2014 April 14 Lab Guide Vce Vblock System Administration v0.62

VCE VBLOCK SYSTEM ADMINSTRATION
LAB GUIDE
April 14, 2014
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
VCE CONFIDENTIAL
Introduction
In order to successfully administer a Vblock System, you need to be able to monitor the environment,
provision resources on demand and integrate the Vblock Systems into the existing datacenter operational
processes and procedures.
The labs included in this guide focus on how to monitor the Vblock System physical and virtual infrastructure to
understand the environment and to quickly identify where a problem may exist and how that problem may
impact the Vblock System services. The labs cover the most common administrative and management tasks that
a Vblock System administrator will make for normal day-to-day operations. Additional tasks for organization
operation tasks are also covered but these may vary based on the model of Vblock System deployed as well as
the steps outlined by the organization.
VCE as well as the individual component parent companies provide tools to monitor and manage the availability,
performance and configuration compliance of both the physical and virtual Vblock System environment. These
tools provide complete visibility into the Vblock System infrastructure to identify how resources are being
consumed and whether SLAs are being met. These tools provide system administrators with an extensible
management framework to simplify the transformation to the VCE Vblock System Cloud.
VCE is working to introduce that single pane of glass for Vblock System administration. VCE Vision Intelligent
Operation Intelligent Operations has been recently introduced to provide that single interface for Vblock System
administration. In its current state VCE Vision Intelligent Operation cannot perform all of the required
monitoring and management tasks so native element managers are still required. As the capabilities are added
to VCE Vision Intelligent Operation, the need for native component interfaces will diminish. The goal of Vision
Intelligent Operations is to treat the Vblock System as the single entity that it is with multiple active
components.
This lab guide is provided in a run book manner with each of the specific section objectives performed as tasks
that would be executed during the course of normal maintenance and administration. Each lab provides a
specific customer use case or scenario so the tasks are applicable to any datacenter deploying a Vblock System.
The tasks are not all inclusive and sometimes vary to actual production as to account for the limitation of the
training environment or to achieve specific learning objectives. These conditions will be identified in the
appropriate sections for this book.
VCE CONFIDENTIAL
Lab Scenario: Company Profile and Business Problem Statement

Welcome to Counterfake Inc.
Counterfake Inc. is a world leader in mock financial transactions. They have had a series of recent production
systems outages that have ranged from administrators accidentally bringing down production to multiple
hardware failures that have gone undetected that have caused production outage. They have recently acquired
a Vblock System, as a complete solution to their datacenter needs.
This lab will focus on Counterfake Inc. business problems and how they can best manage their Vblock System. IT
management has tasked you to efficiently find issues in both the physical and virtual infrastructure that would
possibly impact production. Silos of administration have been torn down and you have the responsibility of
managing the entire converged infrastructure of the Vblock System. This requires an understanding of all the
components within a Vblock System and the steps to manage each entity in depth.
The problems to date include but are not limited to:
Component Failure - Server, switch, storage or VM failures can cost Counterfake revenue and reputation if you
dont quickly identify each failure and the impact of exceeding SLA time constraints.
Secure Access - All administrators across all domains have administrative rights for the entire infrastructure.
Administrators and operators can make modifications to systems without the ability to audit who performed
what, when.
Configuration Management - The environment is dynamic so changes are regularly made to the infrastructure
to support business requirements. There have been occasions when infrastructure changes have caused
outages.
Capacity Management - End users only report a problem when they experience an increase in response time.
There is no proactive anticipation of resources nearing performance thresholds; capacity is only expanded after
resources pass critical performance thresholds.
Data Protection - Backups are taken but you have no confidence that they can be used for a successful restore.
There is no consistency in the backup process and no documented and proven recovery process.
In this lab you will help Counterfake Inc. address their business problems while successfully administering and
managing their new Vblock System.
VCE CONFIDENTIAL
Lab Architecture
VCE Vblock Infrastructure Management
1 - Health Check and Alerting

Health Check - Monitor the Vblock System as a whole as a well as the individual components.
Alerting - Configure tools and techniques for unattended alerts and notification.
2 - Security
Multi-Tenancy - Logically segregate environments for a secure workspace.
Hardening - Lock down existing environment for a highly secure Vblock System.
3 - Management
Configuration Management - Expand current resource configuration capabilities.
Capacity Management - Expand current resource bandwidth.
Automation - Provision resource through automation.
3 - Protection
Backup and Recovery - Protect Vblock System metadata and integrate into existing environment.
Compliance - Validate Vblock System security meets corporate security standards.
VCE CONFIDENTIAL
In this class you will be introduced to and work with the VCE proprietary Vblock System management utility, and the
element managers of each of the components that make up a Vblock System.
The components of Vblock Infrastructure Platforms can be directly controlled using these independent tool sets:
VCE Vision
The VCE Vision software suite provides an integrated set of software products for managing a Vblock System. It enables
Vblock System customers to discover their Vblock System, identify where it is located, and what components it contains. It
reports on the health or operating status of the Vblock System. It also reports on how compliant the Vblock System is with a
VCE Release Certification Matrix and allows customers to automatically update any firmware or software that is not
compliant.
Cisco Unified Computing System Manager (UCSM)

An embedded web-based management interface for all software and hardware components of the Cisco UCS across
multiple chassis and thousands of virtual machines (VMs). The entire UCS is managed as a single logical entity through an
intuitive graphical user interface, a command-line interface (CLI), or an XML application-programming interface (API). It
provides flexible role- and policy-based management using service profiles and templates to reduce management and
administration expenses, which are among the largest costs in most IT budgets.
Cisco Nexus Operating System (NX-OS)

Cisco NX-OS streamlines the management and monitoring of the LAN and SAN components offering visibility and control
through a single management interface for the Cisco Nexus, and Cisco MDS Family of products.
EMC Unisphere for VNX

Web-based management interface for discovering, monitoring, and configuring EMC Unified storage. Unisphere for VNX
offers quick access to real-time online support tools. It provides automatic event notification to proactively manage critical
status changes.
EMC Unisphere for VMAX

Web-based management interface for discovering, monitoring, configuring, and controlling Symmetrix VMAX arrays.
Unisphere for VMAX enables initial system discovery and configuration, including device creation and configuration, along
with basic device masking and support for managing local and remote replication activities.
VMware vCenter
Provides unified management of all the hosts and VMs in the data center from a single console to an aggregate
performance monitoring of clusters, hosts, and VMs. VMware vCenter Server gives administrators deep insight into the
status and configuration of clusters, hosts, VMs, storage, the guest operating system, and other critical components of a
virtual infrastructure.
Individual element managers can be polled individually or can be integrated into a customers existing management
framework to provide significant intelligence about the resource relationships and dependencies, and the state of business
services running on the Vblock System.
VCE CONFIDENTIAL
Vblock System Administration and Management Lab Diagram
For the lab exercises in this guide you will access the Vblock System Management interfaces using the appropriate interface
to access the components that compose the training Vblock System. Network connectivity addresses will be supplied on a
per team basis for the particular Vblock System setup used during your class.
VCE CONFIDENTIAL
Lab Use Cases for Counterfake Inc.

This Vblock System Administration and Management Lab focuses on specific use case scenarios built around managing the
VCE Vblock System for Counterfake Inc. To execute the various lab scenarios you will access a simulated an Advanced
Management Pod (AMP) that has the preinstalled management interfaces for each of the specific tasks required for lab
completion.
Most administrative tasks in a Vblock System cross multiple component domains. To emulate the actual management
behavior, this guide is written in a Run Book format to align to an administrators execution of an actual datacenter
procedure. To simplify the actual lab execution the labs include all required steps regardless of the component domain in
which they are run.
Labs include the tasks to quickly and efficiently find issues in the physical and virtual environments that would impact a
customers ability to maintain production applications on a Vblock System. This is extremely important because if there are
issues in the network, storage or physical/virtual servers, customer may experience service interruptions.
VCE CONFIDENTIAL
Table of Contents: Vblock Systems Administration and

Management
Introduction .................................................................................................................................. 3
Lab Scenario: Company Profile and Business Problem Statement ............................................ 4
Lab Architecture ........................................................................................................................... 5
Vblock System Administration and Management Lab Diagram .................................................. 7
Lab Use Cases for Counterfake Inc. ........................................................................................... 8
Table of Contents: Vblock Systems Administration and Management .................................... 9
LAB 1. Connecting to the VDC ................................................................................................ 13
A)
Accessing your assigned Windows Management Host. ............................................ 13
Pre-Lab Notes ............................................................................................................................ 14
Pre-Lab Considerations ............................................................................................................... 15
LAB 2. Capturing the Vblock System Configuration Baseline ............................................ 17
Establish a Vblock System Configuration Baseline ................................................................... 17
A)
UCS Manager GUI (TST): Capture Compute Resource Configuration ..................... 17
B)
UCS Manager CLI (TST): Capture Compute Resource Configuration ..................... 21
C)
EMC Unisphere for VNX (TST): Capture VNX Storage Configuration Information . 23
D)
Navisphere CLI (TST): Capture VNX Storage Configuration using ......................... 24
E)
Solutions Enabler CLI (TST): Capture VMAX Storage Configuration (Optional) .... 26
F)
CLI for MDS Switch (TST): Capture Storage Area Network (SAN) Configuration .. 28
G)
CLI for Nexus 5548 (TST): Capture Network Configuration ..................................... 29
H)
vSphere Web Client (TST): Explore vCenter Configuration .................................... 31
I) Collection Support Information (TST): VCE Vision and vSphere .............................. 32
LAB 3. VCE Vision: Administration ........................................................................................ 33
VCE Vision Utilization ................................................................................................................ 33
A)
VCE Vision System Library (TST): Administration ..................................................... 33
LAB 4.
A)
VCE Vision Plug-in for vCenter................................................................................... 37

Install VCE Vision Plug-in for vCenter (OST) ............................................................. 37
LAB 5. Monitoring for Component Errors or Failures .......................................................... 40

A)
Vblock System Events (TST) ..................................................................................... 40
B)
Log Browser (TST) ..................................................................................................... 40
C)
UCS Fault Detection (TST) ........................................................................................ 41
D)
Storage Alerts (TST) .................................................................................................. 42
LAB 6. Securing the Vblock System ....................................................................................... 43
Security ...................................................................................................................................... 43
A)
vCenter Password Retention (TST) ........................................................................... 43
B)
VCE Vision Appliance and Central Authorization (TST) ............................................ 43
VCE CONFIDENTIAL
C)
D)
E)
Adjusting Syslog maximum log file size (TST) ........................................................... 44

Securing a New VLANs with Roles (TST) .................................................................. 45
Creating a QoS Policy on the Nexus 1000v (OST) .................................................... 45
LAB 7. Trusted Multi-tenant in a Vblock System ................................................................... 48

Trusted Multi-Tenancy ............................................................................................................... 48
A)
Create Sub-Organizations (TST) ............................................................................... 48
B)
Create Locales (TST) ................................................................................................. 49
C)
Create User Accounts (TST) ...................................................................................... 49
D)
Explore Multi-tenancy restrictions for users in different locales (TST) ....................... 50
LAB 8. Service Profile Templates and Service Profiles ........................................................ 54
A)
Modifying an Initial Service Profile Template (OST) .................................................. 54
B)
Modifying the Service Profile by Bind to an Initial Service Profile Template (OST) ... 55
C)
Cloning a Service Profile to an Updating Service Profile Template (OST) ................ 57
D)
Modifying Updating Service Profile Template and Bound Service Profile (OST) ...... 58
LAB 9. UCS Manager: Expanding Address and ID Pools ..................................................... 60
A)
UUID Pool (OST)........................................................................................................ 60
B)
Expand MAC Address Pool (OST) ............................................................................. 61
C)
Expand WWNN Address Pools (OST) ....................................................................... 63
D)
Expand the WWPN Pool (OST) ................................................................................. 64
LAB 10.
A)
B)
Managing Boot Devices and Paths ........................................................................ 66

MDS CLI: WWPN and Zoning Verification ................................................................. 66
UCS Manager: New Boot Policy (VNX) (OST) .......................................................... 69
LAB 11.
A)
B)
C)
D)
E)
F)
G)
UCS Manager: Create a Service Profile from Scratch .......................................... 72

Creating a New Service Profile (OST) ....................................................................... 72
Associate a new service profile (OST) ....................................................................... 74
Unisphere for VNX: Connecting to VNX Storage - New Initiators .............................. 75
Unisphere for VNX: Connecting to VNX Storage Storage Groups ......................... 78
Unisphere for VNX: Connecting to VNX Storage - Creating a boot LUN................... 78
Installing ESXi (OST) ................................................................................................. 79
Restore Original Service Profile (OST) ...................................................................... 82
LAB 12.
Deploying Virtual Machines .................................................................................... 84
Creating a New Datastore ......................................................................................................... 84
A)
Provision an Additional LUN (OST)............................................................................ 84
B)
Create a New Datastore (OST) .................................................................................. 85
Creating a Virtual Machine ........................................................................................................ 86
C)
Creating a New VM in vSphere Web Client (OST) .................................................... 86
D)
Accessing and configuring the first Linux VM (OST) ................................................. 87
Capacity Management ............................................................................................................... 88
E)
VMware Capacity Monitoring (TST) ........................................................................... 88
Monitoring Storage .................................................................................................................... 90
F)
Monitor a Storage Pool (TST) .................................................................................... 90
G)
Monitoring a RAID group (TST) ................................................................................. 90
VCE CONFIDENTIAL
10
Capacity Expansion ................................................................................................................... 90

H)
Expand A Storage Pool (TST) .................................................................................... 91
I) Expand an Existing LUN (OST) ..................................................................................... 91
J) Expand a Data Store (OST) ........................................................................................... 91
Virtual Machine Template Creation and Usage ......................................................................... 92
K)
Creating a VM Template in vSphere Web Client (OST) ............................................ 92
L)
Creating a VM from a Template (OST) ...................................................................... 93
M)
Accessing the new VM Created from a Template (OST) ........................................... 94
VLAN Creation ........................................................................................................................... 95
N)
Add a VLAN on UCS (OST) ....................................................................................... 95
O)
Adding a VLAN to the Cisco Nexus 5000 (OST) ....................................................... 98
P)
Adding a VLAN to the Cisco Nexus 1000V (OST) ................................................... 100
Q)
Adding the VLAN to VMware Virtual Switch (OST) .................................................. 100
R)
Changing the VLAN for the Application VMs (OST) ................................................ 101
LAB 13.
Creating NFS Stores .............................................................................................. 103
A)
Configuring advanced settings for VMware vSpere ESXi (TST) ............................. 103
B)
Configure File System and NFS Exports (OST) ...................................................... 104
C)
ESXi NFS Configuration (OST) ................................................................................ 105
VM Access to the NFS File System ......................................................................................... 107
D)
Finding the NFS VLAN ............................................................................................. 107
E)
Adding a New Interface To VNX .............................................................................. 107
F)
Create new network in vSphere ............................................................................... 108
G)
Create new NIC the Application VMs ....................................................................... 108
H)
Create The NFS Mount on the VM........................................................................... 109
LAB 14.
A)
B)
C)
D)
E)
F)
G)
Managing CIFS ....................................................................................................... 111

Creating a CIFS Server ............................................................................................ 111
Create a Volume ...................................................................................................... 111
Creating a File System Pool ..................................................................................... 112
Creating a CIFS file system ..................................................................................... 112
Mount a File System on the CIFS Server in VNX .................................................... 112
Test the CIFS File System on your Management Workstation ................................ 113
Mount CIFS on VM ................................................................................................... 113
LAB 15.
A)
B)
C)
D)
E)
F)
Protecting Vblock System Metadata .................................................................... 114

VCE Vision Configuration Backup............................................................................ 114
VCE Vision Configuration Restoration ..................................................................... 114
VCE Vision Interface to Vblock System Configuration............................................. 115
Backup of UCS Manager ......................................................................................... 115
Backup of the Nexus 5k Switch ................................................................................ 115
Backup of the MDS Switch ....................................................................................... 116
LAB 16.
Protecting Vblock System Production Data ........................................................ 117
A)
Protection in Unisphere ............................................................................................ 117
Consistency Groups ............................................................................................................ 118
B)
Creating Application LUNs ....................................................................................... 118
VCE CONFIDENTIAL
11
C)
D)
Creating a Consistency Group ................................................................................. 118

Protection in vSphere ............................................................................................... 118
LAB 17.
A)
B)
C)
Vblock System Assurance .................................................................................... 120

Running Compliance Scans ..................................................................................... 120
Installing New Certification Matrixes ........................................................................ 121
Installing Optional components in a Compliance Scan ............................................ 121
LAB 18.
Proactive Monitoring ............................................................................................. 123
A)
Validating SNMP Setting within the UCS ................................................................. 123
B)
Validating SNMP on the MDS switches ................................................................... 124
C)
Validating SNMP on Nexus 5K Switches ................................................................. 124
D)
Validating SNMP on VNX ......................................................................................... 125
E)
Validating SNMP trap forwarding in EMC Unisphere ............................................... 125
F)
Configure UCS Threshold Policies ........................................................................... 126
G)
Syslog Management ................................................................................................ 127
H)
Using VCE Vision SNMP in Network Management Systems .................................. 128
I) Testing System Library Configuration .......................................................................... 129
VCE CONFIDENTIAL
12
LAB 1.
Connecting to the VDC
Lab resources for this activity are located remotely and will be accessed using the EMC Virtual Data Center
(VDC). In the section of the lab, you will connect into the VDC and log in to the management server where you
will launch the component interfaces required for this exercise.
A) Accessing your assigned Windows Management Host.

