Hands On Lab: Vsphere With Operations Management 6 - Advanced Topics

HOL-SDC-1602
Table of Contents
Lab Overview - HOL-SDC-1602 - vSphere with Operations Management 6 Advanced
Topics ................................................................................................................................ 2
Lab Guidance .......................................................................................................... 3
Module 1: What's new in vSphere with Operations Manager (vSOM) - (60 Minutes)......... 7
Content Library ....................................................................................................... 8
ESXi Security Enhancements ................................................................................ 10
Network I/O Control Enhancements (NIOC) ........................................................... 12
Migrating a Virtual Machine between Two vCenters .............................................. 29
vSphere Web Client Enhancements ...................................................................... 31
vSphere SSL Certificates ....................................................................................... 41
vRealize Operations 6.1 - Custom Profiles for Capacity Planning .......................... 43
vRealize Operations 6.1 - Automation Action Framework...................................... 57
vRealize Operations 6.1 - Custom Data Center for Capacity ................................. 62
vRealize Operations 6.1 - Workload Balancing ...................................................... 72
Module 2: Build and Manage Your Infrastructure - Networking - (30 Minutes) ................ 78
Migrating to the vSphere Distributed Switch - Overview....................................... 79
Implementing Quality of Service (QoS) Tagging .................................................. 106
Monitoring the vSphere Distributed Switch with Encapsulated Remote
Mirroring.............................................................................................................. 142
Implementing LACP on the vSphere Distributed Switch ...................................... 167
Managing NSX..................................................................................................... 213
Module 3: Build and Manage Your Infrastructure - Storage - (30 Minutes) .................... 214
VVOL Management ............................................................................................. 215
VSAN Management ............................................................................................. 216
Module 4: Build and Manage Your Infrastructure - Scale Out - (60 Minutes) ................. 217
Build a Resilient Management Platform .............................................................. 218
Configuring Auto Deploy ..................................................................................... 251
Centralized Management of VM Content............................................................. 291
vCloud Air Management ...................................................................................... 331
Module 5: Optimize Workload Performance While Maintaining Business Priorities - (60
Minutes) ........................................................................................................................ 340
Enable Controlled Usage Of Resources Based On Business Priorities.................. 341
vRealize Operations Custom Alerting .................................................................. 383
Module 6: Ensure Business Continuity and Availability - (30 Minutes) .......................... 395
Demonstrate transparent failover for virtual machines ...................................... 396
Demonstrate automatic restart of virtual machines after a storage failure ....... 399
Module 7: Simplified Security and Compliance - (30 Minutes) ...................................... 417
Integrate your environment into your enterprise certificate infrastructure......... 418
Show fine-grained control of local user access on ESXi ...................................... 465
HOL-SDC-1602
Page 1
HOL-SDC-1602
Lab Overview - HOLSDC-1602 - vSphere with

Operations Management
6 Advanced Topics
HOL-SDC-1602
Page 2
HOL-SDC-1602
Lab Guidance
You are about to embark on a hands-on journey to learn about Advanced Topics in
vSphere with Operations Management. This lab will walk you through step-by-step, so
basic vSOM experience is not necessary, but it is helpful. If you would like to learn the
basics, VMware recommends also taking our lab titled "HOL-SDC-1610 - vSphere with
Operations Management - The Basics."
VMware vSphere with Operations Management delivers vSphere optimized for efficient
server virtualization management by adding critical capacity management and
performance monitoring capabilities. It is designed for businesses of all sizes to run
applications at high service levels and maximize hardware savings through higher
capacity utilization and consolidation ratios. Create an easy-to-manage virtual
environment with the most trusted virtualization platform, vSphere.
This Hands-On Lab uses a beta version of vRealize Operations Manager, which is still
undergoing development before final release. Product features that are included in this
lab are subject to change and there is no commitment from VMware to deliver them in
any generally available product.
The following is a list of the different modules contained in this lab:
Module 1 - What's New in vSphere with Operations Manager (vSOM) (60 minutes)
Module 2 - Build and Manage Your Infrastructure - Networking (30 minutes)
Module 3 - Build and Manage Your Infrastructure - Storage (30 minutes)
Module 4 - Build and Manage Your Infrastructure - Scale Out (60 minutes)
Module 5 - Optimize Workload Performance While Maintaining Business Priorities
(60 minutes)
Module 6 - Ensure Business Continuity and Availability (30 minutes)
Module 7 - Simplified Security and Compliance (30 minutes)
Module 8 - PowerCLI for vR Ops: Automate Your Virtual Infrastructure
Remediation (45 minutes)
Lab Captains:John Dias (Modules 1, 2, 3, 4, 6 and 7), Yuval Tenenbaum (Modules 1 and
5), Tom Bonanno (Module 4), and Pavel Dimitrov (Module 8)
This lab manual can be downloaded from the Hands-on Labs Document site found here:
http://docs.hol.pub/HOL-2016/hol-sdc-1602_pdf_en.pdf
This lab may be available in other languages. To set your language preference and have
a localized manual deployed with your lab, you may utilize this document to help guide
you through the process:
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
HOL-SDC-1602
Page 3
HOL-SDC-1602
Control Center Desktop

When you start the lab, the system you first access is referred to as the ControlCenter.
On the ControlCenter desktop, you will find shortcuts to applications you will use
throughout the lab. You can think of this as your workstation in the lab environment.
Note: Depending on the screen resolutions of the lab, your icons may reposition
themselves and not be arranged as in the image above.
Login Credentials
In the Hands-On-Lab environments, VMware has established a convention of default
login credentials. You will be the administrator/root user on most systems throughout
the lab. Unless otherwise noted, the default login credentials for this lab are as follows:
vSphere Web Client:
HOL-SDC-1602
Page 4
HOL-SDC-1602
Username: administrator@vsphere.local
administrator@corp.local
Password: VMware1!
VMware1!
-or sometimes-
Username:
Password:
vRealize Operations Manager:

Username: admin
Password: VMware1!
Most Linux-based VMs and appliances:

Username: root
Password: VMware1!
This information is also available in the README file, in the Lab Guidance section near
the top. You will learn more about the README file next.
README File
On the ControlCenter desktop, you will find a file named README.txt. This file will
assist you throughout the lab. It has all of the login credentials, commands, and
information you will need for this lab. Feel free to open this file and copy/paste from it.
It is especially helpful if you are on an international keyboard, as you will have to type
very little, if at all.
Now that you know your way around the lab a little, it's time to begin Module 1.
Disclaimer
This session may contain product features that are currently under
development.
HOL-SDC-1602
Page 5
HOL-SDC-1602
This session/overview of the new technology represents no commitment from

VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts,
purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features discussed or
presented have not been determined.
These features are representative of feature areas under development. Feature
commitments are subject to change, and must not be included in contracts,
purchase orders, or sales agreements of any kind. Technical feasibility and market
demand will affect final delivery.
HOL-SDC-1602
Page 6
HOL-SDC-1602
Module 1: What's new in

vSphere with Operations
Manager (vSOM) - (60
Minutes)
HOL-SDC-1602
Page 7
HOL-SDC-1602
Content Library
A new feature introduced in vSphere 6 is the Content Library.
Many organizations have several vCenters servers across diverse geographic locations,
and on these vCenters there is most likely a collection of templates and ISOs. Currently
there is function within vCenter to centrally manage the templates and distribute them
to all locations. The Content Catalog provides the ability to centrally manage content
and ensure its distributed across the infrastructure.
vCenter Server 6.0 Content Library Overview

As stated previously, the Content Library provides the ability to store and manage
content. This ensures that the latest versions of the templates are available across the
infrastructure.
In addition to virtual machine templates, vApp templates, ISO files, and scripts can also
be stored within a Content Library.
Conclusion
If you would like more details, Content Libraries are covered in depth in Module 4 Build
and Manage Your Infrastructure - Scale Out
HOL-SDC-1602
Page 8
HOL-SDC-1602
HOL-SDC-1602
Page 9
HOL-SDC-1602
ESXi Security Enhancements

New security features have been implemented in vSphere 6 and this lesson will focus
specifically on updates to ESXi.
Some of the new updates worth mentioning are:
Account Management
ESXi 6.0 enables management of local accounts on the ESXi server, using new ESXCLI
commands. The ability to add, list, remove, and modify accounts across all hosts in a
cluster can be centrally managed using a vCenter Server system. Previously, the
account and permission management functionality for ESXi hosts was available only
with direct host connections. Setting, removing, and listing local permissions on ESXi
servers can also be centrally managed.
Account Lockout
There are two new settings available in ESXi Host Advanced System Settings for the
management of local account failed login attempts and account lockout duration. These
parameters affect SSH and vSphere Web Services connections but not DCUI and console
shell access.
These Advanced Settings can be found at the ESXi host level and are:
Security.AccountLockFailures - Maximum number of failed login attempts before
the user's account is locked. By default, this setting is 10.
Security.AcountUnlockTime - Number of seconds that user is locked out. By
default, this setting is 120 seconds (2 minutes).
Password Complexity Rules
In previous versions of ESXi, password complexity changes had to be made by handediting the/etc/pam.d/passwd file on each ESXi host. In vSphere 6.0, this has been
moved to an entry in Host Advanced System Settings, enabling centrally managed
setting changes for all hosts in a cluster. Use caution when editing this setting, the
settings here are used for PAM's configuration file.
The Advanced Setting can be found at the ESXi host level and is:
Security.PasswordQualityControl
Flexible Lockdown Modes
Prior to vSphere 6.0, there was one lockdown mode. Feedback from customers indicated
that this lockdown mode was inflexible in some use cases. With vSphere 6.0, the
introduction of two lockdown modes aims to improve that.
HOL-SDC-1602
Page 10
HOL-SDC-1602
The first mode is normal lockdown mode. The DCUI access is not stopped, and users
on the DCUI.Access list can access DCUI. The second mode is strict lockdown mode.
In this mode, DCUI is stopped.
There is also a new functionality called Exception Users. These are local accounts or
Microsoft Active Directory accounts with permissions defined locally on the host where
these users have host access. These Exception Users are not recommended for general
user accounts but are recommended for use by third-party applicationsService
Accounts, for examplethat need host access when either normal or strict lockdown
mode is enabled. Permissions on these accounts should be set to the bare minimum
required for the application to do its task and with an account that needs only read-only
permissions to the ESXi host
Smart Card Authentication to DCUI
This functionality is for U.S. federal customers only. It enables DCUI login access using a
Common Access Card (CAC) and Personal Identity Verification (PIV). An ESXi host must
be part of an Active Directory domain.
In this lesson, we will take a close look at the improved auditing feature in ESXi.
Conclusion
In this lab Module 7 Simplified Security and Compliance takes you through a deeper dive
into some of the ESXi security enhancements.
HOL-SDC-1602
Page 11
HOL-SDC-1602
Network I/O Control Enhancements

(NIOC)
vSphere Network I/O Control version 3 introduces a mechanism to reserve bandwidth for
system traffic based on the capacity of the physical adapters on a host. It enables finegrained resource control at the VM network adapter level similar to the model that you
use for allocating CPU and memory resources.
Models for Bandwidth Resource Reservation
Network I/O Control version 3 supports separate models for resource management of
system traffic related to infrastructure services, such as vSphere Fault Tolerance, and of
virtual machines.
The two traffic categories have different natures. System traffic is strictly associated
with an ESXi host. The network traffic routes change when you migrate a virtual
machine across the environment. To provide network resources to a virtual machine
regardless of its host, in Network I/O Control you can configure resource allocation for
virtual machines that is valid in the scope of the entire distributed switch.
Bandwidth Guarantee to Virtual Machines
Network I/O Control version 3 provisions bandwidth to the network adapters of virtual
machines by using constructs of shares, reservation and limit. Based on these
constructs, to receive sufficient bandwidth, virtualized workloads can rely on admission
control in the vSphere Distributed Switch, vSphere DRS and vSphere HA.
Network I/O Control Version 2 and Version 3 in vSphere 6.0
In vSphere 6.0, version 2 and version 3 of the Network I/O Control capability can coexist.
The two versions implement different models for allocating bandwidth to virtual
machines and system traffic. In Network I/O Control version 2, you configure bandwidth
allocation for virtual machines at the physical adapter level. In contrast, version 3 lets
you set up bandwidth allocation for virtual machines at the level of the entire distributed
switch.
When you upgrade a distributed switch, the Network I/O Control is also upgraded to
version 3 unless you are using features that are not available in Network I/O Control
version 3, such as CoS tagging and user-defined network resource pools. In this case,
the difference in the resource allocation models of version 2 and version 3 does not
allow for non-disruptive upgrade. You can continue using version 2 to preserve your
bandwidth allocation settings for virtual machines, or you can switch to version 3 and
tailor a bandwidth policy across the hosts connected to the switch.
HOL-SDC-1602
Page 12
HOL-SDC-1602
In this lesson, we will walk through the steps needed to configure Network I/O Control at
the vNIC level.
Open the Google Chrome Browser

If you do not already have the vSphere Web Client running, open the Google Chrome
browser from the desktop.
Login to the vSphere Web Client by ticking the box for 'Use Windows session
authentication' and click the Login button.
Select Networking
First, let's verify the vDS we want to use is running NIOC version 3 and is enabled.
Start by clicking the Networking icon.
HOL-SDC-1602
Page 13
HOL-SDC-1602
Expand vcsa-01a.corp.local
Expand vcsa-01a.corp.local until you can see the distributed switch vds-site-a.
HOL-SDC-1602
Page 14
HOL-SDC-1602
Edit Settings
1. Click on vds-site-a,
2. Click on Manage tab.
3. Then click on the Settings.
4. Finally make sure you are on the Properties tab.
5. We can see that Network I/O Control is enabled on the distributed switch.
Note: If it were not enabled, you would just need to click the Edit button, select Enable
in the Network I/O Control drop-down box and click OK.
HOL-SDC-1602
Page 15
HOL-SDC-1602
Verify the Network I/O Control Version

Now let's see what version of Network I/O Control we are running.
1. Click on the Resource Allocation tab. You may have to unpin the Navigation pane to
see this.
2. Here you can see that we are running version 3, which is the required version for
NIOC at the vNIC level.
Note: If the distributed switch was running an earlier version of NIOC, you just need to
right-click on the distributed switch in the Navigation pane and select 'Upgrade-->
Upgrade Network I/O Control...'.
HOL-SDC-1602
Page 16
HOL-SDC-1602
Configure Bandwidth Allocation

Much like virtual machine CPU and Memory reservations and limits, we will need to
create them for networking. In our case, since we want to reserve bandwidth for virtual
machines, we'll modify the reservations for virtual machine traffic.
1. Start by clicking on 'Virtual Machine Traffic' in the traffic types list
2. Click the Edit button.
HOL-SDC-1602
Page 17
HOL-SDC-1602
Reservation
In the Reservation box, type '2000' to reserve 2,000Mbs bandwidth for Virtual Machine
traffic. Leave all other settings to their defaults.
Click OK to continue.
Reservation Set
Once you click OK, you will notice even though we have set a reservation of 2,000Mbs
for virtual machine traffic, it is not showing up under the Reservation Column. This is
because we have just set the Reservation and not actually reserved it for a virtual
machine.
HOL-SDC-1602
Page 18
HOL-SDC-1602
Show the Navigation Bar (if you unpinned it).

Click on the Navigation link on the left hand side, if you unpinned it earlier.
Pin the Navigation Bar

Now click the thumbnail so it points down. This will pin the navigation bar back in place.
HOL-SDC-1602
Page 19
HOL-SDC-1602
Select Hosts and Clusters

1. From the Home menu
2. Select Hosts and Clusters.
Clone linux-micro-01a
So we don't interfere with other lessons you may want to take, let's clone linuxmicro-01a. Expand the Cluster till you can see the VM 'linux-micro-01a'
1. Right-click on 'linux-micro-01a'
2. Select Clone -->
3. Clone to Virtual Machine...
HOL-SDC-1602
Page 20
HOL-SDC-1602
Name your VM
1. Name your VM linux-nioc-01a
2. Accept the default location of Datacenter Site A for the location.
Click Next to continue.
HOL-SDC-1602
Page 21
HOL-SDC-1602
Select Cluster Site A

Place the VM on Cluster Site A-1 by clicking on it.
HOL-SDC-1602
Page 22
HOL-SDC-1602
Accept Default Storage

Just click Next for the storage selection.
Un-check All Boxes

Make sure to un-check all the boxes before clicking Next.
HOL-SDC-1602
Page 23
HOL-SDC-1602
Ready to Complete
Verify the settings look correct and click Finish to clone the VM.
It should only take a minute to perform the clone operation. You can track the progress
by clicking on the Recent Tasks link in the bottom left corner of the vSphere Web Client.
HOL-SDC-1602
Page 24
HOL-SDC-1602
Edit the VM Settings

1. Right-click on the newly cloned VM, linux-nioc-01a
2. Select Edit Settings...
NOTE: You may have to refresh your browser to see the new VM.
HOL-SDC-1602
Page 25
HOL-SDC-1602
Expand Network Adapter 1

1. Expand out Network adapter 1 and you will notice some new options. Now we can
set how much bandwidth to reserve for this specific vNIC on the virtual machine.
Let's give it all of the 2,000Mbs reservation we set.
2. Type 2000 in the Reservation box. Click OK.
Note: If you don't see this box, make sure you connected Network adapter 1 to VM
Network (vds-site-a).
HOL-SDC-1602
Page 26
HOL-SDC-1602
Viewing Reservation
1. View the reservation by clicking on the summary tab for the Virtual Machine and
2. Expanding the VM hardware section, you can now see the reservation is set so that
this virtual machine's network adapter will have a reserved 2,000Mbs of bandwidth.
HOL-SDC-1602
Page 27
HOL-SDC-1602
Lesson Clean Up
Feel free to explore other options with NIOC. When you are finished with this lesson,
please delete the linux-nioc-01a virtual machine to avoid confusion in other lessons.
Just go back to the Hosts and Clusters view and right-click on the virtual machine linuxnioc-01a and select Delete from Disk.
HOL-SDC-1602
Page 28
HOL-SDC-1602
Migrating a Virtual Machine between

Two vCenters
vMotion has been a standard feature of VMware virtual infrastructure since early 2004.
Migrating a powered-on VM between different vCenters while preserving network
connectivity was introduced in 2015 with vSphere 6.
HOL-SDC-1602
Page 29
HOL-SDC-1602
Cross vCenter Server vMotion - Overview

vMotion is probably the most widely VMware feature. vSOM 6 introduces some new
functionality around vMotion:
Cross vSwitch vMotion
Cross vCenter vMotion
Long Distance vMotion
Cross vCenter vMotion is a powerful new capability with a number of use cases. It
could be used to migrate between legacy Windows vCenter and a new vCenter
appliance or anytime if makes sense to migrate VMs to a completely new set of virtual
infrastructure. And of course it can be used to migrate VMs between data centers for
planned maintenance or other business purposes.
The migration between vCenter servers can occur with all the different migration types:
compute / storage / network. You can even do it without having a shared datastore
between the source and destination vCenter otherwise referred to as shared nothing
migration. This functionality will come in handy when you are migrating to a different
vCenter instance or even when you are migrating workloads to a different location.
Note, it is a requirement for the source and destination vCenter Server to belong to the
same SSO domain. When the VM is migrated, things like alarms, events, HA and DRS
settings are all migrated with it. So if you have affinity rules or changed the host
isolation response or set a limit or reservation it will follow the VM wherever it goes.
For a hands-on experience please refer to Module 4 - Build and Manage Your
Infrastructure - Scale Out.
HOL-SDC-1602
Page 30
HOL-SDC-1602
vSphere Web Client Enhancements

vSphere Web Client includes significant performance and usability improvements.
The performance improvements include login times that are up to 13 times faster, rightclick menus that are visible and usable four times faster, and other actions that are now
at least 50 percent faster. This puts vSphere Web Client on par with the standalone
VMware vSphere Client.
Let's take a look at some of the new usability improvements made to the vSphere Web
Client.
Open the Google Chrome Browser

If you do not already have the vSphere Web Client running, open the Google Chrome
browser from the desktop.
Login to the vSphere Web Client by ticking the box for 'Use Windows session
authentication' and click the Login button.
HOL-SDC-1602
Page 31
HOL-SDC-1602
Home Drop-Down Menu

The first usability update we'll look at is the new Home drop-down menu.
1. Near the top of the browser, click the Home icon. With this new drop-down
menu, you can easily access any area of the vSphere Web Client from any screen.
2. Click on Hosts and Clusters.
HOL-SDC-1602
Page 32
HOL-SDC-1602
Expand vcsa-01a.corp.local
Use the twist arrow to expand vcsa-01a.corp.local until you can see the two hosts and
virtual machines.
HOL-SDC-1602
Page 33
HOL-SDC-1602
Right-click on esx-01a.corp
Another usability enhancement is the right-click actions.
Try this by right-clicking on 'esx-01a.corp.local'. The first thing you should notice is that
the menu itself appears much faster.
The second thing to notice is the menu items are no more than one layer deep. This
helps to avoid searching through multiple layers of menus to find the task you need.
HOL-SDC-1602
Page 34
HOL-SDC-1602
Activate Recent Tasks portlet

Let's enable the Recent Tasks Portlet
From the top of the vSphere Web Client, click on the down arrow next to your user name
Select 'Layout Settings'
Activate Recent Tasks portlet

Next, Select the 'Recent Tasks' pane
Click OK
The 'Recent Tasks' pane will the appear at the bottom of the screen
HOL-SDC-1602
Page 35
HOL-SDC-1602
Recent Tasks Pane

At the bottom of the Navigator, you will now see a link for Recent Tasks.
Recent Tasks
In the Recent Tasks pane, you will find the most recent tasks, updated in real time
making it easier to view. In the Recent Tasks pane, you have the ability to:
1. Pin the Recent Tasks pane to another part of the vSphere Web Client (more in this
later!).
2. View additional tasks.
3. Hide the Recent Tasks pane.
Docking the Recent Tasks Pane

If you click on the Thumbnail in the Recent Tasks pane, it will dock it to the bottom of
the vSphere Web Client.
Click on the Thumbnail to give it a try.
HOL-SDC-1602
Page 36
HOL-SDC-1602
Customizing the UI
You can also move the Recent Tasks pane (or any other pane) by clicking and dragging
the pane on the title bar.
Left-click and drag anywhere on the Recent Tasks title bar. You'll notice four areas
indicating where you can dock the Recent Tasks pane. Let's move it over the right side
by dragging it in the direction of the right arrow. Move your mouse to the two blue
arrows to the right until that side of the screen turns blue, then click your mouse to
move the pane there.
HOL-SDC-1602
Page 37
HOL-SDC-1602
Resizing the Pane

You do have the ability to re-size the pane by clicking in the empty space between
panes and dragging it in the desired direction.
HOL-SDC-1602
Page 38
HOL-SDC-1602
Move it Back!
In its current position, most of the useful information the Recent Tasks pane provides is
cut off.
Let's move it back to its original location on the bottom of the screen by clicking the
Recent Tasks title bar and dragging it to the bottom.
HOL-SDC-1602
Page 39
HOL-SDC-1602
That's Better!
This layout seems to work better for me, but it is subject to personal preference which is
one of the best parts of the vSphere Web Client, being able to customize it to how it
works best for you.
Lesson Clean Up
To prepare for the next lesson, click on the thumbnail to hide the Recent Tasks pane
back to the bottom of the vSphere Web Client. This will give us more real estate for the
lessons that follow. If the Recent Tasks pane is needed, the lesson will guide you to it.
HOL-SDC-1602
Page 40
HOL-SDC-1602
vSphere SSL Certificates

In vSphere 6 two new components of certificate management were introduced.
The VMware Certificate Authority (VMCA)
VMware Endpoint Certificate Services (VECS)
One of the key things to remember is that certificates are now stored within VECS and
no longer stored in the filesystem of vCenter. Even if you are using third party
certificates you will still need to store them in VECS. For ESXi the certificates are still
stored locally on the host this has not changed. VMCA provisions each vCenter server
and Service with certificates that are signed by VMCA.
VMCA and VECS provide a common platform for managing certificates and address
customer pain points with certificate issues and help customers more easily handle
business compliance with security policies.
VMCA Operational Modes

VMCA can operate in two modes:
Root CA: VMCA is initialized with a self signed certificate. This is a similar form of
certificate that the old vCenter 5.x solutions created for themselves, except those
were not CA certs. It is normal practice that a CA will have a self-signed certificate
at the root, especially if is the first one created in a new domain.
Issuer CA: An Enterprise CA signs the Certificate Signing Request (CSR) that the
VMCA generates and the administrator configures VMCA to use this certificate
and keys.
HOL-SDC-1602
Page 41
HOL-SDC-1602
Conclusion
If you would like hands on experience with VMCA, be sure to check out Module 7 Simplified Security and Compliance in this lab.
HOL-SDC-1602
Page 42
HOL-SDC-1602
vRealize Operations 6.1 - Custom

Profiles for Capacity Planning
Capacity Remaining Overview
The capacityremaining badge represents the unused capacity of your virtual
environment. Realize Operations Manager calculates the CapacityRemaining score as a
percentage of the remainingcapacity count compared to the total number of capacity
that can be deployed on the selected object. Capacity remaining is the % of usable
capacity not consumed. Capacity remaining is calculated using both peak and average
demand. The example shows us the peak of 19% capacity remaining because there was
a spike that used 81% of available capacity, but the average consumption is 52%.
Custom Profiles Overview

