLI (download from the ESXi web page; installable in Windows or Linux)
 vSphere PowerCLI (installable in Windows)

© 2010 VMware, Inc. All rights reserved.

Page of
  vMA (VMware vSphere Management Assistant, available as a Linux-based virtual
appliance)

Where can server-based extensions to vCenter Server be installed?

 Extensions can be installed on the same system as the vCenter Server. To offload
resource requirements, extensions can be installed on separate systems, as long as the
systems have network connectivity to the vCenter Server.

Does the system where vCenter Server will be installed have to be a member of a Microsoft
Windows Active Directory domain?
 No, if standalone.
 If the vCenter Server is to be running in linked mode with another vCenter Server, both
systems must be part of a Microsoft Windows Active Directory domain. They can be in
different domains if two-way trust is configured between the domains.
 vCenter Server cannot be installed on a domain controller (this is the case as well with
vCenter Server 2.5).

Is any other LDAP-based directory service other than Microsoft Windows Active Directory
supported by vCenter Server?
 No.

How much memory is recommended for vCenter Server?

 A minimum 3GB RAM for the system is required. At least 4GB RAM is recommended,
especially if running VMware Update Manager.
 If more than 200 hosts are being managed, a 64-bit edition of Windows Server must be
used. This is to ensure that vCenter Server can have access to more than the 3GB of
virtual address space that the 32-bit edition of Windows Server provides. (The 32-bit
edition normally has access to 2GB RAM, but can go up to 3GB with the /3GB boot flag.)

vCenter Server Linked Mode

What are the requirements for vCenter Server Linked Mode?
 At least one existing vCenter Server must be accessible when installing a second
vCenter Server. Both systems must be in Active Directory. Linked Mode utilizes ADAM
to replicate user information between vCenter Servers. Assigned roles and permissions
in vCenter are synchronized. User accounts, however, are not synchronized. Accounts
within Active Directory are simply assigned roles.
 vCenter Servers must be at least version 4.0.
 vCenter Servers can be in different Active Directory or even NT 4 Domains as long as
there is a two-way trust between the domains.
 Up to five minutes of time variance is tolerated between linked vCenter Servers.

What does vCenter Server Linked Mode NOT provide you?

 VMs cannot be migrated cold or hot across vCenter Servers.
 VMs cannot be deployed using templates across vCenter Servers.
 Hosts cannot be moved between vCenter Servers.
 Unless the storage is shared between all hosts, files and virtual disks cannot be copied
between datastores connected to hosts managed by different vCenter Servers.

vSphere Client

© 2010 VMware, Inc. All rights reserved.

Page of
 Can the vSphere Client be connected directly to a host rather than vCenter Server?
 Yes, but the vSphere Client options will be limited to only that host, and vCenter options
will not appear in the vSphere Client—this includes the ability to migrate and clone VMs
and to create templates, as well as creating resource pools and clusters that span more
than one host and using vCenter add-on services such as VMware HA or VMware DRS.
 The vSphere Client can be connected to a host if the host is standalone, or even if the
host is managed by a vCenter Server, unless the host is set to lockdown mode. In the
latter case, connecting directly to a managed host should be avoided, as doing so could
cause problems with resource definitions (vCenter may assume availability of certain
resources and going to the host directly circumvents these assumptions and could cause
the definitions to become invalid.)

Can the vSphere Client be run indirectly from Windows Remote Desktop?
 The vSphere Client can be run within a Windows VM and accessed remotely via
Windows Remote Desktop. Some users run it from within a Windows VM hosted on an
ESX/ESXi host. However, we recommend for performance reasons not to run it within a
Windows VM on the vCenter Server, itself i.e. do not install VMware Player, VMware
Workstation, or VMware Server or on the same system running vCenter Server. For
power users, we recommend installing and running vSphere Client on a physical desktop
rather than through Windows Remote Desktop to avoid possible KVM latency issues with
running a VM Console within Remote Desktop.

Can the vSphere Client access devices?

 Floppy and CD/DVD devices and image/ISO files local to the vSphere Client machine
can be used. Alternatively (for faster speed if there is network latency between the
vSphere Client machine and the ESX/ESXi host), you can use image files stored in a
datastore visible to the host.

vSphere Web Access

When is it appropriate to use the vSphere Web Access instead of the vSphere Client?
 When using a client OS that is not supported for the vSphere Client. However, no VM
console plug-in is available for non-Windows OSes. Nor is vSphere Web Access
available when connecting directly to ESXi.
 When the vSphere Client is not readily accessible but you need to connect to vSphere
quickly. This interface is ideal for operators who need to power on/off VMs and interact
with the VM Console, but who do/should not require administrative capabilities found in
the vSphere Client.
 When VM administration is needed by others whom you do not want to give the vSphere
Client. ESX and vCenter administration functionality is not available.
 In an environment running vCenter, the vSphere Web Access should refer to the web
server on the vCenter Server and not directly at a specific ESX host.

vMA
Why is the vMA useful?
 You can use this appliance to remotely connect and manage an ESXi host using CLI.
This is equivalent to using CLI commands on the service console of an ESX host.

© 2010 VMware, Inc. All rights reserved.

Page of
Standard Virtual Switch
How do virtual switches compare to physical switches?
 Even though vSwitches work much like physical switches, they lack some of the
advanced functionality of physical switches. For example, they do not support the
Spanning Tree Protocol to form bridges across multiple vSwitches. vSwitches also lack
an extensive programmable command line interface found in physical switches. (The
service console/vSphere CLI commands esxcfg-vswitch and vicfg-vswitch replicate what
can be configured via the vSphere Client.)
 vSwitches are not routers (which route packets between machines on different networks),
but can be combined with VMs that are themselves configured as routers to create
interesting network topologies.
 The connection speed for physical adapters is set to Autonegotiate by default. The
speed and duplex can be set accordingly.

What are the characteristics of virtual switches depending on the number of uplinks?
 0 uplinks.
o Represents an internal host-only private network. This is not common except in
cases where one wants several VMs communicating with each other while
isolated from outside networks. VMs actively connected to an internal network
may not be migrated to other hosts.
o Full duplex and no collisions.
o Networking is implemented entirely in software and traffic is maintained in
memory.
o Traffic shaping is not supported since it is available only for outbound physical
traffic.
o Ideal for high security requirement applications and testing.
 1 uplink.
o Provides external communication via a physical adapter.
o No collisions on internal traffic.
o Outbound traffic can be shaped.
o ESX/ESXi will avoid routing traffic externally if 2 VMs are connected to the same
vSwitch. Traffic between 2 VMs on the same host connected to the same
vSwitch will stay within the host’s memory and not go outside the host. (This is
different than if you have 2 VMs on the same host networked via 2 different
vSwitches, which necessitates traffic go outside the outbound adapters and back
in.)
o Each virtual NIC has a MAC address. The physical adapter does not have a
MAC address.
 2 or more uplinks.
o 2 or more physical adapters connected to a vSwitch provides teaming per the
IEEE 802.3ad specifications.
o Connecting the physical adapters to separate physical switches provides
additional redundancy.
o A physical adapter can be designated as a standby adapter to use should the
primary adapter(s) fail.

Can a NIC be active on more than one virtual switch at a time?

 Two vSwitches cannot be connected to the same physical adapter, i.e. a physical adapter
can be listed in only one vSwitch at a time. This limitation exists even if attempting to
have the same physical adapter be a standby adapter for a second vSwitch.

Does a standard virtual switch support VLAN tagging?

© 2010 VMware, Inc. All rights reserved.

Page of
 VLAN support is not specific to ESX/ESXi. ESX/ESXi supports the VLAN standard by
tagging packets accordingly when passing them through a vSwitch, and removing tags
when passing packets back to a VM. VLAN tagging has little impact on performance and
enables VMs to be even more secure since network packets are limited to those on the
segmented VLAN.
 VLANs can be implemented through 3 methods, of which the second method is the
preferred implementation due to its flexibility:
o EST (external switch tagging). A VLAN is represented as a single port to a single
NIC port to a vSwitch. This implementation is limited by the number of physical
NICs available on an ESX/ESXi host.
o VST (vSwitch tagging). A trunk port with multiple VLANs is connected to a single
NIC port to a vSwitch. It is assumed that all traffic sent will have VLAN IDs and
no packets with no VLAN IDs will not be sent through the trunk port (“Native
VLAN”).
o VGT (virtual guest tagging). This requires the Guest OS to support VLAN
tagging.
 VLAN tagging requires port groups with VLAN IDS to be created. A port group with no
VLAN ID will receive all untagged packets, which is often called the “Native VLAN”. (For
Cisco switches, typically VLAN 1 is the native VLAN/assigned management network and
the tag is stripped when exiting the switch.) Sending traffic of a native VLAN to a vSwitch
is not a best practice due to its inherent security risk. If a server has access to a native
VLAN of a trunk port, it can craft packets that are tagged for any VLAN and the switched
will accept the packets and send them along. This implies that access to a native VLAN
gives you access to all VLANs on the network, as long as they are allowed on the trunk.
Therefore, make sure that all traffic on a trunk port contains only packets with VLAN
tagging.

Do Port Group names have to be standardized?

 Virtual Machine Port Group/Port network labels need to be consistent across ESX/ESXi
hosts where VMotion or VMware DRS is planned. Names are case-sensitive.

What are the optional security settings for a virtual switch (at the vSwitch or port group level)?
 Promiscuous Mode (Accept/Reject)
o Default is Reject, meaning virtual NICs in Guest OSes see only traffic intended
for them.
o Changing to Accept will turn off filtering and allow all frames to be passed on and
made visible to Guest OSes, even those not intended for them. This is normally
not advised except for situations where network intrusion detection software or
packet sniffers are to be run.
 MAC Address Changes (Accept/Reject)
o Default is Accept. Supports changing the MAC address from within the Guest
OS even if the value is different from the VM virtual hardware configuration.
o Changing to Reject will cause INBOUND network frames to be dropped if the
MAC address in the Guest OS does not match the MAC address of the VM
virtual hardware configuration.
 Forged Transmits (Accept/Reject)
o Default is Accept. No filtering on OUTBOUND network frames.
o Changing to Reject will cause OUTBOUND network frames to be dropped if the
source MAC address specified in the frames does not match that of the MAC
address of the VM virtual hardware configuration.

What are the optional outbound traffic shaping options for a virtual switch (at the vSwitch or
port group level)?
 Traffic Shaping (Disabled/Enabled)
o Default is Disabled.
© 2010 VMware, Inc. All rights reserved.
Page of
 o Can enable and set limits to control:
 Average Bandwidth (default is 102400 Kbps). The allowed average
outbound network load.
 Peak Bandwidth (default is 102400 Kbps). The maximum network
bandwidth allowed. If the peak is reached, excess packets are queued
by the vSwitch for later transmission; if the queue is full, the packets are
dropped. Even if there is spare bandwidth on the connection, this
parameter limits the use.
 Burst Size (default is 102400 Kb). Caps the maximum number of Kb that
can be sent in one burst while exceeding the average bandwidth.
o Used to control and limit some “noisy” traffic on specific networks to protect other
networks.
o While these settings can be made on a vSwitch or Port Group/Port that has no
connected physical adapter, these settings do not take into effect since they are
intended to shape outbound traffic sent to physical adapters.

What are the optional NIC teaming settings for a virtual switch?
 A vSwitch has optional NIC Teaming settings to set policies on traffic across multiple
physical adapters. These settings can be defined at the vSwitch level or overridden at
the individual Port Groups/Port level.
o Load Balancing (3 algorithms)
 1. Route based on the originating virtual port ID (default). Chooses an
uplink based on the virtual port where the traffic entered the vSwitch.
This method is simple and fast and does not require the VMkernel to
examine frames.
 2. Route based on IP hash. Chooses an uplink based on a hash of the
source and destination IP addresses of each packet. This is done by
looking at the Least Significant Bit (LSB), i.e. last digit, of the source and
destination IP addresses in the frame. Using an exclusive
disjunction/exclusive or (XOR) algorithm, load balancing is achieved by
comparing the two values. For non-IP packets, the offsets are used to
calculate the hash. This scheme requires awareness by physical
switches of the team of physical adapters (i.e. turn EtherChannel on).
This method has higher CPU overhead and is not compatible with all
switches, but has a better distribution of traffic across physical NICs.
 3. Route based on source MAC hash. Chooses an uplink based on a
hash of the source Ethernet’s MAC address. This is the Least Significant
Bit (LSB) of the source MAC address in the frame. This method has low
overhead and is compatible with all switches, but may not spread traffic
evenly across physical NICs.
o Network Failover Detection.
 Link Status Only (default). Relies solely on the link status provided by
the physical network adapter, which detects failures (cable pulls, physical
switch power failure) but not configuration errors (physical switch port
blocked by spanning tree, configured to wrong VLAN, cable pulls on
other side of physical switch)
 Beacon probing. Sends out and listens for beacon probes on all network
adapters in the team, in addition to Link Status. Beacon probing may be
effective for Blades servers where the Blade chassis may erroneously
report network connectivity if a network adapter is plugged into the
chassis, even if there is no actual network connectivity to the outside.
o Configuring explicit failover order. By default the list of active adapters is sorted
by uptime. The VMkernel uses the first adapter listed. This adapter list can be
reordered.
o Notify Switches.

© 2010 VMware, Inc. All rights reserved.

Page of
  Yes/No. (Yes default). Send a notification across the network to update
lookup tables on physical switches whenever:
 A new Virtual NIC is connected to the vSwitch
 A change in which physical adapter a particular Virtual NIC is
using
 This effect helps lower latency issues during failover situations or when
running VMotion.
 Do not set this option if the Port Group/Port is using Microsoft Network
Load Balancing (NLB) in unicast mode (OK in multicast mode).
o Rolling Failover.
 Yes/No. (No default). Setting to No automatically returns a failed adapter
to active duty once it is recovered. Setting to Yes leaves a failed adapter
inactive after failure even after recovery.
o Failover Order. Lists the order of physical adapters to use, segmented by:
 Active Adapters. All adapters referenced by the vSwitch or Port
Group/Port under normal conditions.
 Standby Adapters. In a failover situation, adapters listed here are
activated in the order listed immediately—ESX/ESXi does not wait until
all primary adapters fail before activating standby adapters, nor can
failover adapters be teamed to start up together.
 For example, you can have 2 primary adapters each mapped to
different port groups, and configure the vSwitch such that the
port groups use the other primary adapter as a standby adapter.
 Unused Adapters. Not for current use.
 Designating standby NICs is not necessary but formal. If a primary NIC goes down, the
standby NIC gets used.

Distributed Virtual Switch

Can a Distributed Virtual Switch be created at an ESX/ESXi host level?
 No. Distributed Virtual Switches are created at the vCenter level across hosts.

How are PVLANs configured?

 Primary VLAN IDs and Type (default is Promiscuous).
 Corresponding secondary PVLAN IDs and Type. The secondary ID’s must not match
any already assigned as Primary VLAN ID’s.
 Isolation mode:
o Isolated. No communication with other VMs via the secondary PVLAN.
o Community. Can communicate with other VMs that have the same secondary
PVLAN ID.

What are some advanced properties of Distributed Virtual Switches?

 Maximum MTU.
o MTU (Maximum Transmission Unit) enables configuring Ethernet frame size.
The default is 1500. The maximum, 9000, is Jumbo Frames. Any value between
0 and 9000 can be configured; however, an incorrect MTU can cause network
performance degradation.
o A MTU lower than 1500 is sometimes be required to efficiently communicate over
misconfigured, latent or bandwidth constrained links.
o Larger MTU’s, up to 9000 (Jumbo Frames), enable networks to more efficiently
transport large files. It can help with iSCSI and NFS performance. Note that as
of vSphere 4, Jumbo Frames is supported for VM networks and not vmkernel
traffic.