1) Login to a local computer and open Internet Explorer. Point the browser to the following URL:
https://vdc.emc.com. Log in to the Virtual Data Center using the credentials supplied by your instructor.
VDC User name: < supplied by your instructor >
VDC Password: <supplied by your instructor>
2) After successful authentication, a page will be displayed that shows a list of available systems. Double-click
on the VBlock Team X Management icon where X is your team number. This will launch a Remote Desktop
Connection session to your teams Windows Management Server.
3) In the Windows Security popup, click on Use another account in order to log in to the using User Name of
Administrator, and a Password of emc123%%
4)
If a Remote Desktop Connection dialog indicating certificate errors pops up, Click Yes to connect despite the
warning.
5) When it comes time to disconnect from the VDC at the end of each day, there are two ways to exit from
your Remote Desktop Connection to the Windows Management Host. One will leave your programs
running, allowing for later reconnection. The other will cleanly close all programs.
a) Closing the Remote Desktop Connection window will pop up the following message:
i)
This will disconnect your Remote Desktop Services session. Your

programs will continue to run while you are disconnected. You can
reconnect to this session later by logging on again.
ii) Click OK to disconnect in this way

b) Click on the Start menu and click Logoff to close all programs and logoff
VCE CONFIDENTIAL
13
Pre-Lab Notes
Please use IE (Internet Explorer) whenever a browser is needed. In your own environment other browser like
Firefox can be used, but in our simulated lab environment conflicts result from multiple students sharing
resources. For example, multiple instances of Firefox by the same user ID is not supported on a single shared
Windows Management Host.
Please do not change any of the configuration parameters, setting or options unless explicitly asked to do so.
These systems are in a shared configuration and unsolicited changes could adversely affect both your lab as well
as others.
VCE CONFIDENTIAL
14
Pre-Lab Considerations
Assumptions:
As a prerequisite to the steps outlined in this guide, you may assume that
basic power and cabling requirements have been met (as per the VCE Vblock
System Installation Guide), and that all components of the Vblock System have
successfully powered on without error by a VCE engineer or consultant.
About this Lab

Guide:
This Lab Guide is prepared in a Run Book format as a reference guide to

compliment formal documentation. It is not an all-inclusive Vblock Systems
procedure guide but does include many of the basic tasks required administer
and manage the Vblock System.
Any Lab Parts prefixed with (OST) in their description should done by
One Student per Team in order to avoid causing conflicts.
Any Lab Parts prefixed with (TST) in their description can be done by
either one or Two Students per Team concurrently.
Disclaimer:
This Lab Guide is current at the time of its creation and may not include
updates that supersede tasks outline in this guide. This document provides
procedures that may not conform to your installed Vblock environment due to
either differences in the Vblock System model or other special configurations
for our education setup. These documented procedures should be considered
reference only and are only fully qualified for this education lab environment.
VCE CONFIDENTIAL
15
The following illustration shows the components of the Vblock 340 System that will be used for student labs
VCE CONFIDENTIAL
16
LAB 2.
Capturing the Vblock System Configuration Baseline
Scenario: The Vblock System has just been deployed in the Counterfake Inc. environment. You were exposed to
the environment from the test plan execution. As you prepare to take over the administration and management
you need to inventory the system to establish a baseline of the initial configuration. Because of its size and
number of components, the first thing would be to establish a baseline of how the system was delivered. This
provides the ability to compare changes to the environment in the event something stops working.
Establish a Vblock System Configuration Baseline

Simulating a new Vblock System arrival, use the individual component element managers to capture the current
configuration for each component in the Vblock System. Each step of this lab will familiarize you with how to
access each of the component management systems and to gather information particular to that component.
No attempt will be made to collect what would constitute a full baseline of a production system.
Note: the procedure to access each element manager in this lab can be referred back to from later labs that will
not include the full details of the login procedure.
A) UCS Manager GUI (TST): Capture Compute Resource Configuration

1) Log into the UCS Manager GUI
a) On non-lab systems, you will usually launch the UCS Manager GUI from the Cisco Systems UCS Manager
Icon generated on the desktop when it is installed. However, for our lab environment it is necessary to
always use the Internet Explorer browser icon on the desktop. In the browser address bar enter the UCS
Fabric Interconnect Cluster IP of 192.168.1.1
b) If a Certificate Error warning comes up, choose Continue to this website
c) Select the Launch UCS Manager button to launch the GUI. Be patient as it may take some time to
download the GUI the first time it is launched
d) If a Security Warning about the certificate pops up, click Continue.
Click Continue again, if it pops up again.
e) Note: UCS Manager GUI requires Java 1.6 or later. The lab systems have Java 1.7.25 installed.
DO NOT UPGRADE the Java release if prompted; select the Later option to defer the upgrade.
Upgrading may cause other components you will be using as part of the lab to break. As with any multivendor solution, you only want to upgrade Java if all of the involved vendors have certified the new
level.
f)
Log in using the User Name of admin and Password of emc123%%
g)
If an Unknown Certificate warning pops up, click Accept to continue
2) Navigate through the GUI to validate the UCS Configuration. This is basic topology information for the
Vblock System Compute resources. The topology for the Vblock UCS starts with the Chassis and blade
Servers and then transitions to rack mount servers and Fabric Interconnects.
a) UCS Configuration - Select the Equipment tab on the GUI Navigation pane (left pane)
VCE CONFIDENTIAL
17
3) View chassis details.

a) Expand Chassis in the Navigation pane
b) Expand Chassis 1 in the Navigation pane
c) Expand Servers tab in the Navigation pane
d) Select your team server (Team 1, Server 1, etc) in the Navigation pane
i)
With the General tab selected in the Work pane (right-side) notice if the Slot ID matches the
Server/Team number?
ii) Notice the physical position of the server in the graphical picture of the chassis
iii) Notice the Product Identifier (PID) of your server
iv) Notice in the Summary section the number of Cores and Threads
e) Select the Inventory tab then the Storage sub-tab. Identify the PID of the installed Storage Controller
4) View the blade servers in the chassis
a) Select Chassis 1 in the Navigation pane
b) Select Servers tab in the Work pane
c) Notice the pie charts in the Work pane
i)
Identify if there any Servers that are inoperable
ii) Identify if there any Servers currently associated with a Service Profile
iii) Hover the mouse over the pie chart to get a count of associated servers
5) View the IO Modules in the chassis
a) In the Navigation pane for Chassis 1 expand IO Modules
b) Identify how many IO Modules are present
6) Get details about the IO Modules.
a) In the Navigation pane select IO Module 1
b) Select the Fabric Ports tab in the Work pane
c) Notice the Fabric ID of IO Module 1
d) In the Navigation pane select IO Module 2, notice if the Fabric ID of IO Module 2 is different than for IO
Module 1?
7) View the Server ports of Fabric Interconnect A
a) In the Navigation pane, expand Fabric Interconnects
i)
Expand Fabric Interconnect A
ii) Expand Fixed Module

iii) Select Ethernet Ports
b) In the Work pane, click on the If Role title bar to sort the list by role
i)
Identify ports that are configured as Server ports
ii) Identify ports that are configured as Network ports

8) View the Server ports of Fabric Interconnect B
a) In the Navigation pane, expand Fabric Interconnect B
i)
Expand Fixed Module
VCE CONFIDENTIAL
18
ii) Select Ethernet Ports

b) In the Work pane, click on the If Role title bar to sort the list by role
i)
Identify ports that are configured as Server ports
ii) Identify ports that are configured as Network ports

9) Determine the Fabric Interconnect model number
a) In the Navigation pane, select Fabric Interconnect A
b) In the Work Pane select the General tab
i)
Note the Product Name field, it should be either Cisco UCS 6120XP or Cisco UCS 6248UP
10) View the mode the FC Ports are running in for Fabric Interconnect A
a) In the Navigation pane, select Fabric Interconnect A
b) For Fabric Interconnect model number Cisco UCS 6248UP only:
i)
Under Fixed Module select FC Ports
c) For Fabric Interconnect model number Cisco UCS 6120XP only:

i)
Under Expansion Module 2 select FC Ports
d) Sort the ports by Role by selecting the If Role column header in the Work pane
i)
Notice the Enabled versus Disabled ports
ii) In the Navigation pane, select the first FC Port

iii) Review the Properties displayed on the Work pane.
(1) Note: Node proxy (N Proxy) port mode is a function of the Fabric Interconnect running in Node
Port Virtualization mode (NPV). This is what allows the Fabric Interconnect to log into the
upstream FC Switch as Node as opposed to a FC Switch.
11) View the mode the FC Ports are running in for Fabric Interconnect B
a) In the Navigation pane, select Fabric Interconnect B
b) For Fabric Interconnect model number Cisco UCS 6248UP only:
i)
Under Fixed Module select FC Ports
c) For Fabric Interconnect model number Cisco UCS 6120XP only:

i)
Under Expansion Module 2 select FC Ports
d) Sort the ports by Role by selecting the If Role column header in the Work pane
i)
Notice the Enabled versus Disabled ports
ii) In the Navigation pane, select the first FC Port

iii) Review the Properties displayed on the Work pane.
12) View the status of FC Uplink ports of Fabric Interconnect A
a) Select the SAN tab in the Navigation pane
b) Expand SAN Cloud
c) Expand Fabric A
d) Expand FC Port Channels
e) Select FC Port-Channel 10
i)
In the Work pane notice the VSAN that the Port-Channel is configured in
VCE CONFIDENTIAL
19
ii) Notice the Port-Channel Admin Speed setting, click the dropdown to see other available settings
f)
In the Work pane, click the Ports tab
g) Notice there may be no Ports that are members of the Port-Channel, which in this case is expected. The
data paths to the Vblock in the lab environment are through the FC-Uplinks ports
h) In the Navigation pane, expand FC Port-Channel 10, are the same FC Interfaces displayed as in the
previous question?
13) View the defined VSANs
a) In the Navigation pane, expand VSANs within Fabric A
b) Select UIM_VSAN_A_10
i)
In the Work pane verify that VSAN ID is set to 10
ii) Notice the FCoE VLAN ID

14) View the status of FC Uplink ports of Fabric Interconnect B
a) In the Navigation pane, select Fabric B
b) In the Work pane, click the VSANs tab, and identify the VSAN for the Fabric
c) In the Navigation pane, expand Fabric B
d) Expand FC Port Channels
e) Select FC Port-Channel 11
i)
In the Work pane notice the VSAN that the Port-Channel is configured in
ii) Notice the Port-Channel Admin Speed

iii) In the Work pane, click the Ports tab, notice no Ports are members of the Port-Channel which in this
case is expected.
15) View the defined VSANs
a) In the Navigation pane, expand VSANs within Fabric B
b) Select UIM_VSAN_B_11
i)
Verify that the VSAN ID is 11
ii) Notice the FCoE VLAN ID

16) View the Uplink Ethernet Port-Channel in Fabric A
a) Select the LAN tab in the Navigation pane
b) Expand LAN Cloud
c) Expand Fabric A, then expand Port Channels
d) Expand Port-Channel 101
e) Notice if interfaces are part of the Port-Channel
17) View the Uplink Ethernet Port-Channel in Fabric B
a) Under LAN Cloud, expand Fabric B then Port Channels
b) Expand Port-Channel 102
c) Notice which interfaces are part of the Port-Channel, does this look familiar (hint step 8)?
18) View configured VLANs
a) Select the LAN tab in the Navigation pane
VCE CONFIDENTIAL
20
b) Expand LAN Cloud

c) Expand VLANs
d) Review the VLANs that are defined for this Vblock
19) Close the UCS Manager Browser
B) UCS Manager CLI (TST): Capture Compute Resource Configuration
1) Log into the UCS Manager CLI
a) Double-click the putty Icon on the desktop
b) In the Host Name (or IP address) field, enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1
c) Click Open
d) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
e) After the login as: prompt, enter the User Name of admin, enter <CR>
f)
After the Password: prompt, enter the Password of emc123%%, enter <CR>
2) Display the UCS configuration. In VCE Vblock Systems, UCS Fabric Interconnects are installed in pairs. The
Primary Fabric Interconnect automatically appends an -A, while the subordinate Fabric Interconnect
appends a -B to the system name for the display at the command prompt. In the example below, the
Unified Computing System is named UCS and we are logged into Fabric Interconnect A.
show configuration
This command returns a summary of the UCS configuration in XML format. By pressing the spacebar you
can navigate through the configuration in its entirety. Entering question mark ? will give you a
complete help list for the more command.
3) Display the UCS cluster information. This command returns the system name, mode and cluster IP address.
show system
4) Display a list of fabric interconnects. Note the CLI has built in help available by entering a question mark ?
to list options of what can be typed. Additionally, the tab <tab> key can be used to autocomplete options
on the command line that have only been partially entered. If the entered letters are not sufficient to make
a unique completion then the options available are listed. For example try
show
show
show
show
show
show
?
fa<tab>
fab<tab>
fabric-interconnect ?
fabric-interconnect d<tab>
fabric-interconnect detail
This command returns the detailed characteristics about the pair of fabric interconnect switches. It
includes Serial Number, installed memory and connectivity information.
5) Display cluster state
show cluster extended-state
This command returns the state of the fabric interconnect cluster. By using the extended state option
you also get to see member and heartbeat state information.
6) Display chassis information:
VCE CONFIDENTIAL
21
show chassis detail

This command returns summary information for each of the chassis that are part of the UCS
configuration.
7) Display the IO Module
scope chassis 1
scope iom 1
show detail
This command returns detailed information about IO Module 1 in chassis 1. The scope command is used
to select specific components when you are trying to view information about a device within said
component.
8) Display the configuration
exit
exit
show server inventory
The two exit commands exit the previous scope commands and change the context back to the top
level. The show server inventory command returns a list of the servers installed within the chassis(s). It
includes Serial Number, memory and CPU core information.
9) Display inventory information about network adapters in each server
show server adapter inventory
This command returns a list of the adapters within each server in the UCS. These adapters provide both
network and storage connectivity.
10) Display Layer 2 information about the network adapters for a specific server
scope server 1/5
show server adapter layer2
This command returns the media access control address (MAC address) used by the server to
communicate at the layer 2 physical network segment. With UCS these are dynamic and assigned via
service profiles.
11) Display blade status
scope org
scope service-profile server 1/1
show status
This command allows you to view the Service Profile assigned to this blade. The output also includes its
association as well as the power and operational state.
12) Display a list of policies, pools and templates
scope org
show boot-policy
show server-pool
show vhba-templ
UCS simplifies administration through the introduction of policies, pools and templates for server
management. The commands above provide a simple view of a single policy, pool and template. Run the
command show ? to view additional options.
13) Display any faults in the chassis.
VCE CONFIDENTIAL
22
scope chassis 1
show fault
This command provides a list of UCS Chassis errors in a chronological order with a severity, ID and
description of each fault.
14) Display the audit log
scope security
show audit-logs
The audit log allows you to view the changes made to the UCS systems. It provides the time the action
took place as well as the user, action type and a description of the action.
15) Display backup information
scope system
show backup
This command returns the details of the UCS metadata configuration backup.
To get details about the host and remote location append the detail option to your command.
Note, the CLI also supports command history using the up and down arrows. An up arrow would
present the previous command as the base for appending the option.
16) Exit from the CLI and close the window
exit
exit
The first exit command exits from the scope, and the last exit command from the top context exits the
CLI and closes the ssh session.
C) EMC Unisphere for VNX (TST): Capture VNX Storage Configuration Information
1) Log into the VNX Unisphere GUI
a) Double-click the Unisphere VNX Client icon on the desktop
b) In the Connect Host name or IP address field, enter the VNX Control Station IP address of 192.168.1.15.
c) Click the Connect button
d) Click either the Accept for Session or Accept Always button in response to the non-trusted certificate
warning
e) Click Accept in response to the GNU General Public License query
f)
Log in using the VNX Control Station User Name of admin and Password of emc123%%
2) View the available storage for block and file.