A Default or Custom Profile contains information for a specific configuration of an object.
With the profiles you can see how many more of that object can fit in your environment
depending on the available capacity and object configuration. Default and
customprofiles contain metrics configuration for an object. You can create as many
HOL-SDC-1602
Page 43
HOL-SDC-1602
profiles as you require for an object type. For example, you can create a profile for a
virtual machine with Memory-Demand model 2 GB and another profile with MemoryDemand model 4 GB. vRealize Operations Manager uses Custom Profiles to calculate
how many virtual machines with this Memory-Demand model can fit in your
environment. You can see this calculation in the What Will Fit panel of the Capacity
Remaining tab on a container object. You can also use the profiles to populate metrics
when you create projects.
HOL-SDC-1602
Page 44
HOL-SDC-1602
Log into vRealize Operations Manager

1. Open Firefox and click on the bookmark for vROPs-01a
2. Enter username - 'Admin', password - VMware1!
HOL-SDC-1602
Page 45
HOL-SDC-1602
Where You Find Custom Profiles

To manage your custom profiles,
1. Click Content in the left pane.
2. Click CustomProfiles
3. Click on the "+" sign to add a new one.
Create A New Custom Profile

We will create a new profile for MySQL Server Virtual Machines. We could either
populate from existing Virtual Machines in our environment or specify manually. We can
also choose whether we prefer an Allocation or Demand based calculation. We are
selecting Allocation type model in this example. Create your own profile as described in
the image above. Then click "Ok".
1.
2.
3.
4.
5.
6.
7.
8.
Profile Name: MySQL

Profile Description: Linux MySQL Server VMs
Object Type: vCenter Adapter --> Virtual Machine
Make sure the Enable this profile for all Polices is checked
Filter (Model): Ensure Allocation is listed
CPU - Allocation Model: 2 vCPUs
Memory - Allocation Model: 4 GB
Disk Space - Allocation Model: 3 GB
Note: Allocation is the total amount of resource you configure to the VM, while demand
is the amount of that resource which that VM is asking for. Depending on the type of
environment you monitor, such as a production environment versus a test or
development environment, whether you over allocate at all and by how much depends
on the workloads and environment to which the policy applies. From a high level
perspective Allocation based capacity planning will be more conservative while Demand
HOL-SDC-1602
Page 46
HOL-SDC-1602
based Capacity Planning will be less conservative but closer to reality as it is a good
indication of how much resources are really demanded and used in your datacenter.
HOL-SDC-1602
Page 47
HOL-SDC-1602
Navigate To the vCenter Server Object

1. In the top far right side of the browser window type "vcsa-01a" in the search field
2. Select "vcsa-01a" (vCenter Server object type).
HOL-SDC-1602
Page 48
HOL-SDC-1602
View The Results

1. Select the "Analysis" tab
2. Then "Capacity Remaining" badge.
3. Now you can see the newly created "MySQL Servers" Custom Policy. It looks like you
could accommodate several new MySQL Server VM's with the specified Allocation profile
into this vCenter Server.
Note: in the screenshot above you can see 8 MySQL VM's remaining but in your lab the
number might be different.
HOL-SDC-1602
Page 49
HOL-SDC-1602
Create A New Project

At this point we are going to create a new Capacity Planning Project to do some capacity
planning to leverage the new custom profile we just created.
1. Click on the "Projects" tab
2. Then hit the "+" sign to create a new project.
HOL-SDC-1602
Page 50
HOL-SDC-1602
Name The Project

1. Specify a Project name and description
2. Select to commit the project
3. Expand the Advanced section and have it affect both the Time and Capacity
Remaining Badges.
4. Then click "Scenarios".
Note: You can have vRealize Operations Manager account for committedprojects that
you defined so that you can plan the future capacity of your objects. Because
committedprojects are scenarios that forecast the future capacity of objects, accounting
for committedprojects affects the Time Remaining and Capacity Remaining scores.
HOL-SDC-1602
Page 51
HOL-SDC-1602
Add Scenario Part 1

1. Drag and Drop "add virtual machine" to the right pane.
2. Set the "Implementation Date" to January 1st 2017.
3. Set the number of VM's to 5.
4. Then click on "Populate metrics from...".
HOL-SDC-1602
Page 52
HOL-SDC-1602
Add Scenario Part 2

1. Select the pre-created "MySQL Servers" as the profile to copy metrics from
2. Press OK.
3. Now press on "Save project and continue edition" to see the results of your project.
HOL-SDC-1602
Page 53
HOL-SDC-1602
Show Project Result Before Final Save

Here you can see the results of your Demand simulation.
Now hit "Save".
Note: The image you may see may look different to the image above when it comes to
when exactly the shortfall starts.
HOL-SDC-1602
Page 54
HOL-SDC-1602
View The Results With Committed Projects

1. Now let's go back to the Analysis Tab and
2. Capacity Remaining Badge still against the vCenter Server "vcsa-01a" object. First
refresh the page once by hitting "F5".
3. If we now select "With Committed Projects" we will see that Memory is most
constrained.
HOL-SDC-1602
Page 55
HOL-SDC-1602
See The Results Without Committed Projects

If we now select "Without Committed Projects" we will see that no resource is critically
constrained anymore.
HOL-SDC-1602
Page 56
HOL-SDC-1602
vRealize Operations 6.1 - Automation

Action Framework
Automated Actions Overview
In vRealize Operations 6.1 Recommendations can identify ways to remediate problems
indicated by an alert. Some of these remediations can be associated with actions
defined in your vRealize Operations Manager instance. You can automate several of
these remediation actions for an alert when that recommendation is the first priority for
that alert.
The following actions are recommended for automation:
Delete Powered Off VM
Move VM
Power Off VM
Power On VM
Rebalance Container
Set CPU Count And Memory for VM
Set CPU Count And Memory for VM Power Off Allowed
Set CPU Count for VM
Set CPU Count for VM Power Off Allowed
Set CPU Resources for VM
Set Memory for VM
Set Memory for VM Power Off Allowed
Set Memory Resources for VM
Shut Down Guest OS for VM
Example: Action Supported for Automation
For the Alert Definition named Virtual machine has chronic high CPU workload leading to
CPU stress, you can automate the action named Set CPU Count for VM.
HOL-SDC-1602
Page 57
HOL-SDC-1602
When CPU stress on your virtual machines exceeds a critical, immediate, or warning
level, the alert triggers the recommended action without user intervention.
View Alert Containing Action

1. Go to the Content section
2. Click on Alert Definitions,
3. Type "cpu usage" to find the alert called "Virtual Machine is experiencing CPU stress
due to insufficient CPU resources"
4. Then click on the little pencil icon to edit the alert.
HOL-SDC-1602
Page 58
HOL-SDC-1602
View Alert Action Definition

1. Click on "Add Recommendations"
2. Scroll down on the right until you see the action called "Set CPU Count for VM". This
will add more CPU capacity to the VM automatically when the alert is triggered. You
enable actionable alerts in your policies. By default, automation is disabled in policies.
Click Cancel to close the Edit Alert wizard
HOL-SDC-1602
Page 59
HOL-SDC-1602
View Default Policy Definition

You enable actionable alerts in your policies. To configure automation for your policy;
1. Select Administration
2. Policies
3. Policy Library.
4. vSphere Solution's Default Policy
5. Access the Alert / Symptom Definitions workspace.by clicking the pencil icon.
View Action Automation Settings

1. Now select Alert Symptom Definition on the left pane
2. Type "high cpu" to find the alert we are reviewing.
3. In the Automation column you can select between Local for the Automate setting in
the Alert Definitions pane. Green means enable and red means disable. By default it is
disabled.
When an action is automated, you can use the Automated and Alert columns in
Administration> Recent Tasks to identify the automated action and view the results
of the action.
HOL-SDC-1602
Page 60
HOL-SDC-1602
4. Do not change anything and just press cancel.
Automated Actions Summary

The actions available in vRealize Operations Manager allow you to modify the state or
configuration of selected objects in vCenter Server from vRealize Operations Manager.
For example, you might need to modify the configuration of an object to address a
problematic resource issue or to redistribute resources to optimize your virtual
infrastructure. The most common use of the actions is to solve problems. You can run
them as part of your troubleshooting procedures or add them as a resolution
recommendation for alerts.
When you are troubleshooting problems, you can run the actions from the center pane
Actions menu or from the toolbar on list views that contain the supported objects.
When an alert is triggered, and you determine that the recommended action is the most
likely way to resolve the problem, you can run the action on one or more objects.
HOL-SDC-1602
Page 61
HOL-SDC-1602
vRealize Operations 6.1 - Custom Data

Center for Capacity
Custom Datacenters Overview
A custom data center is a vRealize Operations Manager specific object type that you can
create, modify, and delete. Custom data centers provide capacity analytics, including
capacity badge computations, based on the objects it contains.
A data center in vSphere acts as a container of objects that a particular vCenter Server
manages. A custom data center in vRealize Operations Manager however is an
abstraction that can contain objects from different vCenter Server instances that
vRealize Operations Manager monitors.
A custom data center can contain vCenter Server instances, data centers, clusters, and
hosts. When you add an object to a custom data center, the hierarchical children of the
object become part of the custom data center. An object can belong to multiple custom
data centers.
You can use the custom data centers when you want capacity analytics on objects that
span multiple vCenter Server instances. For example, you want capacity analytics data
across multiple clusters and different vCenter Server instances manage the clusters.
Instead of analyzing one cluster or one vCenter Server instance at a time, you can
create a custom data center, add all clusters to it, and have the capacity analysis in one
place.
You can add certain vSphere object types to a custom data center.
HOL-SDC-1602
Page 62
HOL-SDC-1602
View The Resource Balance Dashboard

Let's first see if we need to rebalance any resources in Datacenter Site A between its
two clusters.
1. Navigate to Home
2. Click on Dashboard List
3. Select Rebalance
HOL-SDC-1602
Page 63
HOL-SDC-1602
View How Well Balanced Cluster Site A-2 Is

1. Select the "Cluster Site A-2" object and view its workload balance information.
You can see that the two ESXi hosts are relatively under-utilized and a bit further away
from the "Optimal" area.
HOL-SDC-1602
Page 64
HOL-SDC-1602
View How Well Balanced Cluster Site A-1 Is

1. Now select "Cluster Site A-1" and see its workload balance information.
The two ESXi hosts are slightly better positioned than "Cluster Site A-2" as they are
closer to the "Optimal area. In the next step we will see how we can balance resources
better between the clusters.
HOL-SDC-1602
Page 65
HOL-SDC-1602
Create A New Custom Datacenter

1. To create a custom data center, in the left pane click "Environment"
2. Click the "CustomDatacenters" tab.
3. Click the plus sign to create a custom data center or the pencil icon to edit a selected
custom data center.
You can use an existing custom data center as a template by cloning it.
HOL-SDC-1602
Page 66
HOL-SDC-1602
Save The New Custom Datacenter

1. Give the new DC a name and a description
2. Expand the vSphere Object and select the two Clusters 'Cluster Site A-1' & 'Cluster
Site A-2'
3. Click "OK".
As you can see the new Custom Datacenter spans two clusters in the same vCenter
Server. This will later give us the option to balance (vMotion) VM's between clusters.
HOL-SDC-1602
Page 67
HOL-SDC-1602
Select The Newly Created Custom DataCenter

Now click on the newly created "HOL DC" Custom Datacenter object.
HOL-SDC-1602
Page 68
HOL-SDC-1602
View Health Risk And Efficiency for the New Custom DC

We can now view all information including alerts, capacity information and all badges
against the newly create Custom DC.
It may take a minute or two for the screen to update with data.
HOL-SDC-1602
Page 69
HOL-SDC-1602
Click On Rebalance Container

1. If you select "Actions"
2. Then Rebalance Container
vRealize Operations will offer you the option to rebalance VM's across Clusters.
HOL-SDC-1602
Page 70
HOL-SDC-1602
View Rebalancing Recommendations

vRealize Operations automatically calculates which VM's should move where. As you
can see vRealize Operations suggests you move both VM's from Cluster Site A-1 to
Cluster Site A-2 which is a bit more under-utilized. Click Cancel as we are not going to do
run the migration in this module.
Note: Please do not perform the rebalance as it may break subsequent modules which
rely on the VM's to stay where they are currently.
Note: Please try out lab HOL-SDC-1610 for a deeper look at this new capability.
Summary
When the workload in your cluster becomes imbalanced, you can move the workload
across your objects to rebalance the overall workload in your cluster. The container can
be a cluster, data center, or a custom data center.
HOL-SDC-1602
Page 71
HOL-SDC-1602
vRealize Operations 6.1 - Workload

Balancing
Workload Placement (WLP) Engine
In vRealize Operations 6.1 VMware introduces a new feature called Workload Placement
Engine or WLP for short. This engine is able to determine the best place to run your
workload, both Initial placement and throughout the workloads lifecycle. It also offers a
guided move action for capacity containers, which we already looked at the previous
model where we selected "Balance Container" action. This re-balancing can also be
automated via alerts.
This new engine examines long term Demand and Stress of the workload and the
provider objects (hosts, clusters, etc) and tries to answer the following questions:
Will it fit?
Where will it fit best?
Do I need to Power Off the VM?
Does the VM have any Affinity Rules?
Can I keep it on the same datastore?
Reserve capacity now?
Rebalance capacity containers?
Note: in vRealize Operations 6.1 the Initial Placement part of the WLP is only available
via the REST API. The concept is for other VMware products such as vRealize Automation
and 3rd party tools to programmatically query vRealize Operations to determine the
right place to deploy a new VM and then for vRealize Operations to return the results of
best candidate ESXi host.
HOL-SDC-1602
Page 72
HOL-SDC-1602
Rebalance Containers Overview

When the workload in your cluster becomes imbalanced, you can move the workload
across your objects to rebalance the overall workload in your cluster. The container can
be a Cluster, Datacenter, or a Custom Datacenter.
If one ESXi host in your Cluster, Datacenter, or a Custom Datacenter is experiencing a
high workload, while another ESXi host in the same Cluster, Datacenter, or a Custom
Datacenter is experiencing a low workload, you can use the Rebalance Container action
to balance the workload across those objects. For example, if the CPU demand on one
host is exceeding the available CPU capacity on that host, critical stress on the host
machine occurs. To identify the cause of stress, some of the virtual machines on each
host might be experiencing high CPU demand, whereas some of the virtual machines
might be experiencing a low demand.
vRealize Operations Manager focuses on stress or workload, either long-term or shortterm, depending on your selection. This identifies the recommendation plan that
vRealize Operations Manager uses to rebalanced the container.
Rebalance Alerts
When the workloads on the hosts in the cluster, data center, or custom data center
have a significant difference in their workloads, a Rebalance type Alert will be triggered.
You can then look at the alert to verify whether the alert is triggered on a cluster. You
can click the alert to view the causes for the alert and identify the source of the
imbalance problem.
When workloads become imbalanced, the following alerts can trigger on clusters, data
centers, and custom data centers:
Cluster has unbalanced workload
HOL-SDC-1602
Page 73
HOL-SDC-1602
Custom datacenter has unbalanced workload

Datacenter has unbalanced workload
As the rebalance action runs, it moves the virtual machines identified in the
recommendation to the host machine that has a low workload or stress. You view the
action running on each virtual machine identified in the recommendation.
You can view the status of the action in the list of recent tasks in Administration>
Recent Tasks. You can also use the vSphere Web Client to view the status of the action
and the performance for the host.
After the action runs, and vRealize Operations Manager performs several collection
cycles, you can view the workload on the cluster, data center, or custom data center to
confirm that the workload was rebalanced and that the alert is no longer triggered.
To see how the workload changed on one or more of your hosts, in the navigation tree
click a host in the cluster, data center, or custom data center. Click Analysis > Stress
to view the stress score and breakdown, and the workload on the host. Then, click
Analysis > Capacity Remaining to determine how much capacity remains on the
host.
HOL-SDC-1602
Page 74
HOL-SDC-1602
Where You Run the Action

For the supported objects and object levels, this action is available in the following
locations in vRealize Operations Manager:
Center pane Action menu.
List toolbars, including Views on the Details tab, List on the Environments tab.
Resource List and Topology Graph dashboard widgets.
Environment Overview list. In the left pane, click the Administration icon, and click
List.
Configured alert recommendations.
Workload Automation Policy Settings

You can control how the Rebalancing actions you perform in your environment, both the
guided ones and the automated ones, are behaving. For example, you can set the
following parameters:
1. Balanced Workloads- More balance minimizes contention but moves workloads
more, which can cause disruption. Good for more stable populations. Less
balance exposes potential contention, but moves workloads less. Good for more
dynamic populations.
2. Consolidated Workloads - More consolidation will put workloads into as few hosts
as possible to reduce licensing and power costs, but allows for less responsive
capacity. Good for populations with steady demand. Less consolidation uses all
HOL-SDC-1602
Page 75
HOL-SDC-1602
available hosts, which leaves more room for demand spikes, but can run up
licensing and power costs. Good for populations with erratic demand.
3. Change Datastore - change or not the datastore the VM resides on as part of the
Rebalancing action.
4. Datastore Selection Options - Do not use datastore on local disk and/or exclude
datastores that contain specific words in the name.
5. Virtual Machines selected to move during balance - Select Virtual Machines with
smallest demand first or with largest demand first.
HOL-SDC-1602
Page 76
HOL-SDC-1602
Summary
When it comes to managing operations in a virtualized data center, there are some key
aspects that you need to tackle and one of the key ones is the ability to understand
resource usage and then be able to rebalance it intelligently. With the new Intelligent
Workload Placement capability of vRealize Operations 6.1, we match the workload to
your specific IT and business needs and recommend the best placement location.
And as your workloads change and your environment evolves and grows, you can
leverage the Intelligent Placement and Proactive Rebalancing capabilities to ensure
performance that meets the needs of your business.
Note: for a deeper dive on Workload Placement capability please refer to lab HOLSDC-1610.
HOL-SDC-1602
Page 77
HOL-SDC-1602
Module 2: Build and

Manage Your
Infrastructure Networking - (30 Minutes)
HOL-SDC-1602
Page 78
HOL-SDC-1602
Migrating to the vSphere Distributed

Switch - Overview
In this lab we will migrate a host from a vSphere Standard Switch (VSS) to a vSphere
Distributed Switch (VDS).
There are two methods of migration:
1: User Interface (UI) - This method uses a wizard that guides the user through the
migration steps.
2: Host Profiles - This method allows us to grab the network configuration from a host
and duplicate it on another host or group of hosts.
In this lab section we will only have time to migrate a host with the UI based host
migration wizard.
vSphere Distributed Switch Architecture

A vSphere Distributed Switch functions as a single switch across all associated hosts.
This enables you to set network configurations that span across all member hosts, and
allows virtual machines to maintain consistent network configuration as they migrate
across multiple hosts.
Like a vSphere Standard Switch, each vSphere Distributed Switch is a network hub that
virtual machines can use. A vSphere Distributed Switch can forward traffic internally
between virtual machines, or link to an external network by connecting to physical
Ethernet adapters, also known as uplink adapters.
Each vSphere Distributed Switch can also have one or more distributed port groups
configured. The Distributed port group defines a common network configuration across
a set of virtual ports. If a user wants a set of virtual machines to connect to a network
with similar properties, those virtual machines should be connected to the same
distributed port group. Each distributed port group is identified by a network label,
which is unique under the datacenter. For example, in the diagram above there are
three distributed port groups - Production, Test environment and XYZ.
This lab starts with a VSS with 4 port groups. There is also a pre-created VDS with 4
distributed port groups.
Management Network (A) - For Management traffic
Storage Network (A) - For Storage traffic
vMotion Network (A) - For vMotion traffic
HOL-SDC-1602
Page 79
HOL-SDC-1602
VM Network (A) - For VM traffic

These distributed port groups on the VDS have the same network properties defined on
the VSS port groups.
HOL-SDC-1602
Page 80
HOL-SDC-1602
Migrate VSS to VDS Using the Web Client

Launch the Google Chrome browser from the desktop of ControlCenter.
You will be automatically directed to Site A Web Client. You may easily log in by ticking
the "Use Windows session authentication" box and then "Login"
HOL-SDC-1602
Page 81
HOL-SDC-1602
Navigate to esx-01a.corp.local
In the top right corner of the Web Client, type "esx-01a" into the search bar and then
click on the link for esx-01a.corp.local
HOL-SDC-1602
Page 82
HOL-SDC-1602
Prepare the lab by configuring linux-micro-01a

We will need to move this VM to the standard switch so we can evaluate the impact of
migration in our lab.
1. Click on the "Related Objects" tab
2. Select the "Virtual Machines" button.
3. Right click on linux-micro-01a
4. Select "Edit Settings" from the context menu.
Switch VM to Standard Switch

The VM is currently connected to the VDS on VM Network (vds-site-a)
1. You will need to pull down the list of available networks
HOL-SDC-1602
Page 83
HOL-SDC-1602
2. Select "VM Network" (the first selection).

3. Click OK
Remove esx-01a from the VDS

Finally, let's remove the host from the VDS all together for our lab. We'll migrate the
host back to the VDS later in this lab. This way we can see how easy it is to migrate
from VSS to VDS.
1. Click on the "Manage" tab
2. Select "Networking" button.
HOL-SDC-1602
Page 84
HOL-SDC-1602
3. Select "Virtual Switches"

4. Select "vds-site-a" switch - this is the VDS we want to remove.
5. Click the red "X" icon to remove the host from the switch.
6. Click "Yes" to complete the removal.
HOL-SDC-1602
Page 85
HOL-SDC-1602
View the vSphere Standard Switch

1. Click the "Manage" tab
2. Select the "Networking" button.
3. Select "Virtual switches"
4. Select "vSwitch0" to display the switch configuration.
HOL-SDC-1602
Page 86
HOL-SDC-1602
Review vSphere Standard Switch Configuration

This host has a standard switch with a VM network and three VMkernel ports. The
switch also is using two physical switches for uplink to the physical network. We will
migrate this switch to an existing distributed switch.
Navigate to the vSphere Distributed Switch

1. Use the Web Client search bar again and type in "vds-site-a"
2. Click on the link for the vds-site-a Distributed Switch
HOL-SDC-1602
Page 87
HOL-SDC-1602
Review Existing VDS Distributed Port Groups

1. Click on the "Related Objects" tab
2. Then click the "Distributed Port Groups" button.
Note that there are four port groups already created for this VDS - there are actually
hosts from another cluster using the same VDS. We can add new hosts and import
networking without disruption to the existing hosts and VMs.
HOL-SDC-1602
Page 88
HOL-SDC-1602
Set Up to Validate Non-Disruptive Migration

To prove that we can do this migration non-disruptively, we will open a PuTTY session to
a running VM.
1. Open Putty
2. Select 'Linux-micro-01a.corp.local
3. Click Open
HOL-SDC-1602
Page 89
HOL-SDC-1602
Run "top" on linux-micro-01a

Execute "top" to give us proof that the VM is still running after the migration.
Once running, minimize the putty session
Add Hosts to the VDS

1. Open the "Actions" menu
2. Select "Add and Manage Hosts..."
HOL-SDC-1602
Page 90
HOL-SDC-1602
Add Hosts continued

"Add hosts" is selected by default - click "Next"
HOL-SDC-1602
Page 91
HOL-SDC-1602
Select Hosts
1. Click on the "New hosts..." icon to select the hosts to add to the VDS.
2. Select esx-01a at this time.
Click OK (not shown) to close the host selection popup.
Click Next (not shown) when you return to the host list.
HOL-SDC-1602
Page 92
HOL-SDC-1602
Select network adapter tasks

1. Check the boxes next to:
Manage physical adapters
Manage VMkernel adapters
Migrate virtual machine networking
2. Click "Next" to continue.
HOL-SDC-1602
Page 93
HOL-SDC-1602
Manage Physical Network Adapters

1. Select vmnic0
2. Click "Assign uplink" to get the uplink selection popup.
3. Within the "Select an Uplink for vmnic0" popup, click on "Uplink 1" and then "OK"
Repeat this process for vmnic1 (assign to uplink 2) and click "Next"
HOL-SDC-1602
Page 94
HOL-SDC-1602
Manage VMkernel network adapters

You will repeat this step for each VMkernel adapter:
VMkernel adapters are assigned as follows
vmk0 = Management Network
vmk1 = Storage Network
vmk2 = vMotion Network
1. Select the vmk# in the adapters list
2. Click on "Assign port group"
3. Select the appropriate port group and click OK (e.g. select Management Network
for vmk0)
HOL-SDC-1602
Page 95
HOL-SDC-1602
HOL-SDC-1602
Page 96
HOL-SDC-1602
Verify Assignment
1. Verify that each VMkernel adapter is mapped to the correct VDS port group.
2. Click "Next"
HOL-SDC-1602
Page 97
HOL-SDC-1602
Analyze Impact
There should be "No impact" - click "Next" to continue.
HOL-SDC-1602
Page 98
HOL-SDC-1602
Migrate VM Networking
1. Drill down to the "Network adapter 1" on the linux-micro-01a VM.
2. Click "Assign port group"
3. In the "Select Network" popup, select the "VM Network" and click OK.
Click "Next" (not shown) to continue.
Note that you could simply select the VM and assign all vNICs to a new Port Group. We
did it this way to demonstrate that you have granular control of where vNICs are
migrated in the new network scheme.
HOL-SDC-1602
Page 99
HOL-SDC-1602
HOL-SDC-1602
Page 100
HOL-SDC-1602
Complete the Host Add and Network Migration

Verify the settings and click "Finish" (not shown) to apply the changes.
Switch Back to the Host View

Switch back to esx-01a by clicking the breadcrumbs link.
HOL-SDC-1602
Page 101
HOL-SDC-1602
View Standard Networking Changes

Select vSwitch0 and note that there are no VMs attached to the VM Network, and the
VMkernel adapters are not present.
HOL-SDC-1602
Page 102
HOL-SDC-1602
View Distributed Switch Configuration

Click on vds-site-a and observe that all the VMkernel ports are migrated as well as the
VM.
Note: If the VDS does not appear in the Virtual Switches view, you will need
to refresh the browser (press F5) to get it to fully refresh the view.
HOL-SDC-1602
Page 103
HOL-SDC-1602
Validate the Migration Was Non-Disruptive

Return to your PuTTY session and validate that "top" is still operating and the session
didn't close.
You can close the PuTTY session when you are finished.
Remove Legacy Switch

1. Return to the Web Client and select the vSwitch0 vSphere Standard Switch.
2. Click the Red X icon to delete this switch.
HOL-SDC-1602
Page 104
HOL-SDC-1602
Confirm Removal
Click Yes.
Refresh Host Networking

Click the Refresh Host Networking icon and verify that the VSS has been removed.
HOL-SDC-1602
Page 105
HOL-SDC-1602
Implementing Quality of Service (QoS)

Tagging
Two types of QoS Marking/Tagging common in networking are 802.1p (COS) applied on
Ethernet(Layer 2) packets and Differentiated Service Code Point (DSCP) Marking applied
on IP packets. The physical network devices use these tags to identify important traffic
types and provide Quality of Service based on the value of the tag. As business critical
and latency sensitive applications are virtualized and run in parallel with other
applications on ESXi hosts, it is important to enable traffic management and tagging
features on the VDS.
The traffic management feature on the VDS helps reserve bandwidth for important
traffic types, and the tagging feature allows the external physical network to understand
the level of importance of each traffic type. It is a best practice to tag the traffic near
the source to help achieve end-to-end Quality of Service (QoS). During network
congestion scenarios, the tagged traffic doesnt get dropped which translates to a
higher Quality of Service (QoS) for the tagged traffic.
VMware has supported 802.1p tagging on the VDS since the vSphere 5.1 release. The
802.1p tag is inserted in the Ethernet header before the packet is sent out on the
physical network. In the 5.5 release, the DSCP marking support allows users to insert
tags in the IP header. The IP header level tagging helps in layer 3 environments, where
physical routers prefer the IP header tag to the Ethernet header tag.
Once the packets are classified based on the qualifiers described in the traffic filtering
section, users can choose to perform Ethernet (layer2) or IP (layer 3) header level
marking. The markings can be configured at the port group level.
HOL-SDC-1602
Page 106
HOL-SDC-1602
Where is the DSCP tag field in the Packet?