© 2010 VMware, Inc. All rights reserved.

Page of
 o Unless you know the physical and virtual infrastructure supports Jumbo Frames
or requires a non-standard frame size, leave this configured for the default value:
1500
 Cisco Discovery Protocol.
o CDP is a layer 2 protocol used to exchange system information between Cisco
devices. Many network equipment vendors other than Cisco also used CDP to
exchange device information. Such information can include:
 Operating System
 IP Address
 Duplex Setting
 Native VLAN information
o Enable/disable.
o Operation. Valid options: Listen, Advertise, Both
 Administrator contact information (name, other details).

What settings can be modified in the dvUplink?

 Only a subset of settings displayed can be modified.
 General
o Name
o Description
 Policies
o Traffic Shaping
 Ingress Traffic Shaping
 Enabled
o Average Bandwidth
o Peak Bandwidth
o Burst Size
 Egress Traffic Shaping
 Enabled
o Average Bandwidth
o Peak Bandwidth
o Burst Size
o VLAN
 VLAN Trunk Range
 By definition, dvUplinks are VLAN Trunks
 The range is the list of range of VLANs carried by this trunk. Use
a hyphen (‘-‘) to separate numbers in a range. Use a comma to
separate non-sequential VLANs or VLAN ID ranges.
o Miscellaneous
 Blocked
 Blocked is the same as bringing a port down or turning it off.
 Blocking the wrong port can affect multiple hosts (blocking
software iSCSI port for example)
o Advanced
 Override port policies
 Enables specify whether or not specific dvSwitch policies can be
overridden at the port level. The policies for which port level overriding
can be enabled are:
 Block Port
 Traffic Shaping
 Vendor Configuration
 VLAN
 Live port moving
 Configure reset at disconnect
© 2010 VMware, Inc. All rights reserved.
Page of
  When enabled, dvPort configuration is reset and any per-port
configuration discarded when a VM is disconnected from a
dvPort.

What are the settings for a dvPortGroup?

 General.
o Number of ports assigned to the dvPortGroup. The default setting is 128 ports.
Valid initial port values range from 0 to 8192.
o Port binding:
 Static (default). Static assigns a dvSwitch port to the VM when the VM is
first connected to the dvSwitch
 Dynamic. Dynamic assigns a dvSwitch port to the VM when it first
powers on after being connected to a dvSwitch
 Ephemeral. No binding
 Policies (can set items here that cannot be set under the dvUplink settings)
o Security
 Promiscuous Mode
 MAC Address Change
 Forged Transmits
o Traffic Shaping
 Ingress Traffic Shaping
 Average Bandwidth
 Peak Bandwidth
 Burst Size
 Egress Traffic Shaping
 Average Bandwidth
 Peak Bandwidth
 Burst Size
o VLAN. Specify VLAN type
 None
 VLAN – port is a member of VLAN specified by VLAN ID
 VLAN ID
 VLAN Trunking – port carries traffic for multiple VLANs specified by the
VLAN IDs or range of IDs
 VLAN trunk range. The range is the list of range of VLANs
carried by this trunk. Use a hyphen (‘-‘) to separate numbers in a
range. Use a comma to separate non-sequential VLANs or
VLAN ID ranges.
 Private VLAN – port is a member of a Private VLAN (PVLAN) specified
by the Private VLAN entry
 Private VLAN Entry. The Private VLAN Entry needs to be
created first under the settings of the dvSwitch itself.
o Teaming and Failover
 Load Balancing
 Route based on originating virtual port
 Route based on IP hash
 Route based on source MAC hash
 Use explicit failover order
 Network Failover Detection
 Link Status Only
 Beacon Probing
 Notify Switches
 Yes / No
 Failback

© 2010 VMware, Inc. All rights reserved.

Page of
  Yes / No
 Failover Order
 Specify Active and Standby Adapters and their failover order
 Adapters can also be specified as unused
o Miscellaneous
 Blocked. Blocked is the same as bringing a port down or turning it off.
Blocking the wrong port can affect multiple hosts (blocking software
iSCSI port for example)
o Advanced
 Override port policies. Enables specify whether or not specific dvSwitch
policies can be overridden at the port level. The policies for which port
level overriding can be enabled are:
 Block Port
 Traffic Shaping
 Vendor Configuration
 VLAN
 DVUplink Teaming
 Security Policy
 Live port moving
 Configure Reset at Disconnect. When enabled, dvPort configuration is
reset and any per-port configuration discarded when a VM is
disconnected from a dvPort.
 Port Name Format. Configures the name format for dvSwitch ports.
 Label:
o DVS Name
o Port Group Name
o Port ID
 Port name format
o Use the labels to create a format for port naming. For
example: <portgroupName><PortIndex>

How do you reconnect a VM connected to a vSwitch to a dvSwitch?

 Without migrating VMs off the host, which requires network adapter redundancy at the
vSwitch level if other ports to be migrated such as the service console or VMkernel use
the same physical adapter(s), follow these steps:
o From the vCenter Network Inventory, create a new dvSwitch with NO attached
hosts or adapters
o Create all dvPortGroups required to support the migrated vSwitch and its
PortGroups. For example: VMkernel: iSCSI, Production VM, VMKernel: Service
Console, etc. Configure each PortGroup’s settings including: Security, Traffic
Shaping, VLAN, Teaming and Failover.
o Add an ESX/ESXi host and select a host and one of the traditional vSwitch’s
redundant physical adapters to migrate to the dvSwitch.
o Assign the Virtual Adapters that will be migrated from the vSwitch to the
appropriate dvPortGroups created. Production VM or VMKernel: iSCSI for
example
o Verify the configuration to be created using the diagram on the Ready to
Complete screen. Note: the IP addresses for the VMKernel ports (iSCSI and SC)
are to be migrated if this is a VMKernel dvSwitch.
o After the host has been added to the dvSwitch, verify the host still has vCenter
and storage connectivity (depending on what has been migrated). Also verify the
VMs that were left on the traditional vSwitch also still have network connectivity.
At this point, one host and one of its physical network adapters will be assigned

© 2010 VMware, Inc. All rights reserved.

Page of
 to the dvSwitch. The other physical adapter will remain to support the VM
vSwitch PortGroups
o Migrate Virtual Machine Networking (if the vSwitch migrated supported VM
Networking)
 From the Network Inventory menu, right-mouse click on the dvSwitch
and select Migrate Virtual Machine Networking
 Select the Source Network (vSwitch)
 Select the Destination Network (dvSwitch)
 Show the Virtual Machines
 Select the Virtual Machines to be migrated
 Review the Task List, vSwitch and dvSwitch to verify all Virtual Machines
were migrated. Troubleshoot and repeat process if some did not
migrate.
 The migrate wizard will not migrate templates. Templates had to
be converted to VMs, migrated to the dvSwitch and then
converted back to a template.
 VMs can also be migrated between vSwitches and dvSwitches
simply by editing the settings of their network adapter(s) and
changing the vSwitch or dvSwitch they are connected to from the
drop-down list.
o Remove old vSwitch (if desired). From the Host’s Configuration / Networking
menu, remove the old vSwitch or at least just the remaining physical adapters to
be migrated the dvSwitch after its VMKernel services and Virtual Machines have
been migrated.
o Add remaining Host’s Physical Adapters.
 From the Host’s Configuration / Networking / Distributed Virtual Switch
menu, click the link to Manage Physical Adapters for the dvSwitch
 On the Manage Physical Adapters menu, click link: <Click to Add NIC> to
add a NIC to the second dvUplink (dvUplink2)
 Select an available Physical Adapter to add.
 Test to verify proper dvSwitch and dvPortGroup operation.
o Repeat the process to add other hosts and their Physical Adapters to the
dvSwitch, and to migrate their VMs.
 Alternatively, you can migrate all physical adapters at once. Migrating all physical
adapters, or the only physical adapter, results in loss of connectivity between the Hosts
and/or VMs and network resource (network connectivity, iSCSI, VMotion, Management
Network, etc…). Doing so results in VMs being stranded when the physical adapter
supporting their connected vSwitch is migrated to the dvSwitch. The VMs must be
moved to the dvSwitch and will be disconnected from the network until the move has
been completed.

What are some potential gotchas with Distributed Virtual Switches?

 VM assignment to dvPortGroups.
o All dvPortGroups show up as assignable under VM Settings or vSwitch
Migration.
o This means it is possible and simple to erroneously assign a VM to a VMkernel
dvSwitch supporting iSCSI, VMotion or FT. which can impede or impair VMkernel
traffic, or expose the VM to network communication it should not have access to
(such as iSCSI or service console traffic)
 VM network connectivity.
o A dvPortGroup must be created to support VM network connectivity. This can be
performed automatically during the creation of the vSwitch.
 Service console/management networks and VMkernel services (iSCSI, VMotion and FT)
can be assigned to ports on Distributed Virtual Switches.

© 2010 VMware, Inc. All rights reserved.

Page of
 o Only one VMkernel and service console/management network can be assigned
to a Distributed Virtual Switch per ESX/ESXi host.
o To assign a Service Console and/or VMKernel portgroup to a dvSwitch, navigate
to the ESX/ESXi Host’s Configuration / Networking / Distributed Virtual Switch
menu and click: Manage Virtual Adapters then Click Add.
 Assigning physical adapters.
o An ESX/ESXi host’s physical network adapters cannot be assigned to a dvSwitch
until the host itself is assigned to the dvSwitch under Inventory/Networking. The
host’s physical adapters can be selected at this time.
o After the host is assigned to the dvSwitch, modifications to the adapters
assigned to the dvSwitch including adding network adapters is performed on the
Network
 Adding a host to a dvSwitch.
o When you add a host to a dvSwitch, the dvSwitch automatically assigns physical
adapters to dvUplinks. This can be modified under the Host’s network
configuration menu. Adapters are assigned to uplinks based on the number of
assigned adapters (i.e. the first adapter is assigned to dvUplink1, the second to
dvUplink2, and so on up to the max number of assigned adapters).
 Removing physical adapters.
o NICs can be added/removed on the Host’s Configuration Tab / Networking /
Distributed Virtual Switch / Manage Physical Adapters
o You can remove all the host adapters assigned to a dvSwitch, which results in a
warning that associated VMs will “have some networking issues” and advise
reassigning at least one physical adapter to the dvSwitch.
 Adding physical adapters.
o You cannot add physical NICs that are already assigned to other virtual switches
 vCenter Server unavailability
o If the vCenter Server is down or unavailable/unreachable, ESX/ESXi hosts and
virtual machines can lose their dvSwitch settings and assignments. Restoring
vCenter Server typically restores dvSwitch functionality after rebooting the
ESX/ESXi hosts and virtual machines.

Can physical adapters be migrated back from Distributed Virtual Switches to vSwitches?
 Yes.

How do you set up the equivalent of VLAN ID 4095 for a standard virtual switch in a
distributed virtual switch?
 Set the dvPortGroup VLAN type to VLAN trunking, and set the range to 0-4094.

Is there a VMware White Paper on how to migrate to and configure a distributed virtual
switch?
 Yes. http://vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf

ESX/ESXi Boot
Is booting from a shared LUN supported?
 No.

Virtual Storage

© 2010 VMware, Inc. All rights reserved.

Page of
What storage options exist for VMs?
 VMFS: FC SAN, iSCSI (HBA and software initiator) SAN, local SCSI, local SATA, local
RAID, local IDE, SAS. SATA with datastores shared by hosts is not supported.
 NFS: Network Attached Storage (NAS)

What is the difference between VMFS volume grow vs. adding a VMFS extent?
 VMFS volume grow allows you to make an existing VMFS volume bigger, provided the
SAN LUN backing the VMFS volume has first been grown. VMFS volume grow takes
advantage of contiguous new space to the existing VMFS volume to expand.
 Adding a VMFS extent allows you to take an unformatted LUN, create a VMFS partition
(extent), and join it to an existing VMFS volume. Unlike VMFS volume grow, the new
combined VMFS volume has a dependency to the extent. VMFS volume grow is
preferable to adding extents to avoid such dependencies (the VMFS volume may be
inaccessible if either the first volume or extent is lost, whereas a VMFS volume grow only
has one volume exposed).

What is Pluggable Storage Architecture (PSA)?

 VMware Pluggable Storage Architecture (PSA) is a multipath I/O framework that allows
storage vendors to enable and certify their arrays and deliver performance-enhancing
multipath load-balancing behaviors that are optimized per array.
 For example, EMC will ship PowerPath for ESX/ESXi as an alternative to using the built-
in multipath driver in ESX/ESXi.

What best practices exist for SANs?

 Make sure that the LUN ID for a LUN is the same number when presenting to multiple
ESX/ESXi hosts; otherwise, you may receive an error where the VMkernel thinks it has a
snapshot of a LUN.
 For Fibre Channel fabric stability, we recommend single initiator zoning for SAN LUNs,
where each ESX/ESXi host is on a separate zone and the target is on each of these
zones. This restricts Register State Change Notification (RSCN) message propagation
so that topology changes that affect one zone do not affect other zones and can result in
fewer irrelevant fabric queries.
 The same ESX/ESXi host cannot support both an iSCSI hardware initiator and a software
initiator (through VMkernel) pointed to the same storage. The host must be configured to
use one or the other when referencing a particular LUN.

What does the VMFS block size setting represent?

 The VMFS block size determines how contiguous space is allocated. It does not affect
how data blocks are read or written, which is determined by the Guest OS and passed
through by ESX/ESXi. The VMFS block size setting for a VMFS volume has almost no
impact on disk performance; it only affects disk file layout efficiency.

What version of NFS is supported?

 NFS protocol version 3 carried over TCP.

How does NFS differ from SAN?

 NFS generally has lower performance than iSCSI/FC SAN.
 NFS does not support VMFS.
 NFS presents a shared folder from an NFS server. Access is file-level based and the
VMkernel uses lock files to manage multiple access by multiple hosts. There is no direct
access to the underlying LUN.

How many NFS mount points can be established per host?

 By default, a host can have up to 8 NFS mount points, which can be increased.

© 2010 VMware, Inc. All rights reserved.

Page of
vSphere Getting Started
ESX/ESXi Standalone
What features in the vSphere Client do you not see if pointing directly to an ESX/ESXi host
instead of a vCenter Server?
 The following features are exposed only when connected to vCenter and will not be
shown:
o vCenter Home menu
o Maps
o Storage views
o Host Profiles and Host Profiles specification manager
o Performance charts overview
o vCenter settings
 The following vCenter inventory objects are not available:
o Datacenter
o Folder
o Cluster
o vApp
o Template
o Distributed Virtual Switch
 There is no multi-host functionality and related configuration options (e.g. VMware
HA/DRS/FT clusters, VMotion, EVC, Storage VMotion)
 There is no ability to view and manage vSphere connection sessions

Inventory
Does the “datacenter” have a special meaning in vCenter?
 A datacenter is a security boundary and organizational unit. Datastores, networks, and
VMs are relative to a single datacenter. VMs can be hot migrated only within the
confines of a single datacenter.

Does the “cluster” have a special meaning in vCenter?

 A cluster is a group of hosts for the purposes of DRS, DPM, HA, and FT.

Can you remove a host from a cluster after adding it?