a) From the Dashboard, examine the Overall Capacity graph.
i)
Notice how much total capacity is available in the VNX
ii) Hover the mouse over the two section of the horizontal bar chart to see them free space available in
unused disks and pools
iii) Examine the Capacity for File graph and notice how much capacity is available for File storage
3) View the installed disks
VCE CONFIDENTIAL
23
a) From the Dashboard, click the link to your VNX system, or select the VNX from the Systems list on the
Navigation bar at the top of the screen.
b) Hover your mouse over the System button on the Navigation bar and wait for the system options to
display
c) Click on Disks from the hardware section to display the installed disks
d) Are there more than one disk Drive Type(s) installed in this system (hint: you may need to scroll)
e) Look at the LUN IDs column and notice disks with no LUNs, one LUN and multiple LUNs
4) View hot spare disks.
a) Hover your mouse over the System button on the Navigation bar waiting for the system options to
display
b) In the Hardware section click on Hot Spare Policy, view the drives set aside based on the policy to be
used as hot spares
c) Notice how many hot spares are configured in this system
5) Examine Storage Pools
a) Hover your mouse over the Storage button on the Navigation bar. waiting for the storage options to
display
b) Click to select Storage Pools from the Storage Configuration section
c) Notice how many storage pools are configured
d) Notice the different RAID Type(s) in each Storage Pool
e) Double-click to open Properties for the first Pool in the list.
f)
Select the Disks tab and notice how many LUNs are configured for this pool
g) Close (or Cancel) the Storage Pool Properties display

6) Examine RAID Groups.
a) Click the RAID Groups tab in the Storage Pools display
b) Notice how many RAID Groups are configured
c) Are there a variety of RAID Type(s)?
d) Click to select the first RAID Group in the list and look at Details at the bottom of the screen
i)
Notice how many LUNs are configured in this group
7) View the connected hosts that are allowed to utilize storage on the VNX
a) Hover your mouse over the Hosts button on the Navigation bar.
b) Select Host List from the menu
c) Click on your teams assigned host from the list and look at Details at the bottom of the screen
i)
Click the Storage Group the host is part of to display the Storage Group Properties
ii) Close (or Cancel) the Storage Pool Properties display

8) Leave Unisphere open for later use
D) Navisphere CLI (TST): Capture VNX Storage Configuration using
1) Open a command prompt window to access the Navisphere CLI
VCE CONFIDENTIAL
24
2) Each naviseccli command must specify the VNX Block side user name, password, scope, and VNX Storage
Processor IP address where the command will be executed. Alternatively a Navi Security File can be created
so this information does not have to be specified for each command.
3) Review the Navisphere CLI command syntax:
<Name of the binary> -address <Storage Processor A or B IP address> -user <A
VNX BLOCK side user name> -password <VNX BLOCK password for the specified
user> -scope <a scope of 0 denotes a local array user account and opposed to
LDAP> <sub-command>
4) Verify the VNX storage array is functioning properly. Use the VNX Storage Processor IP address of
192.168.1.16 a User name of admin and Password of emc123%%
naviseccli -address <vnx_SP_IP> -user <user> -password <pass> -scope 0 faults
-list
This checks the status information for faulted components on the system and should return as operating
normally
5) Create a security file. The VNX user name, password, and scope can be stored in an encrypted security file
located in the home directory of your Windows user account. This security file negates the need for
specifying a VNX user name, password, and scope for subsequent Navisphere Secure CLI command.
naviseccli -addusersecurity -user admin -password emc123%% -scope 0
6) Display VNX system information
naviseccli -address 192.168.1.16 getall | more
Be sure to pipe the output to more (|more) as there is a significant amount of information displayed.
The command displays SP, Cache, LUN, RAID group, and drive type to name a few.
Add an entry to the user security file to simplify command entry and avoid explicitly showing the
password
7) Display SP information.
naviseccli -address 192.168.1.16 getsp
Command returns the SP signature, version, serial number and amount of memory each SP has; both SP
should match as memory is mirrored
8) Displays the back-end bus configuration including the devices residing on the back-end bus
(be patient, this command may take a while to display)
naviseccli -address 192.168.1.16 backendbus -analyze | more
This command returns the current and maximum back-end bus speeds for each back-end bus on the
system and the devices on the back-end bus
9) Display disk status for all disks.
naviseccli -address 192.168.1.16 getdisk -all | more
The command provides detailed output for all the disk drives in the array, information displayed
includes type, speed, capacity, RAID group and IO profile for the disk
10) Display disk status for a specific disk.
naviseccli -address 192.168.1.16 getdisk 0_0_0
Similar to the display for all devices, this command provides the information for a single disk 0_0_0 (Bus
0, Enclosure 0 and Disk 0)
11) Display LUN information
VCE CONFIDENTIAL
25
naviseccli -address 192.168.1.16 getlun -capacity -disk | more

There are many options available for displaying information at the LUN level; this command returns, in
MB, the LUN capacity and the associated disk drive
12) Display RAID group information - retrieves information about RAID group 1
naviseccli -address 192.168.1.16 getrg -all | more
The output varies depending on the switches used but the output of the above command includes RAID
group ID, type, list of disks and list of LUNS
13) Display network name and address information
naviseccli -address 192.168.1.16 networkadmin -get -all
This command lists the network information for the specified SP, including port ID, speed and network
identification information for the SP
14) Navisphere CLI is closed after each command line, so there is nothing to close
a) The command window you ran in can be closed by entering exit on the command line
exit
E) Solutions Enabler CLI (TST): Capture VMAX Storage Configuration (Optional)

1) The Solutions Enabler CLI by default connects to the VMAX storage array through a Fibre Channel inline
connection. Your lab Windows Management host does not have this configured. Therefore, you will need
to first configure Solutions Enabler to send each command to a remote host, similarly to the way naviseccli
worked.
a) Using Windows Explorer navigate to the folder C:\Program Files\EMC\SYMAPI\config
b) Open the file netcnfg with WordPad
c) Add the following line at the bottom of the file:
VMAX_SOL_ENABLER - TCPIP - 10.126.96.180 2707 NONSECURE
This line must be entered on a single line in the file
d) Save the changes to the file and exit WordPad
2) Open a command prompt window
3) Check Solutions Enabler version
symcli
What is the SYMCLI version number?
4) Get help on the syntax of a command
symcli -h
What does the -v option of this command do?
What does the -def option of this command do?
5) List the full list of Solutions Enabler commands
symcli -v | more
Read the description of the symcfg command
6) Create/update the symapi database
symcfg discover
VCE CONFIDENTIAL
26
Is the error No devices were found displayed?

This error is expected because there are no Symmetrix devices configured as visible to this host
7) Redirect Solutions Enabler commands to run remotely. Please note; in Windows, setting a variable in a
command session is only valid for the duration of the session. Therefore, if the command window is closed
and reopened, the variable will no longer exist.
set SYMCLI_CONNECT=VMAX_SOL_ENABLER
symcli -def
Set the SYMCLI environmental variable SYMCLI_CONNECT to match the Service Name you set in the
netcnfg file earlier.
Does the output of symcli -def confirm that this is set correctly?
8) Display the systems discovered previously by this host
symcfg list
The command will return all Symmetrix systems the remote management host has access to.
What are the last 2 digits of the SymmID(s) ?
9) Display a summary of the VMAX configuration
symcfg -sid <last-2-digits-of-SymmID> list -v | more
The output provides summary information for a Symmetrix system. It will provide code levels and
resource capacities to name a few.
10) Restrict future output to only the specified SymmID
set SYMCLI_SID=<last-3-digits-of-SymmID>
symcli -def
Set the SYMCLI environmental variable SYMCLI_SID to match the last 2 digits of a SymmID you found.
This provides an alternative to specifying the -sid option on every command line.
Does the output of symcli -def confirm that this is set correctly?
Repeat the command symcfg list. This is helpful when there are multiple VMAX systems, but you
only need to work with one.
11) Display a list of directors configured in a VMAX system
symcfg -dir ALL list
symcfg -dir all list -v | more
Hosts connect to front-end directors (FA) and backend directors (DA) provide access to logical devices
through cache.
12) Display information about installed memory
symcfg list -memory
The total amount of usable memory is slightly less than half as the Symmetrix mirrors memory for
availability and each director uses a small amount for local memory.
13) Display physical disk configuration
symdisk list | more
symdisk list -v | more
Information is made persistent on the Physical disks. Each is carved up into Hyper Volumes and formed
into LUNs for host presentation as thick devices or for data devices for thin provisioning.
VCE CONFIDENTIAL
27
14) Display information about Symmetrix Logical Volumes (LUNs)

symdev list | more
symdev list -v | more
A Symmetrix Logical Volumes is the EMC term for a LUN. It is typically the device that is mapped to a
host; thick device maps directly to physical device(s) thin devices bind to a pool of data devices that map
to physical devices.
15) Exit from the Command window
exit
Exit will close the Command window and all environmental variable settings will be forgotten.
F) CLI for MDS Switch (TST): Capture Storage Area Network (SAN) Configuration
The purpose of this task is to provide the student with a working knowledge of the tools needed to explore the
MDS-Series SAN environment.
1) View Configuration. From the Windows Management host open a putty ssh session to the MDS-Series
switch
b) In the Host Name (or IP address) field, enter the A-Side MDS Switch IP Address of192.168.1.6
c) Click Open
f)
NOTE: Please DO NOT make any changes to the configuration of the equipment in this procedure. This
switch is shared among all students in the class.
2) Show the available exec commands. Execute the following command to show a list of commands
?
(Use the space bar to scroll down the list of commands)
3) Change to configuration mode and display the available configuration options

config
4) Display a list of configuration commands
?
5) You will not be making configuration changes in this exercise so just exit the configuration mode
exit
6) Display BIOS, loader, kick start, and system firmware versions
show version
7) Display the installed licenses for the switch and their usage
show license usage
Notice the PORT_ACTIVATION_PKG license count
8) Display the current startup configuration
show startup-config
VCE CONFIDENTIAL
28
Enter space bar to scroll to end of the output of this command

Does the interface mgmt0 value match what you used to start this putty session?
9) The above command showed the complete current startup configuration. Use the ? and <tab> command
line help to show only the last item displayed above
show startup-config ?
show startup-config i<tab>
show startup-config interface ?
show startup-config interace m<tab>
show startup-config interface mgmt ?
show startup-config interface mgmt 0
Scroll up the putty display and compare this output to the end of the previous command. Are they the
same?
10) Display the management port configuration
show interface mgmt0
Confirm there are not errors on the management interface, notice the error counts
11) Display a brief description of the port status where your hosts are connected
show interface brief
Notice which ports have a Status of up
12) Display the configured VSANs and their membership
show vsan membership
Notice which vsan has all of the interfaces
13) Display the configured user accounts
show user-account
Notice how the admin and monitor accounts differ
Do any of the roles have an expiry date?
14) Display the switch status
show system health
Validate the current health information and confirm no errors or issues.
15) Terminate the telnet session and close the Command Prompt.
exit
G) CLI for Nexus 5548 (TST): Capture Network Configuration

The purpose of this task is to provide the student with a working knowledge of the tools needed to explore the
Network environment of the Vblock System through the Nexus-Series switch.
1) View Configuration. From the Windows Management host open a putty ssh session to the Nexus-5548
switch
a) Double-click the putty icon on the desktop
VCE CONFIDENTIAL
29
b) In the Host Name (or IP address) field, enter the A-Side Nexus 5548 IP Address of 192.168.1.4 Click
Open.
c) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
d) After the login as: prompt, enter the User Name of monitor, enter <CR>
e) After the Password: prompt, enter the Password of emc123%%., enter <CR>
NOTE: Please DO NOT make any changes to the configuration of the equipment in this procedure. This
switch is shared among all students in the class.
2) Show the available exec commands. Notice that the interface for the MDS and Nexus a very similar. Both are
built on NX-OS standards
a) Execute the following command to show a list of commands
? (Use the space bar to move down the list of commands)
3) Display BIOS, loader, kick start, and system firmware versions
show version
4) Display the current startup configuration.
show startup-config
Enter space bar to scroll to end of the output of this command
Does the interface mgmt0 value match what you used to start this putty session?
5) The above command showed the complete current startup configuration. Use the ? and <tab> command
line help to show only the last item displayed above
show startup-config ?
show startup-config i<tab>
show startup-config int<tab>
show startup-config interface ?
show startup-config interace m<tab>
show startup-config interface mgmt ?
show startup-config interface mgmt 0
Scroll up the putty display and compare this output to the end of the previous command. Are they the
same?
6) Display the management port configuration
show interface mgmt0
Confirm there is transmit (TX) and Receive (RX) traffic on the management interface
7) Display a brief description of the port status where your hosts are connected.
show interface brief
Notice which ports have a Status of up
8) View the number of VLANs currently configured on the Nexus switch.
show vlan summary
What is the number of user and extended VLANs?
9) Display the configured user accounts
show user-account
Notice how the admin and monitor accounts differ
VCE CONFIDENTIAL
30
Do any of the roles have an expiry date?

10) Display the switch status
show system resources
show system uptime
Notice the idle CPU %
Notice the free memory size and approximate percentage
Notice the System uptime
11) Terminate the telnet session and close the Command Prompt
exit
H) vSphere Web Client (TST): Explore vCenter Configuration

VMware vCenter allows simplified ESXi hypervisor management and monitoring. This step will perform basic
vCenter Server inventory operations
1) Verify vSphere license keys to confirm access to advanced features of VMware vSphere 5.x.
a) Double-click on the vSphere Web Client desktop icon. Use it to log in to your vCenter Appliance system
with the User Name of root and Password of vmware
c) In the Navigator pane, select Home > Administration > Licenses
i)
The Licenses pane is displayed. Notice the Usage and Capacity of the vCenter Server license(s) and
the vSphere 5 Enterprise CPU license(s)
2) View vCenter Server status and configuration

a) Select the home icon in the top bar to quickly get back to the top level
b) Select Home > vCenter > vCenter Servers >
c) Select team-X-vcsa where X is your team number
d) In the pane to the right select the Monitor tab then the Service Health sub tab
e) There are no ESXi hosts or Virtual Machines to inventory at this point in the lab. They will be added and
validated in later sections.
f)
View all Alerts and Warnings.
g) View the various options and be sure not to change any settings at this point in the lab.
3) Select the Home icon at the top of the screen
4) In the pane to the right, select the Home tab, then Event Console
5) Review the events for your teams vCenter
a) Click on the first (most recent event)
b) Can you describe the behavior that caused this event?
6) Leave the vSphere Web Client open for the next lab
VCE CONFIDENTIAL
31
I)
Collection Support Information (TST): VCE Vision and vSphere
When dealing with a support call, you will often need to supply system logs, vSphere provides an easy way to
collect those logs. Additionally, you will likely want to provide configuration information, and Vision can provide
those.
1) First, collect the pertinent logs with vSphere, continuing to use the vSphere Web Client from the previous
lab
a) From Home, Click on vCenter
i)
select vCenter Servers under Inventory Lists
ii) Select team-X-vcsa where X is your team number

iii) In the middle pane click on the Monitor tab
iv) Click on the System Logs sub-tab
v) Download the System Log Bundle by clicking the Export System Logs button
b) Click on the checkbox for your team and click Next
c) Review the summary and click Generate Log Bundle (you may need to scroll down to see it)
d) When that finishes, click the same button again, which will now be labeled Download Log Bundle
e) Set a location (i.e. Desktop) and click Save. This may take a couple of minutes to complete.
f)
Click Finish.
g) Close the browser window to exit the vSphere client

2) Now, collect the configuration data this is a collection
a) Open up Internet Explorer
b) Go to the address: https://vision.take.emc.edu:8443/fm/configcollector
c) This will present you with a login request. Log in with the User Name of admin and Password of
dangerous for the VCE Vision CAS Authentication on System Library.
d) A file download message box will appear at the bottom of your browser window asking whether to save
or open the zip file that is the collection of configurations. Click Save As from the drop down menu
e) Save the file to the Desktop as it defaults it will be in the format
backup_configCollector_DATETIME.zip
f)
Find the file on your desktop and double click on it
g) In this zip file, there will be a parent directory, backup, with three subdirectories: compute, network
and storage. Each contains the configuration files for each element.
h) Close both the Internet Explorer and Window Explorer windows.
VCE CONFIDENTIAL
32
LAB 3.
VCE Vision: Administration
VCE Vision Utilization

VCE Vision allows for the management and monitoring of the various Vblock system components. With VCE
Vision, Autonomic Discovery, Identification, Validation, Logging and Health Monitoring can be accomplished, all
with one intelligent platform. It has an open API that allows for simple and rapid integration with 3rd party
management tools. VCE Vision operates from a virtual machine that is deployed within your Vblocks AMP,
which is called the VCE Vision System Library.
A) VCE Vision System Library (TST): Administration
There are a number of administrative activities that can be accomplished with the System Library. In this section
we will explore these activities as well as a tour of the VCE Vision System Library in general.
This is done via the command line by logging into the System Library Appliance. The entire class is sharing a
single Vblock, and thus, a System Library, so the lab wont make any changes, but will walk the student through
some potential administrative tasks, showing you how to interrogate the System Library, and how you would
make changes if you needed to at a later date.
1) Login to the VCE Vision System Library
a) Access the VCE Vision System Library using the putty icon on the desktop. Use the VCE Vision OS
Appliance Console: IP Address of 192.168.1.10
b) Enter the User Name of root and Password of V1rtu@1c3!
2) Validate that the Vision services are running and their associated Process Identifiers (PIDs). These services
include:
3) Check the status of jboss
service jboss status
JBOSS PID?
4) Check the status of postgresql
service postgresql-9.1 status
PostgreSQL PID?
5) Check the status of rabbitmq
service rabbitmq-server status
RabbitMQ PID?
6) Check the status of rsyslog
service rsyslog status
Rsyslog PID?
7) Check the status of all foundation manager services
service vce-fm-all-services status
VCE FM Master PID?
VCE FM Adapter PID?
VCE CONFIDENTIAL
33
VCE FM Agent PID?