In this lab module we will implement DSCP tagging on all egress traffic on the VM
Network Port Group.
We will then capture some traffic passing through the VDS and observe the DSCP field in
the packet header.
HOL-SDC-1602
Page 107
HOL-SDC-1602
Log in to the vCenter Console

Launch Google Chrome from your ControlCenter desktop.
You will automatically be directed to the login for Site A Web Client.
1. Tick the "Use Windows session authentication" box
2. Click "Login"
HOL-SDC-1602
Page 108
HOL-SDC-1602
Search for vds-site-a

1. In the Web Client search bar, type "vds-site-a"
2. Click on the link for the Distributed Switch.
HOL-SDC-1602
Page 109
HOL-SDC-1602
Edit the VM Network Port Group on vds-site-a

1. In the vds-site-a related objects list, click on "Distributed Port Groups"
2. Click on "VM Network" from the list of available port groups.
3. Make sure you are on the Manage tab
4. Select the Settings option
5. Select Policies
3. Click the "Edit" button to open the settings editor.
HOL-SDC-1602
Page 110
HOL-SDC-1602
VM Network - Edit Settings - Traffic filtering and marking

1. Click on Traffic filtering and marking
2. In the Status drop down box choose Enabled
3. Click the Green + to add a New Network Traffic Rule
HOL-SDC-1602
Page 111
HOL-SDC-1602
New Network Traffic Rule - Action

1. In the Action: drop down box select Tag (default)
2. Check the box to the right of DSCP value
3. In the drop down box for the DSCP value select Maximum 63
4. In the Traffic direction drop down box select Ingress
5. Click the Green +
New Network Traffic Rule - Qualifier

Now that you have decided to tag the traffic the next question is which traffic you would
like to tag. There are three options available while defining the qualifier:
1) System Traffic Qualifier
2) New MAC qualifier
HOL-SDC-1602
Page 112
HOL-SDC-1602
3) New IP Qualifier.
That means users have options to select packets based on system traffic types, MAC
header or IP header fields. In this example we will create qualifier based on system
traffic.
Select New System Traffic Qualifier from the drop down menu
HOL-SDC-1602
Page 113
HOL-SDC-1602
New Network Traffic Rule - New System Traffic Qualifier

1. Select Virtual Machine
2. Click OK
New Network Traffic Rule

Check that your rule matches
Name: Network Traffic Rule 1
Action: Tag
DSCP Value: Checked
DSCP Value: 63
Traffic Direction: Ingress
HOL-SDC-1602
Page 114
HOL-SDC-1602
System traffic Virtual Machine

Click OK
HOL-SDC-1602
Page 115
HOL-SDC-1602
VM Network - Edit Settings

Click OK
HOL-SDC-1602
Page 116
HOL-SDC-1602
Open a PuTTY Session

1. Click the PuTTY icon in the ControlCenter desktop taskbar.
2. Scroll down to the saved session "linux-micro-01b.corp.local"
3. Click "Open"
HOL-SDC-1602
Page 117
HOL-SDC-1602
Accept Security Alert

You may get a PuTTY Security Alert. If so, answer "Yes" to continue.
HOL-SDC-1602
Page 118
HOL-SDC-1602
Start a continuous ping from linux-micro-01b to the

ControlCenter Desktop
Type ping 192.168.110.10
Press Enter
HOL-SDC-1602
Page 119
HOL-SDC-1602
Launch WireShark from the ControlCenter Desktop

Click on the Wireshark icon on the ControlCenter Desktop
HOL-SDC-1602
Page 120
HOL-SDC-1602
Select an Interface to capture

Click on Interface List
Wireshark Capture Interfaces

1. Check the box to the left of Local Area Connection VMware vmxnet3 virtual network
device (default)
2. Click Start
HOL-SDC-1602
Page 121
HOL-SDC-1602
Stop the Capture

Click the Stop the running live capture icon
HOL-SDC-1602
Page 122
HOL-SDC-1602
Filter the capture for ICMP traffic

1. In the Filter: box type icmp
2. Click the Apply icon
HOL-SDC-1602
Page 123
HOL-SDC-1602
Inspect an icmp packet

1. Click on any of the ICMP request packets from 192.168.110.130 (The linux-micro-01b
VM)
2. Click the plus sign to the left of Internet Protocol version 4
3. Click the plus sign to the left of Differentiated Services Field
4. Observe the DSCP value of 63 in hexadecimal 0x3f
Now that we have shown that we can tag packets let's investigate traffic filtering.
You can close Wireshark when you are done. Leave the PuTTY session to linuxmirco-01b open. We will need it for the next lesson.
HOL-SDC-1602
Page 124
HOL-SDC-1602
Implementing Traffic Filtering

Traffic filtering is the ability to filter packets based on the various parameters of the
packet header. This capability is also referred to as Access Control Lists (ACLs), and it is
used to provide port level security on the VDS.
HOL-SDC-1602
Page 125
HOL-SDC-1602
Traffic Filtering Diagram

The VDS supports packet classification based on the following three different types of
qualifiers:
MAC SA and DA qualifier
System Traffic qualifiers vMotion, Management, FT, etc.
IP Qualifiers Protocol type, IP SA, IP DA, and Port number
Once the qualifier is selected and packets are classified, users have the option to either
filter or tag the packets.
When the classified packets are selected for filtering, users have the option to filter
ingress traffic, egress traffic or both.
As shown in the figure above, the traffic-filtering configuration is at the port group level.
In this lab we will implement traffic filtering to block ICMP (Ping) traffic from the VM Port
Group
HOL-SDC-1602
Page 126
HOL-SDC-1602
HOL-SDC-1602
Page 127
HOL-SDC-1602
Edit the VM Network Port Group Settings

Return to the Web Client.
Click "Edit" to edit the VM Network port group settings.
HOL-SDC-1602
Page 128
HOL-SDC-1602
VM Network - Edit Settings - Traffic filtering and marking

1. Click on Traffic filtering and marking in the left hand navigation pane
2. Click on the Network Traffic Rule 1
3. Click the Pencil icon (edit)
HOL-SDC-1602
Page 129
HOL-SDC-1602
Edit Network Traffic Rule - Action

Change Action to Drop
HOL-SDC-1602
Page 130
HOL-SDC-1602
Edit Network Traffic Rule - New IP Qualifier

1. Click the Green + to add a new qualifier
2. Select New IP Qualifier... from the drop down list
HOL-SDC-1602
Page 131
HOL-SDC-1602
New IP Qualifier
1. Select ICMP from the Protocol drop down menu
2. Select Source address is and set to192.168.100.130
3. Click OK
HOL-SDC-1602
Page 132
HOL-SDC-1602
Remove the System traffic qualifier

1. Click on the System traffic qualifier
2. Click the Red X to remove the System traffic qualifier
HOL-SDC-1602
Page 133
HOL-SDC-1602
Remove the System traffic qualifier

Click Yes
HOL-SDC-1602
Page 134
HOL-SDC-1602
Edit Network Traffic Rule

Click OK
HOL-SDC-1602
Page 135
HOL-SDC-1602
VM Network - Edit Settings

Ensure that your Traffic filtering and marking settings match
1. 1 | Network Traffic Rule 1| Drop | Ingress
2. IP | ICMP
3. Click OK
HOL-SDC-1602
Page 136
HOL-SDC-1602
Stop Ping on the linux-micro-01b VM

To confirm that we can no longer send ICMP traffic from our VM, let's run another test.
Return to the PuTTY session for linux-micro-01b and stop Ping by pressing CTRL-C
HOL-SDC-1602
Page 137
HOL-SDC-1602
Observe that ICMP (Ping) traffic is now being dropped

Now let's send only 4 ICMP packets instead of doing a continuous ping.
Enter "ping -c 4 192.168.110.10"
Wait about 10 seconds and observe the result. With our traffic filtering, the ICMP
packets to ControlCenter desktop have been dropped.
HOL-SDC-1602
Page 138
HOL-SDC-1602
Edit the VM Network Port Group Settings

Return to the Web Client.
Click "Edit" to edit the VM Network port group settings.
HOL-SDC-1602
Page 139
HOL-SDC-1602
Remove Network Traffic Rule 1

1. Click on Traffic filtering and marking in the left hand navigation pane
2. Click on the Network Traffic Rule 1
3. Click the red X icon
4. Click OK
Observe that ICMP traffic is once again flowing between

the VM's
Switch back to the PuTTY session
Press the up arrow to bring the last ping command back from history (or enter "ping -c 4
192.168.110.10")
HOL-SDC-1602
Page 140
HOL-SDC-1602
The ping now responds successfully.

This concludes QoS Tagging and Filtering. You may close the PuTTY session and the
Chrome browser.
HOL-SDC-1602
Page 141
HOL-SDC-1602
Monitoring the vSphere Distributed

Switch with Encapsulated Remote
Mirroring
The remote mirroring capability on VDS helps send traffic from a virtual machine
running on one host to a virtual machine on another host for debugging or monitoring
purposes.
vSphere Distributed Switch 5.1 and above supports the following protocols:
Switch Port Analyzer (SPAN, RSPAN, ERSPAN)
IP Flow Information Export (IPFIX / NetFLow v10)
In this lesson we will monitor virtual machine traffic using a centrally located traffic
analyzer.
Prepare testing tools

Before configuring Remote Port Mirroring we need to prepare our testing infrastructure.
HOL-SDC-1602
Page 142
HOL-SDC-1602
Open PuTTY Session

1. From the ControlCenter desktop, click the PuTTY icon on the task bar.
2. In the PuTTY Configuration window scroll down to the saved session for "linuxmicro-01b.corp.local" and click "Open"
HOL-SDC-1602
Page 143
HOL-SDC-1602
Start Pinging base-w12-01b

Start pinging the VM base-w12-01b - this VM uses IP address 192.168.100.131.
We are showing the name in this step since we will refer to the VM name later when
creating the port mirror.
HOL-SDC-1602
Page 144
HOL-SDC-1602
Launch tshark
In this module, we will use Tshark, a terminal based network traffic analyzer similar to
WireShark.
To launch it, double click on the Tshark icon on the desktop. We've added a filter to only
look at ICMP traffic to/from 192.168.100.131 (base-w12-01b).
HOL-SDC-1602
Page 145
HOL-SDC-1602
Important - Re-enter tshark start command

Note: Due to an error in the tshark batch file, you will need to copy the command below
and paste it into the command window using the "Send Text" feature of your lab
interface.
"C:\Program Files\Wireshark\tshark.exe" -p -Y "icmp and not icmp.code == 2 and ip.addr
== 192.168.100.131"
Press "Enter" and then close out the "Send Text To Console" window.
Check the Tshark window

In the previous step, the ping succeeded but If you look at your tshark window, you'll
see it stays empty. No traffic is currently visible from our Windows desktop.
That's perfectly normal, to get it here, we first need to mirror it using Encapsulated
Remote Mirroring. That's the objective of the next lesson.
Note: For the curious, we've launched Tshark in non-promiscuous mode (-p). Our
Control Center, being in the same L2 as our VMs, could have seen the traffic in some
situations, e.g., if both VMs were hosted on different ESXi hosts. We are using
Encapsulated Remote Mirroring here even if it would have been easier with Remote
HOL-SDC-1602
Page 146
HOL-SDC-1602
Mirroring as the objective of this module is to demonstrate Encapsulated Remote

Mirroring.
Encapsulated Remote Mirroring Configuration

In our nested environment where all of the physical switch configuration is out of reach,
a convenient feature to monitor VM traffic from a central location is Encapsulated
Remote Mirroring, as it doesn't require any physical switch configuration.
With Encapsulated Remote Mirroring, you can mirror the traffic to any location in your
environment. This is done simply by defining the destination IP address of the mirrored
traffic.
In this lesson we will configure our VDS to mirror traffic to the windows desktop where
you are currently connected.
HOL-SDC-1602
Page 147
HOL-SDC-1602
Open the vSphere Web Client

If not already open, start the web client by starting Google Chrome from the shortcut on
your desktop.
Tick the box to "Use Windows session authentication" and then click "Login"
HOL-SDC-1602
Page 148
HOL-SDC-1602
Navigate to base-w12-01b
1. In the Web Client quick search bar, type "site-b"
2. Click the link for the Distributed Switch "vds-site-b"
HOL-SDC-1602
Page 149
HOL-SDC-1602
Add a New Port Mirror Session

1. Click the Manage tab.
2. Click Settings.
3. Select Port Mirroring.
4. Click the Green + to create a new session.
HOL-SDC-1602
Page 150
HOL-SDC-1602
Select session type

1. Select Encapsulated Remote Mirroring (L3) Source
2. Click Next.
Edit Properties
1. Type Encapsulated Remote Mirroring - Destination in the Name field
2. Enable its status.
3. Click Next
HOL-SDC-1602
Page 151
HOL-SDC-1602
Select sources
There are two options to Select sources, you can select Ports in a list or directly type in a
Port IDs range like 2-8 for example.
1. Click the first + icon to select Port IDs from a list.
HOL-SDC-1602
Page 152
HOL-SDC-1602
Select Ports
Selecting from a list is easier than typing a Port Range, you see the Connected Entity
here, so you can easily select the VMs you want to monitor.
Click on the checkbox for the Port ID connected to the full-sles-01a entity. Be careful to
select the correct one, the order of your list may differ.
Click OK.
HOL-SDC-1602
Page 153
HOL-SDC-1602
Limit Traffic Direction

By default, mirroring of traffic will happen for both Ingress and Egress traffic. You can
limit the direction by clicking on the respective icons.
1. Click on the left blue arrow to mirror only Egress traffic.
Note: Keep in mind the notion of Egress and Ingress is defined by how the flow relates to
the VDS. Egress, in this context, means all the traffic going out of the VDS to the
selected Port IDs.
2. Click Next.
HOL-SDC-1602
Page 154
HOL-SDC-1602
Select destinations
Click the green + icon.
Add IP Address
1. Type the IP address of the Control Center where we will analyze the mirrored traffic:
192.168.110.10
2. Click OK.
HOL-SDC-1602
Page 155
HOL-SDC-1602
Next
Click Next.
Ready to complete
Review your Port Mirroring Session settings.
Click Finish.
Confirm settings
1.
Your Encapsulated Remote Mirroring - Destination Port mirroring session is now
Enabled.
HOL-SDC-1602
Page 156
HOL-SDC-1602
2.
To confirm the settings you can select Encapsulated Remote Mirroring - Destination
and click on the Sources and Destinations tabs.
You should have the same information as:
Status: Enabled
Connectee: base-w12-01b
Traffic Direction: Egress
Destination: 192.168.110.10 (not displayed in this screen capture, available behind the
Destinations tab).
Click on the pencil and update your configuration accordingly until you get the same
result.
Confirm you now see the mirrored traffic

Switch to your Tshark window, you should now see the mirrored traffic reaching your
Windows desktop.
We only see the Echo request, no reply here, it's normal as we are only mirroring Egress
traffic.
If the Tshark window stays empty read the following troubleshooting notes.
HOL-SDC-1602
Page 157
HOL-SDC-1602
Troubleshooting Notes
1. Check the linux-micro-01b PuTTY session to see if the ping is still running. If that's
not the case, re-launch it.
2. Double check the Encapsulated Remote Mirroring - Destination session settings
(see previous step).
3. Make sure you've applied this Encapsulated Remote Mirroring configuration to
vds-site-b and not vds-site-a.
Encapsulated Remote Mirroring and vMotion

Before wrapping up this Encapsulated Remote Mirroring module, we'll confirm that when
vMotioning a VM, its traffic is still mirrored.
HOL-SDC-1602
Page 158
HOL-SDC-1602
VMs and Templates

1. Type "base-w12" in the Web Client quick search box.
2. Click the link for the VM "base-w12-01b"
HOL-SDC-1602
Page 159
HOL-SDC-1602
Migrate...
1. Click on Actions
2. Select Migrate...
HOL-SDC-1602
Page 160
HOL-SDC-1602
Change compute resource only

Click Next.
HOL-SDC-1602
Page 161
HOL-SDC-1602
Select Destination Resource

1. Select esx-01b.corp.local
2. Click Next.
HOL-SDC-1602
Page 162
HOL-SDC-1602
Select network
Click Next
HOL-SDC-1602
Page 163
HOL-SDC-1602
Select vMotion Priority

Click Next.
HOL-SDC-1602
Page 164
HOL-SDC-1602
Review Selections
Compare your selections with the following yellow boxes.
If that looks the same on your side click Finish, click Back otherwise.
HOL-SDC-1602
Page 165
HOL-SDC-1602
Mirroring is still happening

Switch back to your Tshark window to confirm traffic is still mirrored.
You can now close the Tshark window.
You can now close the PuTTY session.
This concludes our Encapsulated Remote Mirroring lesson.
HOL-SDC-1602
Page 166
HOL-SDC-1602
Implementing LACP on the vSphere

Distributed Switch
vSphere 5.1 added limited support for Link Aggregation Control Protocol (LACP), with
these constraints:
Supports only one Link Aggregation Group (LAG) per VDS per host.
All uplinks in the dvuplink port group are included in this LAG.
Only the IP hash load balancing algorithm is supported.
vSphere 5.5 now comes with an enhanced LACP implementation which now supports:
Support for multiple LAGs (Up to 32 LAGs per host and 64 LAGs per VDS).
Multiple load balancing options (22 different hashing algorithms)
In this module we will demonstrate how to configure LACP v2.
If you feel comfortable with the concepts involved with LACP, you can skip ahead to the
next section.
Link Aggregation Control Protocol is a vendor-independent standards defined in IEEE
802.1ax (formerly IEEE 802.3ad). It provides a mechanism to control the bundling of
several ports together to form a single logical channel by sending LACP packets to a
peer which also implement LACP.
LACP provides higher bandwidth and network redundancy.
The automatic negotiation of link aggregation parameters between virtual and physical
switches provides the following advantages over static configuration:
Plug and Play Automatically configures and negotiates between host and
access layer physical switch
Dynamic Detects link failures and cabling mistakes and automatically
reconfigures the links
Lastly, one last definition, a Link Aggregation Group is a grouping of multiple individual
links - with compatible properties - formed into a single logical channel.
Check Requirements
In this lesson we will check the requirements to implement LACP v2 on vSphere.
HOL-SDC-1602
Page 167
HOL-SDC-1602
LACP v2 requirements
Before jumping in, please note the following restrictions when using LACP v2:
A vSphere Distributed Switch version 5.5 is required.
Only same speed links can be combined to form a LAG.
Only one LAG can be made active in the teaming configuration of a Port
Group.
No other uplinks can be active or in standby mode at the same time,
failover will be handled at the LACP level.
HOL-SDC-1602
Page 168
HOL-SDC-1602
Login to the vSphere Web Client

Launch the Google Chrome browser from your desktop.
Tick the box next to "Use Windows session authentication" and click "Login"
HOL-SDC-1602
Page 169
HOL-SDC-1602
Navigate to vds-site-b
1. In the web client quick search type "vds"
2. Click on the link for the Distributed Switch "vds-site-b"
HOL-SDC-1602
Page 170
HOL-SDC-1602
Check vSphere Distributed Switch version

Click on summary tab. As you can see, VDS version is 6.0, but an upgrade of the switch
features is available.
1. Click on the "Upgrades Available" link to view information about features that you can
enable.
2. One of these is Enhanced LACP Support.
HOL-SDC-1602
Page 171
HOL-SDC-1602
vds-site-b Enhance
Let's add Enhanced LACP Support by opening the Features widget and clicking the
"Enhance" link under Link Aggregation Control Policy.
HOL-SDC-1602
Page 172
HOL-SDC-1602
Enhance LACP Overview

It is a good idea to back up your switch configuration before enhancing the VDS.
However, in this lab we will throw caution to the wind and click "Next"
HOL-SDC-1602
Page 173
HOL-SDC-1602
Validate prerequisites
Everything looks good, click "Next"
HOL-SDC-1602
Page 174
HOL-SDC-1602
Ready to Complete
Ready to go, click Finish to enhance our VDS.
Create a Link Aggregation Group on the VDS

In this lesson we will create a LAG on the VDS
HOL-SDC-1602
Page 175
HOL-SDC-1602
Add a new LAG group

1. Select the Manage Tab
2. Click on LACP.
3. You can now add a new Link Aggregation Group by clicking on the green + icon.
HOL-SDC-1602
Page 176
HOL-SDC-1602
Fill out the form

1. Select Source and destination IP address and VLAN as the load balancing scheme
and keep everything else as is. As you can see in the current LACP
implementation we support lots of different load balancing modes.
2. Mode Passive means The port is in a passive negotiating state. In passive mode
the port responds to LACP packets it receives but does not initiate LACP
negotiation.
Note: The Port Policies section is gray, we'll see how to activate it later in the lab .
3.
Click OK.
HOL-SDC-1602
Page 177
HOL-SDC-1602
LAG created
Your lag1 is now created.
If you don't see lag1 in the list, you may need to refresh the Web Client.
In the next step we'll confirm the creation of our LAG in our host.
HOL-SDC-1602
Page 178
HOL-SDC-1602
Launch PUTTY
Click Start > PuTTY
HOL-SDC-1602
Page 179
HOL-SDC-1602
Connect to esx-03a.corp.local
1. Select esx-01b.corp.local in the Saved Configurations list
2. Click Open.
HOL-SDC-1602
Page 180
HOL-SDC-1602
Confirm LAG creation from the command line

Type the following command:
esxcli network vswitch dvs vmware lacp config get
as you can see lag1 is created but it isn't associated with any NICs. We'll do that in the
next section.
Note:You can keep Putty open for now.
Configure the hosts to use the LAG

In this lesson, we will add physical NICs to our lag1. Please switch back to the vSphere
Web Client.
HOL-SDC-1602
Page 181
HOL-SDC-1602
Migrating network traffic to LAGs

A wizard will help you in migrating network traffic to LAG, make sure you've selected
vds-site-b > Manage > Settings > LACP.
Click on Migrating network traffic to LAGs to launch the wizard.
HOL-SDC-1602
Page 182
HOL-SDC-1602
Add and Manage Hosts...