 A host can only be removed from a cluster if the host is in maintenance mode or
disconnected from the vCenter Server. Once designated as in maintenance mode, a
host will not go into maintenance mode before all running VMs on that host are powered
off first. During this wait period, no new VMs can be powered on nor can any existing
running VMs be migrated using the vSphere Client. (VM properties also cannot be edited
during this wait period, unless the host is exited from maintenance mode by first powering
off all VMs.)

What are resource pools?

 Resource pools are used to try to guarantee minimum levels in situations where there are
more requested resources than actual resources (resource contention).
 Resource pools aggregate CPU and memory resources.

© 2010 VMware, Inc. All rights reserved.

Page of
  Resource pools allow aggregation of resources across hosts. However, a VM can run
only on a single host at a time, regardless of whether or not the VM belongs to a resource
pool that spans more than one host. VMs cannot run on multiple hosts concurrently
using grid computing.

What are folders?

 Folders are used only for logical organization and can be useful for assigning
permissions. They have no impact on resource allocation (unless hosts themselves
belonging to a folder have resource pools). Folders can be moved (drag and drop)
across folders or clusters.

Virtual Hardware
Are USB devices supported in a VM in ESX/ESXi 4?
 Yes, but only devices attached to a host can be presented to a VM. Devices attached to
a machine running the vSphere Client cannot be redirected and presented inside a VM
by ESX/ESXi alone. (USB redirection can be found in VMware View and is supported
through RDP.)
 USB support requires installation of VMware Tools.

Is sound supported in a VM in ESX/ESXi 4?

 No. VMs do not have virtual sound adapters. No sound will come out of a VM accessed
through the vSphere Client. (Sound redirection can be found in VMware View and is
supported through RDP.)

Can thin disks be converted into thick disks and vice versa?
 A virtual disk can be converted from thin to thick by right-mouse clicking on it in the
Datastore view and selecting: Inflate. There is not a corresponding ‘Deflate’ menu option
for thick disks, however. You would have to initiate a Storage VMotion to change from a
thick to thin disk.
 Disks can be converted when cloning VMs, deploying from template, or migrating VMs.
Options include:
o Maintain format
o Thick
o Thin
 VMs protected under FT must have eagerzeroedthick disks.

Are there differences between hardware levels across VMware products and versions?
 Refer to the Virtual Machine Mobility Planning Guide on compatibility between VMware
products and their virtual hardware levels.

VMware Tools
Is it a best practice to use the time synchronization with VMware Tools?
 Using the VMware Tools option only catches up time, as time tends to be slower in
virtualized worlds than physical. If the time is ahead in the guest, the time will not be
synchronized with the time on the host. However, NTP and Windows Time
synchronization can correct for time that is ahead.
 If using VMware Tools’ time synchronization option, do not also synchronize time inside
the guest as well, as both methods could conflict with each other.
 General best practices for Windows time synchronization is:

© 2010 VMware, Inc. All rights reserved.

Page of
 o Windows NT4 and 2000: use a third-party NTP utility.
o Windows Server 2003 and later: Windows Time Service (w32time)
 Make sure to use NTP on each host for time synchronization as well.

How do I see virtual CPU and memory counters in perfmon in the guest OS?
 Make sure VMware Tools is installed.
 The perfmon counters are:
o VM Memory
 Memory Active in MB
 Memory Ballooned in MB
 Memory Limit in MB
 Memory Mapped in MB
 Memory Overhead in MB
 Memory Reservation in MB
 Memory Shared in MB
 Memory Shared Saved in MB
 Memory Shares
 Memory Swapped in MB
 Memory Used in MB
o VM Processor
 % Processor Time
 Effective VM Speed in MHz
 Host Processor Speed in MHz
 Limit in MHz
 Reservation in MHz
 Shares

Custom VM Configuration Options

What are RDMs?
 RDM stands for raw device mapping. An RDM maps a virtual disk directly to a LUN.
There are two compatibility modes:
o Physical (default) – allow the Guest OS to access the hardware directly. (When
taking a VM snapshot, this disk will be excluded.) Can be useful for:
 Situations where SAN snapshot capabilities require this
 Physical-to-virtual clustering (required)
o Virtual – allow the VM to use VM snapshots and other advanced functionality
while still providing direct LUN access. The virtual disk file is essentially a
symbolic link to the mapped LUN.
 Raw device mappings will require storing the mapping information (symbolic link) to the
LUN either with the VM (default) or a different datastore.
 RDMs are generally not faster than virtual disks stored in VMFS.

Can you grow a virtual disk after creating it?

 Yes, but your guest OS may not recognize the additional space. In such cases, you may
need to run tools for the guest OS to claim the additional unformatted disk space. Tools
include Partition Magic and Dell’s Extpart.exe utility.

Installing a Guest OS
How do I easily/quickly create an ISO or FLP image?

© 2010 VMware, Inc. All rights reserved.

Page of
  A quick and dirty way to create an ISO from a CD-ROM is to rip it using the “dd”
command on a Linux system. “dd” will generally give an error when it is finished ripping a
CD to an .iso file. This is normal. However, we recommend using commercial products
that have block-level checking to create ISO files rather than using “dd”. Example of
using dd include (assuming we are in the location of where the file is to be created):
o CD-ROM -> ISO. dd if=/dev/cdrom of=installdisk.iso bs=32k
 An example of creating a FLP file:
o Floppy -> FLP. dd if=/dev/fd0 of=floppyfile.flp bs=1k count=1440

VM Encapsulation
What are notable files that represent a VM?
 .vmx – configuration settings for VM
 .vmxf – configuration settings used to support an XML-based VM configuration API
 .vmtx – configuration settings for a Template VM (replaces the .vmx file)
 .vmdk – virtual disk file. (Note: if a thick disk is used, a –flat.vmdk file that represents the
actual monolithic disk file will exist but will be hidden from the vSphere Client.)
 .nvram – non-volatile memory (BIOS)
 .vswp – swap file used by ESX/ESXi per VM to overcommit memory, i.e. use more
memory than physically available. This is created by the host automatically when
powering on a VM and deleted (default behavior) when powering off a VM. Swap files
can remain and take up space if a host failed prior to shutting down a VM properly.
Normally the swap file is stored in the location where the VM configuration files are kept;
however the location can be optionally located elsewhere—for example, locally for
performance reasons and if using NAS/NFS, local swap should be used.
 .vmss – suspend file (if placed into suspend power mode)
 .vmsd – for snapshot management
 .vmsn – snapshot file

vApps
What are the advantages of using a vApp?
 Group properties.
o vApp properties are metadata or variables that can be set at the vApp level,
stored in the .ovf virtual appliance representing the vApp, and then passed to the
Virtual Machines at runtime after a new instance is deployed.
o Scripts within the Virtual Machines can be written to perform configuration based
on the properties, greatly simplifying deployment of unique vApp instances. An
example of the properties could be virtual machine names, proxy server URL, IP
addresses to store in a host file, etc.
 IP allocation policy. vApps offer three IP allocation policies to simplify network
addressing for vApp deployments:
o Fixed. Manual allocation
o Transient. IP addresses are assigned by vCenter when the VMs are powered on
and released back to the pool when they are powered off.
o DHCP. A DHCP Server and its IP allocation policies are used.
 Start order.
o Specify the relative start order of VMs within a vApp. This enables staggering
the startup of Virtual Machines so that the systems that need to be powered on
before others come online first, which is common in a multi-tiered application.
 Packaging.

© 2010 VMware, Inc. All rights reserved.

Page of
 o Packaged in OVF format for easy export and distribution.

How are vApps different from VMs?

 A vApp combines the elements of a VM folder and resource pools to collectively manage
a group of VMs.
 Functions you cannot perform on a vApp that you can with individual VMs:
o VMotion
o Snapshot
 Functions you can perform on a vApp collectively for all VMs inside:
o Power on/off/suspend/resume
o Clone
o Report performance
o Modify permissions

Do all VMs in a vApp have to be on the same network?

 No.

Do all VMs in a vApp have to reside in the same datastore?

 No.

Must all VMs in a vApp belong in the same cluster?

 Yes.

Cloning and Templates

Is there version control with cloning a VM?
 No, it is very easy to clone a VM again and again.
 The Annotations area on the summary tab of a VM is a useful place to put descriptive text
and labels.

What are VM templates?

 Templates are VMs that are configured as never able to power on. They are used as the
golden master to provision new VMs. A template can subsequently be marked as a VM,
powered on to make updates within the Guest OS, powered off, and then marked back
as a template.
 A template can be created by designating a VM as a template or cloning a VM to a
template.
 A source VM can be used to create a template only if the VM is powered off. The VM
cannot be suspended or have snapshots.
 Guest OS customization for Windows allows entering the following items prior to booting
up the VM:
o Registration Information: name and organization
o Computer name
 Type in a new name
 Use the VM’s name
 Prompt the user for a name during deployment
 Use a custom application to generate a name (instead of the default
configured option in vCenter Server)
o Windows License
o Administrator password
o Time zone
o Run once (optional commands to run as part of first startup of new deployed VM)

© 2010 VMware, Inc. All rights reserved.

Page of
 o Network
 DHCP
 Custom settings -> Network Properties
o Workgroup or Domain
o Operating System Options (generate new SID)
 Guest OS customization will first search the vCenter Server for the necessary tools
(Sysprep) in the Guest OS specific subdirectories. Each version of Windows has a
directory of its own for its specific version of sysprep. If it cannot find them it will default
to the tools found in the 1.1 directory.
 When placing Sysprep files, make sure to expand the Sysprep cab files to ensure all
necessary files are available to vCenter (don’t just copy select files; for example,
Windows Server 2003 needs factory.exe in addition to sysprep.exe) otherwise vCenter
may not recognize that Sysprep has been configured. Note that Sysprep files are
different for 32-bit vs. 64-bit editions.
 Guest customization can be done for Linux hosts on the supported list with the caveat
that the root (/) file system needs to be on an ext2 or ext3 file system.
 Customizing Linux guest operating system options include:
o Computer name -> computer name (aka “host name” in Linux) and domain name
(“domain suffix”). “Host name” can be
 Type in a new name
 Use the VM’s name
 Prompt the user for a name during deployment
 Use a custom application to generate a name (instead of the default
configured option in vCenter Server)
o Network interface configuration
 A template is stored in a datastore. In order to select a datastore, an ESX/ESXi host or
cluster of hosts must first be selected to determine what datastores the host/cluster can
see.
 A deployed VM using a template can be placed on any host on any datacenter. That
host need not be able to directly see the datastore where the template resides. This
means a template can be stored in a datastore visible to one host but the deployed VM
can be placed onto another datastore visible to another host.
 A deployed VM from a template will inherit the template’s virtual disks and sizes, but the
disk sizes in the new VM, along with the virtual hardware can be changed.

VM Snapshots
What are the mechanics of a VM snapshot?
 Snapshots can be taken at any time the VM is powered on. The analogy is similar to a
database checkpoint. Multiple snapshots (checkpoints) can be taken and applied to the
base disk (image). Reverting to a previous state will require more time if there are
multiple snapshots since they all have to be applied to get to the desired point in time.
 Each snapshot taken will result in
o -SnapshotN.vmsn. VM snapshot configuration file. It may or may not take the
memory.
o -NNNNNN-delta.vmdk. Snapshot differences COW (copy on write) file. Disk
write buffer (REDO log), where changes to the base disk are written.
o -NNNNNN.vmdk. Create/delete/find/get properties for VM snapshots. Snapshot
metadata about the snapshot itself.
o -.vmsd. Single management file that catalogs all VM snapshots and associated
virtual disks. Only one .vmsd file exists per VM; additional VM snapshots will
create additional of the above files.

© 2010 VMware, Inc. All rights reserved.

Page of
  As soon as a snapshot is taken, the –delta.vmdk file will continue to be written to, to track
subsequent changes to disk. This can impact both performance of the VM and usage of
disk space.
 The top-most COW –delta.vmdk file is known as the “REDO” log file and captures the
current activity, whereas the base disk and other COW files capture previous states. A
COW file can never exceed the size of a base disk. It is a bitmap of all changed blocks to
the base disk.
 A snapshot includes disk state as well as memory state. Capturing the memory state is
optional. Unchecking the Snapshot the virtual machine’s memory will result in a crash-
consistent snapshot.
 Snapshots can be taken up to 32 levels. The amount of time to revert to a snapshot can
increase with the number of serialized snapshots—it is proportional to the amount of data
and memory saved, and snapshots are daisy-chained because they connect the deltas.
 Remember to delete unwanted snapshots as they will continue to take up space in the
datastore.

What are some notable limitations if a VM has an existing VM snapshot?

 The VM cannot be protected using FT until all snapshots are deleted.
 The VM disks cannot be grown until all snapshots are deleted.

vSphere Using vSphere

Migrating VMs
What are cold migrations?
 When a powered off VM is moved from one host to another and/or another datastore.
 Migrations can be across hosts running different hardware—the vSphere Client will report
Compatibility Validation succeeded. Both hosts need not have shared storage. vCenter
will ask if the files should be moved (default selected option is to keep virtual machine
configuration files and virtual disks in their current locations, if possible). If files are
moved, they are copied and the timestamps will change.
 A cold migration is useful to relocate a VM residing on a non-shared datastore, to
relocate a VM in order to reconfigure or rebalance storage, or to move a VM across 2
hosts with different hardware (CPU family types). Cold migrations should not be
performed for VMs with Linux guests across 2 hosts with different processor vendors
(Intel vs. AMD), as Linux installations optimize the Linux kernel relative to the type of
processor. While VMware virtualizes the motherboard, the motherboard can be thought
of as having a cut-out to slot the CPU which we do not virtualize.
 When migrating a VM and moving the virtual machine configuration files and virtual disks,
the new target datastore must have sufficient free space to accommodate the VM files.
 When migrating a VM that has been suspended, the VM files are moved but the VM state
will revert to the last powered off state, and the suspend file will be discarded. Beware!
 If a VM is configured to store its swapfile in a location different from the default VM files
(this option was not available in ESX Server previous to version 3.5), the swapfile is
copied if the location is different from the source and destination.

Can you VMotion a VM that is in a cluster to a host outside the cluster?

 Yes, so long as both hosts are within the same datacenter.

What happens during a VMotion hot migration?

 The virtual MAC address is maintained during a VMotion so as not to cause any
disruption to other machines that might have that MAC address in their ARP (Address
Resolution Protocol) cache.
© 2010 VMware, Inc. All rights reserved.
Page of
 If a hot migration, once started, cannot be successfully completed, the process is
automatically cancelled and rolled back without any disruption to the end users. The
running VM is not altered in this case. The exception is if one of the host crashes during
the attempted migration, in which case VMware DRS rules will apply (see section on
VMware DRS).
 The amount of time it takes to migrate a running VM depends on several performance
factors:
o Running processes inside the Guest OS of the VM that can impact the runtime
state (memory mapping, network activity)
o Resources relative to other VMs on the source and target hosts
o Network traffic and bandwidth of the VMkernel VMotion network
 A hot migration will require one of two priorities:
o High Priority will maintain VM availability and prevent a successful VMotion hot
migration if insufficient host resources (CPU and memory) are available
o Low Priority will force hot migration but VM availability may be briefly interrupted
if insufficient host resources are available
This priority setting can be counter-intuitive. A high priority will ensure that the end
user connected to the VM will receive minimal service disruptions, and as such the
VMotion could fail if there are insufficient resources. A low priority will force the
migration regardless and could result in some temporary service disruption.
 A gratuitous RARP (Return Address Resolution Protocol) notification is sent to the new
host at the end of a VMotion migration (over 90% of the task completion) to remap
network switch port tables. During this switchover, you may see a few dropped packets
and/or a delayed ping response up to 1-2 seconds. This blip is usually insignificant
enough for applications and OSes to recover from.