VCE FM SMNPd PID?
VCE FM NA Agent PID?
8) View the master VCE Vision Configuration file
more /opt/vce/fm/conf/vblock.xml
9) This will allow you to view the IP address and configuration information for the System Library. Search for
the first IP address that start with 192
/192<enter>
10) Search for the next IP address that start with a 192
n
11) Quit viewing the output of the more command
q
12) To edit the master VCE Vision Configuration file the sedit command is used. This will allow you to change the
IP address/credentials for the System Library. This command will also provide locking/validation around the
editing session. The editor used is vim, a Unix vi clone. For help on using vim, one can execute the command
vimtutor on the Vision appliance from the command line. While the vblock.xml file will not be edited as part
of class, an example of the sedit syntax is below:
sedit <-f> <Absolute or relative path to the vblock.xml file>
13) View the help for the sedit command
sedit -help
14) Check the VCE Vblock Systems discovery information
discoveryDump.sh
Nexus 5K A Firmware Level?
Nexus 5K B Firmware Level?
Nexus 1K Firmware Level?
MDS Switch A Firmware Level?
MDS Switch B Firmware Level?
VNX Array Software Version?
15) To check the state of the System Library:
getFMagentInfo
FMagent Version and Release?
16) To get the SNMP status of the VCE Vision system
dumpFMagentState -a 192.168.1.10 -c csnpub
This many take a few minutes to complete. Remain calm, and then carry on.
17) For a list of Syslog forwarding options
configureSyslogForward -h
We will configure syslog forwarding in the Proactive Monitoring: Syslog Management section later in the
lab
18) To configure/reconfigure SNMP:
configureSNMP
VCE CONFIDENTIAL
34
a) Use option 8 to inspect the current configuration. DO NOT MAKE CHANGES now, but observe other
options available to change the information. For instance, to change the community that the System
Library publishes to, delete the current community with option 10, and then create a new community
with option 2.
b) Use option 12 (done) to exit configuring SNMP
19) To display current Vblock settings: name, location and main system contact
getmany -v2c localhost csnpub sysContact sysName sysLocation
Note: the csnpub in the above command is your community string. The value csnpub is the one used in
the lab environment, but should be replaced with whatever the community string is in your
environment.
DO NOT MAKE CHANGES now, but the command setSNMPParams can be used to change these
values
20) To manually backup the configuration files:
collectConfig.sh
This will collect the configuration files for all the systems. Later in the lab we will explore how to
download the most recent collection of configuration files to your workstation. If you are working on
the system library (as you are now in the lab), you can review these configuration files in the directory
/opt/vce/fm/backup. Here you will find a log of the collector, and the configuration files the collector
has retrieved (not just the most recent time) under the compute, network, and storage directories.
21) List all files recursively in the backup directory, noting their classification and size.
ls -FlasR /opt/vce/fm/backup
22) There are a series of system log files on the Vision appliance. They can all be found through a single
collected directory in /var/log/slib - this is a collection of symbolic links to the actual log directories
elsewhere in the system, but makes it easy to get at the logs. There is also an interface to collect all of the
logs into a group archive for export called export-fm-logs
ls FlasR /var/log/slib
23) Change into the temporary directory:
cd /tmp
24) Create a directory
a) Where X is your team number followed by your last name
mkdir <TeamX_LastName>
25) Change into your new directory:
cd /tmp/<TeamX_LastName>
26) Export the Foundation Management Agent log file
export-fm-logs -f fm_logs.tar.gz
This is a tar file. You can extract it with the tar command; most Zip utilities can also extract files in the
tape archive format (tar files).
27) Extract the exported Foundation Management Agent log file
tar xzvf fm_logs.tar.gz
28) The logs are now extracted, view the contents of the FMAgent.log file
less opt/vce/fm/logs/FMAgent.log
VCE CONFIDENTIAL
35
29) Quit the he output of the less command

a) q
30) To explore the SNMP data being published by the System Library, you can use the getmany command.
Above we retrieved the system name, location and contact, but you can also get any of the SNMP data from
the command line.
a) getmany -v2c localhost csnpub entPhysicalDescr
31) VCE Vision automatically discovers the physical and logical components of the Vblock System, populating its
database repository that feeds the APIs provided. This discovery process, which initially populates the
database and, later, updates it as things change, occurs every 15 minutes by default. This interval can be
adjusted. The 15-minute initial value is the minimum interval, but it can be set to be anything up to 1440
minutes. Below is an overview on how to change the system discovery cycle:
a) While the FM Services will not be stopped (stopFMagent) in this example, this would be the first step
b) Go to the directory where fmagent.xml file is located
cd /opt/vce/fm/conf
c) View configuration details in the fmagent.xml file
more fmagent.xml
d) Note the Discovery Cycle time between the start tag <> and end tag </>
<DiscoveryCycle> </DiscoveryCycle>
e) While the FM Services will not be started (startFMagent) in this example, this would be the last step
32) To make logging into the System Library easier without compromising security, you may choose to place
your Pretty Good Privacy (PGP) Public Key on the VCE Vision system. There are a number of tools that allow
you to create a public/private key pair such as pgpi.org, gnupg.org, or openpgp.org While beyond the scope
of this lab, the user can place their public key in the file /root/.ssh/authorized_keys ensuring that the file is
accessible only by the root user when they are finished: chmod 600 /root/.ssh/authorized_keys This will
allow tools like putty or ssh to log in without a password, using your key pair to authenticate you.
VCE CONFIDENTIAL
36
LAB 4.
VCE Vision Plug-in for vCenter
While your Vblock comes with a vSphere installed with the Vision extensions, you may find the need to manage
the Vblock from a different instance of vCenter, or through an upgrade find you need to install the VCE Vision
Intelligent Operations Plug-in for vCenter. This lab walks through that process.
A) Install VCE Vision Plug-in for vCenter (OST)

1) The Plug-in can be downloaded from the VCE Customer Portal, for the lab, it has been placed in the share
vblock_share.
a) Double click on the vblock_share shortcut on the desktop of the Windows Management Host
2) Navigate to the Plug-in directory
a) Z:\Vision\Plug-in\vce-plugin-2.1.2.0
b) Copy the vce-plugin folder from the Vblock share to the plugin-packages folder on your Windows
Management Host
c) In the vce-plugin-2.1.2.0 folder, select the vce-plugin sub-folder
d) Copy the directory vce-plugin, right click, and select Copy.
e) Select Local Disk (C:) and navigate to the target directory:
i)
f)
C:\Program Files\VMware\Infrastructure\vSphereWebClient\plugin-packages
Right click, and select Paste from the menu to copy the vce-plugin directory into the plugin-packages
directory.
3) Restart the Windows Management Host

a) Double click on the vblock_share shortcut on the desktop of the Windows Management Host
b) Navigate to the Vision directory
Z:\Vision
c) Double click on the reboot.bat file
d) If prompted by a popup Open File Security Warning window click the Run button
i)
It will take the Windows Management Host and the associated VMware vSphere Web Client service
up to five minutes to become available.
4) After waiting 5 minutes, log back in to Windows Management Host

a) Open your local computer open Internet Explorer. Point the browser to the following URL:
https://vdc.emc.com. Log in to the Virtual Data Center using the credentials supplied by your instructor.
i)
VDC User name: < supplied by your instructor >
ii) VDC Password: <supplied by your instructor>

b) After successful authentication, a page will be displayed that shows a list of available systems. Doubleclick on the VBlock Team X Management icon where X is your team number. This will launch a Remote
Desktop Connection session to your teams Windows Management Server.
c) In the Windows Security popup, click on Use another account in order to log in to the using User Name
of Administrator, and a Password of emc123%%
5) Prepare for Configuring the VCE Vision Plug-in for vCenter
VCE CONFIDENTIAL
37
a) Security requires that a full hostname is used in the plug-ins authentication, not an IP address, but the
name of the host. To do this, the IP address that is assigned to your Vision console must be in your
companies DNS records, or, as we will do here in the lab, in your local hosts lookup file. We will add the
entry here:
i)
Determine if the VCE Vision OS Appliance Console already has a DNS record. The standard output
returned should resolve the FQDN of vision.take.emc.edu to an IP address of 192.168.1.10. Type:
nslookup vision.take.emc.edu.
ii) Open a command prompt window

iii) Double click on the Command Prompt shortcut on the desktop
b) Test name resolution and connectivity to the VCE Vision OS Appliance, type:
putty vision.take.emc.edu
i)
Log in to the VCE Vision OS Appliance with a User Name of root and a Password of V1rtu@1c3!
c) Close the PuTTy session to the VCE Vision OS Appliance command prompt window by exiting, type:
exit
d) Close the Command Prompt window by exiting, type:
exit
6) Test the REST Interfaces of VCE Vision
a) Open an Internet Explorer
b) In the URL bar enter the address
https://vision.take.emc.edu:8443/fm/vblocks
c) Select the Continue to this website link
d) Log in to the VCE Vision CAS Authentication on System Library with a User Name of admin and
Password of dangerous
i)
Note the XML displayed. This output details the type of template used when VCE Vision discovered
the Vblock.
e) Close the Internet Explorer CAS VCE Vision tab

7) Configure the VCE Vision Plug-in for vCenter
a) Double-click on the vSphere Web Client desktop icon. Select the Continue to this website link. Use it to
log in to your vCenter Appliance system with the User Name of root and Password of vmware
b) Click on Administration in the Navigation pane
c) Click on Settings under the VCE Vision Plugin for vCenter
i)
Note: If there is no VCE Vision Plugin for vCenter under the Administration menu, close the vSphere
Web Client tab, wait 2 minutes, then re-launch the vSphere Web Client via the desktop icon.
8) Verify/Enter the credentials for the VCE Vision CAS Authentication

a) Hostname: vision.take.emc.edu
b) Port: 8443
c) Username: admin
d) Password (retype the password if it already exists): dangerous
e) Confirm Password (retype the password if it already exists): dangerous
VCE CONFIDENTIAL
38
f)
Remember that the vision network address must be the name of the Vision System Library as it resolves
in either DNS or the systems hosts file. An IP address will not work here because of how the security
mechanisms work within Vision.
9) Update the settings

a) Click Update Settings
b) Click OK to acknowledge restart message
10) Restart the vSphere Web Service
a) Start the Services assistant via Start > Administrative Tools > Services
b) Locate and highlight the service VMWare vSphere Web Client Service
c) Click on Restart Service
d) It will take the service up to five minutes to become available note that it takes longer for all of the
vSphere services and plugins to become available than just the vSphere web service.
e) Close the vSphere Web Client browser window
11) Validate the VCE Vision Plug-in for vCenter
b) Click on Home in the Navigation pane
c) Click on Home tab in the Home pane
d) Locate the Vblock icon in the inventory pane, and select it
e) In the Navigation pane, expand the Vblock heading prefaced with a capital V icon
f)
In the Navigation pane, expand the Compute resources. Note, there are two UCS Fabric Interconnects,
and a single UCS Chassis discovered by VCE Vision. Return to the Home screen of vSphere
g) Click Home at the top of the Navigation pane

h) Click on Home tab in the Home pane
i)
Under the Home tab select the VCE Vision System Library Event Monitor icon
j)
Under Monitoring, select the VCE Vision System Library Event Monitor
k) Validate that vSphere is connected to VCE Vision by ensuring a list of is events populated.
VCE CONFIDENTIAL
39
LAB 5.
Monitoring for Component Errors or Failures
There is a wealth of information about the Vblocks current status, and ways to monitor the system for errors or
complete failures of your components.
In this lab we will take a tour of ways to investigate the various health statuses of your Vblock.
A key part of the ability to monitor and manage these types of issues with the Vblock is the VCE Vision Intelligent
Operations product that came installed on your Vblock. Often you will be delving into the individual element
managers for detailed information, but VCE Vision groups this information in a Vblock-centric manner then
makes it easier to diagnose issues.
Monitoring Availability with VCE Vision

While the Vblock arrived at Counterfake Inc. with a full vCenter operational; you may want to integrate using
your existing vSphere Web Client to manage the Vblock system. VCE Vision has a vCenter Web Client Plug-in
that allows the client to interface directly with the information stream produced by the Vision product.
The vSphere Web Client that is installed on your management station does not have the VCE Vision Plug-in For
vCenter installed; the first section of this lab is to install it, much like you might have to do back at your own
facility.
This plug-in will allow you to view and manage the Vblock in the VMware suite as a single Vblock entity, instead
of a collection of components. Additionally it will provide powerful insights into overall Vblock management and
maintenance. Before we actually capture the baseline, we are going to install the plug-in for your vSphere Web
Client.
A) Vblock System Events (TST)
VCE Vision maintains a Vblock-wide event log that can be accessed through the vSphere VCE Vision plugin.
1) View VMware events
b) Click Home at the top of the Navigation pane
c) Select Events. This brings up the Event Console, which allows investigating VMware related events.
B) Log Browser (TST)
VMware vSphere allows you to download and browse logs from various objects within the VMware
environment.
1) Click Home at the top of the Navigation pane
2) Click on Log Browser in the Navigation pane
a) In the Log Browser pane in click on Select object now
b) Select the radio button for your team-X-esxi.take.emc.edu host where X is your team number, then
click the OK button
c) Select the Retrieve now link to generate a log bundle and download it. Be patient, the retrieving of the
logs from the remote system may take several minutes.
VCE CONFIDENTIAL
40
d) Once the logs have been retrieved, click the Type dropdown menu and explore the various log types
C) UCS Fault Detection (TST)
Using the UCS System Manager, investigate any faults present.
1) Access the UCS Manager browser window on the Windows Management Server
a) Use the Internet Explorer browser icon on the desktop. In the browser address bar enter the UCS Fabric
Interconnect Cluster IP of 192.168.1.1
b) Select the Launch UCS Manager button to launch the GUI. Be patient as it may take some time to
c) Log in using the User Name of admin and Password of emc123%%
2) On every screen of the UCS Manager, there are four icons at the top left of the screen - each representing a
different fault level (Critical, Major, Minor and Warning). Clicking on one of them will bring up the Faults,
Events and Audit log screen. Selecting the Admin tab in the navigation pane can also access it.
a) Select the Admin tab in the Navigation pane
b) In the Navigation pane, set the Filter dropdown menu to All
c) Highlight the Faults, Events and Audit Log heading
d) At the top of the Content pane, select the Faults tab
i)
Under the Faults tab, in the Show and Category section, ensure All is a checked
e) One at a time, select each alert in the list, investigate the issue.
f)
Select/Deselect some of the categories and fault level icons floating on top of the alert list.
3) This will list out the events that have occurred in the Vblock. Locate some of the events that represent
actions done in the Provisioning lab.
a) In the Navigation pane, highlight the Faults, Events and Audit Log heading
b) In the Content pane, select the Events tab
c) Are there any events that can be correlated with the faults previously viewed?
d) Under the Events tab in the Content pane select the Filter button, a Filter window is launched
e) From the Created at filter dropdown list select wildcard
f)
Enter the year, month and day of a fault from the Faults list. For example, 2014-04* will select all of the
events that happened in April of 2014.
g) Click OK, notice how the events list changes