Click on Add and Manage Hosts...
HOL-SDC-1602
Page 183
HOL-SDC-1602
Manage host networking

1. Click on Manage host networking radio buttonand
2. Click Next
HOL-SDC-1602
Page 184
HOL-SDC-1602
Add hosts
Click the green + to add Hosts to the list
Select Hosts
1. Select both hosts by clicking on the checkbox in the heading
2. Click OK.
HOL-SDC-1602
Page 185
HOL-SDC-1602
Activate template mode

1. Activate the template mode by clicking on the checkbox at the bottom
2. Click Next.
Note: By using the template node you only configure one node, all the operations will
be replicated on the remaining nodes. All the nodes need to have the same
configuration. To get more information on this mode, you can click on the gray icon just
after (template mode).
HOL-SDC-1602
Page 186
HOL-SDC-1602
Select template host

1. Select esx-01b.corp.local
2. Click Next.
HOL-SDC-1602
Page 187
HOL-SDC-1602
Select network adapter tasks

1. Make sure only the first option Manage physical adapters (template mode) is
selected
2. Click Next.
HOL-SDC-1602
Page 188
HOL-SDC-1602
Manage Physical network adapters vmnic2

1. Select vmnic2
2. Click Assign uplink.
HOL-SDC-1602
Page 189
HOL-SDC-1602
Assign vmnic2 to lag1-0

1. Select lag1-0
2. Click OK.
HOL-SDC-1602
Page 190
HOL-SDC-1602
Manage Physical network adapters vmnic3

1. Select vmnic3
2. Click Assign uplink.
HOL-SDC-1602
Page 191
HOL-SDC-1602
Assign vmnic3 to lag1-1

1. Select lag1-1
2. Click OK.
HOL-SDC-1602
Page 192
HOL-SDC-1602
Apply to all
1. To replicate the configuration of esx-01b.corp.local on esx-02b.corp.local click on
Apply to all
2. Click Next.
HOL-SDC-1602
Page 193
HOL-SDC-1602
Analyze impact
vCenter tells you there isn't any impact on network dependent services, so you can
relax and click Next.
HOL-SDC-1602
Page 194
HOL-SDC-1602
Ready to complete
click Finish to proceed and wait until the operation completes.
HOL-SDC-1602
Page 195
HOL-SDC-1602
Confirm NICs <-> LAG association from the command line

Switch back to your Putty session which should still be connected to
esx-01b.corp.local.
If you closed it, launch Putty again and connect to esx-01b.corp.local.
Use the up arrow key to recall the last command or type it again:
esxcli network vswitch dvs vmware lacp config get
As you can see, your lag1 is now associated with vmnic2 and vmnic3. Congratulations
!!!
Wait, we still have one more thing to do to use this LAG in production.
Configure a Port Group to use the LAG

We are almost done with our LACP Hands on lab module, the last step is to configure a
Port Group to use this Link Aggregation Group for its uplink.
HOL-SDC-1602
Page 196
HOL-SDC-1602
Manage Distributed Port Groups...

Switch back to vSphere Web Client
In the wizard click on Manage Distributed Port Groups...
Note: If you closed the wizard earlier, you can reopen it from the LACP settings by
clicking on Migrate network traffic to LAGs.
HOL-SDC-1602
Page 197
HOL-SDC-1602
Select port group policies

1. Select Teaming and failover policies
2. Click Next.
HOL-SDC-1602
Page 198
HOL-SDC-1602
Select distributed port groups

We need to add port groups to edit. Click the icon indicated in the screen shot.
HOL-SDC-1602
Page 199
HOL-SDC-1602
Select Distributed Port Groups

1. For this lesson, let's use the VM Network port group. Select it
2. Click OK.
HOL-SDC-1602
Page 200
HOL-SDC-1602
Select port groups

Click Next.
HOL-SDC-1602
Page 201
HOL-SDC-1602
Teaming and failover

1. Select lag1
2. Click six times on the up arrow icon to move it above Uplink 1.
HOL-SDC-1602
Page 202
HOL-SDC-1602

Click on the red icon warning and read the popup alert which reminds you of an
important caveat.
To comply, select each uplink and move them down to "Unused uplinks" using the blue
down arrow.
HOL-SDC-1602
Page 203
HOL-SDC-1602

You should have something similar to the screenshot above.
As you can see the red warning icon disappeared and a gray icon appeared next the
load balancing scheme. If you click on it, you'll learn that the load balancing scheme of
the Port Group will get overwritten by the one from the LAG.
You can now click Next.
Ready to complete
Click Finish and close the wizard window.
Congratulations, your LACP configuration is now complete for your lag1. In a real-world
scenario we would do the same process for the Management, Storage and vMotion
networks or we could also share a common LAG depending on NICs availability and
network requirements.
HOL-SDC-1602
Page 204
HOL-SDC-1602
But, you know the drill, your time at VMworld 2015 is valuable so let's not repeat
ourselves and wrap up this module in the next chapter.
Check the Topology

Now let's inspect the topology
HOL-SDC-1602
Page 205
HOL-SDC-1602
Close wizard
Close the LAG migration wizard
HOL-SDC-1602
Page 206
HOL-SDC-1602
Topology
1. Select Topology
2. Select on the VM Network Port Group.
3. Click on the gray arrow in front of lag1 to see the implementation details for each
host.
This confirms Data traffic will use the newly created lag1 which use 3 physical NICs on
each host.
Conclusion
This concludes our LACP lab module. Keep in mind when implementing this features the
following requirements:
VDS 5.5 and a physical switch implementing LACP are both required.
Only same speed links can be combined to form a LAG.
Only one LAG can be made active in the teaming configuration of a Port
Group.
No other uplinks could be active or in standby mode at the same time,
failover will be handled at the LACP level.
Regarding the maximums, you can have up to 32 LAGs per host but the number of
NICs on a host is also limited to 32 if you have 1 Gbe interfaces, or 8 for 10 Gbe
ones.
HOL-SDC-1602
Page 207
HOL-SDC-1602
So, for example, you can only create 16 LAGs with two 1 Gig interfaces each.
Thanks for taking the time to learn about LACP in vSphere 5.5.
If you want to know even more about LACP configuration, continue to the next optional
lesson, or skip it and go directly to the next module if you are short on time.
OPTIONAL - Allow Overrides of Port Policies

In this lesson we'll show how to allow a LAG to override Port Group policies. By using this
feature, you'll be able to override VLAN or NetFlow settings as soon as the traffic goes
out through the specified LAG.
If you are short on time you can skip it.
Edit uplink port group settings

1. Click on vds-site-b-corpnet-uplink.
2. Click Edit distributed port group settings icon.
HOL-SDC-1602
Page 208
HOL-SDC-1602
Edit Advanced Settings

1. Select the Advanced tab
2. Click on Allowed Radio buttons for both VLAN and NetFlow
3. Click OK.
HOL-SDC-1602
Page 209
HOL-SDC-1602
Confirm you can now override Port Policies.

1. Select the LACP tab
2. Select the lag1 LAG and note the Port Policies is currently inherited from uplink
port group.
3. Click on the pencil to edit the LAG.
HOL-SDC-1602
Page 210
HOL-SDC-1602
Edit Link Aggregation Group

As you can see above, you can click on the Override checkbox for both VLAN type and
Netflow to override the Port Group policies.
1.
2.
3.
4.
5.
VLAN type: check Override

VLAN trunk range: 0-100
NetFlow: check Override
NetFlow: select Enabled form drop down menu
Click OK
If you do so, all the traffic going out this LAG will comply to this setup no matter the
configuration of the originating Port Group.
HOL-SDC-1602
Page 211
HOL-SDC-1602
Confirm Overrides
Port Policies is now overridden. (You may have to update the Web Client to see the
changes)
That conclude the LACP lesson of the HOL-SDC-1602 Hands on Lab.
HOL-SDC-1602
Page 212
HOL-SDC-1602
Managing NSX
This lab does not include NSX capability due to resource constraints. However, the
video in the next step is provided for an overview of the vRealize Operations
Management Pack for NSX. For a deeper level of understanding of NSX, please consider
the following lab:
HOL-SDC-1624 VMware NSX and the vRealize Suite
Video - Management Pack for NSX (4:08)
HOL-SDC-1602
Page 213
HOL-SDC-1602
Module 3: Build and

Manage Your
Infrastructure - Storage (30 Minutes)
HOL-SDC-1602
Page 214
HOL-SDC-1602
VVOL Management
VVOL is beyond the scope of this lab.. See HOL-SDC-1627 "VMware Software Defined
Storage - Advanced Topics" for an overview of VVOL.
HOL-SDC-1602
Page 215
HOL-SDC-1602
VSAN Management
In this module we will show how you can monitor Virtual SAN 6 using the vRealize
Operations Manager Management Pack for Storage Devices (MPSD). This module only
provides a high level preview of VSAN integration and management. For a deeper level
of understanding of VSAN, please consider the following labs:
HOL-SDC-1608 Virtual SAN 6 from A to Z
Video - Management Pack for Storage Devices (5:34)
HOL-SDC-1602
Page 216
HOL-SDC-1602
Module 4: Build and

Manage Your
Infrastructure - Scale Out
- (60 Minutes)
HOL-SDC-1602
Page 217
HOL-SDC-1602
Build a Resilient Management Platform

vCenter Architecture Changes in vSphere 6.0
With the release of vSphere 6.0, vCenter Server installation and configuration has been
dramatically simplified. The installation of vCenter now consists of only two components
that provide all services for the virtual datacenter:
Platform Services Controller This provides infrastructure services for the
datacenter. The Platform Services Controller contains these services:
vCenter Single Sign-On
License Service
Lookup Service
VMware Directory Service
VMware Certificate Authority
vCenter Services The vCenter Server group of services provides the remainder
of the vCenter Server functionality, which includes:
vCenter Server
vSphere Web Client
vCenter Inventory Service
vSphere Auto Deploy
vSphere ESXi Dump Collector
vSphere Syslog Collector (Microsoft Windows)/VMware Syslog Service
(Appliance)
So, when deploying vSphere 6.0 you need to understand the implications of these
changes to properly architect the environment, whether it is a fresh installation, or an
upgrade. This is a dramatic change from previous releases, and one that is going to be a
source of many discussions.
HOL-SDC-1602
Page 218
HOL-SDC-1602
vCenter Deployment Modes - vCenter Server with an

Embedded Platform Services Controller:
There are two basic architectures that can be used when deploying vSphere 6.0. The
first one is vCenter Server with an Embedded Platform Services Controller This
mode installs all services on the same virtual machine or physical server as vCenter
Server. This is ideal for small environments, or if simplicity and reduced resource
utilization are key factors for the environment.
HOL-SDC-1602
Page 219
HOL-SDC-1602
vCenter Deployment Modes - vCenter Server with an

External Platform Services Controller
The second one is vCenter Server with an External Platform Services Controller
This mode installs the platform services on a system that is separate from where
vCenter services are installed. Installing the platform services is a prerequisite for
installing vCenter. This is ideal for larger environments, where there are multiple
vCenter servers, but you want a single pane-of-glass for the site.
vCenter Server - Enhanced Linked Mode

As a result of the architectural changes mentioned above, Platform Services Controllers
can be linked together. This enables a single pane-of-glass view of any vCenter server
that has been configured to use the same Platform Services Controller domain. This
feature is called Enhanced Linked Mode and is a replacement for Linked Mode, which
was a construct that could only be used with vCenter for Windows. The recommended
configuration when using Enhanced Linked Mode is to use an external platform services
controller.
Note: Although using embedded Platform Services Controllers and enabling Enhanced
Linked Mode can technically be done, it is not a recommended configuration. See List of
Recommended topologies for vSphere 6.0 (2108548) for further details.
Enhanced Linked Mode connects multiple vCenter Server systems together by using one
or more Platform Services Controllers.
Enhanced Linked Mode lets you view and search across all linked vCenter Server
systems and replicate roles, permissions, licenses, policies, and tags.
HOL-SDC-1602
Page 220
HOL-SDC-1602
When you install vCenter Server or deploy the vCenter Server Appliance with an
external Platform Services Controller, you must first install the Platform Services
Controller. During installation of the Platform Services Controller, you can select whether
to create a new vCenter Single Sign-On domain or join an existing domain. You can
select to join an existing vCenter Single Sign-On domain if you have already installed or
deployed a Platform Services Controller, and have created a vCenter Single Sign-On
domain. When you join an existing vCenter Single Sign-On domain, the data between
the existing Platform Services Controller and the new Platform Services Controller is
replicated, and the infrastructure data is replicated between the two Platform Services
Controllers.
With Enhanced Linked Mode, you can connect not only vCenter Server systems running
on Windows but also vCenter Server Appliances. You can also have an environment
where multiple vCenter Server systems and vCenter Server Appliances are linked
together.
In the image example below you can see how we can search across all linked vCenter
Server systems.
vCenter Server- Mixed Environments

Prior to vSphere 6.0, there was no interoperability between vCenter for Windows and the
vCenter Server Linux Appliance. After a platform was chosen, a full reinstall would be
required to change to the other platform. The vCenter Appliance was also limited in
features and functionality.
With vSphere 6.0, they are functionally the same, and all features are available in either
deployment mode. With Enhanced Linked Mode both versions of vCenter are
interchangeable. This allows you to mix vCenter for Windows and vCenter Server
Appliance configurations.
This mixed platform environment provides flexibility that has never been possible with
the vCenter Platform.
HOL-SDC-1602
Page 221
HOL-SDC-1602
As with any environment, the way it is configured is based on the size of the
environment (including expected growth) and the need for high availability. These
factors will generally dictate the best configuration for the Platform Services Controller
(PSC).
vCenter Server High Availability

Providing high availability protection to the Platform Services Controller adds an
additional level of overhead to the configuration. When using an embedded Platform
Services Controller, protection is provided in the same way that vCenter is protected, as
it is all a part of the same system.
Availability of vCenter is critical due to the number of solutions requiring continuous
connectivity, as well as to ensure the environment can be managed at all times.
Whether it is a standalone vCenter Server, or embedded with the Platform Services
Controller, it should run in a highly available configuration to avoid extended periods of
downtime.
Several methods can be used to provide higher availability for the vCenter Server
system. The decision depends on whether maximum downtime can be tolerated,
failover automation is required, and if budget is available for software components.
The table below lists methods available for protecting the vCenter Server system and
the vCenter Server Appliance when running in embedded mode.
If high availability is required for an external Platform Services Controller, protection is
provided by adding a secondary backup Platform Services Controller, and placing them
both behind a load balancer.
The load balancer must support Multiple TCP Port Balancing, HTTPS Load Balancing, and
Sticky Sessions. VMware officially supports F5 and Netscaler, and the use of third party
HOL-SDC-1602
Page 222
HOL-SDC-1602
load balancers will result in "best effort" support. See the vendor documentation
regarding configuration details for any load balancer used.
With vCenter 6.0, connectivity to the Platform Services Controller is stateful, and the
load balancer is only used for its failover ability. So active-active connectivity is not
recommended for both nodes at the same time, or you risk corruption of the data
between nodes.
Additional vSphere with Operations Management 6.0

Enhancements
VMware vSphere with Operations Management 6.0 is the latest release of the
industry-leading platform with insight to IT capacity and performance. This release
contains some new features which greatly enhance the ease of Management,
Performance and Resiliency:
New Compute Related Features:
4-vCPU vSphere Fault Tolerance (FT) - Provides continuous availability of any
application in the event of a hardware failurewith no data loss or downtime for
workloads up to 4-vCPU.
Hot Add - An enhancement to the current Hot Add feature is NUMA awareness
when hot-adding memory.
Cross-vCenter vMotion - Enables live migration across vCenter Servers of virtual
machines between servers with no disruption to users or loss of service,
eliminating the need to schedule application downtime for planned server
maintenance.
Long-Distance vMotion - Enables live migration over long distances (up to 150
milliseconds round trip time) of virtual machines between servers with no
disruption to users or loss of service, eliminating the need to schedule application
downtime for planned server maintenance.
Content Library - Provides simple and effective centralized management for VM
templates, virtual appliances, ISO images and scripts.
HOL-SDC-1602
Page 223
HOL-SDC-1602
vRealize Operations Manager 6.0 brings in Scalable &

Resilient Architecture
VMware vRealize Operations Manager 6.0 managed to bring a robust, scalable and
resilient architecture in the platform design. In this release, VMware has moved from
two VM vApp to a single VM virtual appliance. As a new initiative, VMware has created a
newly built serviced based design for this release. So the capacity, performance and all
plug-ins are now services that run across common services in the platform. This one
virtual appliance contains all the services. This is a new architecture that scales out
horizontally to support increased objects, metrics and concurrent users. From a
deployment perspective, we want to remove the complexities of scaling out, so we
deploy the whole stack at a time. When one instance/slice of the stack runs out of
capacity (CPU/Disk/Memory), we can spin up another and add more capacity. We can
keep doing this as necessary to handle the scale.
You can deploy vRealize Operations Manager as a cluster, containing one or more nodes.
Each node in the cluster takes on a particular role: master, master replica, data, or
remote collector. In this way, it provides High Availability (HA) against host and node
failures.
vRealize Operations Manager supports high availability (HA) by enabling a replica node
for the vRealize Operations Manager master node.
When present, an HA replica node can take over the functions that a master node
provides. When a problem occurs with the master node, failover to the replica node is
automatic and requires only two to three minutes of vRealize Operations Manager
downtime. Data stored on the master node is always 100% backed up on the replica
node. In addition, with HA enabled, the cluster can survive the loss of a data node
without losing any data.
When failover occurs, the replica node becomes the master node, but you will not have
HA again until you convert a data node into a new replica node. Old, failed master
nodes should be removed from the cluster. They cannot be reused in vRealize
Operations Manager.
To enable HA, you must have another node deployed in addition to the master node.
When you deploy nodes as virtual machines, deploy the replica node on different
hardware than the master node so that backup is physically redundant.
HOL-SDC-1602
Page 224
HOL-SDC-1602
vRealize Operations - Unified Management Short Lab
HOL-SDC-1602
Page 225
HOL-SDC-1602
Unified Management With vRealize Operations - Login

Open Firefox browser. Go to vRealize Operations vrops-01 URL as shown in the
screenshot (step1).
Login with user admin and password VMware1! as per steps 2 and 3 in the screenshot
above.
HOL-SDC-1602
Page 226
HOL-SDC-1602
Navigate To The Unified Management Dashboard

Once you have logged-in,
1. Select Dashboard List
2. Then Unified Management.
HOL-SDC-1602
Page 227
HOL-SDC-1602
Unified Management With vRealize Operations Dashboard which span 2 vCenter Servers
This Dashboard is using the Environment Overview widget which displays the health,
risk, and efficiency of resources for a given object from the managed inventory. In this
case we can see that the dashboard spans the two vCenter Servers environments we
have in our inventory. As you click on one of the vCenter Server Objects, its entire
topology is then being highlighted making it easier to understand health and workload
issues in the context of the inventory relationships. You can then toggle between the
badges to see different information such as Workload, Stress, Capacity and Time
Remaining etc...
Migrating VM's Between vCenter Servers

vMotion in VMware vSphere 6.0 delivers breakthrough new capabilities that will offer
customers a new level of flexibility and performance in moving virtual machines across
their virtual infrastructures. Included with vSphere 6.0 vMotion are features - Longdistance migration, Cross-vCenter migration, Routed vMotion network - that enable
seamless migrations across current management and distance boundaries. For the first
time ever, VMs can be migrated across vCenter Servers separated by cross-continental
distance with minimal performance impact. vMotion is fully integrated with all the latest
vSphere 6 software-defined data center technologies including Virtual SAN (VSAN) and
Virtual Volumes (VVOL). Additionally, the newly re-architected vMotion in vSphere 6.0
HOL-SDC-1602
Page 228
HOL-SDC-1602
now enables extremely fast migrations at speeds exceeding 60 Gigabits per second. In
this module we are going to take a closer look at cross vCenter Servers vMotion.
Let's take a look around.

Switch back to the vSphere Web Client
1. Select "Use Windows session authentication".
2. Click the "Login" button.
This will pass through your current credentials (CORP\Administrator) to the Platform
Services Controller for confirmation that you are allowed to access the system and your
assigned roles. Notice that the login proceeds immediately with vSphere 6.
HOL-SDC-1602
Page 229
HOL-SDC-1602
A Familiar View
Feel free to click the push pins for the "Alarms", "Work In Progress" and "Recent Tasks"
panes. This will give you a little more room to work. You open the pane by clicking on
the closed pane and then re-close it by clicking on the closed pane button again.
Click on "Hosts and Clusters".
HOL-SDC-1602
Page 230
HOL-SDC-1602
Focus on linux-micro-01a
Expand both vCenter inventories.
1. Navigate to the linux-micro-01a virtual machine, it should be powered on. If not,
please power it on.
2. Make sure you are on the Summary tab
HOL-SDC-1602
Page 231
HOL-SDC-1602
Review the virtual network adapter connection

Expand the "VM Hardware" pane. Notice that a single virtual network adapter is
connected to the "VM Network" portgroup which is on virtual Standard Switch.
Click on the "VM Network" link.
HOL-SDC-1602
Page 232
HOL-SDC-1602
Review the networks in the data centers

Expand the network inventories in both vCenters. There is a virtual Distributed Switch
in both data centers as well as the standard switch. We will migrate the linux-micro-01a
VM from the Standard Switch on esx-01a Site A to the Distributed Switch in Site B.
Click the "Recent Objects" control to return to the linuxmicro-01a VM

Using the Recent object button, simply highlight "linux-micro-01a" and click to return to
this recently viewed object. This is a new time-saver in the vSphere 6 Web Client.
HOL-SDC-1602
Page 233
HOL-SDC-1602
Prepare to test networking during the migration

1. Open the Windows Start menu.
2. Click the "ping-linux-micro-01a" short cut.
HOL-SDC-1602
Page 234
HOL-SDC-1602
Verify the continuous ping to linux-micro-01a

After the ping has started, minimize the Windows command window. The continuous
ping will verify network connectivity during the cross-vCenter vMotion.
HOL-SDC-1602
Page 235
HOL-SDC-1602
Prepare to test networking even further

Open PuTTy from the Windows start bar along the bottom.
1. Select "linux-micro-01a.corp.local"
2. Press the "Load" button
3. Press the "Open" button
HOL-SDC-1602
Page 236
HOL-SDC-1602
Login proceeds
Public key SSH authentication is set up so no password is required.
Test networking from the VM

Let's start a continuous ping to Control Center from the VM we will be migrating.
Enter:
ping 192.168.110.10
Now you are ready to migrate.
Migrate the VM
Minimize the current PuTTy session (don't close it!) and go back to the vSphere Web
Client.
HOL-SDC-1602
Page 237
HOL-SDC-1602
Right click on the 'linix-micro-01a' VM and select 'Migrate'.
HOL-SDC-1602
Page 238
HOL-SDC-1602
Choose Both Compute Resource and Storage

1. We need to relocate the storage as well for cross-site vMotion to work because we
didn't configure shared virtual machine storage.
2. Click Next
In our example we have configured a routable vMotion network and then enabled
vMotion TCP stack in vmkernel with different default gateway on all ESXi hosts. This is
explained in the vSphere 6.0 documentation: Place vMotion Traffic on the vMotion
TCP/IP Stack of an ESXi Host
HOL-SDC-1602
Page 239
HOL-SDC-1602
Select Compute Resource

1. Select Cluster Site B which is under the 2nd site vCenter Server (vcsa-01b.corp.local)
2. Then click Next.
HOL-SDC-1602
Page 240
HOL-SDC-1602
Select storage
Accept the default storage options and click Next.
HOL-SDC-1602
Page 241
HOL-SDC-1602
Select Folder
1. Select the Discovered virtual machines folder
2. Then click Next.
Then continue with the Wizard selecting all the default options then click "Finish".
HOL-SDC-1602
Page 242
HOL-SDC-1602
Monitor Ping
Switch back to the PuTTy session and Command prompt and watch the pings. You may
see a packet drop or a slightly longer delay during the vMotion cut over. Notice that
Layer 2 networking for the VM Network is stretched between the two sites and that the
VM retains its IP address when it migrates between sites.
HOL-SDC-1602
Page 243
HOL-SDC-1602
Back in the vSphere Web Client

Go back to the vSphere Web Client and you should now see the 'linux-micro-01a' VM
running in Cluster Site B.
NOTE - you may need to refresh the vSphere Web Client
HOL-SDC-1602
Page 244
HOL-SDC-1602
Monitor linux-micro-01a
1. Click on 'linux-micro-01a'
2. Select the Monitor tab
3. Then Events
You will notice that all the events for the VM were carried over as it moved to the new
vCenter Server. This is also true for any of the performance data.
HOL-SDC-1602
Page 245
HOL-SDC-1602
Check the VM network configuration

1. Click on the Summary tab
2. Click on the "VM Network" link as before.
HOL-SDC-1602
Page 246
HOL-SDC-1602
Network migration complete

Click on "Related Objects".
Notice that "linux-micro-01a" is now connected to the "VM Network" port group on the
"vds-site-b" Virtual Distributed Switch. It was migrated from a Virtual Standard Switch
on Site A.
HOL-SDC-1602
Page 247
HOL-SDC-1602
Review vmkernel networking

1. Click on the "Hosts and Clusters" icon.
2. Select "esx-01b.corp.local"
3. Open the "Manage" tab
4. Select "Networking"
5. Click on "TCP/IP configuration"
Notice that new with vSphere 6, multiple TCP/IP stacks are provided for vmkernel ports.
The "vMotion" TCP/IP stack is using a different default gateway address than the default
TCP/IP stack which is used for the management network.
Feel free to check a vSphere 6 host on Site A and compare vmkernel TCP/IP
configurations.
In order to accomplish vMotion from the Site A vCenter to the Site B vCenter, vMotion
traffic was routed between the sites. We simulated two sites in this vMotion exercise to
show the flexibility of this new capability. In real life, the VM's layer 2 network must be
stretched and 150ms RTT or less must be maintained on the vMotion network.
HOL-SDC-1602
Page 248
HOL-SDC-1602
Lesson Cleanup - PuTTy

Go back to the PuTTy session and press Ctrl+C to end the ping. Next type in 'exit' to
terminate the PuTTy session.
Lesson Cleanup - Command Prompt

Now go back to the Command Prompt and press Ctrl+C to end the ping and press 'Y' to
terminate the batch job.
Type 'exit' to close the Command Prompt if the window does not close automatically.
Conclusion
Cross vCenter vMotion is a powerful new capability with a number of use cases. It could
be used to migrate between legacy Windows vCenter and a new vCenter appliance or
anytime if makes sense to migrate VMs to a completely new set of virtual infrastructure.
And of course it can be used to migrate VMs between data centers for planned
maintenance or other business purposes without interruption.
In Summary to enable migration across vCenter Server instances, your environment
must meet these requirements:
The source and destination vCenter Server instances and ESXi hosts must be
running version 6.0 or later.
HOL-SDC-1602
Page 249
HOL-SDC-1602
Both vCenter Server instances must be in Enhanced Linked Mode and must be in
the same vCenter Single Sign-On domain so that the source vCenter Server can
authenticate to the destination vCenter Server.
Both vCenter Server instances must be time-synchronized with each other for
correct vCenter Single Sign-On token verification.
For migration of compute resources only, both vCenter Server instances must be
connected to the shared virtual machine storage.
HOL-SDC-1602
Page 250
HOL-SDC-1602
Configuring Auto Deploy

In this lesson, we will demonstrate the steps required to implement Auto Deploy to
support stateless ESXi hosts for upgrading hosts or rapidly deploying new hosts. This lab
will take you through the process of preparing the PXE boot infrastructure, configuring
the Auto Deploy server, preparing the Host Profile, and how to use PowerCLI to import
software bundles and create Image Profiles and deploy rules. Upon completion of this
module we will deploy a new ESXi host into an existing HA cluster.
Case Study
The CIO of BigTelco has decided to implement a cloud-enabled datacenter to
accommodate the agility and scalability requirements of their customers. He is in the
final stage of closing an agreement with the CIO of Rainpole Systems, a software
development firm that is interested in having BigTelco host their cloud infrastructure.
For Rainpole Systems, this new cloud initiative will help redefine their development
model and radically improve time to market for a wave of new customer facing
applications.
Rainpole has asked for the ability to rapidly deploy and maintain hundreds of servers
within hours to meet potential demand. In an effort to prepare for the cloud computing
partnership, the infrastructure teams at BigTelco have committed to spinning up
VMware vSphere Servers on demand to host RainPole System's new projects. To
streamline the numerous server deployments, the CIO has asked you and your team of
engineers to find the best way to adapt BigTelcos cloud environment for this new
challenge. You and your team have decided to leverage VMware vSphere Auto Deploy
and stateless ESXi features.
What is Auto Deploy?