What are the requirements for VMotion?

 In order to VMotion from one host to another, the physical machines must have a
“compatible” set of processors. Since VMotion transfers the running state of a virtual
machine between underlying hosts, this means that the CPUs of the target host must be
able to resume execution using the same instructions where the CPUs of the source host
were suspended. More specifically, in order for two processors to be VMotion
compatible, they must satisfy the following constraints:
o Same vendor class (Intel vs. AMD)
o Same subset of core and extended features within the processors
 In particular, the CPU must be able to run the same SSE3 instruction sets. CPU clock
speeds and stepping levels may vary though. In addition, VMotion will depend upon
whether or not the Nx flag is set. The Nx flag refers to the AMD No eXecute (NX) and
Intel eXecute Disabled (XD) technology which allows some supported Guest OSes to
mark memory pages as data only to prevent malicious exploits and buffer overflow
attacks.
 EVC can be used to mask the features of newer processors to increase the compatibility
level with older processors.
 It’s also possible to go from a dual-core CPU to a single core CPU and vice versa so long
as the other requirements are satisfied. Refer to VMware KB articles 1991, 1992, and
1993 for more information.
 VMotion CPU compatibility can be adjusted by setting the CPU compatibility masks on a
per-VM level.
 VMware does not support migrating a VM that belongs to a VM cluster running Microsoft
Cluster Services.
 VMotion uses unicast, not multicast. A VMotion network must be in a single broadcast
domain and therefore VMotion traffic is not routable.

© 2010 VMware, Inc. All rights reserved.

Page of
  The network that the VM itself uses must be on a subnet accessible from both the original
host and target host.

Is VMotion traffic secure?

 Traffic is not encrypted.
 You can consider restricting access to the VMkernel/VMotion network through port
security in the virtual switch.

How many concurrent migrations (VMotion and/or Storage VMotion) are supported?
 Up to 4 concurrent VMotion operations are supported per VMFS volume accessed. A
VMotion operation involves 2 hosts accessing the same VMFS volume and therefore
counts as 2. A Storage VMotion operation involves a single host accessing the same
VMFS volume once. Therefore, up to 2 VMs on the same datastore can be hot migrated
using VMotion concurrently, while up to 4 VMs on the same datastore can be hot
relocated using Storage VMotion concurrently.

Will Storage VMotion move a VM with an RDM?

 You can migrate the mapping file or convert an RDM to a thick or thin virtual disk. In the
first case, the vmdk that references the RDM will move, but the RDM stays in place. In
the second case, the RDM is no longer used and a new virtual disk is created.

Will Storage VMotion move a VM from VMFS to NFS?

 Yes, with one exception. RDMs with virtual compatibility mode cannot be relocated to
NFS from VMFS.

Enhanced VMotion Compatibility (EVC)

What is EVC (Enhanced VMotion Compatibility)?
 EVC allows a cluster containing hosts with differing levels of CPU generations to present
a baseline. Hosts with CPU generations higher than the baseline will have their
instruction sets masked to provide backwards compatibility.

What are the requirements for EVC?

 EVC requires all hosts to be supported for EVC, meaning all hosts must meet a minimum
processor generation level. EVC cannot work with older processors. It is intended to
start with a baseline of hosts with the same processor generation and allow the addition
of newer hosts into the clusters with the option for maximum compatibility. Manual
processor masking should be investigated when dealing with hosts running older
generation processors.
 EVC requirements include:
o vCenter 2.5 U2 or later
o All hosts in cluster must be ESX/ESXi 3.5 U2 or later
o All hosts in cluster must have AMD No eXecute (NX) or Intel eXecute Disable
(XD) options enabled in their BIOS
o All hosts must be from the same vendor, i.e. all Intel or all AMD
o All hosts must have processors that support Intel VT-x FlexMigration or AMD-V
Extended Migration technologies
 EVC works at the cluster level. Clusters should contain hosts with common EVC
baselines. A VM’s CPUID mask is automatically cleared or changed when a VM is
moved between clusters.
 EVC hides the additional features exposed by newer generation processors. The trade-
off is CPU compatibility over newer CPU features/capabilities.
 As of vSphere 4, the following processor family baselines are supported for EVC:

© 2010 VMware, Inc. All rights reserved.

Page of
 o Intel:
 Xeon Core 2 (“Merom” aka Xeon 30xx, 32xx, 51xx, 53xx, 72xx, 73xx)
 Xeon 45nm Core 2 (“Penryn” – adds SSE4.1, aka Xeon 31xx, 33xx,
52xx, 54xx, 74xx)
 Xeon Core i7 (“Nehalem” – adds SSE4.2 and POPCOUNT, aka Xeon
3yxx, 5yxx, 7yxx)
o AMD:
 Opteron Generation 1/2 (“Rev. E/Rev. F” aka Opteron 1xx, 2xx, 8xx,
12xx, 22xx, 82xx)
 Opteron Generation 3 (“Greyhound” – adds SSE4A, MisAlignSSE,
POPCOUNT, ABM (LZCNT) and CMPXCHG16B, aka Opteron 13xx,
23xx, 83xx)
 The VMware CPUID utility can be run on a host to show the Supported EVC modes and
CPU Supported features.

VMware DRS
What are the levels of DRS automation?
 Automation modes are:
o Automated
o Manual
o Partially Automated
o Default – inherit the cluster’s automation level
o Disabled – Do not use the cluster’s automation level
 Automation levels apply to all VMs of a VMware DRS cluster. Individual VMs in the
cluster can be set at different automation modes.

What are the migration thresholds for automated mode?

 Thresholds based on priority – number of stars include:
o Apply only five-star recommendations (highest priority, or conservative). Apply
recommendations that must be taken to satisfy cluster constraints like affinity
rules and host maintenance
o Apply recommendations with four or more stars. Apply recommendations that
promise a significant improvement to the cluster’s load balance.
o Apply recommendations with three or more stars (default). Apply
recommendations that promise at least good improvement to the cluster’s load
balance.
o Apply recommendations with two or more stars. Apply recommendations that
promise even a moderate improvement to the cluster’s load balance.
o Apply all recommendations (lowest priority, or aggressive). Apply
recommendations that promise even a slight improvement to the cluster’s load
balance.

Are there possible problems with setting too aggressive a level for a DRS cluster migration
threshold?
 Sometimes a side effect of a too aggressive level is many automated VMotions for
seemingly no apparent reason, i.e. there is not a large imbalance in resources available.
In such cases, select an option that applies more stars for recommendations (higher
priority or conservative).

What happens if I add a host with an existing resource pool to a DRS cluster?
 If a standalone host that has an existing resource pool is added to a VMware DRS cluster
with at least 1 VM, a pop-up window will prompt the administrator to:

© 2010 VMware, Inc. All rights reserved.

Page of
 o Remove the existing resource pool before adding the host to the cluster
o Graft the existing resource pool into the cluster and preserve the relative
allocations within the original resource pool
 The existing resource pool will be dropped if it contained no VMs.

What happens if I place a host into maintenance mode?

 Placing a host in maintenance mode ensures that vlCenter will internally remove the host
from load balancing consideration as part of a VMware DRS cluster.

What are the states for a DRS cluster?

 Green. The cluster is valid. All resource constraints are met.
 Yellow. Some resource constraints are not met. This can happen if a host fails or is
removed. As a result, resource reservations cannot be increased until existing
reservations are decreased or new resources are added (offloading VMs, powering off
VMs, adding hosts).
 Red. The cluster is inconsistent and does not have enough resources available. This
can happen if an administrator bypassed vCenter and made resource pool changes
directly on a host.

If I deploy or migrate a VM to a cluster with DRS, will DRS automatically place it onto a host
for me?
 Yes. However, if manual mode is set, you must manually select a host.

How can I demonstrate DRS?

 You can try to put load on a VM’s CPU to see how vCenter responds to it. This can be
accomplished by running a CPU load generation script inside a guest. Two examples
from VMware Education’s Install and Configure class include a cpubusy.pl script for Linux
systems and a cpubusy.vbs script for Windows systems.
 cpubusy.pl

#!/usr/bin/perl

# cpubusy.pl

if ($^O =~ /Win/) {
$goal = 2700000;
} else {
$goal = 3000000;
}

while (1) {
$before = time();
for ($i = 0; $i < $goal; $i ++) {
$x = 0.000001;
$y = sin($x);
$y = $y + 0.00001;
}
$y += 0.01;
print "I did three million sines in ", time() - $before, " seconds!\n";
}

 cpubusy.vbs

Dim goal
Dim before

© 2010 VMware, Inc. All rights reserved.

Page of
 Dim x
Dim y
Dim i

goal = 2181818

Do While True
before = Timer
For i = 0 to goal
x = 0.000001
y = sin(x)
y = y + 0.00001
Next
y = y + 0.01
WScript.Echo "I did three million sines in " & Int(Timer - before + 0.5) & "
seconds!"
Loop

ESX/ESXi Advanced Memory Management

What techniques does ESX/ESXi use to manage memory?
 ESX/ESXi uses 3 techniques for advanced memory management in the following order:
o Automatic page sharing. ESX/ESXi by default will attempt to collapse identical
pages of read-only memory into a single copy shared by multiple VMs. This can
happen when running VMs with identical operating systems. (This can be turned
off per VM by going into Edit Settings… -> Options -> Advanced -> General ->
Configuration Parameters… and adding a row for sched.mem.pshare.enable =
false. Some customers have reported memory savings averaging up to 25%.
o Ballooning. During memory contention a host will utilize a memory balloon driver
within VMware Tools to reallocate physical memory between 2 VMs—ESX/ESXi
will “inflate” the memory balloon driver in one or more VMs’ Guests causing them
to release physical memory by invoking Guest OS-controlled disk-paging
mechanisms. This physical memory is reclaimed and granted to other higher
priority VMs.
o VMkernel swap to disk. Only used as a last resort, ESX/ESXi will use a memory
swap file per VM if the host is not able to provide enough physical memory to the
VM after the other techniques have been exhausted. This can be caused by a
lack of physical memory available on the host or if the VM cannot secure enough
memory because it needs more than its exclusive amount (reservation amount)
and cannot obtain additional physical memory that it shares with other VMs (the
difference between the VM’s memory limit and its reservation). The size of the
swap file can be up to the difference of the configured memory size for the VM
and the memory reservation. (As a best practice, VM swap files should not be
placed on NFS datastores. The latency can be sufficient to cause performance
problems for the VM. The default location can be changed by going into Edit
Settings…-> Options -> Advanced -> Swapfile Location and selecting default to
cluster/host settings, always store with the VM, or store in the host’s swapfile
datastore.)
o Windows Guests may not need large page files because the VM can have
access to more memory, compared to a similar Windows installation running on a
physical counterpart.

© 2010 VMware, Inc. All rights reserved.

Page of
 o A good analogy to use is a traffic light—green, yellow, red. Automatic page
sharing is normal (green), ballooning is a warning sign (yellow), and swap to disk
is taxing because there is insufficient memory (red).
o Available memory for guests is important—often the first bottleneck is memory,
followed by CPU and network constraints.

Resource Management
What is the concept of shares?
 Think of resource shares like shares in a company. The more shares you have, the more
control you have over the company. Lets pretend we have an imaginary company with
three shareholders, A, B, and C. Lets say they each start with 1000 shares of stock, for a
total of 3000 shares.
A: 1000 (33.3% of total)
B: 1000 (33.3% of total)
C: 1000 (33.3% of total)
Total: 3000
Each shareholder has an equal stake and equal power within the company. Now, lets
say shareholder A wants to get more control over the company. Therefore, he buys
another 1000 shares. Now, let’s look at the totals:
A: 2000 (50% of total)
B: 1000 (25% of total)
C: 1000 (25% of total)
Total: 4000
As we can see, shareholder A now holds 50% of the total shares. He has more “relative
weight” than the other shareholders, and thus has greater priority over them in times of
need, i.e. during resource contention.
 Shares default to Normal. The settings are:
o High. (twice as much as normal)
 2000 shares per virtual CPU
 20 shares per MB of virtual RAM
o Normal.
 1000 shares per virtual CPU
 10 shares per MB of virtual RAM
o Low. (half as much as normal)
 500 shares per virtual CPU
 5 shares per MB of virtual RAM
o Custom.
 Specify a custom value.
 Shares only come into play during times of resource contention. If there is no resource
contention, each virtual machine can take whatever it needs (up to the limits assigned for
that VM).

What are reservations?

 Reservations are guaranteed minimums for a virtual machine. When powering on a VM,
if its reservation for CPU and memory are not available at the time of powering on, an
Insufficient Resources error is given, and the VM is not allowed to power on. This is
known as admission control policy.

© 2010 VMware, Inc. All rights reserved.

Page of
  Reservations and limits are expressed in absolute terms—MHz for CPU and MB for
memory. The default value is 0.
 A host can allocate more than the reservation amount to a VM, but never more than the
limit. The default value is unlimited. Setting limits may be helpful to curb the appetites of
resource-hungry VMs and cap Service Level Agreements. However, setting limits can be
detrimental if there are underutilized resources available.
 A way to think about how reservations and limits relate to each other is:
o a reservation is exclusive resources to a VM. A VM will not power on if it cannot
its reservation, and will never give it up once powered on.
o a limit is the maximum a VM could ever have access to
o the difference between the reservation and limit is what the VM has to compete
with other VMs (and resource pools). Competition is done via shares. The VM
swap file is used to cover the spread between the reservation and limit since
anything between the reservation and limit is not guaranteed.
 Reservations for a resource pool can be expandable, meaning that if a pool hits its
reservation, it can try to reserve more (“borrow”) resources from a parent, so long as they
are available. Doing so will take away available resources for use or reservation by the
parent or other entities. The total reservation, however, can never exceed the limit of the
resource pool regardless of how much resources are available to the parent. If the
reservation is not expandable, this is not to say that the resource pool could not
temporarily use resources from the parent (up to the limit of the resource pool); it just
cannot reserve the resources from the parent, and this is checked whenever you need to
power on a VM.
 Resource pools with expandable reservations have reservations that can grow, meaning
the reservation can expand up to the limit defined. Resource pools without expandable
reservations have fixed reservations, meaning the reservation is set and can never
increase.
 An analogy to explain reservations and expandable reservations can be used to that of a
dinner reservation. For example, suppose we have reserved a table for 6 at a restaurant,
but we arrived with 8 people (a couple of last minute additions). Think of each person as
a VM trying to power on—you’re allowed to sit down only if you have a reservation. To
seat the additional 2 people, we have to hope that the restaurant (the parent) happens to
have some open seats not already claimed by other reservations that we could borrow.
Doing so takes away from those resources in the parent should any new reservations be
requested.
 Resource pools can be nested into parent and child resource pools. Hosts and clusters
are implicit resource pools and serve as parents to their resource pools.
 When creating a resource pool, reservations, limits, and shares available are
configurable based on the resources of the host, cluster, or parent resource pool.
 The System Resource Allocation settings in each host’s Configuration tab allows
resource pools to be defined specifically for the host.

VMware HA
Are there any problems with mixing ESX and ESXi hosts in a VMware HA cluster?
 Possibly. When adding both ESX and ESXi hosts to a VMware HA cluster, the
configuration wizard will attempt to ensure that all hosts have compatible networks. The
first host in the cluster is used to compare subsequent hosts, and any hosts with more or
fewer networks than the first host’s may be considered incompatible. Because ESXi
hosts lack a service console network, such hosts will likely have fewer networks than
comparable ESX hosts. A workaround is to use the das.allowNetwork[…] advanced
options to specify which networks are to be used by the cluster. Using a vNetwork
Distributed Switch (dvSwitch) instead of vSwitches will avoid this issue.