4) View the Audit information
a) In the Navigation pane, highlight the Audit Logs heading
b) Under the Audit Logs tab in the Content pane select the Filter button, a Filter window is launched
c) From the Affected Object filter dropdown list select wildcard
d) In the blank textbox enter fabric/lan*
e) Click OK, notice how the object list changes
f)
Notice the creation of VLANs
VCE CONFIDENTIAL
41
D) Storage Alerts (TST)

Storage has its own rich infrastructure for identifying and diagnosing issues Unisphere. Lets explore by bringing
up Unisphere.
warning
2) From the Dashboard, click on the Alerts tab
a) Select the Filter dropdown menu, and check the box for Severity
b) From the Severity dropdown menu, select Error and above
c) Click on the Category column header to organize the list by category
d) Investigate the most recent Error
VCE CONFIDENTIAL
42
LAB 6.
Securing the Vblock System
Security
What makes a Vblock system more secure than other data center solutions?
This module will cover the hardening of the Vblock system as well as adding new users and roles to the Vblock
system. In addition, is ensuring that tenants compute and storage are sequestered in the multi-tenancy
environment is also a challenge to be addressed. This will allow for the internal data security.
The security options called out in this section of the lab are a small sampling of the types of security
improvements that can be made in your Vblock System.
A) vCenter Password Retention (TST)
1) Access the vSphere Web Client
with the User Name of admin and Password of vmware
2) In the Navigator pane, navigate to Home > vCenter > vCenter Servers
3) In the Navigator pane, select team-X-vcsa where X is your team number
4) In the Content pane, select the Manage tab
a) Under the Manage tab, select the Settings sub-tab
b) Under the Settings sub-tab, select Advanced Settings
c) Click the Edit button, a new Edit Advanced vCenter Server Settings window opens
d) In the Edit Advanced vCenter Server Settings window in the search box enter vim, then press <Enter>
e) Verify vCenterVirtualCenter.VimPasswordExpirationInDays is set to 30 days
f)
Click the Cancel button to exit without making changes
B) VCE Vision Appliance and Central Authorization (TST)

There are two passwords to manage with respect to VCE Vision, both should be changed from their defaults. The
first is the system password on the VCE Vision appliance itself. The second is changing the default password for
the Central Authorization Service, which is used to protect the APIs of VCE Vision.
1) Login to the VCE Vision System Library

a) Access the VCE Vision System Library using the putty icon on the desktop. Use the VCE Vision OS
Appliance Console: IP Address of 192.168.1.10
b) Enter the User Name of root and Password of V1rtu@1c3!
2) Display command help for passwd command. The info command is a more modern version of the man
command used for getting help associated with a given command. Issued from the root user, this command
can be used to change the password for root or any other username
info passwd
VCE CONFIDENTIAL
43
a) Browse through the help by touching the spacebar, the help includes advice about best practices for
passwords
b) Quit the viewing the output
q
3) Display command help for chage command. The chage command is used for setting up password aging. For
example chage -M 90 would set the maximum number of days before password change to 90.
info chage
a) Browse through the help by touching the spacebar, the help includes advice about best practices for
passwords
b) Quit the viewing the output
q
c) If the root VCE Vision CAS Authentication on System Library password needed be changed, the
slibCasChangepw.sh shell script is in the /opt/vce/fm/bin/ directory would be used.
ls -FlasR /opt/vce/fm/bin/slibCasChangepw.sh
d) Exit the putty session
exit
C) Adjusting Syslog maximum log file size (TST)
By adding a Syslog server, logs are sent to the server to facilitate reporting alerts and troubleshooting and also
helps ensure there is Auditing and Accountability which help secure your Vblock System.
1) Access the UCS Manager browser window on the Windows Management Server
2) View the Syslog server settings
a) In the Navigation pane, select the Admin tab
b) In the Navigation pane, expand the All heading
c) Expand Faults, Events and Audit Log
d) Highlight Syslog
3) In the Content pane, view the File section
a) Notice the Size (KB) is set to the maximum value of 4194304 kilobytes
b) The minimum possible value is 4096 kilobytes. Limiting the size of the log file can help reduce risk from a
DoS (Denial of Service) attack. Such attacks are characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service.
VCE CONFIDENTIAL
44
D) Securing a New VLANs with Roles (TST)

with the User Name of admin and Password of vmware
2) Create a new Role
a) Click the Home icon in the Navigation bar
b) Select Administration
c) Select Roles
d) In the Roles pane, hove the mouse over the + (plus sign) icon, it will show the message that clicking on it
will invoke the Create role action
e) Click the + (plus sign) icon
f)
The Create Role window appears
g) Where X is your team number followed by your last name, enter VLAN<TeamX_LastName>User
h) Expand the Network sub-tree underneath the All Privileges tree
i)
Check the Assign Network checkbox,
ii) Notice the Description of the Assign network privilege displayed at the bottom of the Create Role
dialog
iii) Click the OK button
3) Clone a second new role
a) In the Roles pane notice the new VLANUser role
b) Select the new role VLAN<TeamX_LastName>User
c) Click the Clone role action icon (just to the right of the + sign)
d) For Role name enter VLAN<TeamX_LastName>200User where X is your team number followed by
your last name
e) Expand the Network privilege sub-tree and notice Assign network is already checked
f)
Click OK to proceed with the action
E) Creating a QoS Policy on the Nexus 1000v (OST)

1) Access the Nexus 1000v VSM NX-OS CLI
b) In the Host Name (or IP address) field, enter the Nexus 1000v VSM IP of 192.168.1.7X where X is your
team number
c) Click Open
f)
2) Enter configuration mode

VCE CONFIDENTIAL
45
config terminal
3) Create the QoS Policies. On the Vblock, the QoS policies are as follows:
a) CoS 2 - NFS (If NFS is being used)
b) CoS 4 Vmkernel
c) CoS 6 - ESXi Service Console
4) Configure the NFS QoS Policy.
policymap type qos SET_COS_2
class class-default
set cos 2
5) Configure the Vmkernel QoS Policy
class class-default
set cos 4
6) Configure the Service Console QoS Policy
class class-default
set cos 6
7) Create the Port Profile for the Service Console.
port-profile type vethernet vblock_esx_mgmt
vmware port-group
switchport mode access
a) For VLAN ID, enter the value assigned by your instructor for the Service Console:
i)
For Vblock Setup A use VLAN ID 1100
ii) For Vblock Setup B use VLAN ID 1200

iii) For Vblock Setup C use VLAN ID 1300
iv) For Vblock Setup D use VLAN ID 1400
v) For Vblock Setup E use VLAN ID 1500
vi) For Vblock Setup F use VLAN ID 1600
switchport access vlan <Service Console VLAN ID>
no shutdown
pinning id 0
system vlan <Service Console VLAN ID>
service-policy type qos input SET_COS_6
state enabled
copy run start
8) Create the Port Profile for the VMotion VLAN.
port-profile type vethernet Vblock_ESX_VMOTION
vmware port-group
switchport mode access
VCE CONFIDENTIAL
46
a) For VLAN ID, enter the value assigned by your instructor for ESX VMotion:
i)
For Vblock Setup A use VLAN ID 1106
ii) For Vblock Setup B use VLAN ID 1206

iii) For Vblock Setup C use VLAN ID 1306
iv) For Vblock Setup D use VLAN ID 1406
v) For Vblock Setup E use VLAN ID 1506
vi) For Vblock Setup F use VLAN ID 1606
switchport access vlan <ESX VMotion VLAN ID>
no shutdown
pinning id 0
system vlan <ESX VMotion VLAN ID>
service-policy type qos input SET_COS_4
state enabled
copy run start
9) Exit the Nexus 1000v configuration port-profile mode, configure terminal mode, PuTTy session
exit
exit
exit
10) You should now see the VM Network display in the Network Section of vCenter
a) Switch to the vSphere Web Client browser window
b) Click the Home icon
c) In the Content pane, click the Networking icon
d) In the Navigator pane, expand team-X-vcsa where X is your team number
e) In the Navigator pane, expand team-X-n1kv where X is your team number
f)
In the Navigator pane, expand the second level team-X-n1kv where X is your team number
g) In the Navigator pane, you should now see the two port-profiles you defined on the Nexus 1000v. If not
visible, try refreshing the display with the refresh icon
VCE CONFIDENTIAL
47
LAB 7.
Trusted Multi-tenant in a Vblock System
Trusted Multi-Tenancy
So far in this course, you have been working in a fully privileged environment, logging in as the special user
admin which has the administrator role that has full read-and-write access to the entire system. The lab
configuration has eight Sub-Organizations defined, one for each Team. The Organization model has been used
as a way to separate one Teams work from another, but there were no restrictions in place.
A user can be assigned one or more Locales. Each Locale defines one or more Organizations (domains) the user is allowed
access, and access would be limited to the organizations specified in the locale. You can hierarchically manage organizations.
A user that is assigned at a top level organization has automatic access to all organizations under it.
In this lab, you will create hierarchical organizations, and new user accounts associated with those organizations, and conduct
operations to illustrate how resources can be isolated in a multi-tenant environment.
A) Create Sub-Organizations (TST)

1) Access the UCS Manager
2) Navigate to Sub-Organization creation
b) In the Navigation pane, for Filter select Stats Management
c) In the Navigation pane, expand root, expand Sub-Organizations. Notice the eight Team SubOrganizations
d) In the Navigation pane, expand your TeamX Sub-Organization where X is your team number
3) Sub-Organization creation
a) In the Navigation pane, highlight your TeamX Sub-Organization where X is your team number
b) In the Content pane, under Actions click Create Organization
c) For the Name field which is limited to 16 characters, enter TeamX<LastName>Sub where X is your team
number followed by your last name
d) Click OK to proceed with the operation
e) Click OK to acknowledge operation success
f)
In the Navigation pane, expand Sub-Organizations under your TeamX sub-organization
g) Notice your new TeamX<LastName>Sub sub-organization. Expand TeamX<LastName>Sub and notice

there is another Sub-Organizations level in the hierarchy
4) Observe the spanning of Organizations across UCS management areas
a) In the Navigation pane, select the Servers tab
b) From the Filter dropdown menu select Service Profiles
VCE CONFIDENTIAL
48
c) In the Navigation pane, expand Service Profiles, expand root, expand Sub-Organizations
d) In the Navigation pane, expand sub-organization TeamX
e) Confirm that the new TeamX<LastName> organization you created is visible here as well
B) Create Locales (TST)
1) Continue in the UCS Manager from the previous lab
2) Navigate to Local creation
b) From the Filter dropdown menu select User Management
c) Expand User Services
d) Right-click Locales, and select Create Locale
3) Create a Locale
a) In the Create Locale screen, for Name enter TeamX<LastName> where X is your team number, click
Next
b) In the Assign Organizations screen expand the display of Organizations, clicking on the double down
arrow to the right of Organizations
i)
Expand root
ii) Drag and drop the TeamX sub-organization where X is your team number into the Design area
below the TeamX locale
iii) Click Finish
iv) Click OK to acknowledge operation success
4) Create another Locale lower in the hierarchy
a) In the Navigation pane, right-click Locales , and select Create Locale
b) In the Create Locale screen, for Name enter TeamX<LastName>Sub where X is your team number, click
Next
c) In the Assign Organizations screen
i)
Expand Organizations, expand root, expand TeamX where X is your team number
ii) Drag and drop the TeamX<LastName>Sub sub-organization into the Design area below the locale
TeamX<LastName>Sub
iii) Click Finish
5) View the new Locales In the Navigation pane, expand Locales and see the two new locales displayed
C) Create User Accounts (TST)

2) Navigate to Local User account creation
b) In the Navigation pane, use the Filter dropdown menu to select User Management
VCE CONFIDENTIAL
49
c) Expand the User Services heading

d) Expand the Locally Authenticated Users heading
e) Notice the admin user account you have been using. The account youre logged is displayed in the
bottom left-hand corner of UCS Manager.
3) Examine the default admin account
a) In the Navigation pane, highlight the admin account
b) In the Content pane, under the Roles section, notice that admin is checked
c) Under Locales, notice the two Locales you created are available to be selected, check
TeamX<LastName>
d) Click Save Changes button to attempt a locale association
e) Click OK to acknowledge that the default admin account cannot be modified
f)
Click Reset Values button to abort the proposed change
4) Create a user account

a) In the Navigation pane, right-click on Locally Authenticated Users and select Create User from the
popup menu
b) In the Login ID field, enter TeamX<LastName> where X is your team number
c) In the Password field, enter emc135%% (Passwords are case sensitive)
d) In the Confirm Password field, enter emc135%% again
e) Under Roles section, check all checkboxes except aaa , admin, and operations
f)
Under Locales check TeamX<LastName>
g) Click OK to complete the Create User dialog

h) Click OK to acknowledge operation success
5) Create a second user account
a) In the Navigation pane, highlight Locally Authenticated Users
b) In the Content pane, expand both the admin and TeamX<LastName> users
c) Notice the display of roles corresponding to the checkboxes selected
d) In far right of the Content pane, click the green + (plus sign) to create another user
e) In the Login ID field, enter TeamX<LastName>Sub where X is your team number
f)
In the Password field enter emc135%% (Passwords are case sensitive)
g) In the Confirm Password field, enter emc135%% again

h) Under Roles area, check all checkboxes except aaa , admin, and operations
i)
Under Locales , check TeamX<LastName>Sub
j)
Click OK to complete the Create User dialog
k) Click OK to acknowledge operation success
D) Explore Multi-tenancy restrictions for users in different locales (TST)

In order to see the differences for different users in different locales, it is necessary to have resources available in
different organizations. In Lab 10, we will cover UUIDs in more detail, including the structure of the addresses,
VCE CONFIDENTIAL
50
but we are exploring the pool creation here dont worry about how we derived the address in step 4, we will
cover it later.
1) Continue in the UCS Manager from the previous lab.