Auto Deploy was first introduced with vSphere 5.0 as a new way to rapidly deploy
vSphere hosts. With Auto Deploy, the vSphere host loads the ESXi software image over
the network directly into the vSphere host's memory. Auto Deploy uses a PXE boot
infrastructure in conjunction with vSphere Host Profiles to provision and customize the
host. vCenter Server manages the state information for each host configured to use
Auto Deploy. For this reason, Auto-Deployed vSphere hosts are often referred to as
being "stateless."
The Auto Deploy server stores the ESXi Image Profiles and vCenter Host Profiles that are
used to provision and configure vSphere hosts in a local cache. Rules are configured on
the Auto Deploy server (using PowerCLI) that use pattern matching to dynamically map
booting vSphere hosts to the appropriate image profiles and host profiles.
HOL-SDC-1602
Page 251
HOL-SDC-1602
Environment Overview
The diagram above shows the high-level architecture for the Auto Deploy lab.
Auto Deploy Components

Auto Deploy Server - Serves images and host profiles to ESXi hosts. The Auto
Deploy server is at the heart of the Auto Deploy infrastructure. The Auto Deploy
server is made up of a rules engine and web server.
Auto Deploy Rules Engine - Tells the Auto Deploy server which image profile
and host profile to serve to each host and where to place the host in the vCenter
inventory. Administrators use the Auto Deploy cmdlets provided with PowerCLI to
define the rules that assign image and host profiles to hosts.
Auto Deploy Web Server - Used to boot hosts and deploy the ESXi Image
Profile. The web server uses HTTPS for both the host boot and Image Profile
exchange.
Image Profiles - Collection of VIBs that make up the ESXi image installed on
vSphere hosts. Image profiles are created using the Image Builder CLI cmdlets
provided with PowerCLI.
Software Depot - VMware and its partners make image profiles and VIBs
available in public depots. Use the Image Builder PowerCLI to customize image
profiles and upload them to the Auto Deploy Server. VMware customers can
create a custom image profile based on the public image profiles and VIBs in the
depot and apply that image profile to the host.
Host Profiles - Define machine-specific configuration such as networking or
storage setup. Administrators create host profiles by using the host profile UI. You
can create a host profile for a reference host and apply that host profile to other
hosts in your environment for a consistent configuration.
HOL-SDC-1602
Page 252
HOL-SDC-1602
Host Customization - Stores information that the user provides when host
profiles are applied to the host. Host customization might contain an IP address or
other information that the user supplied for that host.
Auto Deploy and PowerCLI

The table above describes the deployment information stored by the Auto Deploy
server.
The Auto Deploy server stores the ESXi Image Profiles and vCenter Host Profiles that are
used to provision and configure vSphere hosts in a local cache. Rules are configured on
the Auto Deploy server (using PowerCLI) that use pattern matching to dynamically map
booting vSphere hosts to the appropriate image profiles and host profiles.
Hosts deployed using Auto Deploy run in memory and do not require local storage. This
helps reduce costs and simplify storage architectures by eliminating the need for a
dedicated boot disk (SAN Boot, local hard disks, SD Cards or USB keys).
Verify Prerequisites
Auto Deploy relies on 3 basic software services: DHCP, TFTP, and DNS. These three
systems need to be running and configured in order for Auto Deploy to work correctly.
Below you will find the configurations that need to be in place.
For this lesson, we have a router called vPodRouter, which is a linux virtual machine
that also works as a TFTP and DHCP server. The ControlCenter (the machine that you
are currently logged into), hosts our DNS server.
HOL-SDC-1602
Page 253
HOL-SDC-1602
TFTP and DHCP

For Auto Deploy to work, you will need to have a TFTP server in your infrastructure. The
TFTP server will be used to hold the boot file with the configuration information to be
used by the deployed ESXi host. The TFTP server IP address will have to be specified in
the DHCP Scope Option on the DHCP server, and the host on which we will install ESXi
will need network access to it. You can use any TFTP server you like. Here we are going
to use the native Linux one from our virtual machine vpodrouter.
After you install the TFTP server you will have to copy the boot file to the TFTP root
folder. In our case it will be "/srv/tftp".
Important
Please be aware that the TFTP installation and DHCP configuration was already done for
you in this lab, so you do not need to do it. The following DHCP examples are only for
your information.
DHCP Examples
Once you have a DHCP server ready to use, you will need to do some additional
configuration in order for your new host to receive the right IP address. Below are the
tasks you should perform.
1. Create a IP reservation in DHCP for your host, using the MAC address of a NIC on
your new host and choosing a desired IP address. This will cause your host to
always boot with the same address.
2. You will also need to set the option Boot Server Host Name to point to your
TFTP server address, and the option Bootfile Name to indicate the ESXi boot
image file name.
The way this is configured differs depending on the DHCP server platform. See the
examples for both Windows and Linux next.
Remember, this has already been done for you in this lab, so do not attempt
to perform these steps.
HOL-SDC-1602
Page 254
HOL-SDC-1602
Windows DHCP Option 66

To configure DHCP option 66 on Windows:
1. Scroll to option "066 Boot Server Host Name" and select it
2. Enter your Boot Server Host Name in the String value box
3. Select Apply
HOL-SDC-1602
Page 255
HOL-SDC-1602
Windows DHCP Option 67

To configure DHCP option 67 on Windows:
1.
2.
3.
4.
Scroll to option "067 Bootfile Name" and select it

Enter your Bootfile Name in the string value box
Click Apply
Click OK
Linux DHCP Example

If you are using a Linux DHCP server you will need to edit the /etc/dhcp/dhcpd.conf
file, and add the following lines, either globally or in a scope of your choice:
## Example for AutoDeploy
next-server 192.168.110.1;
if ((exists user-class) and (option user-class = "gPXE")) {
filename "https://vcsa-01a.corp.local:6501/vmw/rbd/tramp";
} else {
filename "undionly.kpxe.vmw-hardwired";
}
HOL-SDC-1602
Page 256
HOL-SDC-1602
DNS Configuration
DNS resolution is critical, because after our host receives an IP address, vCenter will be
attempting to communicate with it by fully qualified domain name. Therefore, a host
entry needs to be created, pointing the new stateless ESXi host's name to the address
you configured it to receive in DHCP.
Open the DNS Console

Open the DNS management console to confirm the DNS entry for our host
esx-03a.corp.local. You can click the shortcut on the desktop or navigate to Windows
Start Menu > Control Panel > Administrative Tools > DNS.
Confirm the Pre-Created DNS Entry

1. Expand the DNS tree for CONTROLCENTER
2. Select Forward Lookup Zones > corp.local
3. Locate the esx-03a entry and confirm that it is a Host (A) entry which points to
192.168.110.53
Add the Boot Image Files to the TFTP Server

Now that we already configured all of the prerequisite systems, we need to add the boot
image files to the TFTP server.
Login to the vSphere Web Client

To login to the vSphere Web Client:
HOL-SDC-1602
Page 257
HOL-SDC-1602
1.
2.
3.
4.
5.
Open Firefox.
Click on the Site A Web Client shortcut
Enter username administrator@corp.local
For password, type VMware1!
Click on Login
HOL-SDC-1602
Page 258
HOL-SDC-1602
Navigate to vCenter Inventory Lists

1. Select Home
2. Select vCenter Inventory Lists
Open vCenter Servers

Select vCenter Inventory Lists> Resources> vCenter Servers.
HOL-SDC-1602
Page 259
HOL-SDC-1602
Select This vCenter Server

Select vcsa-01a.corp.local.
Download the TFTP Boot Zip File

1.
2.
3.
4.
Select the Manage tab

Select Auto Deploy from the list under Settings
Click on Download TFTP Boot Zip
Choose Save File and click OK
Extract the TFTP Boot File

1.
2.
3.
4.
Open File Explorer

Navigate to the Downloads folder where you saved the TFTP boot file.
Right click on the file deploy-tftp.zip
Select Extract All...
HOL-SDC-1602
Page 260
HOL-SDC-1602
5. In the dialog box, click Extract
HOL-SDC-1602
Page 261
HOL-SDC-1602
Verify the Files

You should then see the extracted files, as shown in the screenshot above.
Note: The file name "undionly.kpxe.vmw-hardwired" matches the file name specified in
the lab's DHCP server option.
Minimize or close File Explorer.
Open WinSCP
Now we will copy the files we just extracted to our TFTP server.
1. Open WinSCP using the shortcut on the desktop.
HOL-SDC-1602
Page 262
HOL-SDC-1602
Login to the TFTP Server

Login to the TFTP server by double-clicking the vpodrouter favorites link.
HOL-SDC-1602
Page 263
HOL-SDC-1602
Navigate to the Source Folder

In the left pane, navigate to the local folder where we extracted our boot files, as
follows:
1. You should be in the C:\Users\Administrator\Downloads folder.
2. Double-click on the deploy-tftp folder
You should now be in the C:\Users\Administrator\Downloads\deploy-tftp folder.
HOL-SDC-1602
Page 264
HOL-SDC-1602
Verify the Destination Folder

Now we will do the same on the right pane, which is our TFTP server. This is where we
need to place our boot files.
Verify that you are in the /srv/tftp folder. If you are not in the correct folder, navigate
the vPodRouter's file system to get there. You can double-click the folder named ".." to
go up a folder, if necessary.
HOL-SDC-1602
Page 265
HOL-SDC-1602
Upload the Boot Files to the TFTP Server

To upload the boot files to the TFTP server:
1. Select the snponly64.efi file on the left
2. Hold down the Shift key, then click on the undionly.kpxe.vmw-hardwirednomcast file. Now all the files to be copied are highlighted.
3. Right-click on any of the selected files and choose Upload...
HOL-SDC-1602
Page 266
HOL-SDC-1602
Perform a Binary File Transfer

To perform a binary file transfer, in the upload dialog box, do the following:
1. Click on the downward facing arrow next to Transfer settings...
2. Select Binary
3. Click OK
Confirm the Upload

After the copy completes, the right pane should look like the screen shot above. If so,
you can close WinSCP.
HOL-SDC-1602
Page 267
HOL-SDC-1602
Create a Host Profile

Now we are going to start the Auto Deploy configuration. First, we need to choose a
reference ESXi host. The host should resemble a standard configuration that can be
applied to our Auto Deploy host. Then, we will create a host profile from that reference
host.
Navigate to Host Profiles

Open the vSphere Web Client. If you have closed it, you can browse to
https://vcsa-01a.corp.local/vsphere-client, or use the bookmark toolbar shortcut Site A
vSphere Web Client, and login using the following credentials:
Username: administrator@corp.local
Password: VMware1!
1. Click on the Home button
2. Select Host Profiles
HOL-SDC-1602
Page 268
HOL-SDC-1602
Open the Extract Host Profile Dialog

Click the + icon to open the Extract Host Profile dialog.
Select the Reference Host

1. Be sure that vCenter Server vcsa-01a.corp.local is selected
2. Select esx-02a.corp.local in the list. This will be our reference host.
3. Click Next
HOL-SDC-1602
Page 269
HOL-SDC-1602
Set the Host Profile Name and Description

Give the Host Profile a name and description:
1.
2.
3.
4.
Enter Rainpole as the name

Optionally, add a description
Click Next
Review the details then click Finish
Note: The creation of the profile can take a minute or two.
Confirm Task Completion

You can review the task's progress on the bottom of the page under Recent Tasks. Once
completed, you will see the Host Profile in the Objects list.
HOL-SDC-1602
Page 270
HOL-SDC-1602
Configure the Host Profile and Host Customization

Now that we have created a Host Profile, this will serve as the common or GOLD profile
for the rest of our hosts.
Each host will be associated with a common host profile, and, in many cases, will require
an associated Answer File. The answer file will provide the ability to input host-specific
information that cannot be "answered" in the common profile. As an example, if a
VMkernel port was set up specifically for vMotion or storage, the IP configuration will
need to be indicated in the answer file. Another common need for the answer file would
be for iSCSI information. At the time of this writing, a host has to be part of the
inventory and have a profile applied to it in order to add or update an answer file. The
important thing to remember is that the host profile is common between hosts, while
the answer file is unique for each host.
Edit the Host Profile

Before we apply the profile to our host, we need to edit it in order to configure the
primary NIC of the host to use DHCP.
1. Right click on the Rainpole host profile
2. Click Edit Settings
HOL-SDC-1602
Page 271
HOL-SDC-1602
Change the Host Virtual NIC MAC Address Policy

On the same screen, perform the following:
1.
2.
3.
4.
5.
Select Edit Host Profile on the left

Expand Networking configuration
Click on Host virtual NIC
Choose vds-site-a : Management Network
Change the setting for Determine how MAC address for vmknic should be
decided to User must explicitly choose the policy option
Do not click Next just yet. There is one more option we need to configure.
HOL-SDC-1602
Page 272
HOL-SDC-1602
Change the Host Virtual NIC to Use DHCP

In the Rainpole - Edit Host Profile dialog, perform the following:
1. Expand vds-site-a : Management Network
2. Select IP address settings
3. Change the IPv4 address setting on the right to Use DHCP to configure IP
address
4. Click Next
5. Click Finish on the next screen (not shown).
Wait for the Update to Complete

Check in Recent Tasks on the bottom of the page, and confirm that the Update host
profile task is complete before you proceed.
HOL-SDC-1602
Page 273
HOL-SDC-1602
Prepare the ESXi Image

The ESXi Software Depot is the location in which a group of binaries and software
packages in the form of "images" (used to run ESXi) are stored. The images themselves
can be either provided by VMware from the download page, or a customer could
potentially modify (customize) an image with custom drivers or software (such as
vendor specific CIM providers) by adding/removing "VIBs."
About VIBs
VIB stands for vSphere Installation Bundle. At a conceptual level a VIB is somewhat
similar to a tarball or ZIP archive in that it is a collection of files packaged into a single
archive to facilitate distribution. If we look under the covers, we will find that a VIB is
comprised of three parts:
A file archive
An XML descriptor file
A signature file
The file archive, also referred to as the VIB payload, contains the files that make up the
VIB. When a VIB is added to an ESXi image, the files in the VIB payload will be installed
on the host. When a VIB is removed from an ESXi image these files are removed.
The XML descriptor file describes the contents of the VIB. Included with the
description is important information about the requirements for installing the VIB, to
include any dependencies, any compatibility issues, and whether the VIB can be
installed without rebooting.
The signature file is an electronic signature used to verify the level of trust associated
with the VIB. The acceptance level not only helps protect the integrity of the VIB, but it
also identifies who created the VIB and the amount of testing and verification that has
been done.
For the purposes of this exercise, we are using the VMware provided depot with one of
the default Image Profiles. For the sake of time in the lab, the Software Depot has
already been downloaded to a local folder that we will configure Auto Deploy to use.
The next few steps in this document will give specific commands to run from the
PowerCLI with brief explanations. If you would like further details on each command, at
the PowerCLI prompt type: help <cmdlet>
The key components of the software architecture are:
VIBs
Image Profiles
Software Depots
HOL-SDC-1602
Page 274
HOL-SDC-1602
The VIB is a software package that can be installed on an ESXi host.

Image Profiles are a collection of VIBs that represent a full ESXi Image.
A Software Depot is a repository of VIBs used to create Image Profiles. Software
depots can be accessed online via HTTP as well as offline using ZIP archives.
The image profile defines each of the ESXi images and consists of multiple VIBs.
The Software Depot location has to be accessible from the location you run the PowerCLI
commands (local drive or mapped network drive). For this lab, we have placed the
depot package on the ControlCenter.
Verify the Image Depot Location

As mentioned, the vSphere Software Depot that you will be using to create your Image
Profile has already been downloaded to the ControlCenter VM and is located in the
C:\Software folder with the file name ESXi600-201507001.zip. We will use this
image depot to create our image profile. Please open File Explorer and verify the
existence of this file.
HOL-SDC-1602
Page 275
HOL-SDC-1602
Connect to vCenter using PowerCLI

First, we need to connect to vCenter with PowerCLI.
1. Click on the VMware PowerCLI shortcut on your desktop.
2. Type the following command, or copy and paste it from the README.txt file on
the desktop, and press Enter to execute it.
connect-viserver vcsa-01a.corp.local -user administrator@corp.local -password V

You should see a response as shown above.
Add the ESXi Image Software Depot

Now you will add the ESXi image Software Depot to the PowerCLI session.
1. Type the following command or copy and paste it from the README.txt file on
the desktop:
Add-EsxSoftwareDepot 'C:\Software\ESXi600-201507001.zip'
Verify that you got the Depot URL as the response
Note: Use TAB to auto complete the command.
HOL-SDC-1602
Page 276
HOL-SDC-1602
ESXi image depots can be downloaded from the VMware Website as part of the vSphere
downloads or created by you with Image Builder. The image depot within C:\Software\
ESXi600-201507001.zip. is, at the time of this writing, the latest standard ESX 6.0.0
image depot available from VMware.
View the Image Profiles

To view the image profiles in the repository, type the following command:
Get-EsxImageProfile
Clone the Image Profile

To help us with the Deploy Rule creation we will clone the
ESXi-6.0.0-20150704001-standard image to an easier-to-remember profile name.
We will call the new image profile RainpoleImage.
New-EsxImageProfile -CloneProfile ESXi-6.0.0-20150704001-standard -name Rainpol
HOL-SDC-1602
Page 277
HOL-SDC-1602
Verify the New Image Profile

Type the following command to verify that the RainpoleImage profile has been added
to the repository:
Get-EsxImageProfile
Add the HA Agent Depot

Now we will need to add the HA Agent image depot. vCenter needs to install this agent
on the host before it can join a cluster. Since we will need our new host to be added to
a cluster, let's also prepare to install this agent. We can do this by getting the agent
directly from vCenter via HTTP.
Add-EsxSoftwareDepot http://vcsa-01a.corp.local/vSphere-HA-depot
Verify that you received the Depot URL as a response.
Note: This command is case sensitive.
HOL-SDC-1602
Page 278
HOL-SDC-1602
Add the HA Agent Package to the Image Profile

Now we will add the HA agent package to our new Image Profile, so that the profile will
contain everything we need to deploy our new ESXi host.
Add-EsxSoftwarePackage -imageprofile 'RainpoleImage' -SoftwarePackage vmware-fd

Verify that you receive RainpoleImage as the image profile in the command output.
Add a Deploy Rule

The Deploy Rule controls what image profile, host profile, and/or vCenter Server location
each host is provisioned with.
Now we need to create a rule that specifies the hosts on which the Host Profile will be
applied.
Create the Deploy Rule

To create the Deploy Rule using PowerCLI:
1.
Execute the following command:
$DeployNoSignatureCheck=$true
2.
Then type (please watch out for the spaces):
New-DeployRule -name "RainpoleBoot" -item "RainpoleImage", Rainpole, "Cluster S

Once you execute the command, you'll see the ESXi image being uploaded to the Auto
Deploy server.
The following explains the parameters:
RainpoleBoot is the name given to the rule

RainpoleImage is the ESXi Image Profile
Rainpole is the host profile we are going to use it
ipv4= is the IP address to be used for the ESXi Host
hostname= is the hostname the machine will receive
domain= is the domain the machine will receive
HOL-SDC-1602
Page 279
HOL-SDC-1602
In this case, we simply specified the new host by name. However, we can match on
server vendor (HP, Dell, etc.), or we can specify hosts within a given IP address range.
Note: This can take a little bit to complete.
Add the Deploy Rule

Now we need to make the rule active in our rule sets.
1.
Add-DeployRule RainpoleBoot
You should see the output above, summarizing your new active rule.
Provision Host Using Auto Deploy

At this point, we have completed the steps necessary to enable Auto Deploy to
automatically provision our new ESXi host. We are now ready to deploy our new host
and confirm that it has been added to our vCenter inventory as a member of Cluster
Site A-1.
HOL-SDC-1602
Page 280
HOL-SDC-1602
Open the Console for the New Host

Now we need to power on the new host esx-03a.
1. On the left hand side of the screen, Click on the Consoles icon
2. Click on the esx-03a icon. This will open the console to the new host.
HOL-SDC-1602
Page 281
HOL-SDC-1602
Power on Host ESX03-A

1. Click the Power On button
HOL-SDC-1602
Page 282
HOL-SDC-1602
Review the PXE Boot Process

The Preboot eXecution Environment (PXE) allows a computer (in our case, the new
ESXi host) to boot using an operating system image hosted on the network, without the
use of a hard disk, or a local installation. The screen shot above shows the following
PXE actions:
1. The new host is powered on and receives a reserved IP address from the DHCP
server (192.168.110.53)
2. The DHCP server then redirects our new host to the TFTP server (in our case, the
vpodrouter)
3. The ESXi image is loaded on the new host from the TFTP server
HOL-SDC-1602
Page 283
HOL-SDC-1602
Confirm that ESXi is being Installed

Now you can see that our new host has booted up, and is downloading, extracting, and
installing the ESXi image. This process should take approximately 10 to 12 minutes to
complete.
HOL-SDC-1602
Page 284
HOL-SDC-1602
View the ESXi Boot Process

At this point ESXi has finished loading and is starting the hypervisor services.
HOL-SDC-1602
Page 285
HOL-SDC-1602
See the Host Profile being Applied

At this phase, you can see that ESXi is applying the host profile it received from the Auto
Deploy server during the boot process.
HOL-SDC-1602
Page 286
HOL-SDC-1602
Wait Until ESXi Startup is Complete

When you see this screen, the host has started completely and its host profile has been
applied. We now have a fully operational ESXi host that was deployed automatically.
Now let's check it out in vCenter.