© 2010 VMware, Inc. All rights reserved.

Page of
 It is possible to mix ESX/ESXi 3.5 and ESX/ESXi 4.0 hosts in a cluster, as the VMFS
levels are compatible. However, problems may occur if VM hardware levels are not the
same (hardware level 7 requires at least ESX/ESXi 4.0). As a best practice, create
clusters that are homogeneous by ESX/ESXi major version number.

How does VM monitoring with VMware HA work?

 If you select Enable VM Monitoring, VM Monitoring uses VMware Tools (make sure to
use the latest version with ESX/ESXi 4.0, as the previous one for ESX/ESXi 3.x was
experimentally supported with HA) to evaluate whether each VM in the cluster is running
by checking for regular heartbeats from the guest OS. If the VM monitoring service does
not receives heartbeats, this is most likely because the guest OS has failed or VMware
Tools is not being allocated any time to complete tasks, in which case, the VM monitoring
service concludes that the VM has failed and automatically restarts the VM.
 You can configure the level of monitoring sensitivity. Highly sensitive monitoring results
in a more rapid conclusion that a failure has occurred. While unlikely, highly sensitive
monitoring may lead to falsely identifying failures when the host in question is actually still
working, but heartbeats have not been received due to factors such as resource
constraints or network latency. Low sensitivity monitoring results in longer interruptions
in service between actual failures and VMs being restarted. To avoid restarting VMs
repeatedly for nontransient errors, VMs will be restarted only three times during a certain
configurable time interval.
 Three preconfigured monitoring sensitivity levels are:
o Low. Restart VM if no heartbeat detected within a 2 minute interval. Restart VM
after each of the first 3 failures every 7 days.
o Medium. Restart VM if no heartbeat detected within a 60 second interval.
Restart VM after each of the first 3 failures every 24 hours.
o High. Restart VM if no heartbeat detected within a 30 second interval. Restart
VM after each of the first 3 failures every hour.
 A custom monitoring sensitivity level can be created with the following parameters:
o Failure Interval (in seconds)
o Minimum Uptime (in seconds)
o Maximum Per-VM Resets (number)
o Maximum Resets Time Window (none or time interval in hours)
 VM monitoring can be overridden or disabled for specific VMs within a VMware HA
cluster.
 If a VM is declared dead and the host it is running on is still alive, VMware HA will attempt
to restart that VM on the same host.

What happens if a host becomes isolated?

 In the event that a host loses contact from the other cluster hosts, the host is considered
“isolated”. In such situations, the host will attempt to attribute the loss in network
connectivity to either the failure of the host’s own service console/host management
connection or the failure of the other hosts. The attempt to diagnose is done by the
host’s pinging an isolation verification address. VMware HA will deem the host isolated
rather than assume the host crashed (and restart VMs accordingly) if the host can ping a
node isolation verification address, the default being the default gateway for the service
console/management interface of that host (can be reconfigured, but this applies to all
hosts within the cluster). VMware HA will wait 15 seconds before concluding that a host
is isolated. If a host is isolated, the VMs on that host can be preconfigured to either be
powered off automatically by VMware HA (default, no shutdown of Guest OS), left
powered on, or use cluster settings.

What are the states for an HA cluster?

 Green. The cluster is valid. There is sufficient capacity among all hosts to facilitate
failover.

© 2010 VMware, Inc. All rights reserved.

Page of
  Red. The cluster is inconsistent and does not have enough resources available. This
can happen if a host(s) fails and the remaining failover hosts have insufficient capacity to
complete the failover, or in the case where a host was directly configured, not through
vCenter.

What do “disable host monitoring” and “disable VM monitoring do”?

 These options disable VMware HA for hosts and VMs respectively. Selecting one does
not affect the other.

If a host running VMs protected by both HA and FT fails, what is the startup priority for VMs?
 HA will restart VMs based on HA’s startup priority.
 Starting up secondary FT VMs will not have a higher priority than VMs not protected by
FT.

VMware FT
What are the requirements for VMware FT?
 Hosts and clusters:
o Primary and secondary hosts must have the same build number (hostd build
number) and same patches.
o Fault tolerant VMs must run on ESX/ESXi hosts in a VMware HA cluster. This
ensures that if a primary host or secondary host fails for a fault tolerant VM, an
additional host can be leveraged to ensure that a primary and secondary host
pairing can be maintained.
o Primary and secondary ESX/ESXi hosts must be in the same CPU model family.
For best results, use CPUs with the same stepping level to ensure the greatest
compatibility/homogeneity and therefore greatest capacity for lock-stepped VMs.
o VMware FT uses VMware DRS anti-affinity rules by default to ensure that a
primary VM and its companion secondary VM do not run on the same host. It is
possible to configure a fault-tolerant lock-stepped VM on the same host, but
doing so negates the benefits of protection from host failure.
o Host certificate checking must be enabled on all hosts.
o Hardware virtualization (HV) must be turned on in the BIOS of the hosts.
o DPM will not power off hosts running FT-protected VMs, since DRS is disabled
and therefore DRS cannot VMotion FT-protected VMs off a host.
 Storage
o Fault-tolerant VMs must be on shared storage. VMFS on FC and iSCSI SAN is
recommended. NFS, while supported, is not recommended. If NFS must be
used, storage timeouts may need to be increased, and dedicated NICs on the
ESX/ESXi hosts for the NFS configuration may be needed to ensure that a
secondary VM can remain in lockstep with a primary VM within a timely fashion.
o Virtual disks of fault-tolerant VMs in VMFS must be in eagerzeroedthick format
(pre-allocated and all data is zeroed out at time of creation). VMs provisioned in
other formats—thin (not pre-allocated), 2gbsparse (thin disk with 2GB maximum
extent size), zeroedthick (“lazy zeroed” thick, pre-allocated but data zeroed out
later as the VM reads/writes to the disk), or thick (pre-allocated but data is never
zeroed out) will be converted, and must be powered off to have their disks.
o RDMs are supported, but only in virtual compatibility mode.
 Networking
o At least 2 dedicated Gigabit NICs for VMware FT are required. One dedicated
for FT logging and one dedicated for VMotion. Both need to be on different
subnets. This is on top of network traffic for the VM itself.

© 2010 VMware, Inc. All rights reserved.

Page of
 o For a best practices implementation, make sure to have redundancy in the
networks for FT logging and VMotion. This may necessitate more NIC ports.
o For better performance, use 10 Gigabit NICs and enable Jumbo Frames.
o Sub-millisecond latency for FT logging is needed. (Check vmkping.)
o vSwitch settings must be uniform. Using vDS is recommended.
 VMs
o Must be single vCPU (no Virtual SMP)
o Have no VM snapshots (therefore VMware FT protected VMs cannot be backed
up with VCB)
o Is not a template
o Cannot be clustered using MSCS
o Cannot be running paravirtualized guest
o Cannot reside on a host in maintenance mode or standby mode
o Cannot be in the middle of a record/play operation
o Cannot have VMDirectPath I/O configured
o VCB and Data Recovery are not supported since there is no way to snapshot FT-
protected VMs.

Is there a VMware KB article on what processors and guest OSes are supported for VMware
FT?
 See VMware KB article 1008027.

What are best practices for VMware FT?

 Run no more than 4 to 8 primary or secondary fault tolerant VMs on the same host.
 Place ISOs on shared storage so that they can be accessed by both primary and
secondary fault tolerant VMs. It is possible to have a primary VM use an ISO not
accessible by the secondary VM, but ensure such media is not critical.
 Disable power management in the BIOS of an ESX/ESXi host. If a host enters a lower-
performance, power-saving mode, there may be insufficient CPU resources for a
secondary VM to complete all tasks in a timely fashion to remain in lockstep with the
primary VM.
 Do not attempt to configure a second VMware FT pair of VMs to use the same virtual disk
files as the first pair. Ordinarily, VMDK file locking prevents multiple VMs from accessing
the same VDMK file; however, such file locking does not happen when VMware FT is
enabled.
 Use vDS since it is easier to ensure that the virtual network switch settings are uniform.
 Distribute primary VMs across multiple hosts, since FT logging traffic is asymmetric from
primary hosts to secondary hosts.

What features are lost when a VM is protected using VMware FT?

 Hot-plug support for virtual devices, CPU, and RAM.
 VMware DRS. A VMware FT VM will not be automatically placed nor moved by VMware
DRS.
 Storage VMotion. A VMware FT VM cannot be relocated live.
 N_Port ID Virtualization (NPIV).
 VMDirectPath I/O for networking I/O devices (NIC passthrough).
 Virtual USB devices.
 Virtual floppy mapped to physical floppy (not flp image)
 Vlance legacy virtual NIC.
 Taking VM snapshots.
 Nested Page Tables (NPT) for AMD and Extended Page Tables (EPT) for Intel hardware
virtualization assist are automatically disabled for the VM.

Is VMware FT application-aware?

© 2010 VMware, Inc. All rights reserved.

Page of
  No. VMware FT functions only at the VM level. Application failures cannot trigger a
failover.

What uses cases are ideal for VMware FT?

 A VM running an application that must be available at all times.
 When MSCS cannot be configured (e.g. no FC SAN) and VMware HA is not good
enough.
 When MSCS is cost-prohibitive and VMware HA is not good enough.

How do you patch ESX/ESXi hosts running FT VMs?

 Since hosts running FT-protected VMs are required to all be at the same build and patch
level, updating these hosts requires a slightly different process. For a cluster with a
minimum of 4 hosts, the following process ensures minimal downtime:
o Migrate FT-protected VMs and consolidate them down to 2 hosts.
o Upgrade the remaining 2 hosts.
o Disable FT, migrate the VMs to the upgraded hosts, and enable FT. VMs are
briefly unprotected during this time.
o The shadow VMs will automatically be created and placed on the new hosts with
the new builds.
o Upgrade the remaining 2 hosts.
 For a cluster with fewer than 4 hosts, this will require more FT downtime.
o Disable FT.
o Update all hosts.
o Enable FT.

Does FT lose any data when a secondary VM takes over?

 No. FT and vLockstep ensures that all of the necessary ACKs between the primary and
secondary are done to ensure that no data is lost during the failover. FT VMs are
synchronized for all external outputs, and the secondary VM is asynchronized in the
sense it lags slightly behind but only in the receiving of a network packet.

What algorithm is used when starting up a secondary VM for FT in the event of a host failure?
 FT uses the same placement algorithm for starting a secondary VM in the event of a host
failure that HA uses when restarting VMs from a failed host.

Guided Consolidation
What does Guided Consolidation do?
 The Guided Consolidation service allows you to discover existing physical machines on
the Windows network. Their workloads can be analyzed and compared with running
VMs, and the machines can be easily converted into VMs by invoking VMware Converter.

What are the requirements for Guided Consolidation?

 The VMware Capacity Planner service must be configured to run under a user account
with these requirements:
o Domain account
o Administrator privileges on vCenter Server machine
o “Log on as a service” permissions granted (may need to do this manually)


© 2010 VMware, Inc. All rights reserved.

Page of
vSphere Administration
Permissions
Where are accounts for vCenter administered?
 vCenter users come from the local accounts created on the vCenter Server Windows
machine, or from the domain that machine has joined.

How do permissions work in vCenter?

 You apply permissions to objects by selecting an object, right clicking and selecting “Add
Permission”. Permissions are the pairing of a user and a role. A role is a set of one or
more privileges. When assigning a role to a user on an object, you have the option to
propagate the role to child objects of that object, which is by default checked. You can
always override the permissions inherited by propagation later by going into the child
objects. Permissions applied to a sub-object will always override those inherited from
parent objects.
 Permissions are applied to user logins or groups. This is done in a hierarchy. For
example, if a permission is assigned to a user group, all members of the group have the
same permissions.
 Windows group permissions override individual user permissions. If an account has
vCenter administrator privileges and then you add the account to a Windows group that
you previously assigned only VM user privileges, the lower VM user privileges trumps the
higher vCenter administrator privileges because the group level trumps the user level
permissions. The user will lose the higher privileges.
 Privileges are organized by categories and subcategories.
 Permissions are checked at the time the task is to be executed, and improper
permissions prevent the task from being executed or option being allowed in the first
place.
 If a user is not assigned to an object with a specific role, the user cannot see or take
action upon the object.
 When vCenter is installed, a default vCenter Administrator role is assigned to the
Windows user installing the application.

Tasks, Alarms and Monitoring

What are the frequencies of scheduled tasks?
 Once – now or later at a specified time
 After Startup – N minute delay before running the task
 Hourly – NN minutes after the hour, and run every N hours.
 Daily – Start time and run every N days
 Weekly – Run every N week(s), Start time, check all that apply days
 Monthly – Start time, a particular day of the month or the first/second/third/fourth/last
M/T/W/Th/F/S/Su of the month, Interval every N month(s)

How do I minimize false alarms?

 Use the settings to lengthen the duration a condition must be satisfied before an alarm is
to be triggered.

Why should I use vCenter monitoring tools instead of tools inside the Guest OS?
 Tools running within the Guest OS can be inaccurate within VMs because the Guest OS
does not have awareness of the physical hardware clock. Therefore, it is best to use the
performance data collected by vSphere.

© 2010 VMware, Inc. All rights reserved.

Page of
  If using perfmon within the Guest OS, make sure to use VMware Tools to expose the
special CPU and memory statistics to the guest OS that ESX/ESXi sees.
 Tools running within the Guest OS (e.g. perfmon and top) can be inaccurate within VMs
because the Guest OS does not have awareness of the physical hardware clock.
Therefore, it is best to use the performance data collected by vSphere.

What can cause reports not to appear?

 Improper time synchronization. Make sure that time across the VMs, hosts, and vCenter
Server are synchronized. If the clocks across these objects are too far off, you may not
see any performance data.

How can you save data from the Performance overview tab?
 The overview tab shows real-time metrics. Data displayed on the advanced tab provides
an ability to export data to a .CSV format.

Maps
Can maps be exported?
 Maps can be exported as .jpg files. Use the Maps, File -> Export -> Export Maps…

Host Profiles
What licensing is required for Host Profiles?
 vSphere Enterprise Plus.

Can Host Profiles work with ESX/ESXi 3.x hosts?

 No. Only starting with ESX/ESXi 4.0.

Can Host Profiles be used with a cluster running both ESX and ESXi hosts?
 Yes, but remember to use an ESX host and not an ESXi host to create a profile for use.
 In theory, Host Profiles should work with mixed host clusters, as it translates ESX to
ESXi, but be careful as there are enough differences between ESX and ESXi that can
lead you to make self-inflicted errors when applying Host Profiles. The easiest method is
to create clusters that are homogeneous and maintain two different profiles for these two
types of clusters.

Can Host Profiles work when using the Cisco Nexus 1000v?
 No, because Host Profiles was designed with the generic vNetwork Distributed Switch.
The Cisco Nexus 1000v switch gives administrators finer-grained control of the
networking beyond what Host Profiles can apply.

Update Manager
Can the vCenter Update Manager server be installed in a DMZ?
 Yes. Doing so can be practical as the Update Manager server can have internet access
to download updates. However, in such situations installing the Update Manager
Download Service (UMDS) component in the DMZ is preferred, as downloads can be
obtained from the internet and placed on a share accessible to the Update Manager
server without compromising the Update Manager server, which can reside on an internal
network.

© 2010 VMware, Inc. All rights reserved.