2) Navigate to your sub-sub-organization UUID Suffix Pool. In the Navigation pane, select the Servers tab
3) In the Navigation pane, for Filter select Pools
4) Expand root, expand Sub-Organizations
5) Expand the TeamX Sub-Organization where X is your team number, then expand the Sub-Organizations
6) Expand the TeamX<LastName>Sub Sub-Organization where X is your team number
7) Highlight the UUID Suffix Pools heading under the TeamX<LastName>Sub Sub-Organization
8) Right-click over the UUID Suffix Pools heading, and select Create UUID Suffix Pool
9) Create a new UUID pool
a) In the Name field, enter TeamXsub_UUID
b) Click Next
c) Click the + Add icon
d) In the From field enter 000X-X00000000001 where X is your team number. This UUID wont interfere
with your teammate, since you are in different sub-organizations, and only one UUID from your team
will be used in future labs.
e) Leave the Size field at the default of 1
f)
Click OK to proceed with the Create Block operation
g) Click Finish to proceed with the Create Suffix Pool operation

10) Explore how the unrestricted resource hierarchy looks to user admin
a) In the Navigation pane, for Filter select Service Profile Templates
b) Expand root, expand Sub-Organizations, expand the TeamX sub-organization where X is your team
number
c) Highlight, then Right-click the TeamX<LastName>Sub sub-organization, select Create Service Profile
Template
i)
For UUID Assignment click the dropdown arrow to display the menu
ii) Notice the TeamX_UUID pool from the parent TeamX sub-organization
iii) Notice the default UUID pool from the root level
iv) Notice the TeamXsub_UUID from the TeamXsub organization
v) Resources are supposed to be available at the current level and above in the hierarchy
vi) Click Cancel button to abort creating a Service Profile Template
11) Explore from the middle TeamX organization
a) In the Navigation pane, right-click TeamX sub-organization and select Create Service Profile Template
i)
For UUID Assignment click the arrow to display the dropdown menu
ii) Notice the TeamX_UUID from the TeamX sub-organization

iii) Notice the default UUID pool from the root level
iv) Notice the sub-sub organization resource (TeamXsub_UUID) is not included as a choice
VCE CONFIDENTIAL
51
v) Click the Cancel button to abort creating a Service Profile Template

12) Explore another teams sub-organization
a) In the Navigation pane, right-click the Team2 sub-organization (or if you are team2, select Team3) and
select Create Service Profile Template
b) For UUID Assignment click the arrow to display the dropdown menu
c) Notice you will only see the Team2_UUID and default as choices, not any of your own team pools
including the one you just created
d) Notice the lower level sub-organization resource is not included as a choice
e) Click the Cancel button to abort creating a Service Profile Template
13) Switch to one of your new user accounts
a) Log off of UCS Manager
i)
Select the Exit button located at the top-center portion of the Content pane
ii) Select Log off admin from the dropdown menu

iii) Click OK, please waitit will take several minutes for the UCS Manager to save the current
configuration
iv) A Login prompt will popup
b) Log into UCS Manager with the new user name TeamX<LastName>Sub where X is your team number.
Keep in mind user names and passwords are case sensitive
i)
Use the password emc135%%
14) Explore another teams organization

b) In the Navigation pane, for Filter select Service Profile Templates
c) Expand root, expand Sub-Organizations
d) Expand the TeamX Sub-Organization where X is your team number, then expand the Sub-Organizations
e) Explore how the resource hierarchy looks to user TeamXsub in the TeamXsub Locale
i)
In the Navigation pane, select the Team2 organization (or if you are team2, select Team3)
ii) In the Content pane, under Actions, notice that Create Service Profile Template and most other
options are grayed-out, since this user is not in a locale that has access to this resource
15) Explore your teams organization
a) In the Navigation pane, select the TeamX organization where X is your team number
i)
In the Content pane, under the Actions section, notice that Create Service Profile Template and
most other options are now available in this organization in your hierarchy tree
ii) In the Content pane, under the Actions section, select Create Service Profile Template
iii) For UUID Assignment click the arrow to display the dropdown menu
iv) Notice TeamX_UUID from the TeamX organization at the current level as a choice
v) Notice default from the root level above the selected level as a choice
vi) Notice the below organization resource is not included as a choice
vii) Click Cancel to abort creating a Service Profile Template
16) Close the UCS Manager browser window as you will return to using the admin user
VCE CONFIDENTIAL
52
a) Select the Exit button located at the top-center portion of the Content pane, and select OK
VCE CONFIDENTIAL
53
LAB 8.
Service Profile Templates and Service Profiles
Service Profile Templates provide a mechanism to standardize and reuse configurations. There are two kinds of
Templates, Initial and Updating. Initial Templates require manual one-by-one updating of Service Profiles. For
large numbers of Service Profiles based on a single Template, Updating Templates offer the benefit of
automatically updating Service Profiles. There is no scheduling or control of these updates once applied. Limited
control can be introduced by following the VCE recommended practice of a setting the Maintenance Policy to
User Acknowledge. Initial Templates are only applied a single time to a Service Profile, either when the Service
Profile is first created from the Template, or when a the Service Profile is bound (bind operation) to the Template.
In this lab changes will be made using both types of Templates to show the difference.
A) Modifying an Initial Service Profile Template (OST)

Your team Service Profile Template was configured with 6 network adapters anticipating a planned configuration
that it turns out only needs 2. In this first lab exercise, you will modify the Initial Template by deleting 2 of the
extra network adapters (the other extra 2 will be deleted in a subsequent lab using Updating Templates).
1) Access the UCS Manager

2) Navigate to your team Service Profile Template
a) In the Navigation pane, select the Server tab
b) In the Navigation pane, set the Filter dropdown menu to Service Profile Templates
c) In the Navigation pane, expand Service Profile Templates, expand root, expand Sub-Organizations
d) In the Navigation pane, expand your TeamX sub-organization
e) In the Navigation pane, select your Service Template TeamX_SAN_Boot Service Profile Template
f)
Verify the Template type and Maintenance Policy settings

i)
Select the General tab in the Content pane
ii) Under the Properties section notice that the Type is set to Initial Template
iii) Under the Properties section click Maintenance Policy to display the policy detail
iv) Notice Maintenance Policy is set to User Ack. This means that a change to a Service Profile
Template that requires a reboot to a blade must first be Acknowledge by a User
3) Delete the extra vNICs from your Service Profile Template
a) Select the Network tab in the Content pane
b) Highlight vNIC vNIC-4 and vNIC vNIC-5
c) Click the Delete icon at the bottom of the screen to delete 2 of the extra vNICs
d) Click Yes button to verify the deletion of 2 objects
e) Notice the deletion change marked for vNIC vNIC-4 and vNIC vNIC-5
f)
Click the Save Changes button to apply the change
g) Click the OK button to acknowledge the operation success message

VCE CONFIDENTIAL
54
4) Notice that there are now only 4 vNICs listed on the Network tab. Since this is an Initial type of Service
Profile Template, deleting the two vNICs has no impact on Service Profile derived from this Template.
5) Leave the UCS Manager open to be re-used later in the next lab exercise
B) Modifying the Service Profile by Bind to an Initial Service Profile Template (OST)
Before making a change to a Service Profile you will review the current Network Adapter configuration from both
vSphere and the Host itself.

b) Click on Administration in the Navigation pane
2) View the physical network adapters as seen by vSphere for you team host
a) In the Navigator pane, go to Home > vCenter > Hosts
b) In the Navigator pane, highlight the team-X-esxi.take.emc.edu host
c) In the Content pane, select the Manage tab
d) In the Content pane, select the Networking sub-tab
e) In the Content pane, select the Physical adapters
f)
Notice that you still have 6 vmnics, numbered 0-5.
3) Leave the vSphere Web Client open to be reused later in the lab
4) Return to the UCS Manager by clicking on the UCS Manager icon in your Windows Taskbar
5) Navigate to your team Service Profile
b) In the Navigation pane, set the Filter dropdown menu to Service Profiles
e) In the Navigation pane, highlight your TeamX_SAN_Boot_SP Service Profile
f)
View the current network configuration on the host

i)
In the Content pane, select the General tab
ii) Click the KVM Console, click Run to ignore no trusted certificate
iii) A popup Unencrypted KVM Session window appears, select the Accept this session radio button,
then Apply
iv) Once initialization completes, click the <Esc> key to wake up the KVM Console window
v) Click F2 to Customize System/View Logs
(scroll if needed to see the function key choices at the bottom of the screen)
vi) Log in using the User Name of root and Password of emc123%% for the ESXi Server
vii) Use the arrow keys to select Configure Management Network, press <Enter> to go into the change
dialog (if needed scroll the display to show the top of the window on the screen)
VCE CONFIDENTIAL
55
viii) Network Adapters should be selected by default, press <Enter> to go into the change dialog. Notice
the same 6 Network Adapters as seen from the vSphere Web Client
ix) Press <Esc> to exit the listing of Network Adapters
g) Leave the KVM Console open because it will be reused later in the lab
7) Re-bind to the same Initial Template
(Note: this will not achieve the desired effect and is included only as a learning tool)
a) Based on where you previously left off on the Servers tab, the TeamX_SAN_Boot_SP Service Profile
should be selected in the Navigation pane, and the General tab should be selected in the Content pane
b) In the Content pane under the Properties section, notice the Service Profile Template is already set to
your TeamX_SAN_Boot Service Profile Template that you modified in the previous lab exercise
c) In the Content pane, at the bottom of the Actions section, select Bind to a Template
i)
Confirm TeamX_SAN_Boot is the selected Service Profile Template
ii) Click OK to proceed with the bind operation

iii) Click OK to acknowledge the operation success message
iv) Select the Network tab in the Content pane and see if the number of vNICs has been updated from
the original 6 in the Service Profile to the updated 4 in the updated Template? Not yet
8) Unbind the Initial Service Profile Template from the Service Profile
a) In the Content pane, select the General tab
b) In the Content pane, at the bottom of the Actions section, select Unbind from the Template
i)
ii) Click Yes to confirm the unbind operation

iv) Notice under the Properties section of the Content pane that the Service Profile Template field is
now blank
9) Bind Service Profile to an Initial Service Profile Template
b) At the bottom of the Actions section, select Bind to a Template
i)
Use the dropdown menu to select TeamX_SAN_Boot as the Service Profile Template
ii) Click OK to confirm the bind operation

iii) Review the Bind to a Template message confirming the planned change in vNICs will trigger a User
Acknowledgement before a Reboot, click Yes when ready to proceed
iv) Click OK to acknowledge the bind operation success
10) Notice the blinking Pending Activities icon at the top of the Content pane above all the tabs
a) Click on Pending Activities
b) Check the Reboot Now checkbox
c) Click OK
11) In the Content pane, quickly switch to the FSM tab to see the operation steps leading up to the reboot
(this reaches 100% quickly, so you may miss the changing display)
12) View the Reboot progress and the changed network configuration on the host
VCE CONFIDENTIAL
56
a) Return to the KVM Console by clicking on the UCS Manager - KVM Console icon in your Windows
Taskbar
b) Wait until the reboot completes which will be 5-8 minutes
c) Click the <Esc> key to wake up the console, click F2 to Customize System/View Logs
d) Log in using the User Name of root and Password of emc123%% for the ESXi Server
e) Use the arrow keys to select Configure Management Network, type <Enter> to go into the change
dialog
f)
Network Adapters should be selected by default, type <Enter> to go into the change dialog
g) Notice there are now only 4 Network Adapters

h) Leave the KVM Console open because it will be reused later in the lab
13) View the updated physical network adapters as seen by vSphere for you team host
a) Return to the vSphere Web Client by clicking on the browser icon in your Windows Taskbar
b) Notice that there are still 6 vmnics displayed
c) Click on the Refresh arrow to refresh the display
d) You should now see the same 4 vmnics as seen by the host
e) Iconify the vSphere Web Client, leaving it to be reused later in the lab
C) Cloning a Service Profile to an Updating Service Profile Template (OST)
In order to see the different behavior of an Updating Service Profile Template, you must first have one. Service
Profile Templates can be created from scratch or cloned either from an existing Service Profile or Service Profile
Template. When creating from scratch, all configuration options can be set as you wish. When cloning you get a
copy which can later be modified, but not all options can be changed. For example, you cannot clone an Initial
Template into an Updating Template. However, you can clone from a Service Profile to either type of Template.
2) Navigate to your teams Service Profile
b) In the Filter dropdown select Service Profile
c) In the Navigation pane, expand Service Profile, expand root, expand Sub-Organizations
d) In the Navigation pane, expand the TeamX sub-organization where X is your team number
e) In the Navigation pane, select your TeamX_SAN_Boot_SP Service Profile
3) Unbind the Initial Service Profile Template from the Service Profile
b) Under the Actions section notice Create a Service Profile Template is grayed out, you must first unbind
this Service Profile from its Template in order to allow this operation
c) At the bottom of the Actions section select Unbind from the Template
i)
ii) Click Yes to confirm the unbind operation

4) Clone your team Service Profile to a new Updating Service Profile Template
VCE CONFIDENTIAL
57
a) Under Actions select Create a Service Profile Template

i)
In the Clone Name field enter TeamX_updating where X is your team number
ii) For Org select TeamX where X is your team number from the dropdown menu
iii) For Type click the Updating Template radio button
iv) Click OK to proceed with the operation
v) Click OK to acknowledge the operation success message
5) Bind your team Service Profile to the new Updating Service Profile Template
a) At the bottom of the Actions section select Bind to a Template
i)
Use the dropdown menu to select TeamX_updating where X is your team number as the Service
Profile Template
ii) Click OK to confirm the bind operation

iii) Click OK to acknowledge the bind operation success
b) In the Content pane, at the top of the Properties section, notice the WARNING message that this
Service Profile cannot be modified because it is bound to an Updating Template
6) Leave the UCS Manager open to be used in the next lab exercise
D) Modifying Updating Service Profile Template and Bound Service Profile (OST)
Your team now has a second Service Profile Template which is an Updating Template. You will now further
reduce the now 4 configured network adapters down to only 2. You will see the difference in how the Updating
Template pushes changes to the bound Service Profile(s).
2) Review the default Maintenance Policy setting
b) In the Filter dropdown select Policies
c) In the Navigation pane, under root expand Maintenance Policies
d) In the Navigation pane, select the default maintenance policy
e) In the Content pane, notice that the Reboot Policy is Immediate. This is the default policy and not the
VCE best practice recommendation of User Ack. Leave the policy as is.
3) Navigate to your teams Service Profile Template
b) In the Filter dropdown select Service Profile Templates
c) In the Navigation pane, expand root, expand Sub-Organizations
e) In the Navigation pane, select your Service Template TeamX_updating Service Profile Template
4) Verify the Template type and modify the Maintenance Policy settings
a) Select the General tab in the Content pane
b) Under Properties notice that the Type is set to Updating Template
c) Under the Actions section select Change Maintenance Policy to display the policy detail
VCE CONFIDENTIAL
58
(1) Change the Reboot Policy dropdown menu to default

(2) Click OK to proceed with the operation
(3) Click OK to acknowledge the operation success message
d) Under the Properties section click Maintenance Policy to display the policy detail and confirm the
updated settings of Immediate which is derived from the default policy
5) Delete additional extra vNICs from your Service Profile Template
a) Select the Network tab in the Content pane
b) Select vNIC vNIC-2 and vNIC vNIC-3
c) Using the vertical scrollbar, scroll to the bottom of the Network pane
d) Click the Delete icon at the bottom of the screen to delete 2 of the extra vNICs
e) Click Yes to verify the deletion of 2 objects
f)
Notice the deletion change marked for vNIC vNIC-2 and vNIC vNIC-3
g) Click Save Changes to apply the change

(1) Review the Save Changes dialog and notice that the removal of the two vNICs will cause an
immediate reboot of your team Service Profile
(2) Click Yes to confirm that you want to apply the changes
(3) Click OK to acknowledge the operation success message
h) Notice that there are now only 2 vNICs listed on the Network tab
6) Observe the host reboot and review the change in Network Adapters
a) Return to the KVM Console by clicking on the UCS Manager - KVM Console icon in your Windows
Taskbar
b) Wait until the blade reboot completes which takes 5-8 minutes
c) Click the <Esc> key to wake up the console, click F2 to Customize System/View Logs
d) Log in using the User Name of root and the Password for the ESXi Server of emc123%%
e) Use the arrow keys to select Configure Management Network, type <Enter> to go into the change
dialog
f)
Network Adapters should be selected by default, type <Enter> to go into the change dialog
g) Notice there are now only 2 Network Adapters

h) Close the KVM Console window
7) Close the UCS Manager window
VCE CONFIDENTIAL
59
LAB 9.
UCS Manager: Expanding Address and ID Pools
The Vblock has a number of identifiers used for addressing including MAC addresses, UUIDs, and World Wide
Names. With a converged virtual infrastructure, these addresses need to be managed in a different way than in
traditional environments.
The UCS maintains pools of each type of address, using these pools to allocate new addresses when needed for
things such as provisioning new adapters. This lab will explore each address, how it is constructed and how to
expand the pool of addresses the UCS has configured currently.
A) UUID Pool (OST)

The UUID is a unique identifier that is used for your service profiles - each blade that is active has a UUID. It is
important that these are unique across not just your Vblock, but within your domain if you have other Vblocks or
stand-alone UCS chassis. A UUID is made up of five hyphen separated groups of hex digits. In UCS Manager,
the first three groups are defined as the prefix, and the last two groups are the suffix.
VCE recommends setting the prefix as follows:
000025B5-0001-0000
where:
The first group is made up of 2 leading zeroes 00 followed by 0025B5 which is the
Organizationally Unique Identifier (OUI) for Cisco.
The second group represents the customers first Vblock System or Cisco UCS domain. 0002
would represent the second Vblock or Cisco UCS domain, etc.
The last group is not used, so all zeroes 0000
The Suffix has the last 2 groups and usually the least significant (rightmost) digits are the variable range used
when defining pools. Best practice is the upper digits (and also some portion of the prefix) to distinguish between
different domains within your environment. For example, in the lab, we ensure that each team generates unique
addresses by including the team number in the first group:
000X-ZZZZZZZZZZZZ
where:
000X is the team number