1. Go back to vSphere Web Client. If you closed it, just open the browser and
click on the Site A Web Client bookmark or type the following URL:
https://vcsa-01a.corp.local/vsphere-client
2. Click on the Home button
HOL-SDC-1602
Page 287
HOL-SDC-1602
Navigate to Hosts and Clusters

Click on Hosts and Clusters.
HOL-SDC-1602
Page 288
HOL-SDC-1602
Verify that the New Host Appears in vCenter

As you can see, our new host is already showing in vCenter and has been added to the
cluster we specified in our deploy rule.
If you cannot see the new host, esx-03a, or it is showing as disconnected, try clicking on
the Refresh button.
Review the settings for the new ESXi host.
HOL-SDC-1602
Page 289
HOL-SDC-1602
Verify that the Host is Ready

As you can see, we now have a new node in our cluster.
Note: The Alert icon is there because the Host needs to have additional configuration
done to comply with the Host Profile. In the interest of time, these steps have been
omitted from this lab.
Conclusion
Auto Deploy Possibilities:
Auto Deploy has two options that we can choose from. In this lesson we just used the
Auto Deploy Stateless Caching.
Auto Deploy Stateless Caching This feature allows you to cache the host's image
locally on the host or on a network drive and continue to provision the host with Auto
Deploy
Auto Deploy Stateful Installs This feature allows you to install hosts over the
network without setting up a complete PXE boot infrastructure. After the initial network
boot, these hosts boot like other hosts on which ESXi is installed.
This completes our lesson, "Configuring Auto Deploy." VMware thanks you for taking
time to explore how you can utilize Auto Deploy to quickly scale up your cloud
environment.
HOL-SDC-1602
Page 290
HOL-SDC-1602
Centralized Management of VM
Content
A new feature introduced in vSphere 6 is the Content Library. The Content Library are
container objects for VM templates, vApp templates, ISO images and other files across
your vSphere environment. vSphere administrators can use the templates in the library
to deploy virtual machines and vApps in the vSphere inventory. Sharing templates and
files across multiple vCenter Server instances in same or different locations brings out
consistency, compliance, efficiency, and automation in deploying workloads at scale.
In this lesson, we will walk through the process of creating a Content Library and
synchronizing it to a second vCenter Server.

If you are not already in the vSphere Web Client, launch the Google Chrome browser
from the Desktop.
The vSphere Web Client login page should appear and tick the 'Use Windows session
authentication' box and click 'Login'.
HOL-SDC-1602
Page 291
HOL-SDC-1602
Create a New VM
Let's create a very small VM for this lesson. Due to lab constraints this will speed up the
lesson and reduce the amount of storage required.
Click on the VMs and Templates icon in the Home tab.
HOL-SDC-1602
Page 292
HOL-SDC-1602
Select Datacenter Site A

Select the Datacenter Site A object from the navigation panel and click on the "Create a
new virtual machine" task.
HOL-SDC-1602
Page 293
HOL-SDC-1602
The New VM Wizard

Click "Next" to create a new VM
HOL-SDC-1602
Page 294
HOL-SDC-1602
Select a name and folder

Enter the name "Tiny-VM-Template" and click "Next"
HOL-SDC-1602
Page 295
HOL-SDC-1602
Select a compute resource

Select the "Cluster Site A-1" cluster and click "Next"
HOL-SDC-1602
Page 296
HOL-SDC-1602
Select Storage
Click "Next"
HOL-SDC-1602
Page 297
HOL-SDC-1602
Select Compatibility
Click "Next"
HOL-SDC-1602
Page 298
HOL-SDC-1602
Select a guest OS
Click "Next"
HOL-SDC-1602
Page 299
HOL-SDC-1602
Customize Hardware
Very important - make sure you set the hard disk size to 1MB before clicking "Next" this is not a practical size, of course. We are only doing this to make the template copy
go very quickly. Also, set the network to VM Network.
HOL-SDC-1602
Page 300
HOL-SDC-1602
Ready to complete
Verify the hard disk size is 1MB and click "Finish" to create the new VM.
HOL-SDC-1602
Page 301
HOL-SDC-1602
vCenter Inventory Lists

From the Home menu icon, click on 'vCenter Inventory Lists'.
Content Libraries
Now click on the 'Content Libraries' tab.
HOL-SDC-1602
Page 302
HOL-SDC-1602
Objects
Finally, click on the 'Objects' tab.
To create a new Content Library, click on the 'Create a New Library' button.
New Library - Name

When the New Library wizard appears, start by naming your Content Library
'StandardVMTemplates' and leave the vCenter Server as vcsa-01a.corp.local.
Click 'Next' to continue.
HOL-SDC-1602
Page 303
HOL-SDC-1602
New Library - Configure library

There are two options available when creating a Content Library, a Local content library
and a Subscribed content library.
When you choose a Local content library, it will only be accessible in the vCenter Server
where it is created. By default, it is only available to the account that created it. If you
select the option 'Publish content library externally', the Content Library can be shared
with other users on the same or other vCenter Server instances. You also have the
option to password protect the Content Library by selecting the 'Enable authentication
option.
The Subscribed content library is used to subscribe to a published Content Library. We
will be using this option later to synchronize the Content Library to the second vCenter
Server.
For now, we will create a Local content library.
1. Tick the boxes for both 'Publish content library externally' and 'Enable
authentication'.
2. In the Password field, use the password VMware1!
When you have finished, click 'Next'.
HOL-SDC-1602
Page 304
HOL-SDC-1602
New Library - Add Storage

Now we need to decide where to place the new Content Library and we have a few
options available to use.
Enter a local file system path or an NFS URL - With this option, we can use
the local storage of the vCenter Server, running either the appliance version or
on Windows. If you are running the appliance version , this can be an NFS mount.
If you are running vCenter Server on Windows, this can be a CIFS share (ie \\vcw12-01a\content library).
Select a Datastore - with this option, we can use a datastore from our vCenter
Server inventory.
Choose the second option, 'Select a Datastore' and select the 'ds-site-a-nfs01'
datastore. Click 'Next'.
NOTE: If you have completed other Modules in this lab, you may see additional
datastores.
HOL-SDC-1602
Page 305
HOL-SDC-1602
New Library - Ready to complete

Verify your settings and click the 'Finish' button to create the new Content Library.
HOL-SDC-1602
Page 306
HOL-SDC-1602
New Content Library

You should now see the newly create Content Library appear.
Adding a VM Template to the Content Library

Now that we have created the Content Library, let's add something to it!
Click on the Home icon and select 'VMs and Templates'.
HOL-SDC-1602
Page 307
HOL-SDC-1602
Clone the Tiny VM to Library

Right-click on the Tiny-VM-Template VM and select the 'Clone to Template in Library'
option.
HOL-SDC-1602
Page 308
HOL-SDC-1602
Adding Template to Library

Under the Filter tab, select the Standard VM Templates content library and click OK.
HOL-SDC-1602
Page 309
HOL-SDC-1602
Open the Tasks Console

Let's monitor the progress by opening the Tasks Console.
Click on the Home icon and select Tasks.
HOL-SDC-1602
Page 310
HOL-SDC-1602
Progress...
You can follow the progress of the task in the Tasks Console. You can see the Template
was cloned to an OVF package, Exported as an OVF template, then transfered to the
Content Library.
Verify the template was added

Now we'll verify the VM Template was added to the library.
Select the 'vCenter Inventory Lists' tab.
HOL-SDC-1602
Page 311
HOL-SDC-1602
Content Libraries
Next select the 'Content Libraries' tab.
Open the Content Library

Finally, click on the 'Standard VM Templates' content library.
HOL-SDC-1602
Page 312
HOL-SDC-1602
Template Added
Click on the Related Objects tab.
Here we can see the template that we just cloned to the content library.
Synchronizing Content to another vCenter Server

Now that we have content to share, let's synchronize it with the second vCenter Server.
Click the Content Libraries back button.
HOL-SDC-1602
Page 313
HOL-SDC-1602
Edit Settings...
Right click on the 'StandardVMTemplates' content library and select 'Edit Settings...'
Copy URL
In the Edit Library window, click the 'Copy Link' button next to the subscription URL and
click OK. We will need this when we setup the synchronization to the other vCenter
Server.
HOL-SDC-1602
Page 314
HOL-SDC-1602
Home
Click on the Home icon and select Hosts and Clusters.
HOL-SDC-1602
Page 315
HOL-SDC-1602
Select vcsa-01b.corp.local
Select the second vCenter Server, 'vcsa-01b.corp.local'.
Click the 'Related Objects' tab, then click the 'Content Libraries' tab. You may have
to scroll a bit to the right to see it.
Create New Library

To add the new content library, click the 'Create New Library' button.
New Library - Name

Name your new library 'vcsa-01a-Templates'.
HOL-SDC-1602
Page 316
HOL-SDC-1602
In the vCenter Server drop down box, select 'vcsa-01b-corp,local' and click 'Next'.
HOL-SDC-1602
Page 317
HOL-SDC-1602
New Library - Configure Library

This time we will select the 'Subscribed content library' button.
Click the mouse in the Subscribed content library field and press Ctrl+V on the keyboard
to paste the URL.
We also set a password on the Content Library, so you will need to tick the 'Enable
authentication' box and enter VMware1! as the password.
Now we have a choice to make as to how much on the content we download.
Download all library content immediately - with this option, all the content
from the library will be download to the new content library. All items will be
available immediately.
Download library content as needed - this option is useful if some of the
items in the catalog may not be needed or you need to save space. When you
need an item from the content library, you will need to synchronize it manually.
You can choose to synchronize an individual item or the entire catalog.
Let's synchronize all the library content immediately by selecting the 'Download all
library content immediately' radio button (if not already selected).
Click 'Next'.
HOL-SDC-1602
Page 318
HOL-SDC-1602
New Library - Add storage

We have the same options here as we did when we created the first content library.
Let's stick with the datastore option.
Choose the 'Select a datastore' radio button and then select the 'ds-site-b-nfs01'
datastore.
Click 'Next'.
HOL-SDC-1602
Page 319
HOL-SDC-1602
New Library - Ready to complete

Verify things look good and click 'Finish' to synchronize the content library to
vcsa-01b.corp.local.
Newly created Content Library

In a few seconds, you will see your new Content Library appear!
HOL-SDC-1602
Page 320
HOL-SDC-1602
Monitor the task

Open the Tasks console by selecting the Home icon and then choose Tasks.
Tasks Console
You can see in the Tasks Console the Content Library being created and then
synchronized.
You may need to click the refresh button to see an update.
HOL-SDC-1602
Page 321
HOL-SDC-1602
Deploy a VM from the Sync'd Library

Now that we have the Content Library sync'd to the second vCenter Server, let's deploy
a VM from it.
Start by clicking the Home icon and select Hosts and Clusters.
Open the Content Library on vcsa-01b.corp.local

Click on vcsa-01b.corp.local and make sure you are on the Related Objects tab. Again,
you may have to scroll over the right to see the Content Library tab, but click on it, then
click on vcsa-01a-Templates.
HOL-SDC-1602
Page 322
HOL-SDC-1602
Click on Templates
Click on the Templates tab to view the available Templates.
Right-click on Tiny-VM-Template
Right-click on Tiny-VM-Template and select New VM from This Template.
HOL-SDC-1602
Page 323
HOL-SDC-1602
Select a Name and Location

Name your new VM 'Tiny-VM-01a' and select Datacenter Site B.
Click Next.
Select a Resource
Click on Cluster Site B, then click Next.
HOL-SDC-1602
Page 324
HOL-SDC-1602
Review Details
Click Next on the Review Details Page.
Select Storage
In the Select virtual disk format, select 'Thin provision' from the drop-down menu. Also,
make sure ds-site-b-nfs01 is selected as the datastore.
Depending on what modules in this lab you have completed previously, you may see
additional datastores.
Click Next.
HOL-SDC-1602
Page 325
HOL-SDC-1602
Select Networks
Leave the default VM network selected and click Next.
Ready to Complete
Review your settings and click Finish to deploy the new VM!
HOL-SDC-1602
Page 326
HOL-SDC-1602
Monitor the task

Open the Tasks console by selecting the Home icon and then choose Tasks.
Monitor Progress
You can monitor the progress of the new virtual machine being created.
When all tasks have been completed successfully, you may proceed to the next step.
HOL-SDC-1602
Page 327
HOL-SDC-1602
VMs and Templates

Click on the Home icon and select VMs and Templates.
HOL-SDC-1602
Page 328
HOL-SDC-1602
New VM Created
Expand vcsa-01b.corp.local and Datacenter Site B and you see your newly created VM!
HOL-SDC-1602
Page 329
HOL-SDC-1602
Are you up for a challenge?

If you are up for a challenge, why not see if you can add the Tiny-VM-01a to the
StandardVMTemplates Content Library by taking a clone of it. You can then synchronize
it to the vcsa-01a-Templates Content Library. The only trick here is that you will need to
manually synchronize the library. The Content Libraries do synchronize, but on regular
intervals of 4 hours. The screen shot above shows the Synchronize Library button that
will need to be clicked after the clone is added to the StandardVMTemplates Content
Library in order to manually synchronize it to the vcsa-01a-Templates Content Library.
Conclusion
This concludes this lesson.
HOL-SDC-1602
Page 330
HOL-SDC-1602
vCloud Air Management

In this module we will show how you can monitor vCloud Air workloads using the
vRealize Operations Manager Management Pack for vCloud Air.
Exploring the Management Pack for vCloud Air

This lab does not include vCloud Air integration, so we will use an instance of vRealize
Operations Manager running in "Historical View Mode" (HVM) that has already been
populated with vCloud Air data from another environment.
Open the Chrome browser and select the "vrops-01b" bookmark on the toolbar. If you
are presented with a warning that your connection is not private, simply click the
"Advanced" link and then "Proceed to vrops-01b.corp.local (unsafe)"
HOL-SDC-1602
Page 331
HOL-SDC-1602
Log in to vRealize Operations Manager HVM

Log into the vR Ops instance with user name "admin" and password "VMware1!"
HOL-SDC-1602
Page 332
HOL-SDC-1602
Activate the vCloud Air Dashboard Group

Make sure you are in the Home screen by selecting the Home icon on the navigation
panel. From the Dashboard List menu on the Home Screen, navigate to the vCloud Air
group and then make sure to check the vCloud Air dashboard group so that these
dashboards will appear among the tabs in the Home screen.
Note that five dashboards are in available in this module for vCloud Air.
You may navigate to one of the dashboards by clicking on it from the Dashboard List
menu or navigating the tabs within the Home screen. Next we will explore a couple of
these dashboards. Let's start with the vCloud Air VM Utilization dashboard.
The vCloud Air VM Utilization Dashboard

This dashboard is comprised of two widgets which are set to interact with each other.
The widgets along the top row are "Top N" widgets that provide a ranking of resources
based on a given metric. For example, the top 25 VMs by Memory Usage %. The
widgets just below them are "Sparkline Charts" that display graphs that contain metrics
for a resource. Note that the Sparkline Charts prompt the user to select a resource from
the Top N widget just above it to display a historical graph for a metric.
HOL-SDC-1602
Page 333
HOL-SDC-1602
In the "Top 25 VMs by Memory Usage(%)" Top N widget, click on the VM "Phoenix-UATPod12a" and note the graph information in the Sparkline Chart below it.
This is an example of dashboard interaction. We will explore this more in the next step.
If you would like to know more about any widget, you can simply click on the "?" icon in
the widget menu to open the documentation to the page covering that widget.
Analyze vCloud Air VM Memory Usage

Click on the "Cent-64-DAO2" and "Ubuntu-12-AMD-DAO" VMs in the Top N memory
widget. Note that they appear now in the Sparkline Chart widget along with the
previously selected graph. You can compare memory usage history in this way. When
you hover over one of the sparklines, a popup will appear to let you know which VM the
metric is coming from.
HOL-SDC-1602
Page 334
HOL-SDC-1602
Change the Sparkline Time Range

By default, the historical sparklines represent the last 6 hours. You can change this from
the widget menu using the Time Range feature by clicking on the calendar icon. Select
the last 24 hours from the range pull down menu.
Apply the New Time Range

Click the "Go" button to apply the new time range to all sparklines.
HOL-SDC-1602
Page 335
HOL-SDC-1602
Evaluate VM Memory Usage With the New Time Range

Settings
Notice by expanding the time range we begin to see patterns appear in the sparklines.
For example, the first and last sparklines indicate fairly flat memory consumption over
a 24 hour period with a spike in memory usage around the same time. However, the
middle VM has a more consistent usage pattern and does not appear to have the same
workload pattern as the other two.
It is important to look for patterns like these in data, and vR Ops does this for you
automatically.
Navigate to the vCloud Air Troubleshooting Dashboard

Now we will take a look at our vCloud Air environment from the Troubleshooting
dashboard. Navigate to the dashboard by clicking on the tab indicated in the screen
shot.
Use the Object Filter

This dashboard provides information about all of the vCloud Air resources. The
information is provided hierarchically such that you can view the relationship between
various vCloud Air resources. When you click on a resource in the vCloud Air
Relationship widget, corresponding metrics and health information is shown for that
resource.
Let's focus on one of the VMs we were viewing in the previous dashboard. In the
filtering box, type "Ubuntu-12-AMD-DAO" and press Enter. The list will be filtered down
to three resources.
HOL-SDC-1602
Page 336
HOL-SDC-1602
Select the resource which is of the object type "VCHS Virtual Machine" (the middle
resource) by clicking on it.
NOTE: Depending on your screen size, you may need to click the '>>' to see the
filtering option.
HOL-SDC-1602
Page 337
HOL-SDC-1602
Observe Dashboard Interactions

With the Ubuntu-12-AMD-DAO VM selected, notice that the other widgets in the
dashboard update to reflect information about this specific resource.
The vCloud Air Relationship is an Environment Overview widget configured to
highlight the other objects that are ancestors of the VM. This is helpful to
determine the impact of a health issue in the environment.
The Ordered Symptoms is an Anomaly Breakdown widget configured to show the
likely root causes for symptoms for the selected resource as well as related
resources.
Interesting Metrics is a Sparkline Chart widget configured to show "interesting"
metrics for the resource. These metrics are selected automatically by vR Ops
based on analysis and dynamic thresholds. This is helpful to determine metric
areas that are related to a change in normal behavior.
Finally, the widget Health, Anomalies, Event Mashup is a Mashup Chart widget
configured to combine different aspects of the behavior of the selected resource.
Here we can view trending of the health badge over time and overlay change
events that have occurred on the VM as well as events for related resources. If
you scroll down, you will notice a chart on the bottom that tracks anomalies
(changes in behavior that are not normal).
NOTE: Depending on your screen size, you may have to scroll down to see the
additional widgets.
HOL-SDC-1602
Page 338
HOL-SDC-1602
Log Out of vR Ops HVM

From the user menu at the top left of the vR Ops interface, select "Log Out" from the
menu. Once you have logged out you may close the Chrome browser and proceed to
the next module.
HOL-SDC-1602
Page 339
HOL-SDC-1602
Module 5: Optimize
Workload Performance
While Maintaining
Business Priorities - (60
Minutes)
HOL-SDC-1602
Page 340
HOL-SDC-1602
Enable Controlled Usage Of Resources

Based On Business Priorities
Overview
Consider the following scenario: Due to capacity and budget constraints a certain
company needs to make the best use of the resources they have but with minimal
impact to the environment. To address these business requirements this module will
discuss the benefits of vSphere Resource Pools as well as Network and Storage I/O
Control. A Resource Pool is a logical abstraction for flexible management of resources.
Resource pools can be grouped into hierarchies and used to hierarchically partition
available CPU and memory resources. In addition, you can use VMware vSphere Network
I/O Control (NIOC) to configure rules and policies to assure that I/O resources are always
available for your business-critical applications and of course VMware vSphere Storage I/
O Control (SIOC) may also be used to provide I/O prioritization for virtual machines
running on a group of ESXi hosts that have access to a shared storage pool.
HOL-SDC-1602
Page 341
HOL-SDC-1602
Introduction To Controlled Usage Of Resources

In this lab we are going to closely look at the pre-created Resource Pool called
"Production" and additionally create a new Resource Pool at the same level in the
hierarchy called "Staging".
To align with our business goals, the "Staging" VMs need to have a limit applied so they
cannot consume more than 25% of the compute capacity of the Cluster for both CPU
and Memory. Additionally, the "Staging" related virtual machines cannot be using
expandable Resource Pools. In this configuration the "Staging" Resource Pool can never
consume more than 25% of the available Cluster resources, even if there is idle capacity
available in the "Production" resource pool, they will not be allocated to the "Staging"
Resource Pool. Once the limit is reached, the "Staging" virtual machines will be capped.
This allows 75% of the remaining resources for "Production" VMs since there is no limit
applied to the "Production" Resource Pool. Limiting the "Staging" Resource Pool to 25%
will prevent a performance issue for VMs in the "Production" Resource Pool.
HOL-SDC-1602
Page 342
HOL-SDC-1602
Let's Get Started - Login Into vSphere Web Client

1. In Firefox select the Site A Web Client bookmark,
2. Then check the box "Use Windows Session authentication"
3. Then press "Login".
HOL-SDC-1602
Page 343
HOL-SDC-1602
Go To Host And Clusters

Select "Hosts and Clusters".
HOL-SDC-1602
Page 344
HOL-SDC-1602
View Existing Resource Pool Called "Production"

In our case in vCenter Server "vcsa-01a.corp.local", Cluster Site A-1, there is already a
Production Resource pool.
1. Right Click on the 'Production' Resource Pool
2. Select Edit Settings
HOL-SDC-1602
Page 345
HOL-SDC-1602
See "Production" Resource Pool Configuration

As you can see the "Production" Resource Pool has no limits applied for both CPU and
Memory which means it can use as much as it needs within the limits of the Cluster
capacity.
We are not changing anything here so just hit "Cancel".
HOL-SDC-1602
Page 346
HOL-SDC-1602
Create New Resource Pool - "Staging"

1. Right click on Cluster called "Cluster Site A-1"
2. Then select "New Resource Pool".
HOL-SDC-1602
Page 347
HOL-SDC-1602
Configure The New Resource Pool

1. Set the Resource Pool name as "Staging".
2. Set Shares to "Normal for both CPU and Memory.
3. Set CPU Limit to 1805 MHz, which is 25% of 7218 MHz Max limit and Memory Limit to
488 MB, which is 25% of 1952 MB Max Limit. Make sure Expandable Reservation type
checkbox is unselected for both CPU and Memory.
4. Lastly ensure that Memory Reservation is set to 122 MB, which is 25% of the newly
set Limit of 488 MB.
As we said before in this configuration the Staging Resource Pool can never consume
more than 25% of the available Cluster resources, even if there is idle capacity available
in the Production Resource Pool, they will not be given to the Staging Resource Pool.
Once the limit is reached, they will be capped. This allows 75% of the remaining
resources for Production VMs since there is no limit applied to the Production Resource
Pool.
5. Click OK when completed
HOL-SDC-1602
Page 348
HOL-SDC-1602
Migrate "linux-micro-01a" To The Newly Created Resource

Pool
1. Right Click on "linux-micro-01a"
2. Then Select "Migrate".
Note: as an alternative to migrating the VM using vMotion, we could have just dragged
and dropped the VM into the "Staging" Resource Pool using the vSphere Web Client.
HOL-SDC-1602
Page 349
HOL-SDC-1602
Select The Migration Type

1. Select "Change Compute Resource Only"
2. Then select "Next".
HOL-SDC-1602
Page 350
HOL-SDC-1602
Select A Resource Pool

1. Select "Resource Pools" tab,
2. Then select the "Staging" Resource Pool and hit "Next".
HOL-SDC-1602
Page 351
HOL-SDC-1602
Select Network
1. We are not going to change anything in here, so just hit "Next".
HOL-SDC-1602
Page 352
HOL-SDC-1602
Select a vMotion Priority

Again don't change anything and just hit "Next".
HOL-SDC-1602
Page 353
HOL-SDC-1602
Click On "Finish"
Press "Finish".
HOL-SDC-1602
Page 354
HOL-SDC-1602
Verify That The VM Has Been Migrated Successfully

The VM "linux-micro-01a" should now be residing under the "Staging" Resource Pool.
Network I/O Control (NIOC) Overview

Use VMware vSphere Network I/O Control to configure rules and policies at the virtual
machine level and to assure that I/O resources are always available for your businesscritical applications. NIOC monitors the network. In vSphere 6.0, VMware has further
built on NIOC features to deliver more predictable bandwidth. The goal of introducing
these changes has been to allow tighter control on the network resources available to
different classes of traffic, irrespective of the traffic originating from other classes of
traffic on the host. Here are the key enhancements that NetIOC provides in vSphere 6.0:
Bandwidth reservations for classes of traffic: You can specify the minimum
bandwidth that must be reserved for a class of traffic. This guarantees that the
bandwidth to the same class of traffic never falls below the specified threshold.
Bandwidth reservations for VMs: NIOC also allows the ability to provide bandwidth
reservations to each VM virtual adapter (vNIC), thus providing the ability to
provide dedicated bandwidth reservations at a per VM granularity. NIOC also
allows you to create abstract network resource pools that can be attributed to a
port group of a distributed virtual switch (DVS). Bandwidth reserved for a
resource pool is available only to VM vNICs that are part of the port group
associated with the resource pool.
Load balancing: This feature allows VMware vSphere Distributed Resource
Scheduling (DRS) to migrate VMs within a cluster of vSphere hosts to
accommodate bandwidth reservations assigned to VM ports. This powerful
feature allows you to assign bandwidth reservations to VMs without worrying
about hitting the reservation limit in a single host of the cluster.
HOL-SDC-1602
Page 355
HOL-SDC-1602
The above features are in addition to NetIOC features already available in vSphere 5,
such as:
Resource isolation through resource pools

Distributing bandwidth with fair shares
Bandwidth limits
Load-based teaming policies
The ability to assign bandwidth reservations, along with bandwidth limits and shares,
provides you with immense flexibility to control and isolate network resources. A
bandwidth reservation guarantees that the network port (the term network port is used
in this paper to describe a VM vNIC, or a vSphere kernel NIC) is guaranteed a specified
amount of transmit bandwidth under all circumstances. This is a much more powerful
feature compared to the fair shares and bandwidth limit features available in previous
versions of vSphere. While you could control the relative priorities of different VMs by
assigning different shares, the proportion of bandwidth assigned could have fallen to
less than the desired expectation if there were a lot of competition between different
traffic flows. Bandwidth reservation enforces a minimum guarantee and thereby
provides a much easier way of consolidating VMs, guaranteeing them bandwidth, and
not worrying about the effect of virtualization on application performance.
Networking - vds-site-a
Select the Networking tab.
Now select 'vds-site-a'. You may have to expand out vcsa-01a.corp.local to see it.
HOL-SDC-1602
Page 356
HOL-SDC-1602
Resource Allocation
Next, select the 'Manage' tab, the 'Resource Allocation'.
Make sure you are on the 'System traffic' tab.
HOL-SDC-1602
Page 357
HOL-SDC-1602
Edit Resource Settings