Page of
 Are there best practices for configuring Update Manager depending on the number of VMs
and hosts to be regularly updated?
 Separate the Update Manager database from the vCenter Server database when you
have over 300 VMs or 30 hosts.
 Separate the Update Manager Server and the Update Manager database from the
vCenter Server and vCenter Server database when you have over 1000 VMs or 100
hosts.
 Ensure the Update Manager Server system has at least 2GB RAM to cache patch files in
memory.
 Allocate separate physical disks for the VUM patch store and VUM database.
 If VUM Server resources are constrained, or if more concurrent VM scans are needed,
powered-on VM scans are preferred. Powered-on VMs are less sensitive to network
latency.
 For compliance view of all attached baselines, the amount of time needed to run updates
increases linearly with the number of attached baselines. Remove unused baselines for
optimal performance especially when the inventory size is relatively large.
 Multiple vCPUs for a VM do not increase performance because the VUM Guest Agent is
single-threaded.
 When updating VMs, configure each VM with at least 1GB RAM so that large patch files
can fit in the system cache.
 Deploy the VUM Servers as close to the ESX/ESXi hosts as possible to minimize network
latency and dropped packets.
 For high network latency environments, check if the VUM Server has on-access virus
scanning and if so, exclude the mounted disk from the scans.

Are there guidelines on how large to size the Update Manager database?
 A sizing estimator can be found on VMware.com on the Update Manager documentation
page, or directly at:
http://www.vmware.com/support/vsphere4/doc/vsp_vum_40_sizing_estimator.xls.

Can Update Manager be used to update FT-protected VMs?

 Yes. But Update Manager will temporarily disable all FT-protected VMs in a cluster while
patching hosts. This is because Update Manager is not aware of what patches may
affect FT compatibility.
 Hosts for FT must be on the same patch level.

Converter-P2V Jumpstart Overview

Jumpstart Objectives
Is the objective of this service to convert physical machines running in production?
 No, the service is intended to show a customer the process, mechanics, and issues. As
part of the service, several test conversions are performed to give the customer an idea
of what is involved.
 If the customer wants a service to actually perform migrations, this will typically involve a
custom service.
 If the customer has a large number of servers to be migrated, consider a P2V Accelerator
service. This service focuses on the coordination and process considerations that can
drag during a large-scale migration effort.

Is it a bad thing to run into a lot of problems during the test conversions?

© 2010 VMware, Inc. All rights reserved.

Page of
  No, as this is a period of discovery and problems uncovered during the PoC can be
addressed prior to the actual migrations.

Converter Overview
Converter Functionality
What does Converter do?
 Converter is really three products in one.
o Conversion of powered on machines. These can be physical or virtual machines.
o VM import. These must be powered off virtual machines.
o Third-party system image import. These must be supported files.

What is the difference between Converter Standalone and Converter integrated with
vCenter?
 As of vCenter Server 4.0, the plug-in for Converter is older than the Converter
Standalone 4.0.x and based on the Converter 3.0.x standalone. A future version will
likely get these to parity.
 The integrated version for vCenter supports scheduling of tasks.

P2V
What are the mechanics of P2V?
 P2V allows us to move a physical machine into a VMware environment. Since there is
no way to “move” a physical machine into the virtual world per se, the process is similar
to taking a backup of a server and restoring the backup onto another server.
 For example, what if we took a backup of an IBM server and tried restoring that onto an
HP or Dell server? Has anyone tried that? Obviously it would not boot up properly
because the backup image is referencing the old hardware—in particular the SCSI and
network adapters. The same issues come up when attempting to restore onto a VMware
VM. We have VMware’s brand of virtual hardware, namely the SCSI (BusLogic or LSI
Logic) and network (AMD PCI or VMware Accelerated PCI) adapters and drivers.
 When we perform P2V, we generally try to recreate the physical machine in its entirety as
a virtual machine. Microsoft Sysprep can be used in conjunction with P2V, although this
use is not typical. Sysprep would be used in situations where the original server and
migrated server co-exist on the same network. Typically, P2V involves decommissioning
the original server.
 The P2V’ed VM is nearly identical to the original physical machine. Two notable
exceptions of items not always preserved are:
o Network configurations. This is because the network information (IP address
information, etc.) is associated with a physical card which we disable, as we are
adding a new virtual NIC that is configured with new networking information.
This is no different than replacing an existing NIC with a new one on a physical
machine.
o Drive letter mappings. This is a function of the imaging application, and some
older applications may possibly remap drive letters, which could potentially
impact applications that reference hard-coded drives (e.g. Citrix). We may need
to go back and fix the drive mappings.

Why is P2V useful?

© 2010 VMware, Inc. All rights reserved.

Page of
  Server consolidation is perhaps the primary reason for P2V. You have old machines that
are taking up space and using power inefficiently. Or maybe the servers are so old they
are off warranty and you worry that they could experience a catastrophic failure at any
time.
 Or maybe you have an application workload on a physical server that you aren’t sure will
work well as a virtual workload, and you want to do a proof-of-concept test. Or maybe
you have some application updates you need to make and are worried about the impact
and want to test this first before applying them on the physical machine. You could P2V
the physical machine and conduct the tests in the parallel VM.
 The reason that P2V can be used as a test of how well a physical server may run in a VM
environment is that we utilize a process that is non-destructive to the original server to be
migrated.
 A potential disaster recovery scenario involves having images on standby to migrate and
fire up as VMs. VMware Converter will need to be used to make the images bootable as
VMs. Obviously the cutover would not be instantaneous, and the customer would want to
look into ways to minimize the transfer times, which may mean utilizing backup/recovery
applications.
 Why would we want to use P2V instead of recreating a server from scratch? General
rule of thumb—if you can rebuild a server from scratch, it may be better since you get a
cleaner machine. However, you may not always have the option to rebuild. What if the
original person who created the server is no longer at your company? What if the original
installation media is missing? What if the server has had so many configuration
modifications that any changes could break it? More often than not, P2V involves
migrating a very fragile “stack of Jenga” where the slightest change can break things.

How can P2V be done for OSes that are not supported by Converter?
 You can try a manual method using a combination of a cloning tool (e.g. Ghost) and
manually correcting the new VM’s boot files. The way to do this is to peer into the new
VM’s unbootable disk by mounting it from a Helper VM that has the same OS installed in
the guest from scratch. You can manually copy over needed driver files to the new VM.
This technique can be used for OSes such as Novell Netware and Windows 9x.

Can Converter be used to convert machines clustered with MSCS?

 Yes. See VMware KB article 1002661.
 However, as an alternative, consider FT and HA as replacements for MSCS.

Does Converter provide the option for disk alignment when it creates a new VM’s vmdk files?
 No.

Conversion Steps
What happens during conversion?
 The first step is to clone the source machine’s disk(s), create a new VM with empty virtual
disk(s), and copy the contents into new VMware virtual disk(s). The second step is to
reconfigure the virtual disk containing the OS system to make it bootable, if necessary.
 These two steps—clone and reconfigure, are automatically done sequentially, when
selecting “Import machine” from the Converter UI. We make a distinction here because it
is possible to use your own third-party imaging application to clone the source machine’s
disk(s), create a new VM, and restore the image onto the new VM’s blank virtual disk(s).
Doing so will not result in a bootable VM, and will require running the Reconfigure option
from within VMware Converter, which can be run separately from the Import Machine
step.

© 2010 VMware, Inc. All rights reserved.

Page of
  The second step, reconfigure, involves updating the system’s registry and drivers to
make the resulting VM bootable. This step is performed only on the system drive in the
SYSTEM32\config (system and software) and SYSTEM32\drivers directories of
WINDOWS or WINNT directories (typically C drive). Without this step, all we have is a
clone of the source machine’s disk(s). The new virtual disk will not be bootable if the
source machine was a physical machine. For Linux systems, a similar step is done in
laying down the file copy of the source machine’s disk into the new virtual disk to fix the
boot images.
 Normally conversion assumes we create a machine that is identical from the original.
Converter has the option to slip in guest customization to ensure the new VM is unique.

Can P2V be done without using Converter?

 There are other products on the market that support P2V. Converter is free.
 If you use a product that simply clones, you will need to run Converter’s reconfigure step
afterwards to make the new VM bootable.

If Converter is used to create a VM on ESX/ESXi 4, will a choice in hardware version be

given?
 No. VMs are created in hardware version 7.

Cloning Options
When would it be ideal to use hot vs. cold cloning for converting a physical machine?
 Hot cloning is the default option. As long as you can connect to your powered-on
machine over the network, you do not need to worry about disk driver issues.
 Hot cloning involves installing and running a Converter agent. If the machine has been
hardened, proper installation of the agent may fail. In this case, it may be easier to boot
up the machine using the cold clone boot CD.
 The cold clone boot CD is available only to vCenter Server customers as a separate
download. Converter Standalone, which is free, does not come with the cold clone boot
CD.
 The cold clone boot CD boots up using WinPE and does not leave a software footprint on
the machine to be converted. This may be useful in situations where a customer is
concerned about modifying the machine to be converted.

What is the method used for copying during cloning?

 For Windows conversions, the default is block-level. However, if the volume sizes are
changed to be smaller, then the method used becomes file-level. Block-level copying is
still used if you choose a larger size than the original volume sizes. Converter’s block
level copying will be faster than file level copying, but not by an order of magnitude.
 For Linux conversions, the method is always file-level.

P2V Motion
How does P2V Motion work?
 During conversion of a Windows machine, we take a disk snapshot that is point in time,
and spend the rest of the time copying the disk snapshot. For a typical system, this can
take several hours. If the machine is still powered-on, any transactions that occur will not
be reflected in the new VM being created.
 P2V Motion involves using the Synchronize option within Converter 4 Standalone.
Selecting this option invokes a synchronization step immediately after the cloning is
finished. The synchronize step takes minutes. Used in conjunction with the services
© 2010 VMware, Inc. All rights reserved.
Page of
 configuration, you can disable any services on the source machine prior to the
synchronize step to keep application users off. This effectively reduces the downtime
and lost transactions window down from hours to a few minutes.
 The synchronize step requires block-level cloning. Therefore, you cannot resize your
volume sizes.
 As of Converter Standalone 4.0.x, the synchronize step runs immediately after the clone
completes and cannot be scheduled.
 Some customers may not opt for P2V Motion with immediate cutover of a physical
system to virtual because it does not give them a window to properly test and validate the
new P2V’ed VM prior to cutting over. In these cases, they will typically choose to keep
the source machine running and place the new VM on a private network for user
validation before cutting over.

How does Converter stop the services on the source machine?

 Converter uses the account used to connect to the source machine. If the account has
insufficient privileges, the service may not be stopped.
 Converter will attempt to stop a service. This attempt is done without regard to
dependent services. If this attempt fails, the entire task fails.

Are there limits for the number of concurrent tasks in Converter 4?

 Up to 16 concurrent tasks.

Is it a good idea to select the “minimum size” option for new virtual disks when converting
machines?
 Using this option takes the actual disk used and adds 10% for free space.
 For most typical Windows machines, a 20% buffer of free space is ideal to avoid
performance issues.

Converter Architecture
Live Windows
Does it matter where you install Converter?
 The integrated vCenter plug-in is intended to be run from a single central location.
 For large-scale conversions, it may be advantageous to install multiple instances of
Converter Standalone to increase throughput.
 You do not need to install Converter on a machine to convert it. You can access it
remotely.
 It may be easiest to install Converter Standalone in a VM when provisioning multiple
instances.

Live Linux
How do Live Linux conversions work?
 vCenter creates a new VM on the ESX/ESXi host and boots up the VM using a built-in
ISO containing Linux. The bootstrapped VM formats the new Linux VM and then makes
contact with the machine to be converted and TARs and copies the file system over.

© 2010 VMware, Inc. All rights reserved.

Page of
 VM Import
Does it matter what where you install Converter for VM imports?
 Yes. VM imports relies on system files where Converter is installed. This is different
than live cloning where an agent is pushed to the machine to be converted.
Consequently, if you are converting Windows VMs, you should install Converter on
Windows and not Linux to avoid potential problems involving missing files that are
needed.

Does Converter 4 support importing Hyper-V or XenServer VMs?

 No, their file formats cannot be directly imported. You must import them as if they are
powered-on machines.
 XenServer VMs can be converted so long as the guests are not paravirtualized.

Does traffic flow directly from the VM to the destination when using a VM import?
 No, not if the VM is powered off. VM file copy traffic goes through the Converter server.
If the VM is powered on, data copying traffic does flow directly from the VM to the
destination, as this is considered a live clone.

Cold Clone
Where can peTool be found?
 peTool can be found in the Converter installation directory.
 Run peTool to inject drivers into a Converter cold clone boot CD ISO. Then burn a new
CD-ROM to use.

Converter Usage
Conversion Checklist
What are the most common issues with setting up a Converter environment for Windows
machines?
 Required network ports not open.
 Required Windows services on the machine to be converted are not running.

Are conversions over a WAN supported?

 No. Windows conversions rely on Windows network protocols which are susceptible to
problems over unreliable networks. In such environments, it is best to convert a machine
to Workstation format and find another way to transfer the VM files to the remote
datacenter.

What happens if you do not have sufficient permissions?

 Without sufficient privileges, the agent may not install properly or the services run
properly.
 If domain credentials are not cached, you will not be able to log into the new VM the first
time, since there is no network adapter working. You will need to log in locally to have
the virtual adapter detected and configure it.

What are common network problems?

© 2010 VMware, Inc. All rights reserved.

Page of
 If network ports cannot be opened, you may have to go to the machine directly
(standalone or cold clone) and create a standalone VM and files to manually carry over
and import later into your VMware Infrastructure.
 An incorrect network duplex can slow down the cloning process. If the copying
throughput is slow, check with the network administrators to see if the duplex can be
changed at the switch and restart the process. Another workaround can be connecting a
cross-over cable between the source machine and the Converter machine to by-pass
switches.
 Refer to VMware KB article 1004615 for more tips on network troubleshooting.

What are common source machine requirements?

 At least one NTFS source is required. Therefore, a Windows system with just FAT32
cannot be converted.
 Software-implemented mirroring may cause problems for Converter to properly detect the
OS. Break the mirror before converting. Hardware mirroring (e.g. RAID) is OK.
 Make sure to verify that the source machine rebooted for NT 4.0 and 2000 after the agent
is installed. Sometimes this does not happen.
 If performing a cold clone, make sure that both the CD-ROM drive and the CD-ROM
media are working.
 If performing a cold clone, if the source machine has multiple NIC ports but not all are
plugged in, you may need to perform some trial and error to establish a proper network
connection since the Boot CD may ask you to select the proper adapter before
attempting to detect a link. Generally, the onboard NIC is the default adapter to select.

What are cloning considerations to remember?

 Volume-based cloning goes to by file if the volume/disk size is made smaller and can
take longer. Making the volume larger than it was does not change block-level cloning.
 Sometimes anti-virus programs can interfere with cloning, especially with file-based
cloning.
 Remember that during a hot clone, any activity occurring after the initial disk snapshot is
taken will not be captured unless synchronize is invoked. It is a good idea to ensure that
users stay off the source system to avoid losing any potential transactions during the
P2V.

What are common destination machine requirements to consider?

 The VMFS block size setting affects the largest file a .vmdk can be. Therefore, it can
appear that the VMFS volume has sufficient space when in fact it cannot hold a very
large .vmdk file.

What are some clean-up steps?

 The goal of clean-up is to get the VM to a state similar to the original machine. This will
involve setting the new network adapter typically to the same values as the original’s,
which is archived. You may receive a Windows error stating that an IP address belongs
to another adapter but not see the adapter in the Device Manager. This is OK, but if you
want to remove the archive adapter, to find the hidden network device, go to a cmd
window and type:
o set devmgr_show_nonpresent_devices=1
o devmgmt.msc
and then select View > Show Hidden Devices
 Technically, there is nothing wrong with leaving the old hidden adapter, since it can never
be used in a VM.
 The MAC address can change. Licensing tied to MAC addresses will need to be
reregistered. You can try to spoof the MAC address as a temporary workaround, but this
requires enabling vSwitch security options to support this.

© 2010 VMware, Inc. All rights reserved.

Page of
  Agents and services that are hardware-specific will fail. Most people prefer to disable
these. Some people prefer to uninstall these altogether to make a clean VM, but realize
that sometimes uninstalling software may have unintentional consequences of affecting
and breaking other software (e.g. dependent DLLs).
 Having a “Helper VM” is useful because it allows you to mount a non-bootable VM’s disks
and peer inside. Often the culprit may be an incorrect boot.ini or a driver .sys file
interfering with bootup.

Will how fragmented a file system impact how fast Converter clones a system?
 No. The speed of cloning is largely dependent on the network speed and latency, and
speed of writing on the destination.

vSphere Upgrade Project Kickoff

Upgrade Engagement Scope
How does an Upgrade engagement differ from a vSphere Jumpstart?
 An upgrade engagement focuses on proper planning and execution of a successful
upgrade/migration from VI3 to vSphere 4.
 A vSphere 4 Jumpstart for existing customers simply introduces what’s new and different
between VI3 and vSphere 4 and gets a PoC installation up for a guided tour. A vSphere
Jumpstart is a good introduction to an upgrade engagement.

What are the major steps of an upgrade project?

 First to achieve parity. This will involve upgrading vCenter Server and ESX/ESXi hosts
but keeping VMs running in legacy mode.
 Next is to upgrade VMs.
 Lastly, we want to take advantage of new vSphere features.

What are some decisions to make with upgrade planninig?

 In-place upgrades of existing hosts vs. new fresh installs and migrating VMs. The latter
is safer and less disruptive, but requires more hardware.
 Steps to validate success. This will involve identifying the right people and processes to
test upgraded components.

vSphere Upgrade Overview

ESX/ESXi Upgrade
Can ESX or ESXi be installed using vCenter Update Manager or the Host Update Utility on
bare metal?
 No. vCenter Update Manager can perform an upgrade of ESX or ESXi for an existing
installation only. An installation cannot be performed using vCenter Update Manager on
a host that does not already have an installation.

How do I upgrade an ESX 3.x host that does not have network access?
 Since both the Host Update Utility and VUM require network access, see VMware KB
article 1009440 for guidance on performing an offline host upgrade. Also note that the
CD-ROM device must be IDE—see VMware KB article 1009509.

© 2010 VMware, Inc. All rights reserved.

Page of
vSphere Client
Can a vSphere 4 Client connect directly to an older ESX/ESXi 3.x host or vCenter Server
2.x?
 Yes. vSphere Client will prompt to download additional client files from the ESX/ESXi
host or vCenter Server 2.x if this is the first time a connection to an older host/server is
established.

What’s Different – Licenses

How has licensing changed with ESX 4 and vCenter 4?
 License keys (25-character codes) replace license files.
 No license server is needed, unless legacy ESX/ESXi 3.x hosts are still being managed.
 vSphere is licensed per CPU. The previous VMware Infrastructure was licensed per 2-
CPUs.

Do ESX/ESXi 4.0 and vCenter 4.0 use a license server?

 No. But vCenter managing ESX/ESXi 3.x hosts requires a license server because the
ESX/ESXi 3.x hosts require one.
 It may be a good idea to keep the existing license server associated with a vCenter 2.x
system running, as you might need to add additional ESX/ESXi 3.x hosts in the future.

What’s Different – ESX

What are the default partition sizes for ESX 3 and ESX 4?
Partition ESX 3 ESX 4
1100M
/boot 100MB Physical partition
B
Linux
544MB 600MB Now in esxconsole.vmdk
swap
/ 5GB 5GB Now in esxconsole.vmdk

vmkcore 100MB 100MB Physical partition

/var/log 2GB 2GB Now in esxconsole.vmdk

Why did the default /boot partition size increase from ESX 3 to ESX 4 from 100MB to
1100MB?
 The additional space is not necessary, as upgrading from ESX 3 will preserve the default
100MB size of /boot and will work if there is at least 46MB free space. The 1100MB size
applies to only fresh installations of ESX 4.
 The additional space is being reserved to allow for possible upgrades from ESX to ESXi
in the future.

What improvements have been made with rescanning for storage?

© 2010 VMware, Inc. All rights reserved.

Page of
  The mounting of array-based LUN snapshots (and array-based LUN clones) now occurs
easily and in well-managed way with ESX/ESXi 4.0. Now, such LUNs are automatically
discovered after a storage "rescan" and single snapshots (or single clones) may be
selected for mounting and use by the host.
 In order to mount a snapshot (clone), however, it must be writeable; specifically, VMFS
needs to write a new unique identifier, or a new "VMFS volume signature", to the
snapshot or clone in order to safely mount it in the same farm as the original LUN. For
disaster recovery scenarios, in which the replicated volume is not in the same farm, LUNs
can be mounted without writing a new signature.

Is the installer for ESX 4 the same as ESX 3?

 No. The installer for ESX 4 was based on the RHEL-derived Anaconda installer. For
ESX 4, a custom installer codenamed “weasel” is used to minimize the bloat of the
installer and reflect that ESX 4 has become less Linux-centric.
 The new installer no longer supports a boot.iso image (anaconda) for scripted
installations. You still can boot from CD or PXE (which requires tftp).

What’s Different – vCenter

Is Guided Consolidation silently and automatically installed when installing vCenter Server?
 No. With vCenter Server 4.0, Guided Consolidation Service is a formal extension that
can be installed optionally. Guided Consolidation can also be installed on a separate
system from the vCenter Server system to offload the tasks related to scanning and
assessing the infrastructure for physical machine consolidation opportunities.

Can optional vCenter Server extensions be installed at the same time as vCenter Server?
 No. With vCenter Server 4.0, the vCenter autorun installation menu only allows one
installation option at a time. To install multiple extensions, the installer must be run
multiple times, one time for each option chosen.

Are optional vCenter Server extensions always installed in the same location as the vCenter
Server?
 Not necessarily. Server extensions are installed wherever the installer is run. Because
with vCenter Server 4.0, the vCenter autorun installation menu now only allows one
installation option at a time, you can easily run the installer on a different machine when it
comes time to install an extension.

What’s different between Converter for vCenter 4.0 and Converter for vCenter 2.5?
 The Converter server extension for vCenter 4.0.0 is functionally the same as the one for
vCenter 2.5 U4.
 Converter standalone 4.0 is ahead of the server extension. Converter standalone 4.0
supports new features such as Linux conversions.
 A Converter server extension comparable to Converter standalone 4.0 is expected in a
release/update after the initial vCenter 4.0.0 release.

Is Storage VMotion supported across disparate datastore types (FC SAN, iSCSI SAN, NFS)?
 Yes, starting with vSphere 4, support is extended to NFS.
 Starting with vCenter 4.0, Storage VMotion can be initiated from the vSphere Client.

Has DB/2 been dropped as a supported vCenter Server database?

 Yes, as of vCenter 4.0, DB/2 is no longer supported.

What is required for managing large environments?

© 2010 VMware, Inc. All rights reserved.

Page of
  If managing more than 200 hosts (via Linked Mode), Windows Server 2008 64-bit is
required for vCenter Server. It’s best to go ahead with the 64-bit version as future
versions of vCenter Server will likely require 64-bit.
 When installing vCenter Server on a 64-bit Windows Server 2008 system, install the 64-
bit ODBC drivers, as this also automatically installs the 32-bit ODBC drivers. Then run
the 32-bit ODBC administrator to create a 32-bit DSN which is needed by vCenter
Server. During installation of vCenter Server, select the 32-bit DSN.

How have performance charts been improved?

 Performance charts can now be viewed in Bar Charts and Pie Charts in addition to Line
Graphs and Stacked Graphs
 Performance monitoring for Clusters, Storage and Virtual Machine Operations is now
supported at the Datacenter level. No Datacenter performance reporting was previously
available
 Performance Charts are provided for vApps
o Aggregate CPU and Memory Utilization
o Per VM and Resource Pool Performance
 CPU
 Memory
 Disk (VM only)
 Network (VM only)
 Each resource supporting performance charts now has an Overview and Advanced
Performance View
o Overview. The Overview now shows at a glance statistics for all pertinent
metrics. For example, at the host view, the Overview displays one-day statistics
for:
 CPU Usage % (Average)
 Memory Balloon (Average)
 Swap Utilization (in/out)
 Disk Latency (milliseconds)
 CPU Usage in MHz (Averag)
 Memory Usage % (Average)
 Disk Usage in KBps (Average)
 Network Utilization in Mbps (Average)
o By default, the performance for the prior one-day reporting period is displayed.
This can be changed using a pull down menu above the Overview charts.
o Advanced View. The Advanced View is similar to the VI3 performance charts
with the following improvements:
 New Performance Monitors:
 Management Agents
 Virtual Machine Operations

What’s Different – CLIs, APIs, SDKs

What happened to the Remote CLI, VI Perl Toolkit, and VI Management Assistant (VIMA)?
 For vSphere 4, these utilities have been renamed: vSphere CLI, vSphere PowerCLI, and
vSphere Management Assistant (vMA).
 vSphere CLI works with both ESX and ESXi.

What’s Different – Backups

© 2010 VMware, Inc. All rights reserved.

Page of
 Is the process for backing up ESX and ESXi the same?
 The ESX 4 service console now resides in a VM so the entire service console can be
backed up at the vmdk level.
 vCenter 4.0 introduces Host Profiles that can be used to restore an ESX/ESXi host to a
known baseline if the configuration changed. However, Host Profiles cannot be used to
recover a damaged host, nor does it handle any customizations done directly within the
service console.

What’s Different – VMware HA

How has the admission control policies changed for VMware HA?
 Prior to vSphere 4, admission control policies for VMs were based on the number of host
failures a cluster tolerates. Resources were reserved to tolerate a certain number of host
failures. Up to 4 host failures can be specified. This policy is most effective if all VMs in
the cluster have similar CPU and memory requirements.
 Starting with vSphere 4, two new admission control policies are available
o Percentage of cluster resources reserved. Reserves a specified percentage of
total capacity dedicated for failover capacity. This policy is useful when VMs are
highly variable in CPU and memory requirements.
o Specify a failover host. Dedicates a specific host for failover capacity. VMs
cannot be powered on the failover host manually, nor can VMs be migrated to
the failover host, manually or via VMware DRS. This policy provides the highest
level of guaranteed failover capacity at the expense of having a host run idle
under normal conditions. This policy is similar to traditional clustering solutions in
that load balancing is not used.

How else has VMware HA been improved?

 New with vSphere 4, the enable host monitoring can be unchecked to suspend
monitoring. This option is useful when maintenance activities such as a planned network
outage may falsely trigger a VMware HA failover response. This option is set at the
cluster level and turns on/off VMware HA for all hosts in the cluster.

What’s Different – VMware Update Manager

What improvements have been made to VMware Update Manager?
 Performance improvements have been made.
 VUM can be used to upgrade existing hosts (from 3.x), VMware Tools, and VM
Hardware.
 Baselines and remediation can be applied at a cluster level now, not just per host or VM.

vSphere Upgrade Planning

Upgrade Considerations
Is it possible to upgrade just vCenter Server and leave everything else running the same?
 Yes, vCenter 4 can manage legacy hosts. You will need a license server to continue
managing ESX/ESXi 3.x hosts.

Is it possible to upgrade vCenter Server just the hosts without the VMs?
© 2010 VMware, Inc. All rights reserved.
Page of
 Yes, but you cannot take advantage of some of the new vSphere features without
upgrading the virtual hardware and VMware Tools.

What happens to an existing ESX 3.x host when an in-place upgrade to ESX 4 is performed?
 The existing service console partitions get mapped to a partitions in a new cos.vmdk.
 An upgrade precheck script determines if there is sufficient free space to place the new
ESX 4 vmkernel and initrd, minimum 10GB.
 If for any reason the in-place upgrade is interrupted, the original grub.conf file will be
restored so that the host reboots into the original ESX 3.x host installation.
 The /boot size (typically 100MB) is preserved if an in-place upgrade is performed (vs.
1100MB for a fresh installation). At least 46MB must be free in the /boot partition to
support an upgrade.
 A new 5GB / partition is created in the new cos.vmdk and certain files (not all) from the
old file system are copied with file attributed preserved as much as possible. Included
files most of the files/directories in the /etc directory, in particular: /etc/vmware directory,
 The size of the existing swap partition is retained in the new cos.vmdk.
 The original file system is mounted as /esx3-installation after the upgrade (one or more
mounts depending on how the original disk was partitioned). This can be useful if
specific files from the previous installation need to be referenced.

How do I check if an existing service console partition has enough free space for an in-place
upgrade?
 From the service console, df -k.

During an in-place host upgrade, where is the esxconsole.vmdk created?

 The upgrade installer gives you two options:
o Automatically select a local datastore. It looks for the first free volume that is big
enough to fit the new installation (approx 10GB).
o Specify a datastore, local or shared. You must specify the exact name and/or
browse to the datastore. If the datastore name cannot be found, the upgrade
installation will error out.
 There is no option to automatically pick the first available datastore on a shared location.
 There is no option to create a new VMFS datastore; one must already exist to reference.

How can an in-place host upgrade be performed?

 Using either the VMware Update Manager or Host Update Utility.
 There is no upgrade option available with the host installation CD.
 Kickstart scripted installations are not supported for in-place host upgrades.

Is there an Upgrade VMotion for a VM from an ESX/ESXi 3.x host to an ESX/ESXi 4.x host?
 Use Storage VMotion. The source VMFS must be running at least VMFS version 3.31.
ESX 4 runs version 3.33 and later.
 VMs from ESX 2.5.x hosts must be cold migrated to ESX/ESXi 4.0 hosts.
 A VM with virtual hardware 4 can be VMotioned between an ESX/ESXi 3.5.x and 4.x
hosts provided vCenter 4.x is managing both hosts.

If my environment has a minimum of ESX/ESXi 3.5 U3, do I need to upgrade my VMFS

volumes as part of upgrading to ESX 4?
 No. The VMFS version, 3.33, used by ESX/ESXi 4, is the same.
 VMFS 3.31 (ESX 3.5) is access-compatible with VMFS 3.33 (ESX 4.0). Improvements
are kernel upgrades that do not require reformatting of the VMFS volumes, although
some newer VMFS-specific features specific to ESX may not be available when
accessing an older VMFS version (e.g. VMFS volume grow). This is also the case with
VMFS 3.21 (ESX 3.0).

© 2010 VMware, Inc. All rights reserved.

Page of
 If vCenter 4 is used to format a VMFS volume for an ESX 3.x host, it will create a VMFS
volume that is version 3.31.

What are some things to consider after a host upgrade?