In the 'Traffic Type' table, clock on 'Virtual Machine Traffic', then click the pencil icon
to Edit.
HOL-SDC-1602
Page 358
HOL-SDC-1602
Set a Traffic Reservation

In the Edit Resource Settings box, change the Reservation value to 7500 and click OK.
HOL-SDC-1602
Page 359
HOL-SDC-1602
Navigate To The "Linux-load-02a" VM And Edit Its Settings

Compared with previous version of vSphere, in vSphere 6.0 you can set bandwidth
shares, limits and reservations to each individual VM.
1. Switch pack to Hosts and Cluster by clicking on the tab
2. Right click on Linux-load-02a VM
3. Select Edit Settings.
Set Bandwidth Reservation On The VM

1. Expand the "Network adapter 1"
2. Set the Reservation to 750 Mbits
3. Click "Ok".
HOL-SDC-1602
Page 360
HOL-SDC-1602
Note that you do not need to restart the VM in order to apply the new configuration.
Networking - vds-site-a
By using Network Resource Pools, you can configure bandwidth allocation for virtual
machines across the entire Virtual Distributed Switch (vDS). Once you reserved
bandwidth for virtual machine traffic, you can use Network Resource Pools to assign
quotas of the bandwidth, that is aggregated across the physical adapters on the switch,
to the virtual machines. A virtual machine receives bandwidth from a Pool through the
Distributed Port Group the virtual machine is connected to.
Lets assume you have an application that is sensitive to latency and requires
bandwidth to always be available. For instance, a VoIP application. In this scenario, a
new NIOC Resource Pool should be created with a guarantee of bandwidth. Let's get
started.
1. In the vSphere web client go to Network Tab
HOL-SDC-1602
Page 361
HOL-SDC-1602
2. Select the vds-site-a Distributed Switch
Network Resource Pools

Next, select the 'Manage' tab, the 'Resource Allocation'.
Make sure you are on the 'Network Resource Pools' tab and click the green '+' to add
a new Resource Pool.
New Network Resource Pool

In the New Network Resource Pool box, use:
1. Name: VoIP
2. Reservation Quota: 45,000
HOL-SDC-1602
Page 362
HOL-SDC-1602
3. Click OK
HOL-SDC-1602
Page 363
HOL-SDC-1602
Assign Network Resource Pool To Port Group

We could now go to any Port Group on the vDS and assign the just created Network
Resource Pool to the Port Group.
1. In our case let's select the VM Network Port Group (Right click and edit settings)
2. Assign the "VoIP" Network Resource Pool to it
3. Press "OK".
View
Now let's make sure that the Network Bandwidth we have reserved for the "linuxload-02a" VM in one of the previous steps, is honored at the Network Resource pool
level. Still in the vSphere web client
1. Go to Network Tab
2. vds-site-a
3. Manage
4. Resource Allocation
HOL-SDC-1602
Page 364
HOL-SDC-1602
5. Network Resource Pools

6. Select the already created Network Resource Pool called "VoIP".
7. You should see at the bottom of the screen, under the "Virtual Machines" tab that the
"linux-load-02a" VM is indeed reserved 750 Mbits Network Bandwidth, which is what we
configured it to be so this is the result we expected to see.
Next we are going to take a closer look into Storage I/O Control.
Storage I/O Control (SIOC)

VMware vSphere Storage I/O Control is used to provide I/O prioritization for virtual
machines running on a group of ESXi hosts that have access to a shared storage pool. It
extends the familiar constructs of shares and limits, which exist for CPU and memory, to
address storage utilization through a dynamic allocation of I/O capacity across a cluster
of vSphere hosts. It increases administrator productivity by reducing active performance
management.
Storage I/O Control can trigger device-latency monitoring that hosts observe when
communicating with that datastore. When latency exceeds a set threshold, the feature
engages to relieve congestion. Each virtual machine that accesses that datastore is
then allocated I/O resources in proportion to their shares.
HOL-SDC-1602
Page 365
HOL-SDC-1602
Enable Storage I/O Control On The Datastore

In vSphere web client
1. Go to Storage tab
2. Select the "ds-site-a-nfs01" datastore
3. Click on the Manage Tab
4. Select Settings and make sure you are on the General tab
5. Click on "Edit" for Storage Capabilities
6. Click in the box to enable "Storage I/O Control"
7. Then press on "Ok".
Set Storage IOPS Limit On the VM

1. Click back to the Hosts and Clusters tab
2. Navigate to the "Linux-load-02a" VM, Right Click and edit its settings.
3. Expand the "Hard Disk 1" section
HOL-SDC-1602
Page 366
HOL-SDC-1602
4. et "Limit-IOPs" to 200 Mbits.

5. In our case we are going to click on "Cancel" to not commit this change in IOPs limit.
HOL-SDC-1602
Page 367
HOL-SDC-1602
Reset The Topology Before We Move To The Next Section

1. In the vSphere Web client go to "Hosts and Clusters"
2. Drag and drop the "linux-micro-01a" VM back to its original location under the
"Production" Resource Pool.
3. Then delete the "Staging" Resource Pool.
Summary
So far in this modules we have looked at Resource Pools, Network and Storage I/O
Control to enable control over usage of resources based on business priorities.
HOL-SDC-1602
Page 368
HOL-SDC-1602
Resource pools allow you to delegate control over resources of a host (or a cluster), but
the benefits are evident when you use resource pools to compartmentalize all resources
in a cluster. Create multiple resource pools as direct children of the host or cluster and
configure them. You can then delegate control over the resource pools to other
individuals or organizations. Using resource pools can result in the following benefits:
Flexible hierarchical organizationAdd, remove, or reorganize resource pools or
change resource allocations as needed.
Isolation between pools, sharing within poolsTop-level administrators can make
a pool of resources available to a department-level administrator. Allocation
changes that are internal to one departmental resource pool do not unfairly affect
other unrelated resource pools.
Access control and delegationWhen a top-level administrator makes a resource
pool available to a department-level administrator, that administrator can then
perform all virtual machine creation and management within the boundaries of
the resources to which the resource pool is entitled by the current shares,
reservation, and limit settings. Delegation is usually done in conjunction with
permissions settings.
Separation of resources from hardwareIf you are using clusters enabled for
DRS, the resources of all hosts are always assigned to the cluster. That means
administrators can perform resource management independently of the actual
hosts that contribute to the resources. If you replace three 2GB hosts with two
3GB hosts, you do not need to make changes to your resource allocations. This
separation allows administrators to think more about aggregate computing
capacity and less about individual hosts.
Management of sets of virtual machines running a multitier service Group
virtual machines for a multitier service in a resource pool. You do not need to set
resources on each virtual machine. Instead, you can control the aggregate
allocation of resources to the set of virtual machines by changing settings on
their enclosing resource pool.
Use Network I/O Control to configure rules and policies at the virtual machine level and
to assure that I/O resources are always available for your business-critical applications.
NIOC monitors the network. Whenever it sees congestion, it automatically shifts
resources to your highest-priority applications as defined by your business rules. Thanks
to NIOC, your administrators can be more productive, you can extend virtualization
across more workloads and your infrastructure can become more versatile.
Use Storage I/O Control to configure rules and policies to specify the business priority of
each virtual machine. When I/O congestion is detected, Storage I/O Control dynamically
allocates the available I/O resources to virtual machines according to your rules,
improving service levels for critical applications and allowing you to virtualize more
workloads, including I/O-intensive applications.
HOL-SDC-1602
Page 369
HOL-SDC-1602
Log-In Into vRealize Operations

Login into vRealize Operations at https://vrops-01a.corp.local with username admin and
password VMware1!
Once logged-in go to Dashboard list > Recommendations.
HOL-SDC-1602
Page 370
HOL-SDC-1602
Verify There Are No Active Alerts Currently

There should be no active alerts listed against any Virtual Machine. Note: in your vPOD
there might be some already triggered alerts. Please ignore these alerts as they should
not impact the lab sequence.
HOL-SDC-1602
Page 371
HOL-SDC-1602
Create vRealize Operations Custom Groups

1. Click on Environment
2. then the "+" sign to add a new Custom Group.
HOL-SDC-1602
Page 372
HOL-SDC-1602
Create Production Custom Group

We are going to create a new custom group based on dynamic relationship which is a
descendent of "Cluster Site A-1" called "Production". Please follow the exact same
configuration as in the image above. Make sure the check box "Keep group membership
up to date" is selected as above.
Name: Production
Group Type: Enviornment
Policy: Production Policy
Keep group membership up to date: box is ticked
Select Object type...: vCenter Adapter --> Virtual Machine
In the Define Membership Criteria boxes below, select:

Relationship, Descendant of, contains, Cluster Site A-1.
The Production Custom Policy has been pre-created in the lab.
HOL-SDC-1602
Page 373
HOL-SDC-1602
Preview The Items In the New Group

Click on "Preview" to see the items. Then close the preview window and click OK to
create the group.
Note: the items you may see in the Preview window may be different than in the
screenshot above.
HOL-SDC-1602
Page 374
HOL-SDC-1602
Create Test-Dev Custom Group

Please follow the exact same configuration as in the image above then create the group.
The Test-Dev Custom Policy has been pre-created in the lab. Make sure the check box
"Keep group membership up to date" is selected as above.
Name: Test-Dev
Group Type: Enviornment
Policy: Test-Dev Policy
Keep group membership up to date: box is ticked
Select Object type...: vCenter Adapter --> Virtual Machine
In the Define Membership Criteria boxes below, select:

Relationship, Descendant of, contains, Cluster Site A-2.
View New CPU Capacity Alert Created

Go to the alerts tab and see the newly create alert called "CPU Capacity Remaining % is
too low for Prod VM" against the "linux-load-01b" VM. This is because we have assigned
the Production policy to all VM's in the newly formed "Production" custom group.
HOL-SDC-1602
Page 375
HOL-SDC-1602
Note: you might need to wait 60 seconds before you refresh the alerts page again to see
the alert displaying as it may take about a minute for the new alert to trigger based on
the new group membership.
Once you see the alert listed, click on the alert link to view its details.
Review The CPU Capacity Alert

View the alert details, symptom and recommendation. Then click on the VM name (see
number 1).
HOL-SDC-1602
Page 376
HOL-SDC-1602
Migrate the VM to the Test-Dev Cluster

1. Select Actions
2. Move VM.
HOL-SDC-1602
Page 377
HOL-SDC-1602
Select Cluster Site A-2

1. Select Cluster Site A-2
2. Click "Next"
HOL-SDC-1602
Page 378
HOL-SDC-1602
Select a Host
1. Select any of the ESXi Hosts
2. Then hit "Begin Action".
Note: as you can see there is an Affinity Rule Details section where it is mentioned if
there any affinity rules which are about to be broken. In our case no affinity rules are
defined.
HOL-SDC-1602
Page 379
HOL-SDC-1602
See Recent Tasks

Click on "Recent tasks" to see if the vMotion was successful.
See Completed Task

You should see Move VM task marked as completed.
HOL-SDC-1602
Page 380
HOL-SDC-1602
Validate CPU Alert Is Cleared

Click on the Alerts icon (item number 1). Since we have migrated the "linux-load-01b"
VM to a Test-Dev Cluster the CPU Capacity Alert is now cleared. This is because the TestDev Cluster (Cluster Site A-2) is associated with the dynamic custom group called TestDev that we have created in vRealize Operations earlier which is in turn associated with
the Test-Dev custom policy which is less restrictive when it comes to capacity and
performance monitoring since we have different business needs for a Test-Dev cluster
than we do for a Production cluster.
Note: Alert may take 2-3 minutes to clear following the successful VM migration. Just
refresh the page until you see it disappear.
Summary
In this Module we have looked at how we can enable controls such as Shares,
Reservations, Limits, SIOC, NIOS over how resources are utilized in vCenter and then
how can these controls dictate how vRealize Operations trigger alert and report on
performance and capacity of resources. In vRealize Operations a custom object group is
a container that includes one or more objects. vRealize Operations Manager uses
custom groups to collect data from the objects in the group, and report on the data
collected.
Why Use Custom Object Groups In vRealize Operations?
HOL-SDC-1602
Page 381
HOL-SDC-1602
You use groups to categorize your objects and have vRealize Operations Manager collect
data from the groups of objects and display the results in dashboards and views
according to the way you define the data to appear.
You can create static groups of objects, or dynamic groups with criteria that determines
group membership as vRealize Operations Manager discovers and collects data from
new added to the environment.
When you create a custom group, and assign a policy to the group, vRealize Operations
Manager can use the criteria defined in the applied policy to collect data from and
analyze the objects in the group. vRealize Operations Manager reports on the status,
problems, and recommendations for those objects based on the settings in the policy.
HOL-SDC-1602
Page 382
HOL-SDC-1602
vRealize Operations Custom Alerting

Creating Custom Alerts In vRealize Operations
vRealize Operations Alerting Overview

Alerts - vRealize Operations alerts notify you when a problem occurs in your
environment. You use the alerts to determine the state of your environment and to
begin resolving the problems. Each alert includes one or more symptoms.
Symptoms - are conditions that indicate problems in your environment. You define
symptoms that you add to alert definitions so that you know when a problem occurs
with your monitored objects. As data is collected from your monitored objects, the data
is compared to the defined symptom condition. If the condition is true, then the
symptom is triggered. Each alert can optionally include some Recommendations and
Actions.
Recommendations - are probable solutions for an alert generated in vRealize Operations
Manager. You can create a library of recommendations that include instructions to your
environment administrators or actions that they can run to resolve an alert.
Actions - are the ability to update objects or read data about objects in monitored
systems, and are commonly provided in vRealize Operations Manager as part of a
solution. The actions added by solutions are available from the object Actions menu, list
and view menus, including some dashboard widgets, and can be added to alert
definition recommendations. The possible actions include read actions and update
actions. The read actions retrieve data from the target objects. The update actions make
changes to the target objects. For example, if you configure an alert definition to notify
you when a virtual machine is experiencing memory issues, you can add an action the
recommendations that runs the Set Memory for Virtual Machine action. This action
increases the memory and resolves the likely cause of the alert.
Create New Alert Definition

vRealize Operations comes with many pre-defined Alerts and Symptoms however in this
module we will create a net new alert.
1. First go to the Content tab
2. Select Alert Definitions
HOL-SDC-1602
Page 383
HOL-SDC-1602
3. Click on the "+" sign.
HOL-SDC-1602
Page 384
HOL-SDC-1602
Provide Alert Name And Description

1. Type in: 'Host Memory Usage is Above Trend'the Alert name and description.
The Alert name should be a concise note about the problem while the description can be
more detailed as this information can help your users process the alerts as they are
generated.
2. Now go to "Select Base Object".
HOL-SDC-1602
Page 385
HOL-SDC-1602
Select Base Object Type

1. Type Host System
2. Then select Host System
3. Now select "Alert Impact".
HOL-SDC-1602
Page 386
HOL-SDC-1602
Define Alert Impact

Add the information as displayed in the image above and then select "Add Symptom
Definitions".
1.
2.
3.
4.
5.
Impact: Health
Criticality: Warning
Alert Type and Subtype: VirtualizationHypervisor: Capacity
Wait Cycle: 1
Cancel Cycle: 1
Define Alert Symptom Definitions

Alert Symptom Definitions are a core component of the alert definition. As you add
symptoms do not over-build a single alert definitions with too many symptoms, if you do
you might not be able to find the true problem and resolve it. At the same time include
sufficient conditions to try and accurately identify the problem.
1. Select "Self" as Defined on.
HOL-SDC-1602
Page 387
HOL-SDC-1602
2. Then "Metric/Property" for Symptom Definition Type

3. Finally click on the "+" sign.
HOL-SDC-1602
Page 388
HOL-SDC-1602
Define A Dynamic Threshold Symptom

A threshold marks the boundary between normal and abnormal behavior for a metric
inside a definition of a Symptom. In addition to Static thresholds, vRealize Operations
Manager supports dynamic thresholds for a metric, calculated based on historical and
incoming data. By default, dynamic thresholds are refreshed on a regular schedule, but
you can recalculate dynamic thresholds outside of the schedule if you want to capture
the most recent data.
Type "usage" to search all metrics which are usage related, then memory and double
click on Usage (%) so that in shows up on the right pane. Set it to be based on Dynamic
Thresholds, add a description (for example: "Host Memory is over trending threshold").
Then set the status to "Warning" and "Above threshold. Leave everything else as it is
and click on save.
HOL-SDC-1602
Page 389
HOL-SDC-1602
Add The Newly Created Symptom To Your Alert

Now filter on "Host Memory is over trending threshold" and when you find it, drag it to
the pane on the right. Then click on "Add Recommendation".
HOL-SDC-1602
Page 390
HOL-SDC-1602
Add Recommendations
Recommendations are instruction to the users to help fix the problem identified by the
symptoms. We will first add a recommendation to add more hosts to the cluster.
1. Search the text "add more hosts"
2. Then drag and drop "Add more hosts to the cluster to increase memory capacity" to
the right pane area.
3. We are then going to add an action so now click on the "+" sign.
HOL-SDC-1602
Page 391
HOL-SDC-1602
Add An Action To The Recommendation

1. Type "power off idle virtual machine"
2. Then select the "Power Off VM" action
3. Hit "Save".
HOL-SDC-1602
Page 392
HOL-SDC-1602
Associate The Action With The Recommendation

1. Now Search for the text "idle"
2. Then drag and drop the action to the right bottom pane
HOL-SDC-1602
Page 393
HOL-SDC-1602
Save The Alert

Now hit Save.
Summary
The newly created Alert definition is now added to you Alert Definition list and it is
active for all ESXi Hosts objects in your environment. After each collection cycle, the
collected data is compared against all the symptom expressions in the alert definitions.
If the symptom expressions you have added to this alert definition is true for 3
consecutive collection cycles then the alert is generated for the host system. Generated
alerts are listed in the alerts lists for your environment and on the alerts tab for any
ESXi host system. The alerts will include the symptoms and the recommendations to
resolve the problem including any actions if needed.
You can use this process to modify or add other alerts to vRealize Operations ensuring
you are notified when problems occur.
HOL-SDC-1602
Page 394
HOL-SDC-1602
Module 6: Ensure
Business Continuity and
Availability - (30 Minutes)
HOL-SDC-1602
Page 395
HOL-SDC-1602
Demonstrate transparent failover for

virtual machines
vSphere 6.0 HA provides a base level of protection for your virtual machines by
restarting virtual machines in the event of a host failure. vSphere 6.0 Fault Tolerance
provides a higher level of availability, allowing users to protect any virtual machine from
a host failure with no loss of data, transactions, or connections.
Fault Tolerance provides continuous availability by ensuring that the states of the
Primary and Secondary VMs are identical at any point in the instruction execution of the
virtual machine.
If the host running the Primary VM fails, an immediate and transparent failover occurs.
The functioning ESXi host seamlessly becomes the Primary VM host without losing
network connections or in-progress transactions. With transparent failover, there is no
data loss and network connections are maintained. After a transparent failover occurs, a
new Secondary VM is respawned and redundancy is re-established. The entire process is
transparent and fully automated and occurs even if vCenter Server is unavailable.
VMware vSphere Fault Tolerance

The benefits of Fault Tolerance are:
Protect mission critical, high performance applications regardless of OS
Continuous availability - Zero downtime, zero data loss for infrastructure failures
Fully automated response
Use cases
Any workload that has up to 4 vCPUs and 64GB Memory that is not latency sensitive
(eg. VoIP & High-Frequency trading are not good candidates for FT). Note that vSphere
6.0 introduces the capability to use FT to protect VMs with more than 1 vCPU. In
vSphere 5.5 and prior versions, only VMs with 1 vCPU could be protected by FT.
There is VM/Application overhead to using FT and that will depend on a number of
factors like the application, number of vCPUs, number of FT protected VMs on a host,
host processor type, etc. A performance paper will soon be released that will get into
more specifics. For now the recommendation to customers is to test out using FT and
see if it works for their workloads/use cases.
The new version of Fault Tolerance greatly expands the use cases for FT to
approximately 90% of workloads.
The new technology used by FT is called Fast Checkpointing and is basically a heavily
modified version of an xvMotion that never ends and executes many more checkpoints
HOL-SDC-1602
Page 396
HOL-SDC-1602
(multiple/sec). Also note that in versions prior to 6.0, FT required shared storage where
both the Primary and Secondary copies of the FT-protected VM would share the same
VMDK files. However, in vSphere 6.0 in order to add additional protection to the FTprotected VM, the Primary & Secondary VM use unique VMDK's.
FT logging (traffic between hosts where primary and secondary are running) is very
bandwidth intensive and will require a dedicated 10GbE NIC on each host. If FT doesnt
get the bandwidth it needs the impact is that the protected VM will run slower and result
in higher latency to client applications.
HOL-SDC-1602
Page 397
HOL-SDC-1602
Monitoring FT with vR Ops

vR Ops provides alerting of vCenter events, such as FT issues and state changes for
protected VMs. In this example above, a VM has become unprotected due to loss of the
secondary VM.
Video: Protecting Virtual Machines with FT (2:51)
This video shows how to protect virtual machines with VMware Fault Tolerance (FT). Due
to resource constraints in the Hands On Labs environment we're unable to demonstrate
this live for you.
HOL-SDC-1602
Page 398
HOL-SDC-1602
Demonstrate automatic restart of

virtual machines after a storage
failure
In this lesson we will configure vSphere High Availability (HA) on a cluster and then
trigger a failure and observe HA restarting a protected VM on a new host.
Login to vSphere Web Client

Start Google Chrome from the ControlCenter desktop. You will automatically be directed
to the login page for vSphere Web Client.
Tick the box next to "Use Windows session authentication" and then click "Login"
HOL-SDC-1602
Page 399
HOL-SDC-1602
Navigate to Cluster Site A-1 cluster

1. In the web client search box, start typing "Cluster" until you see Cluster Site A-1
appear in the quick search menu.
2. Click on the link for "Cluster Site A-1" to be directed to the cluster's screen.
HOL-SDC-1602
Page 400
HOL-SDC-1602
Edit Cluster HA Settings

1. Click the "Manage"
2. Then "vSphere HA" under the settings.
3. Click "Edit".
HOL-SDC-1602
Page 401
HOL-SDC-1602
Enable HA
1. Tick the box next to "Turn on vSphere HA" and
2. "Protect against Storage Connectivity Loss"
We will simulate our failure by disconnecting storage on the host, so we need this
feature enabled.
HOL-SDC-1602
Page 402
HOL-SDC-1602
Configure Failure Conditions and VM Response

We need to configure HA to respond to our storage failure, so we need to change some
defaults.
1. Expand "Failure conditions and VM response"
2. Set VM Restart Priority to High
3. Set Response for Datastore with All Paths Down (APD) to "Power off and restart VMs
(aggressive)"
4. Set the Delay for VM failover for APD to 0 minutes
HOL-SDC-1602
Page 403
HOL-SDC-1602
Disable Admission Control

Since we only have two hosts in the cluster we will need to disable admission control.
1. Expand "Admission Control"
2. Scroll to the bottom of the options.
3. Click the radio button for "Do not reserve failover capacity"
Click OK at the bottom right to complete the HA configuration (not shown)
Verify HA is Enabled
Click on the "Summary" tab
HOL-SDC-1602
Page 404
HOL-SDC-1602
1.Open the vSphere HA widget.

2. Notice that the HA icon shows up next to the cluster
3. And the HA settings we made are confirmed in the HA widget.
HOL-SDC-1602
Page 405
HOL-SDC-1602
Observe Current State of esx-01a

1. Click on the Hosts link under Cluster Site A-1. This will show all hosts running within
the cluster in the panel below.
2. Click on esx-01a.corp.local to manage that host.
3. Switch to the Related Objects tab within the host screen.
4. Click the Virtual Machines button to show all VMs running on this host.
5. We only have one machine, linux-micro-01a, which will be the subject of our test
failure.
Edit Storage Connection

1. To edit the storage connection, go to the Manage tab
2. Click the Networking button
3. Select VMkernel adapters.
4. We will edit vmk1, which is our Storage Network connection (the lab is using NFS
storage). Select vmk1 adapter
HOL-SDC-1602
Page 406
HOL-SDC-1602
5. Click the pencil icon to edit.
HOL-SDC-1602
Page 407
HOL-SDC-1602
Misconfigure the network settings

1. In the Edit Settings wizard, click the "IPv4 settings" tab
2. Then click the "Obtain IPv4 settings automatically" radio button. This effectively uses
DHCP instead of the static address of 10.10.20.51 and will disconnect the host from the
NFS storage server.
3. Click OK when you are ready.
HOL-SDC-1602
Page 408
HOL-SDC-1602
Observe the Storage Failure

1. Switch to the Summary tab
2. View the notification that shared datastores have failed on the host.
Check HA Status
1. Click on Cluster Site A-1
2. Then the Monitor tab.
3. Click the vSphere HA button
4. Select the "Datastores under APD or PDL" option. Notice that esx-01a is showing a
failure because of APD (All Paths Down) was detected for storage.
HOL-SDC-1602
Page 409
HOL-SDC-1602
Note HA Alert
In a few moments, you should notice a new Alarm appear in the web client (look to the
right side of the web client) indicating an HA failover is in progress.
NOTE: This may take a few minutes to appear.
Observe Relocation of VM Task

Check the Recent Tasks window at the bottom of the web client. You should see a task
indicating that linux-micro-01a has been relocated. This is due to the HA failover.
HOL-SDC-1602
Page 410
HOL-SDC-1602
Verify Recovery for VM

1. Click on Virtual Machines link under the Cluster Site A-1 object.
2. Select linux-micro-01a from the list of virtual machines.
3. Click the Summary tab
4. Note the location is now esx-02a and the machine has powered on, completing
failover recovery.
Repair esx-01a Storage

1. Click the Hosts link under Cluster Site A-1
2. Then click esx-01a.corp.local on the list of Hosts.
3. Click on the Manage tab
4. Select Networking.
5. Click on the VMkernel adapters
6. Select vmk1 (Storage Network).
7. Click the pencil icon to edit the adapter configuration.
HOL-SDC-1602
Page 411
HOL-SDC-1602
8. In the Edit Settings wizard, select IPv4 setting.

9. Click the radio button for "Use static IPv4 settings"
10. Enter the IP address 10.10.20.51
11. Click OK to apply the new settings.
HOL-SDC-1602
Page 412
HOL-SDC-1602
Reboot the ESX host

To fully recover, the host must be rebooted.
1. From the "Actions" menu
2. Select Power
3. Reboot.
HOL-SDC-1602
Page 413
HOL-SDC-1602
Confirm the Reboot

Click OK.
HOL-SDC-1602
Page 414
HOL-SDC-1602
HA Events in vRealize Operations Manager

vSphere HA events are captured in vR Ops. For example, this screen shot shows a host
isolation failure and HA failover as displayed in vR Ops.
HOL-SDC-1602
Page 415
HOL-SDC-1602
VM Recovery Event in vR Ops

The HA restart event for the protected VM is available in the Events view.
HOL-SDC-1602
Page 416
HOL-SDC-1602
Module 7: Simplified
Security and Compliance (30 Minutes)
HOL-SDC-1602
Page 417
HOL-SDC-1602
Integrate your environment into your

enterprise certificate infrastructure
In this module we will learn how to configure the VMware vSphere 6.0 VMware
Certificate Authority (VMCA) as a subordinate of an existing Certificate Authority.
A VMCA exists on an embedded vCenter Server 6.0 installation and an external Platform
Services Controller (PSC). We will be using the PSC in this module.
WARNING - This lesson will "break" connectivity between vrops-01a.corp.local
and the two vCenter servers in this lab. There is an optional set of steps at
the end of the lesson to re-establish trust. If you are taking these lessons out
of order or you wish to explore vR Ops further, you will need to perform the
optional steps.
Creating a Microsoft Certificate Authority Template

We will first need to configure a Microsoft Certificate Authority (CA) templates for use
with custom SSL certificate implementation in vSphere 6.0.
HOL-SDC-1602
Page 418
HOL-SDC-1602
Start the Certificate Template Console

On the Control Center desktop, click the Windows Start and type "certtmpl.msc" into the
search window. Click on the console link to start the console.
HOL-SDC-1602
Page 419
HOL-SDC-1602
Duplicate the Subordinate Certificate Authority

Right click on the Subordinate Certificate Authority template and click "Duplicate
Template" from the context menu.
HOL-SDC-1602
Page 420
HOL-SDC-1602
Set the Template Name

Click on the General tab and change the Template display name to "vSphere 6.0 VMCA"
Click OK to save the template.
Close the Certificate Template Console.
HOL-SDC-1602
Page 421
HOL-SDC-1602
Start the Certificate Server Console

On the Control Center desktop, click the Windows Start and type "certsrv.msc" into the
search window. Click on the console link to start the console.
HOL-SDC-1602
Page 422
HOL-SDC-1602
Add the New Template to the CA

Expand the CONTROLCENTER-CA and right click on Certificate Templates folder. Select
New > Certificate Template to Issue from the context menu.
HOL-SDC-1602
Page 423
HOL-SDC-1602
Enable the vSphere 6.0 VMCA Template

Select the "vSphere 6.0 VMCA" template and click "OK"
LEAVE THIS CONSOLE OPEN - we will use it to submit our certificate signing request.
Configuring VMware vSphere 6.0 VMware Certificate

Authority as a subordinate Certificate Authority
Next we will configure VMCA on the PSC as a subordinate CA to our Microsoft CA.
HOL-SDC-1602
Page 424
HOL-SDC-1602
Open a PuTTY Session to PSC

Locate the PuTTY icon on the task bar and click on it. In the PuTTY window, find the
"psc-01a.corp.local" saved session and click "Open"
HOL-SDC-1602
Page 425
HOL-SDC-1602
Start the certificate manager on the PSC

(It is a good idea to enlarge the PuTTY session screen or make it full screen to properly
display the Certificate Manager menus)
From the shell prompt, enter this command
/usr/lib/vmware-vmca/bin/certificate-manager
The menu will appear. Select option 2 (press the 2 key and then Enter)
HOL-SDC-1602
Page 426
HOL-SDC-1602
Enter SSO Password and Generate CSR

Use the password "VMware1!" for the SSO password.
Select option 1 to generate the Certificate Signing Request.
HOL-SDC-1602
Page 427
HOL-SDC-1602
Save the CSR

When prompted, enter "/tmp" for the path to save the CSR.
Enter option 2 to exit the Certificate Manager.
Leave the PuTTY session open.
HOL-SDC-1602
Page 428
HOL-SDC-1602
Start WinSCP
Click the Windows Start button, type "winscp" in the search bar. Click on the WinSCP
shortcut to start the program.
HOL-SDC-1602
Page 429
HOL-SDC-1602
Connect to the PSC

Select "New Site" and enter "psc-01a.corp.local" in the Host name box. Click "Login"
Accept the PSC fingerprint

If you are prompted with a warning that the PSC is an unknown server, click "Yes" to
proceed.
HOL-SDC-1602
Page 430
HOL-SDC-1602
Login as root
Enter username "root" and click "OK"
Continue the login

Click "Continue"
HOL-SDC-1602
Page 431
HOL-SDC-1602
Open the /tmp directory

Double-click the navigation bar and input /tmp in the "Open directory" dialogue. Click
"OK"
HOL-SDC-1602
Page 432
HOL-SDC-1602
Download the CSR and key

Select the "root_signing_cert.csr" and click on the Download link. Click OK to accept the
default download path.
HOL-SDC-1602
Page 433
HOL-SDC-1602
Copy Request Contents

In the left navigation panel of WinSCP, click on the file we just downloaded
(root_signing_cert.scr) and then click the Edit button on the menu.
When the file is opened in the editor, select all of the text with CTRL-A and then CTRL-C
to copy.
Leave the WinSCP session open.
HOL-SDC-1602
Page 434
HOL-SDC-1602
Browse to the CA Request Website

Open the Chrome browser and navigate to
http://localhost/certsrv
Once there, select the link to "Request a certificate"
HOL-SDC-1602
Page 435
HOL-SDC-1602
Submit an Advanced Certificate Request

Now click the link for "advanced certificate request"
HOL-SDC-1602
Page 436
HOL-SDC-1602
Submit the Request

Click inside the "Saved Request" text box and press CTRL-V to paste the CSR text copied
in the last step. Make sure to use the "vSphere 6.0 VMCA" certificate template and then
click the "Submit" button.
HOL-SDC-1602
Page 437
HOL-SDC-1602
Download the Certificate

On the download page, Select Base 64 encoded and click on Download Certificate.
The downloaded file will be called certnew.cer.
Next click on Download certificate chain (ensuring that "Base 64 encoded is still
selected). The downloaded file will be called certnew.pb7.
HOL-SDC-1602
Page 438
HOL-SDC-1602
Rename the downloaded files

Use File Explorer to navigate to the Downloads folder. Rename the files as follows
(select the file and press F2):
certnew.cer > machine_ssl.cer
certnew.p7b > cachain.p7b
HOL-SDC-1602
Page 439
HOL-SDC-1602
Export the Certificate Chain

Double-click on the file "cachain.p7b" to open it in the Certificate Manager management
console. Drill down to Certificates and right-click the CONTROLCENTER-CA root
certificate and choose "All Tasks > Export" from the context menu.
HOL-SDC-1602
Page 440
HOL-SDC-1602
Complete the Certificate Export Wizard

The Certificate Export Wizard will start. Click Next on the initial screen and then select
"Base-64 encoded X.506 (.CER) radio button and click Next.
HOL-SDC-1602
Page 441
HOL-SDC-1602
HOL-SDC-1602
Page 442
HOL-SDC-1602
Save Export File

Enter the path "C:\Users\Administrator\Downloads\root-64.cer" in the File name: input
box and click "Next"
HOL-SDC-1602
Page 443
HOL-SDC-1602
Finish the Export Wizard

Click "Finish" and then acknowledge the export success.
HOL-SDC-1602
Page 444
HOL-SDC-1602
HOL-SDC-1602
Page 445
HOL-SDC-1602
Copy the New Certificates to the PSC

Return to WinSCP. Navigate to the downloads directory by double-clicking the
navigation bar and entering
c:\users\administrator\downloads
Select the files "machine_ssl.cer" and "root-64.cer" and click the "Upload" menu item.
Click OK on the transfer confirmation.
Combine the Root and Machine Certs

Return to the PuTTY session. Change to the tmp directory by entering
cd /tmp
Execute the command
cat root-64.cer >> machine_ssl.cer
HOL-SDC-1602
Page 446
HOL-SDC-1602
This will append the CA certificate to the machine certificate. View the resulting file by
executing
cat machine_ssl.cer
Replace the existing certificate with the newly generated

certificate
Start the vSphere 6 Certificate Manager by executing the command
HOL-SDC-1602
Page 447
HOL-SDC-1602
We want to replace the VMCA Root certificate with our custom CA signing certificate and
replace all certificate Selection option 2.
The SSO password is "VMware1!"
Next we will selection option 2 to import the certificate and key.
Provide the path for the custom root certificate
/tmp/machine_ssl.cer
Provide the path for the key
/tmp/root_signing_cert.key
HOL-SDC-1602
Page 448
HOL-SDC-1602
Configure certool.cfg
Enter "Y" at the "Continue Operation" prompt.
Next we will be prompted to configure certool.cfg - for this lab we will just accept the
default values but ideally you would use values meaningful to your enterprise.
Notice that the Hostname value requires you to enter the FQDN of the PSC. Use
"psc-01a.corp.local" and press Enter.
HOL-SDC-1602
Page 449
HOL-SDC-1602
After the import, the PSC services will be restarted - this may take a couple of minutes.
Just wait until it is completed.
HOL-SDC-1602
Page 450
HOL-SDC-1602
Restart vCenter Servers

Next we need to stop and restart vCenter services on each vCenter appliance. Enter the
command:
ssh vcsa-01a.corp.local service-control --stop --all
If you are prompted to accept the ECDSA key fingerprint, enter "Yes" (not shown)
When prompted for the root password, use "VMware1!"
It will take a couple of minutes for the services to stop. When they do, repeat the
process for the second vCenter appliance
ssh vcsa-01b.corp.local service-control --stop --all
HOL-SDC-1602
Page 451
HOL-SDC-1602
Start vCenter Services

Now start vCenter services on each node with the commands
ssh vcsa-01a.corp.local service-control --start --all
and
ssh vcsa-01b.corp.local service-control --start --all
Again, use the password "VMware1!" for root when prompted.
Replace Certificates on vCenter Appliances

In the next few steps, we will replace the machine SSL certificates and the solution user
certificates on each of the vCenter appliances. We will start with vcsa-01a.corp.local
When you finish with that appliance, return here to follow the same process for
vcsa-01b.corp.local.
OPTIONALLY, you can open a new PuTTY session to the PSC and perform the
steps for vcsa-01b.corp.local in parallel. This will speed up the lab steps but
be careful that you are entering the commands correctly in the appropriate
PuTTY session.
SSH to vCenter Appliance and Start Certificate Manager

Enter the command
(change the host name in command below to vcsa-01b.corp.local for the second
appliance)
HOL-SDC-1602
Page 452
HOL-SDC-1602
ssh vcsa-01a.corp.local
Use the password "VMware1!" for root login
Enter the command
to start the Certificate Manager
HOL-SDC-1602
Page 453
HOL-SDC-1602
Replace the Machine SSL Certificate

Enter option 3 at the prompt.
Use "VMware1!" for the SSO password.
Next enter the FQDN of our PSC "psc-01a.corp.local"
Accept defaults for the certool.cfg configuration.
Enter the FQDN of the vCenter appliance "vcsa-01a.corp.local" (or "vcsa-01b.corp.local"
for the second node)
Answer "Y" to the prompt.
The Certificate Manager will now replace the machine SSL certificate and restart
services - this will take a couple of minutes.
Replace Solution User Certificates

Enter the command to start the Certificate Manager
Select option 6 to replace the Solution user certificates
HOL-SDC-1602
Page 454
HOL-SDC-1602
Use "VMware1!" for the SSO password

Enter the FQDN of the PSC server "psc-01a.corp.local"
Enter "Y" at the continue operation prompt
Certificate Manager will replace the solution user certificates and restart services on the
appliance, this will take a few minutes.
When completed, enter "exit" to log out of the vCenter appliance.
Repeat the steps for replacing machine and solution user certificates on the second
vCenter appliance. When you have completed both appliances, you may close the
PuTTY session window.
HOL-SDC-1602
Page 455
HOL-SDC-1602
HOL-SDC-1602
Page 456
HOL-SDC-1602
Verify Certificate Functionality.

Open the Google Chrome browser from the ControlCenter desktop. Click the shortcut to
vcsa-01a.
You should see a green lock icon in the address bar, indicating that you have a valid
certificate. Right click on the lock icon and click the "Connection" tab.
Click on the "Certificate information" link.
HOL-SDC-1602
Page 457
HOL-SDC-1602
View Certificate Path

In the Certificate window, click the "Certification Path" icon and view the path. Notice
that our default organization name of "Acme" is presented, indicating that our
certificates are using the values we input earlier. Also note that the root CA is the
CONTROLCENTER-CA.
Click OK to close the window.
Close the Chrome browser window.
OPTIONAL - Re-establish Trust Between vR Ops and

vCenters
Because we have changed the certificates on the VCSAs in our lab, vR Ops will no longer
trust the connections to the two VCSAs and collections will stop. However, it is very
easy to re-establish trust and get your environment back to normal.
HOL-SDC-1602
Page 458
HOL-SDC-1602
This is an optional part of the lesson and unless you plan to take other lessons that
incorporate vR Ops it is not necessary to proceed.
HOL-SDC-1602
Page 459
HOL-SDC-1602
Login to vrops-01a
Open the Chrome browser and click on the bookmark for vrops-01a.
Enter user name "admin"
Password "VMware1!"
Click "Login"
HOL-SDC-1602
Page 460
HOL-SDC-1602
Clean Certificate Store

We first need to remove the old, invalid certificates from the vR Ops certificate store.
Click on the Administration icon.
Select Certificates from the navigation panel.
You will see two certificates. Notice that they are both issued from the PSC for the
VCSAs. Select one at a time and click the red "X" icon to delete them.
Answer "Yes" to both confirmation prompts (not shown).
HOL-SDC-1602
Page 461
HOL-SDC-1602
Configure the vSphere Solution

Click on "Solutions" in the navigation panel.
Select the "VMware vSphere" solution and click the gear icon to open the configuration
window.
HOL-SDC-1602
Page 462
HOL-SDC-1602
Re-establish Trust
The vCenter Adapter will be selected by default. Also, the vcsa-01a instance will be
selected by default.
Click on "Test Connection" to initiate an SSL communication test.
Note the "Review and Accept Certificate" window shows the new "Issued to" information
we configured for the VCSA (i.e. "AcmeOrg Engineering").
Click "OK" to trust this new certificate. Click "Save Settings" to complete.
Repeat these steps for each solution adapter and each instance name (i.e. both
instances of vCenter Adapter and both instances of the vCenter Python Actions
Adapter).
Close the Manage Solution window when you have completed re-establishing trust for
all four instances.
HOL-SDC-1602
Page 463
HOL-SDC-1602
Note Collection Status

Initially, you may see errors for the collection status. Within a couple of minutes, you
should refresh and make sure all four instances have a Collection Status "Data
receiving" to confirm you have repaired the connections.
HOL-SDC-1602
Page 464
HOL-SDC-1602
Show fine-grained control of local user

access on ESXi
In this module we will use ESXCLI to create and modify local accounts, and also learn
how to change password policies (complexity and timeout). Also, you will learn how to
add an ESXi host to AD and grant access to an AD group with ESXCLI.
Create a New Local User Account on an ESXi Host

In this lesson we will create a new local user account on an ESXi host. Assume that the
Network Operations Center (NOC) needs a user account for basic troubleshooting of the
host.
Open PuTTY
Click on the PuTTY icon in the taskbar.
HOL-SDC-1602
Page 465
HOL-SDC-1602
Connect to esx-01a.corp.local
Select the saved session for esx-01a.corp.local and click "Open" to start your session.
You will automatically be logged into root.
HOL-SDC-1602
Page 466
HOL-SDC-1602
List Current Local User Accounts

Enter the command
esxcli system account list
and observe that there are currently three local accounts available on the host.
HOL-SDC-1602
Page 467
HOL-SDC-1602
Add a New Local User Account

Enter the command to create a new local user:
esxcli system account add -i=nocuser -d="NOC Account" -p=HOL@VMware1! -c=HOL@VM
HOL-SDC-1602
Page 468
HOL-SDC-1602
Verify User Account

Once again enter
esxcli system account list
to validate that the account has been added.
HOL-SDC-1602
Page 469
HOL-SDC-1602
List Current Account Permissions

Enter the command
esxcli system permission list
to validate the existing permissions granted on this host. Note that our new user does
not have any permissions listed.
HOL-SDC-1602
Page 470
HOL-SDC-1602
Set Permissions for the New Local Account

Let's grant them ReadOnly since they only need this account to gather information and
not make changes. Enter the command
esxcli system permission set -i=nocuser -r=Admin
HOL-SDC-1602
Page 471
HOL-SDC-1602
Verify Permissions
Enter the command
to validate that our user has Admin access to the host. Leave the PuTTY session open
for the next lesson.
ESXi Passwords, ESXi Pass Phrases, and Account Lockout

For ESXi hosts, you can use a password or a pass phrase. In each case, you must make
sure the password or pass phrase meets the requirements.
ESXi uses the Linux PAM module pam_passwdqc for password management and control.
See the manpages for pam_passwdqc for detailed information.
ESXi enforces password requirements for direct access from the Direct Console User
Interface, the ESXi Shell, SSH, or the vSphere Client. When you create a password,
include a mix of characters from four character classes: lowercase letters, uppercase
letters, numbers, and special characters such as underscore or dash.
Starting with vSphere 6.0, your user password must meet the following requirements.
Passwords must contain characters from at least three character classes.
HOL-SDC-1602
Page 472
HOL-SDC-1602
Passwords containing characters from three character classes must be at least

seven characters long.
Passwords containing characters from all four character classes must be at least
seven characters long.
In this lesson we will change ESXi password requirements to allow for a passphrase and
increase the password requirement to at least eight characters long.
The password quality is controlled via the advanced option
Security.PasswordQualityControl which can be accessed via the vSphere Web Client. In
this lesson we will use vi-cmd from the ESXi shell to make these modifications.
View the Current Settings for Password Quality

Enter the command
vim-cmd hostsvc/advopt/view Security.PasswordQualityControl
and observe the current settings of retry=3 min=disabled,disabled,disabled,7,7 these
are the default settings and match the requirements for password quality outlined in the
lesson overview above.
HOL-SDC-1602
Page 473
HOL-SDC-1602
Set the Password Quality to Allow Passphrase and

Increase Password Minimum Length
Enter the command
vim-cmd hostsvc/advopt/update Security.PasswordQualityControl string "retry=3 m

This will set our password quality to allow for passphrases with at least 16 characters
and 4 words separated by spaces. We also increased the password option to a
minimum of 8 characters.
Validate the Password Quality Settings

Now let's update the password for nocuser to test our password quality checking. First,
let's try a 7 character password by entering the command
esxcli system account set -i=nocuser -p=HOL@VMw -c=HOL@VMw
Notice that our password checking will not allow the short password. What about a
passphrase? Let's try a 3 word passphrase as a test. Enter the command
esxcli system account set -i=nocuser -p="correct horse battery" -c="correct hor
HOL-SDC-1602
Page 474
HOL-SDC-1602
Again, our password quality check works, disallowing the short phrase (remember we
require at LEAST 4 words in the phrase). OK, let's try a phrase that should give us
success. Enter the command
esxcli system account set -i=nocuser -p="correct horse battery staple" -c="corr
Note we do not get an error indicating the password update was successful.
Configure a Host to Use Active Directory in the vSphere

Web Client
In this lesson, we walk through the process of adding a vSphere Host to authenticate
again Active Directory.
Log in to the Web Client

Launch the Chrome browser from your desktop. You will automatically be directed to
the vSphere Web Client login. Tick the "Use Windows session authentication" box and
click "Login"
HOL-SDC-1602
Page 475
HOL-SDC-1602
Hosts and Clusters

Click on the Home icon and select Hosts and Clusters.
HOL-SDC-1602
Page 476
HOL-SDC-1602
esx-01a.corp.local
Click on esx-01a.corp.local.
HOL-SDC-1602
Page 477
HOL-SDC-1602
Settings
Click on the Manage tab, then Settings and then Authentication Services.
HOL-SDC-1602
Page 478
HOL-SDC-1602
Join Domain
Click the Join Domain button.
HOL-SDC-1602
Page 479
HOL-SDC-1602
Join Domain Settings

Enter corp.local for the Domain.
In the Using Credentials section enter:
Username: administrator
Password: VMware1!
Click OK.
HOL-SDC-1602
Page 480
HOL-SDC-1602
Added to Active Directory

After a few moments, you should see the screen refresh and The Authentication
Services section update to show the host is now connected to the Active Directory
domain.
Grant Permissions to a Domain Group on an ESXi Host

Now that the host has joined AD, we can grant access to the host by AD user or group.
HOL-SDC-1602
Page 481
HOL-SDC-1602
Set Permissions for Domain Admins

Return to the PuTTY session window. Enter the command
esxcli system permission set -g -i="corp\Domain Admins" -r=Admin
Notice we added the -g switch to indicate this is a group. Now validate the AD group
has been given permissions by entering the command
Login with AD Credentials

Let's test this by logging in as a member of the Domain Admins AD group. Enter the
command
login
Use the following credentials and verify you are able to log in
login: administrator@corp.local
Password: VMware1!
HOL-SDC-1602
Page 482
HOL-SDC-1602
Close the PuTTY session window.

Close the Chrome browser.
HOL-SDC-1602
Page 483
HOL-SDC-1602
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-SDC-1602
Version: 20160411-074555
HOL-SDC-1602
Page 484

Hands On Lab: Vsphere With Operations Management 6 - Advanced Topics

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Hands On Lab: Vsphere With Operations Management 6 - Advanced Topics

Загружено:

Авторское право:

Доступные форматы

HOL-SDC-1602

Lab Overview - HOLSDC-1602 - vSphere with

Control Center Desktop

vSphere Web Client:

vRealize Operations Manager:

Most Linux-based VMs and appliances:

This session/overview of the new technology represents no commitment from

Module 1: What's new in

vCenter Server 6.0 Content Library Overview

ESXi Security Enhancements

Network I/O Control Enhancements

Open the Google Chrome Browser

Verify the Network I/O Control Version

Configure Bandwidth Allocation

Show the Navigation Bar (if you unpinned it).

Pin the Navigation Bar

Select Hosts and Clusters

Select Cluster Site A

Accept Default Storage

Un-check All Boxes

Edit the VM Settings

Expand Network Adapter 1

Migrating a Virtual Machine between

Cross vCenter Server vMotion - Overview

vSphere Web Client Enhancements

Open the Google Chrome Browser

Home Drop-Down Menu

Activate Recent Tasks portlet

Activate Recent Tasks portlet

Recent Tasks Pane

Docking the Recent Tasks Pane

Resizing the Pane

vSphere SSL Certificates

VMCA Operational Modes

vRealize Operations 6.1 - Custom

Custom Profiles Overview

Log into vRealize Operations Manager

Where You Find Custom Profiles

Create A New Custom Profile

Profile Name: MySQL

Navigate To the vCenter Server Object

View The Results

Create A New Project

Name The Project

Add Scenario Part 1

Add Scenario Part 2

Show Project Result Before Final Save

View The Results With Committed Projects

See The Results Without Committed Projects

vRealize Operations 6.1 - Automation

View Alert Containing Action

View Alert Action Definition

View Default Policy Definition

View Action Automation Settings

4. Do not change anything and just press cancel.

Automated Actions Summary

vRealize Operations 6.1 - Custom Data

View The Resource Balance Dashboard

View How Well Balanced Cluster Site A-2 Is

View How Well Balanced Cluster Site A-1 Is

Create A New Custom Datacenter

Save The New Custom Datacenter

Select The Newly Created Custom DataCenter