 Host sdX devices may be renumbered after an upgrade. If you have any existing scripts
that reference specific sdX devices, you may need to update them.
 If you are using LUN masking, after an upgrade LUN masking must be converted to claim
rule format, which can be done by executing the “esxcli corestorage claimrule” command
in the vSphere CLI. Doing so converts the /adv/Disk/MaskLUNs advanced configuration
entry in the esx.conf to claim rules with MASK_PATH as the plug-in. Refer to the
vSphere Installation and Reference guide for further information.
 The vSphere Web Access service is disabled by default on ESX hosts. To enable this,
run “service vmware-webAccess start” to start it.
 Missing files that did not get copied over to the COS vmdk from the previous ESX 3.x
host installation can be found in the /esx3-installation directory.
 Once you are satisfied with an in-place upgrade, you can remove the ESX 3.x boot option
by running the “cleanup-esx3” command.

Is the VMFS version for ESX/ESXi 4 backwards-compatible with ESX 3?

 Yes, ESX/ESXi 3.5 U3 can read a VMFS created by ESX/ESXi 4.0 which runs VMFS
version 3.33. However, VMs created by ESX 4 must be created in the older virtual
hardware 4 format (instead of the new virtual hardware 7) in order for an older ESX/ESXi
host to power on the VM.

Is there an optimal method for upgrading the VM virtual hardware?

 The upgrade happens faster if the VM is powered off. Otherwise, Update Manager must
first power off the VM before upgrading the virtual hardware, which will require additional
time.

Once the VM virtual hardware has been upgraded, can it be downgraded?

 Yes, but only if a VM snapshot was taken prior to the virtual hardware upgrade. Note that
a revert to snapshot reverts back in time, so any changes to the VM are also lost.

When do I upgrade VMware Tools?

 This should be done before upgrading virtual hardware. This order is different than when
upgrading from ESX Server 2.x to 3.x.
 Upgrading VMware Tools is faster if the VM is already powered on. Otherwise, Update
Manager must first power on the VM before it can upgrade the VMware Tools, which will
require additional time to start the VM.
 VMware Tools upgrade/installation requires that the VM have a working CDROM device.
If such a device has been removed, VMware Tools cannot be installed nor upgraded.
 Prior to Windows Server 2008 being a supported Guest, a workaround was to select
Windows Vista as the Guest OS type. If your VM is a Windows Server 2008 but reports
itself as a Vista Guest, there is likely an incorrect version of VMware Tools installed, and
furthermore VUM may not be able to properly uninstall and install a VMware Tools
upgrade. To fix this problem,
o Inside the Guest, try to manually remove the VMware Tools installation.
o If unsuccessful, go into the registry and search for “vmware tools.msi” and delete
the sub-key. The entry can be found in the
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products area.
o Power off the VM.
o Change the VM Guest OS type to Windows Server 2008.
o Power on the VM and install VMware Tools.

© 2010 VMware, Inc. All rights reserved.

Page of
 Why is VMware Tools installed prior to upgrading the virtual hardware?
 Doing so ensures that the new virtual network adapter that will be installed will preserve
the settings of the original. Upgrading the virtual hardware without first upgrading
VMware Tools may cause some networking issues for the VM after the upgrade, as the
IP configuration information from the existing virtual network adapter are not preserved.

Once a VM’s virtual hardware has been upgraded to version 7, can the VM run on ESX/ESXi
3.x hosts?
 No.

vShield Zones Overview

Features
How does vShield Zones provide network protection and monitoring?
 When a vShield agent is installed on a vSwitch, a new internal-only vSwitch is created to
act as a filter for traffic to the virtual machines on that host. The virtual machines are
moved off the existing vSwitch (referred to as the unprotected vSwitch) onto the new
vSwitch (referred to as the protected vSwitch). This protected vSwitch has no physical
NICs connected. The vShield is inserted between these vSwitches to bridge traffic, and
is responsible for forwarding packets between the physical NICs and the virtual
machines. The vShield monitors all ingress and egress traffic, as well as the traffic
between the virtual machines on the protected vSwitch. Each vShield includes a
management interface for communication with the vShield Manager. The management
interface is connected to a dedicated por tgroup that is created during installation on the
unprotected vSwitch.

Does vShields require changes to Guest OS network configuration?

 No. The vShield appliance operates at the network level as a bridging firewall, like a
bastion host. No modifications to routing or virtual machine IP addressing or default
gateway settings are required.

At which OSI Layer does vShield Zones work?

 You can create firewall rules and monitor sessions at the Application Layer, as well as at
the Transport Layer and Network Layer.

What is the scope of monitoring and blocking in vShield Zones?

 Monitoring (VM Flow) is performed at the datacenter, cluster, port group, VLAN and
virtual machine levels. Blocking (VM Wall) is enforced at the datacenter, cluster and
VLAN levels.

Is vShield Zones related to Blue Lane Technologies?

 Yes. VMware vShield Zones is built on key technologies and software from Blue Lane
Technologies, which VMware acquired in October 2008. vShield Zones is built on a
mature network security platform that has been deployed by over 100 enterprise
customers since 2004. However, vShield Zones is a new product with network protection
functions distinct from previous virtual patching offerings from Blue Lane.

How does vShield Zones compare with other firewall solutions?

 vShield Zones is an effective stateful, packet filtering firewall, but does not contain many
advanced features of traditional firewalls and is not intended to replace them.

© 2010 VMware, Inc. All rights reserved.

Page of
  vShield Zones should be considered a valuable portion of an overall security solution and
not a replacement for existing firewall system traditionally deployed at the network
perimeter or certain advanced firewall protections offered by various third-party VMware
partners.
 When discussing organizations’ security requirements, you should determine the user’s
required features and make recommendations based on the combined features of
vShield Zones and additional features available from other solutions.

What firewall features are NOT provided by vShield Zones?

 Application-Level (Proxy) filtering. Application layer filtering examines traffic at the
application layer and processes filtering based on such items as content, logical flaws
and user identity.
 Network Address Translation (NAT). vShield Zones performs no address translation.
 Layer 3 Routing. vShield Zones operates at Layer 2 of the protocol stack and is thus a
“bridging” firewall. It performs no routing functions similar to those typically performed by
“bastion host” systems.
 User Authentication. vShield Zones performs no user authentication when examining
packets to allow or block to protect VMs.
 Data Encryption. vShield Zones performs no data encryption.
 Virus scanner integration
 Cisco Nexus 1000V support. Currently vShield Zones requires a standard or distributed
virtual switch. Zones are implemented by placing a virtual appliance between two
vSwitches, one with guests and one with the physical NICs. This deployment happens
automatically on the hosts you choose. However, the Cisco Nexus 1000V does not allow
for multiple instances of a switch to do this inline deployment to create a similar
deployment as with VMware vSwitches. It’s possible to use vShield Zones with the Cisco
Nexus 1000V by actually creating a vDS or a regular vSwitch that homes all of the
physical NICs and the 1000V continues to manage all the guests with the vShield sitting
between the two inline, but you do lose some of the features Cisco offers on the uplink
side.
 VPN support. vShield Zones cannot operate as a VPN endpoint or gateway
 Intrusion Detection or Prevention (IDS/IPS) functionality
 Limited alerting capabilities. Currently vShield Zones cannot alert via email, SNMP,
pager or other common firewall alerting mediums. vShield Zones can send limited
firewall activity to syslog servers.

vShield Zones Architecture

Components
What are the components of vShields Zones?
 vShield Manager and vShields. Both components are packaged as virtual appliances,
which are pre-packaged virtual machines.
 The vShield Manager can be deployed on any host that has access to the management
network of the hosts. The vShield Manager performs the steps of deploying the vShield
agents onto each vSwitch after the admin has chosen the vSwitch on which to deploy.
The vShield Manager provides a central point of management for all vShield agents.
 You can install a vShield on any vSwitch that has a dedicated physical NIC. You can
also install multiple vShield agents on a single host.
 By using the web-based management interface of the vShield Manager, you can monitor
network traffic, configure firewall rules, and perform other management tasks. You never
need to access the vShields directly.

© 2010 VMware, Inc. All rights reserved.

Page of
 What are the requirements for vShields Zones?
 vShield Zones 1.x is compatible with vCenter Server 4.0, ESX/ESXi 4.0 and the vSphere
Client. It is not compatible with previous versions of ESX/ESXi.
 Each vShield component including the vShield Manager and each vShield Firewall
Appliances has a 2GB virtual memory reservation. Be sure to account for this memory
consumption when sizing the infrastructure

In vShield Zones 1.x, are there any limits for support?

 Up to 50 vShields per vShield Manager.
 Up to 500 protected VMs.
 Up to 2 protected vSwitches per host.
 Up to 16 protected port groups per vSwitch.

vShield Zones Admin and Usage

User Management
Does vShield Manager have central user account management?
 No. Each vShield Zones component has its own security account database. This
includes the vShield Manager and each vShield firewall appliance.
 vShield Zones has no LDAP or Active Directory integration.
 vShield Zones has no account integration with vCenter.

Where is the user account information stored?

 On each vShield component. It is not distributed nor shared. The vShield Manager
provides management and reporting. The vShields themselves provide monitoring data
and enforce firewall rules. In the event the vShield Manager is unavailable for some time,
each vShield can queue data and send it to the vShield Manager once it is available.

Are the vShield Manager web management interface accounts and vShield Manager
command-line interface accounts the same?
 No.

Firewall Management
If a vShield fails to deploy automatically, can one be installed manually?
 Yes. Refer to the vShield Zones Administration guide for steps.

If a distributed virtual switch is used, can a vShield be deployed to it?

 No, you must manually install a vShield in a distributed virtual switch environment. Refer
to the vShield Zones Administration guide for steps.

If vShield Manager goes down, do the vShields stop protecting the virtual machines?
 No. The vShield Manager provides management and reporting. The vShields
themselves provide monitoring data and enforce firewall rules. In the event the vShield
Manager is unavailable for some time, each vShield can queue data and send it to the
vShield Manager once it is available.

If a vShield stops working, does it leave the virtual machines exposed?

© 2010 VMware, Inc. All rights reserved.

Page of
  No. Since each vShield bridges traffic between the protected and unprotected
vSwitches, if a vShield were to go down then all of the virtual machines become isolated
off the network. These isolated virtual machines can still communicate with each other.

How does vShield Zones work with VMotion? Does it break the state of a connection?
 Each vShield in a cluster shares information about the virtual machines being protected.
When a virtual machine migrates from behind vShield-1 to behind vShield-2, vShield-1
passes the information for the virtual machine to vShield-2 providing continuous,
uninterrupted protection. To use vShield Zones with VMotion, you must add an entry to
the vCenter Server configuration file (vpxd.cfg) and restart the vCenter Server service.

How TCP/IP port mappings are configured by default?

Application Port Protocol Application Port Protocol

FTP 21 TCP NBDG-UNICAST 138 UDP

SSH 22 TCP NBDG-BROADCAST 138 UDP

TELNET 23 TCP NBSS 139 TCP

SMTP 25 TCP IMAP 143 TCP

WINS 42 TCP SNMP 161 UDP

WINS 42 UDP LDAP 389 TCP

DNS 53 TCP LDAP 389 UDP

DNS 53 UDP HTTPS 443 TCP

DHCP-SERVER 67 UDP MS-DS 445 TCP

DHCP-CLIENT 68 UDP MS-DS 445 UDP

HTTP 80 TCP ISAKMP 500 UDP

KERBEROS 88 TCP LDAP over SSL 636 TCP

KERBEROS 88 UDP MS-SQL-S 1433 TCP

POP3 110 TCP MS-SQL-M 1434 UDP

SUNRPC 111 TCP ORACLE-TNS 1421 TCP

SUNRPC 111 UDP ORACLE-XDB-FTP 2100 TCP

NNTP 119 TCP Windows Global 3268 TCP

Catalog

NTP 123 UDP Windows Global 3269 TCP

Catalog over SSL

MS-RPC 135 TCP RDP 3389 TCP

© 2010 VMware, Inc. All rights reserved.

Page of
 Application Port Protocol Application Port Protocol

MS-RPC 135 UDP ORACLE+HTTP 7777 TCP

NBNS-UNICAST 137 UDP ORACLE-FORM- 9000 TCP

SERVICES

NBNS- 137 UDP

BROADCAST

Can I add my own port mappings for application awareness?

 Yes. By using the Edit Port Mappings feature under the VM Flow tab at the datacenter
level, you can define an application-port pair used by your organization

VM Discovery
How do the three VM discovery types differ?
 Continuous discovery.
o Constantly analyzes traffic as it passes through each vShield firewall appliance.
Continuously monitoring at this level yields the most accurate and
comprehensive VM traffic flow statistics and application inventory.
o Continuous discovery is also the only method limited to the virtual network
infrastructure. The other two methods: Periodic and On Demand, both can affect
systems on the physical network as unlike the Continuous method which
monitors traffic as it passes through the vShields, these methods probe entire
networks by IP address, including all systems and devices within that address
space and network accessible be they virtual or physical.
o Continuous discovery is always operational. The time it takes for an On-Demand
or Periodic Discovery to run depends entirely on the size of the network and the
number of hosts and network devices discovered. It could take an hour or more
with large subnets with lots of devices. For example, a small subnet with 20
devices can take around 7 minutes to scan.
 On Demand discovery.
o A single scan of the specified network address(es) at the point in time the scan is
run. Its results depict only that single occurrence of the scan.
 Periodic discovery.
o Scheduled On Demand discoveries that occur at intervals specified when they
are configured. This enables performing Discovery every four hours, for
example.

VM Flow
What kinds of network traffic-related questions can you answer with VM Flow?
 What are the busiest applications?
 What are the busiest clients?
 What virtual machines participate in an application?
 What applications run on the virtual machines?

© 2010 VMware, Inc. All rights reserved.

Page of
vSphere Known Issues
Items listed here are included as a convenience. As new issues may come up and existing
issues may be resolved, it’s always a good idea to check the latest VMware documentation and
release notes. KB articles can be referenced using the following format:
http://kb.vmware.com/kb/#

ESX/ESXi
Configuring VMCI on ESX/ESXi Host
 See KB 1010806

Command line configuration of vDS uplink

 See KB 1007548

rm -rf on a dir with > 380 files fails

 See KB 1009882

EVC processor support

 See KB 1003212

Storage
Using Storage VMotion to migrate a virtual machine with many disks may time out.
 See KB 1010045

Using PowerPath/VE with vSphere 4.0.

 See KB 1010769

ESX host read performance issues on some storage arrays

 See KB 1002598

vCenter
FT is disabled.
 See KB 1010631

Guest customization error in vCenter 4 if password length is more than 26 characters

 This is a known issue. Use a password with fewer characters.

CPUID mask changed in VM during VM upgrade causes VMotion to fail

 Power off VM
 Edit Settings  Options  CPUID masking  Advanced
 Reset all options to default
 Save new settings and power on the VM

Some of the default alarms are not created when you upgrade to vSphere
 See KB 1010399 to download and run the appropriate SQL script.

© 2010 VMware, Inc. All rights reserved.

Page of
 vSphere Client overview performance charts might not appear for ESX hosts prior to ESX 4.0
 See KB 1010568

Changing ESX host system time produces HA error

 See KB 1010223

VMs
DNS registration is gone or changed after VM hardware upgrade (prior to final reboot, with
DDNS in environment).
 Make sure you have rebooted the VM after the VM hardware upgrade
 Make sure there is a reverse DNS entry for the VM
 You can force a DNS update using ipconfig /reregister

Unable to install VMware Tools on VM.

 Verify the CD-ROM device exists in the VM.

Unable to remove old VMware Tools from VM.

 See KB 1003395

Configuring VMDirectPath I/O pass-through devices on an ESX host

 See KB 1010789

ESX host non-compliant after host profile, VMotion not enabled

 See KB 1010450

© 2010 VMware, Inc. All rights reserved.

Page of