ZZZZZZZZZZZZ is the fully variable range free for pool consumption
Other approaches following the same pattern work well. Often the UUIDs will have company, division, system id,
group id and team id in them. It also allows you to look at a UUID and quickly identify which division or team the
system belongs to, or even what OS is running on the system. For example:
CCDD-SSYYOOTTEEXX
CC - Company ID
DD - Divison ID
SS - Site ID
YY - Vblock or UCS System ID
OO - OS ID
TT - Team ID
EE - Team member ID
XX - Variable
VCE CONFIDENTIAL
60

a) In the browser address bar enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1
c) the User Name of admin and Password of emc123%%
2) Navigate to your teams UUID Suffix Pool
b) In the Filter dropdown select Pools
d) In the Navigation pane, under your TeamX sub-organization where X is your team number, expand
UUID Suffix Pools
e) In the Navigation pane, highlight your teams Pool TeamX_UUID UUID Suffix Pool
3) Review the current UUID pool
i)
Notice the first 3 groups of the UUID defined in the Prefix field following our lab convention
described above
b) In the Content pane, select the UUID Suffixes tab

i)
Notice there is only 1 UUID suffix following our lab conventions
c) In the Content pane, select the UUID Blocks tab

i)
Notice each block describes a range from start to finish
ii) In this case there is only one block and the From/To values are the same
iii) There is only a single UUID in the pool and it is in use, so more will be needed for the lab exercises
that follow. Additional UUIDs can either be added by expanding an existing pool, or by creating an
additional pool.
4) Expand an existing UUID pool
a) Click on the green + (plus sign) icon on the rightmost border of the Content pane
b) In the From field enter 000X-000000000002 where X is your team number, and 2 is an increment over
the current UUID suffix block
c) In the Size field, enter 6
d) Click OK to proceed with the operation
5) Notice the second UUID Suffix Block with a range of 6 addresses
6) Leave UCS Manager open for the next lab exercise
B) Expand MAC Address Pool (OST)
Network adapters have unique addresses assigned to them as well called the MAC address. There are many
more of these since each blade (with its single UUID) can have many, many virtual NICs, each with a MAC
address. The address is made up of 6 groups of two hexadecimal digits. The first 3 groups should be a uniquely
VCE CONFIDENTIAL
61
assigned OUI, and the remaining groups can be used for the same type of pattern. For example, in our lab
environment, our MAC addresses are:
00:25:B5:01:XA:ZZ
where:
The first 3 groups 00:25:B5 is the Cisco OUI

The fourth group 01 is the Vblock or UCS domain number
X is the team number
A is the Fabric this NIC will be on (A or B)
ZZ is the variable range for 256 possible MAC addresses per team per fabric
In your environment you can adopt a similar construct. Example would include designating the Vblock system,
OS and fabric in the address. The important part is to adopt a design pattern for the address scheme and keep it
consistent across your organization.
1) Continuing in UCS Manager

2) Navigate to your teams MAC Address Pool for Fabric A
a) In the Navigation pane, select the LAN tab
d) In the Navigation pane, under your TeamX sub-organization where X is your team number, expand MAC
Pools
e) In the Navigation pane, select your teams A-Side MAC POOL TeamX_MAC_Fabric_A where X is your
tem number
3) Review the current pool
a) In the Content pane, with the General tab selected
i)
Notice Size is 4 counting the number of MAC Addresses in the pool
ii) Notice Assigned is 1 counting the number of MAC addresses in the pool that are in use
b) In the Content pane, select the MAC Addresses tab
i)
Notice each of the MAC addresses in the Assigned To field, only a single MAC address is assigned to
a vNIC. While there are multiple MAC addresses, there is only a single vNIC on the A-Side of the
Service Profile, hence only a single MAC is assigned.
ii) Note the highest MAC address

c) In the Content pane, select the MAC Blocks tab
i)
Notice each block describes a range from start to finish
ii) In this case there is only one block with a range of 4 addresses
4) Expand an existing MAC Address Pool for Fabric Interconnect A
a) Click on the green + (plus sign) icon on the rightmost border of the Content pane
i)
For the First MAC Address field, use the MAC address from the previous block plus one in the last
nibble
ii) Where X is your team number, enter 00:25:B5:01:XA:04

iii) For the Size field enter 4
iv) Click OK to proceed with the operation
VCE CONFIDENTIAL
62
v) Click OK to acknowledge the operation success message

5) Verify that the MAC address pool is expanded
a) In the Content pane, in the MAC Blocks tab, notice the new range
b) In the Content pane, click the MAC Addresses tab
c) Notice the 4 new addresses all with a No in the Assigned field
6) Navigate to your teams MAC Address Pool for Fabric B
a) In the Navigation pane, highlight your teams B-Side MAC POOL TeamX_MAC_Fabric_B where X is your
team number
7) Review the current MAC address pool
a) In the Content pane, select the MAC Addresses tab
b) Note the highest MAC address
8) Expand an existing MAC Address Pool for Fabric Interconnect B
a) In the Navigation pane, right-click your teams MAC POOL TeamX_MAC_Fabric_B and select Create a
Block of MAC Addresses from the right-click menu
b) For the First MAC Address field, use the MAC address from the previous block plus one in the last nibble
i)
Where X is your team number, enter 00:25:B5:01:XB:04
ii) For the Size field enter 4

iii) Click OK to proceed with the operation
iv) Click OK to acknowledge the operation success message
9) In the Content pane, in the MAC Addresses tab, notice the 4 new addresses
C) Expand WWNN Address Pools (OST)

We also have Fibre Channel World Wide Names (WWNs). The address is made up of 8 groups of two
hexadecimal digits. In a VCE Vblock System, an IEEE Extended address is used to identify the vHBAs. The first
hexadecimal digit is a 2 (the NAA), it is followed by three 0s. The next 6 hexadecimal digits describe the OUI
(00:25:B5 for Cisco), and the remaining three groups being some design pattern defined by your organization.
Two types of WWNs will be used here. World Wide Node Names (WWNNs) which describe the blade as a whole,
and World Wide Port Names (WWPNs) which are used for each vHBA port on the blade.
The initiator WWN convention used in the lab environment for this class is:
20:00:00:25:B5:01:XA:ZZ
where:
The leading nibble is the Network Address Authority (NAA), and indicates IEEE 803.2 extended
which is used by Cisco to denote its initiator WWPNs
The next 3 nibbles of 0:00 can be vendor encoded but will be zero here
The third through fifth groups 00:25:B5 is the Cisco OUI
The sixth group 01 is the Vblock or UCS domain number
The first nibble of the seventh group X is the team number
The second nibble of the seventh group A is 0 for WWNNs and for WWPNs indicates either
Fabric A or B
VCE CONFIDENTIAL
63
ZZ is the variable range for 256 possible WWNs per team
In your own organization, again, you can designate things differently. It is recommended you follow the same
practice here that you did with MAC addresses, allowing for the same ability to identify addresses quickly, and
associate them quickly.

2) Navigate to your teams WWNN Address Pool for Fabric A
a) In the Navigation pane, select the SAN tab
d) In the Navigation pane, under your TeamX sub-organization where X is your team number, expand
WWNN Pools
3) Review your teams WWNN Pool. The WWNNs and WWPNs added to the pools in this lab exercise will be
configured in a later lab exercise by you as part of a new Service Profile. When the new Service Profile is
assigned to a blade, the blade will power on and log into the VNX. The blade will have four pathways to the
VNX. The VNX wont realize all four paths are part of the same node (blade). Saving the WWNN and WWPNs
information now in a text file will make the multiple paths easily identifiable later.
a) In the Navigation pane, expand your teams WWNN POOL TeamX_WWNN
b) In the Navigation pane, highlight the address range block below the pool
20:00:00:25:B5:01:X0:00-20:00:00:25:B5:01:X0:00 where X is your team number
c) In the Content pane, with the General tab selected, under Properties, notice the block address From/To
values are equal, there is only 1 address
4) Expand an existing WWWN Pool
a) In the Navigation pane, right-click your teams WWNN POOL TeamX_WWNN and select Create WWN
Block from the right-click menu
i)
Where X is your team number, enter 20:00:00:25:B5:01:X0:01
ii) The default Size value of 1 is fine

D) Expand the WWPN Pool (OST)

2) Navigate to your teams WWPN Pool for Fabric A
a) In the Navigation pane, select the SAN tab
c) In the Navigation pane, expand your teams WWPN Pools
d) In the Navigation pane, expand your teams WWPN POOL TeamX_WWPN_Fabric_A
e) In the Navigation pane, select the address range block below the pool
f)
In the Content pane, with the General tab selected
VCE CONFIDENTIAL
64
i)
Under Properties, notice the block address From/To values are equal, there is only 1 address
3) Expand an existing WWPN Pool for Fabric A

a) In the Navigation pane, right-click your teams WWPN POOL TeamX_WWPN_Fabric_A and select
Create WWN Block from the right-click menu
b) For the From field, increment the WWPN address found above by 1
i)
Where X is your team number, enter 20:00:00:25:B5:01:XA:08

4) In the Navigation pane, notice the new block of addresses
under the expanded WWPN POOL TeamX_WWPN_Fabric_A
5) Navigate to your teams WWPN Pool for Fabric B
a) In the Navigation pane, expand your teams WWPN POOL TeamX_WWPN_Fabric_B
b) In the Navigation pane, select the address range block below the pool
c) In the Content pane, with the General tab selected
i)
Under Properties, notice the block address From/To values are equal, there is only 1 address
6) Expand an existing WWPN Pool for Fabric B

a) In the Navigation pane, right-click your teams WWPN POOL TeamX_WWPN_Fabric_B and select
Create WWN Block from the right-click menu
b) For the From field, increment the WWPN address found above by 1
i)
Where X is your team number, enter 20:00:00:25:B5:01:XB:08

7) In the Navigation pane, notice the new block of addresses
under the expanded WWPN POOL TeamX_WWPN_Fabric_B
8) Minimize the UCS Manager window for later use the next lab exercise
VCE CONFIDENTIAL
65
LAB 10. Managing Boot Devices and Paths

In this lab we walk through creating a new boot policy and path setup for a blade, in order to better understand
how WWNN and WWPN addresses are used, and the multi-path characteristics of system.
A) MDS CLI: WWPN and Zoning Verification

In this lab exercise we verify the VNX WWPNs that have successfully logged into the switch and save that
information in a text file to later use in creating a new boot policy.
1) Collect which VNX WWPNs have successfully logged into MDS Switch A
2) Access the A-Side MDS Switch CLI
b) In the Host Name (or IP address) field, enter the A-Side MDS Switch IP Address of192.168.1.6
c) Click Open
e) After the login as: prompt, enter the User Name of monitor, enter <CR>
f)
3) The Fabric Login (FLOGI) table records all successful logins to the Fabric
a) Show all fabric logins on Fabric A
show flogi database
b) This displays all the WWNs that have logged into each the MDS switch
c) Notice the headings with WWPNs first followed by WWNNs
4) Filter the show flogi database output to show only VNX ports
a) Each of the VNX WWNs will include 50:06:01:6. The leading 5 is the NAA designation of an IEEE
Registered Name, followed by 0:06:01:6 which is the OUI for the VNX. These WWPNs identify the frontend Fibre-Channel ports on the VNX.
b) The CLI show command provides filtering and search options following the pipe | character
c) Show the options using online help, type:
show flogi database ?
(Type <space> to scroll down and display the second screen of options)
d) Filter for only VNX ports, type:
show flogi database | include 50:06:01:6
e) Filter for VNX with header, type:
show flogi database | include 50:06:01:6|NAME
5) Save the WWPN information in your Notepad file
a) What will be configured later
i)
vHBA vHBA-0 of your new blade will be assigned to Fabric Interconnect A
ii) Fabric Interconnect A is in turn attached to MDS Switch A

iii) The association to a Fabric Interconnect is made in the Service Profile Template
VCE CONFIDENTIAL
66
iv) Zoning is already configured for this environment; your vHBA is zoned to two VNX ports, one on VNX
Storage Processor (SP) A and one on SP B
v) Both WWPNs will be entered into the new Boot Policy you will be creating in the next lab
b) Record both VNX WWPNs into the Notepad file
i)
In the CLI window, click and drag your mouse over the first WWPN (PORT NAME) to copy it to the
clipboard
ii) Bring your Notepad file to the foreground by clicking on the Notepad icon in the Windows taskbar
iii) Enter a title including vHBA-0 on the first line following
iv) On the next line paste the first WWPN
v) Copy and paste the second WWPN (PORT NAME) on the following line
vi) Your new lines in your Notepad session should look similar to the example below, with your specific
WWPNs:
VNX WWPNs for Fabric A VSAN 10 for vHBA-0:
50:06:01:60:46:E0:5B:BF
50:06:01:68:46:E0:5B:BF
vii) Save your Notepad file to the desktop with a name of array_ports.txt
6) Verify Zoning that Fabric A zoning is in place
7) You now have VNX Target addresses for Fabric A which you will associate with each other in the next two
UCS Manager lab exercises. In order for them to see each other they must be added to a zone in the active
zoneset. Since this is a class environment and the risk of someone inadvertently corrupting the active
zoneset, zoning has been predefined. If you correctly followed the instructions for naming conventions,
there are zones already contains both your initiators and targets. In this step you will verify that the initiator
and targets on Fabric A in your notepad file can see each other.
8) Showing all the zones makes it difficult to find the WWN you are looking for, type:
show zone
9) To list the zone names that include the WWPN of your initiator, type the following command replacing X
with your tem number:
show zone member pwwn 20:00:00:25:B5:01:XA:08
a) Note the naming convention using the last 2 nibbles of the initiator WWPN as part of the zone name
10) Log out of your MDS Switch A putty session, type:
exit
VCE CONFIDENTIAL
67
11) By understanding nibble 8 and 12 of the VNX Storage Processor WWPNs just collected, it could be used to
validate cabling without having to log into Unisphere
a) If nibble 8 is between 0-7 than the storage processor is A
b) If nibble 8 is between 8-F than the storage processor is B
c) Nibble 8 identifies the SP and port base number, example: 50:06:01:68:nn:nn:nn:nn
d) Nibble 12 identifies the port range, example: 50:06:01:6n:nn:nC:nn:nn
Using the table below, VNX WWPN 50:06:01:68:nn:nC:nn:nn is SP B Logical Port number 24.
Logical
Port
Number
12th Nibble of 0
Denotes Port
Range of 0-7
Logical
Port
Number
12th Nibble of 4
Denotes Port
Range of 8-15
Logical
Port
Number
12th Nibble of 8
Denotes Port
Range of 16-23
Logical
Port
Number
12th Nibble of C
Denotes Port
Range of 24-31
SP A0
SP A1
SP A2
SP A3
SP A4
SP A5
SP A6
SP A7
SP B0
SP B1
SP B2
SP B3
SP B4
SP B5
SP B6
SP B7
50:06:01:60:nn:n0
50:06:01:61:nn:n0
50:06:01:62:nn:n0
50:06:01:63:nn:n0
50:06:01:64:nn:n0
50:06:01:65:nn:n0
50:06:01:66:nn:n0
50:06:01:67:nn:n0
50:06:01:68:nn:n0
50:06:01:69:nn:n0
50:06:01:6A:nn:n0
50:06:01:6B:nn:n0
50:06:01:6C:nn:n0
50:06:01:6D:nn:n0
50:06:01:6E:nn:n0
50:06:01:6F:nn:n0
SP A8
SP A9
SP A10
SP A11
SP A12
SP A13
SP A14
SP A15
SP B8
SP B9
SP B10
SP B11
SP B12
SP B13
SP B14
SP B15
50:06:01:60:nn:n4
50:06:01:61:nn:n4
50:06:01:62:nn:n4
50:06:01:63:nn:n4
50:06:01:64:nn:n4
50:06:01:65:nn:n4
50:06:01:66:nn:n4
50:06:01:67:nn:n4
50:06:01:68:nn:n4
50:06:01:69:nn:n4
50:06:01:6A:nn:n4
50:06:01:6B:nn:n4
50:06:01:6C:nn:n4
50:06:01:6D:nn:n4
50:06:01:6E:nn:n4
50:06:01:6F:nn:n4
SP A16
SP A17
SP A18
SP A19
SP A20
SP A21
SP A22
SP A23
SP B16
SP B17
SP B18
SP B19
SP B20
SP B21
SP B22
SP B23
50:06:01:60:nn:n8
50:06:01:61:nn:n8
50:06:01:62:nn:n8
50:06:01:63:nn:n8
50:06:01:64:nn:n8
50:06:01:65:nn:n8
50:06:01:66:nn:n8
50:06:01:67:nn:n8
50:06:01:68:nn:n8
50:06:01:69:nn:n8
50:06:01:6A:nn:n8
50:06:01:6B:nn:n8
50:06:01:6C:nn:n8
50:06:01:6D:nn:n8
50:06:01:6E:nn:n8
50:06:01:6F:nn:n8
SP A 24
SP A 25
SP A 26
SP A 27
SP A 28
SP A 29
SP A 30
SP A 31
SP B 24
SP B 25
SP B 26
SP B 27
SP B 28
SP B 29
SP B 30
SP B 31
50:06:01:60:nn:nC
50:06:01:61:nn:nC
50:06:01:62:nn:nC
50:06:01:63:nn:nC
50:06:01:64:nn:nC
50:06:01:65:nn:nC
50:06:01:66:nn:nC
50:06:01:67:nn:nC
50:06:01:68:nn:nC
50:06:01:69:nn:nC
50:06:01:6A:nn:nC
50:06:01:6B:nn:nC
50:06:01:6C:nn:nC
50:06:01:6D:nn:nC
50:06:01:6E:nn:nC
50:06:01:6F:nn:nC
12) Collect the VNX WWPNs that have successfully logged into MDS Switch B
a) In the Host Name (or IP address) field, enter the B-Side MDS Switch IP Address of192.168.1.7
b) Click Open
d) After the login as: prompt, enter the User Name of monitor, enter <CR>
e) After the Password: prompt, enter the Password of emc123%%, enter <CR>
13) Filter the show flogi output to show only VNX ports and the header, type:
show flogi database | include 50:06:01:6|NAME
14) Save the WWPN (PORT NAME) information in your Notepad file
a) Record both VNX WWPNs into the Notepad file
i)
Bring your Notepad file to the foreground by clicking on the Notepad icon in the Windows taskbar
ii) Enter a title including vHBA-1 on the first line

iii) Copy and paste the first WWPN on the second line
iv) Copy and paste the second WWPN on the third line
v) The new lines in your Notepad session should look similar to the example below, with your specific
WWPNs:
VCE CONFIDENTIAL
68
VNX WWPNs for Fabric B VSAN 11 for vHBA-1:

50:06:01:61:46:E0:5B:BF
50:06:01:69:46:E0:5B:BF
vi) Save your Notepad session
15) Verify Zoning that Fabric B zoning is in place
16) Your Notepad file now has both Host Initiator and VNX Target addresses for Fabric B which you will
associate with each other in the next two UCS Manager lab exercises. In this step you will verify that the
initiator and targets on Fabric B in your notepad file can see each other.
a) To list the zone names that include the WWPN of your initiator, type the following command replacing X
with your tem number:
show zone member pwwn 20:00:00:25:B5:01:XB:08
17) Log out of your MDS Switch B putty session, type:
exit
18) Including the decoding for the example values, these are the four paths your teams blade has to VNX SP
Ports. One path for each VNX SP on each of the two fabrics meaning that data can get to either VNX SP
over either fabric, so a failure of a fabric, a VNX SP, or both wont disrupt access to the storage LUNs.
VNX WWPNs for Fabric A VSAN 10 for vHBA-0:
vHBA-0
50:06:01:60:46:E0:5B:BF
vHBA-0
50:06:01:68:46:E0:5B:BF
VNX WWPNs for Fabric B VSAN 11 for vHBA-1:
vHBA-1
50:06:01:61:46:E0:5B:BF
vHBA-1
50:06:01:69:46:E0:5B:BF
B) UCS Manager: New Boot Policy (VNX) (OST)

a) In the browser address bar enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1
2) Explore existing Boot Policies
b) In the Filter dropdown select Policies
d) In the Navigation pane, under your TeamX sub-organization where X is your team number, expand Boot
Policies. Notice the existing boot policies for the VNX
e) In the Navigation pane, select Boot Policy TeamX_Boot_VNX
f)
In the Content pane, under Boot Order in the Storage section there should be four SAN targets
i)
SAN primary (vHBA-0) has a primary and secondary target (sees 2 VNX Ports)
ii) SAN secondary (vHBA-1) has a primary and secondary target (sees 2 VNX Ports)
VCE CONFIDENTIAL
69
iii) These should match the VNX WWPNs that you saved in your Notepad file
MDS
Switch A
SP A
MDS
Switch B
SP B
vHBA-0
vHBA-1
3) Create a new Boot Policy

a) In the Navigation pane, highlight Boot Policies heading for your TeamX sub-organization
b) Right-click and select Create Boot Policy from the menu
c) For Name enter NewPolicyX, where X is your team number
d) Leave Enforce vNIC/vHBA/iSCSI Name: checkbox checked
e) Save your new policy by clicking OK
f)
Click OK to acknowledge the successful create message
4) Add CD-ROM and SAN Boot Targets to your new boot policy
a) In the Navigation pane, select your new boot policy NewPolicyX
b) In the Content pane, expand the Local Devices action menu
c) Click Add CD-ROM This is needed to support virtual media for installing the host Operating System (ESXi)
d) In the Content pane, expand the vHBAs action menu
e) Click Add SAN Boot
i)
In a case sensitive manner name the vHBA: vHBA-0, and leave Primary selected
ii) Click OK to proceed with the operation

f)
Click Add SAN Boot again

i)
In a case sensitive manner name the vHBA: vHBA-1, and notice the choice of Secondary is
mandatory since another primary was already chosen

g) In the Content pane, select and highlight SAN primary
h) Add the first of four boot targets, select Add SAN Boot Target, then select sub-menu Add San Boot
Target To SAN primary
(1) Leave the Boot Target LUN ID set to 0
VCE CONFIDENTIAL
70
ii) A Host ID is given to a LUN when placed in a VNX storage group. Host IDs are unique per VNX
storage group. They start at zero and increment as LUNs are added to a storage group. The LUN
used for booting off the array will be the first in the VNX storage group so it will always have the
address of 0 in the Vblock System Infrastructure.
(a) From your Notepad file, copy the first VNX WWPN for vHBA-0
(b) Paste this WWPN it into the Boot Target WWPN field
(c) This will be the primary path, leave the Type radio button set to Primary
(d) Click OK to proceed with the operation
iii) Add the second of four boot targets, again Add SAN Boot Target, and select sub-menu Add San
Boot Target To SAN primary
(a) Leave the Boot Target LUN ID set to 0
(b) From your Notepad file, copy the second VNX WWPN for vHBA-0
(c) Paste this WWPN it into the Boot Target WWPN field
(d) Notice that the Type cannot be changed from Secondary because the Primary was already
set
(e) Click OK to proceed with the operation
iv) Add the third of four boot targets, again click Add SAN Boot Target
(a) Notice there is no sub-menu choice to select adding to primary or secondary. The content
pane shows that it will be adding a primary Target to the secondary SAN because both
primary and secondary target have already been defined for the primary SAN.
(b) Leave the Boot Target LUN ID set to 0
(c) From your Notepad file, copy the first VNX WWPN for vHBA-1
(d) Paste this WWPN it into the Boot Target WWPN field
(e) This will be the primary path, leave the Type radio button set to Primary
(f) Click OK to proceed with the operation
v) Add the fourth of four boot targets, again click Add SAN Boot Target
(a) Leave the Boot Target LUN ID set to 0
(b) From your Notepad file, copy the second VNX WWPN for vHBA-1
(c) Paste this WWPN it into the Boot Target WWPN field
(d) Notice that the Type cannot be changed from Secondary because the Primary was already
set
(e) Click OK to proceed with the operation
vi) Click Save Changes to save the boot target additions
(a) Click Yes to acknowledge the successful operation
(b) Ask your instructor to validate that your SAN Boot policy is correct
5) Minimize UCS Manager browser
VCE CONFIDENTIAL
71
LAB 11. UCS Manager: Create a Service Profile from Scratch

A) Creating a New Service Profile (OST)
Now we have all the pieces for your simulated new blade, we unite these pieces into a service profile.

a)
In the browser address bar enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1
2) Create a Service Profile
b) In the Filter dropdown select Service Profiles
d) In the Navigation pane, select your TeamX sub-organization where X is your team number
e) In the Content pane, click on Create Service Profile (expert)
3) Complete the Identify Service Profile screen
a) For Name enter sp_TeamX where X is your team number
b) For UUID Assignment select your TeamX_UUID pool where X is your team number from the dropdown
menu
c) Previously, your team added 6 UUIDs to this pool
d) The first non-zero number in parenthesis after the pool name means there are UUIDs available
e) (6/7) this means the pool has 7 UUIDs and 6 of them are available
f)
Click Next
4) Complete the Networking screen, configure the NICs

a) Leave default Dynamic vNIC Connection Policy selected
b) Select Expert radio button for how to configure
c) Create vNIC-0 on Fabric A
i)
Click the Add button for vNICs under the first Panel for LAN interfaces (not iSCSI vNIC)
ii) For Name enter vNIC-0

iii) For MAC Address Assignment select your TeamX_MAC_Fabric_A in the drop down.
There should be 7 available out of 8 addresses displayed after the pool name via: (7/8)
iv) Leave Fabric ID set to Fabric A
v) Under VLANs Select column, check all of the VLAN checkboxes, be sure to scroll down
vi) Click OK
d) Create vNIC-1 on Fabric B
i)
Click the Add button again
ii) For Name enter vNIC-1

VCE CONFIDENTIAL
72
iii) For MAC Address Assignment select your TeamX_MAC_Fabric_B in the drop down.
There should be 7 available out of 8 addresses displayed after the pool name via: (7/8)
iv) Change Fabric ID selection to Fabric B
v) Under VLANs Select column, check all of the VLAN checkboxes, be sure to scroll multiple times
vi) Click OK
e) Click Next
5) Complete the Storage screen, configure the Storage policy
a) For Local Storage select the TeamX_No_Local
b) Select Expert radio button for how to configure
c) Select your Team WWN pool from
d) For WWNN Assignment select your TeamX_WWNN pool from the dropdown menu.
It should show a WWNN address available after the pool name: (1/2)
e) Create vHBA-0 on Fabric A
i)
Click the + Add symbol at the bottom of the vHBA area to add a vHBA
ii) For Name enter vHBA-0

iii) For WWPN assignment select your TeamX_WWPN_Fabric_A
It should show a WWPN address available after the pool name: (1/9)
iv) Leave Fabric ID set to A
v) For Select VSAN select UIM_VSAN_A_10 from the dropdown menu
vi) Select OK
f)
Create vHBA-1 on Fabric B

i)
Click the + Add symbol at the bottom of the vHBA area again
ii) For Name enter vHBA-1

iii) For WWPN assignment select your TeamX_WWPN_Fabric_B
It should show a WWPN address available after the pool name: (1/9)
iv) Change Fabric ID to select B
v) For Select VSAN select UIM_VSAN_B_11 from the dropdown menu
vi) Select OK
g) Click Next to proceed to the Zoning screen. The Fabrics Interconnects are running in End-Host-Mode and
as a result no zoning on the Fabrics Interconnects is required
6) Complete the Zoning screen, click Next to skip to next screen
7) Complete the vNIC/vHBA Placement screen, leave default system placement, click Next
8) Complete the Server Boot Order screen
a) For Boot Policy select NewPolicyX that you created from the dropdown menu,
b) Click Next
9) Complete the Maintenance Policy screen
a) For Maintenance Policy select TeamX_Main from the dropdown menu
b) Click Next
10) Complete the Server Assignment screen, leave it set to Assign Later and click Next
VCE CONFIDENTIAL
73
11) Complete the Operational Policies screen, skip any changes, click Finish
12) Click OK to acknowledge operation success
13) Leave UCS Manager open for the next lab
B) Associate a new service profile (OST)
Now that we have a service profile, we would normally associate it with a new blade. Since each student is not
allocated a spare blade, you will reuse the same blade already associated with a service profile as a means to
test that you correctly created your new service profile. The first step will be to disassociate the blade from the
current service profile, followed by then associating the blade with the new service profile.
1) Continuing in UCS Manager from the previous lab

2) Navigate to the current Service Profile
d) In the Navigation pane, under your TeamX sub-organization, select the current service profile named
TeamX_SAN_Boot_SP
3) Disassociate the current Service Profile
a) In the Content pane, under the Actions section select Disassociate Service Profile
b) Review the Are you sure warning message and proceed by clicking Yes
i)
WARNING: Understand that disassociating a Service Profile not only shuts a host down, but it also
may scrub the bios and local disks. For the lab environment, there is no local storage, so with boot
from SAN, you will be able to return to the original Service Profile.
4) Observe the disassociation progress

a) In the Navigation pane, select the Equipment tab
b) In the Navigation pane, expand Chassis > Chassis 1 > Servers
c) In the Navigation pane, select your teams blade server Server X
d) In the Content pane, select the General tab
e) In the Content pane, under the Status section, expand Service Details to show the detailed status
f)
Observe the status progression, wait a few minutes until all changes complete and the Overall Status
becomes Unassociated
g) Do not move to the next step until the blades status is Unassociated!
5) Associate the new Service Profile
a) In the Content pane, under Actions select Associate Service Profile
b) Click the radio button to select the new Service Profile sp_TeamX where X is your team number
c) Click OK to proceed
d) Click on Yes to confirm your choice
e) Review the Associate Service Profile message confirming the planned change will trigger a User
f)
Click OK to acknowledge operation success
VCE CONFIDENTIAL
74
6) Observe the association progress

a) In the Content pane, under the General tab, under Status, observe the expanded Service Details
b) Observe the status progression, wait a few minutes until all changes complete
i)
The Overall Status should be Ok
ii) The Assoc State should be Associated

iii) Now that your teams blade has a Service Profile associated, and is powered-on, it will log into the
LAN and SAN. The vHBAs (initiators) WWPN should be logged into the MDS switches and the VNX.
7) Leave UCS Manager open for the next lab
C) Unisphere for VNX: Connecting to VNX Storage - New Initiators

1) If necessary, log into the VNX Unisphere GUI
warning
f)
2) Select your VNX system

a) Select VNX from the dropdown menu
3) Navigate to the Initiators view. Prepare to manually register your teams blade with the VNX. Registration is
the process of correlating the different vHBA logins into a single host object. A single host object will share
common SCSI properties, failover settings, host name, and IP address. vHBA-0 and vHBA-1 are each logged
into two different VNX Storage Processor ports. As a result, we must register a total of four logins into VNX
as a single host. The VNX is unaware all four logins belong to the same blade.
a) Hover your mouse pointer over the Hosts tab
b) Click on the Initiators link. The Initiators window appears
4) Select the vHBA-0 initiators first login to VNX Storage Processor port.
a) Expand the Initiator Name column header until the whole initiator name is visible
b) Click the Initiator Name column header to sort the column Initiators in an ascending order
c) Your teams initiator is identifiable by the WWNN of the blade followed by the WWPN of vHBA-0.
d) Look for the initiator login below by replacing X with your team number. Notice the 3rd to last
hexadecimal digit is an A, denoting the A-Side vHBA. In a Vblock, all even numbered vHBAs are pinned to
the A-Side UCS Fabric Interconnect:
20:00:00:25:B5:01:X0:01:20:00:00:25:B5:01:XA:08
e) Highlight the first object in the Initiators view with this name.
f)
Verify the WWN highlighted is that of your team number, where X is your team number. If you do not
see the World Wide Name of your teams vHBA logged in the Initiators view, notify your instructor. It
is most likely an incorrect entry in the Boot Policy or the WWPN pool for your teams Service Profile in
UCS Manager.
VCE CONFIDENTIAL
75
5) Register vHBA-0 initiators first login to VNX Storage Processor port

a) Click the Register button at the bottom of the Initiators view
6) Complete the initiator registration details in the Register Initiator Record window
a) In the Initiator Information section, select:
i)
Initiator Type: CLARiiON/VNX
ii) Failover Mode: (ALUA)-failovermode 4

iii) Select the New Host radio-button
iv) For Host Name enter team-X-new where X is your team number
v) Use the IP Address of 192.168.1.19X where X is your team number
vi) Click OK to proceed with the operation
vii) Click Yes to confirm to proceed with the operation
viii) Click OK to acknowledge the operation success message
ix) Click Ok to acknowledge the warning about no management of a manually registered initiator
7) Select the vHBA-0 initiators second login to VNX Storage Processor port. This task must be completed for
both vHBA-0 logins, even if the Host Name and Host IP Address fields in the Initiators view are already
populated.
a) Your teams initiator is identifiable by the WWNN of the blade followed by the WWPN of vHBA-0.
b) Look for the initiator login below by replacing X with your team number:
20:00:00:25:B5:01:X0:01:20:00:00:25:B5:01:XA:08
c) Highlight the second object in the Initiators view with this name.
8) Register the vHBA-0 initiators second login to VNX Storage Processor port
a) Click the Register button at the bottom of the Initiators view. If the Register button is grayed out, then
you are selecting the wrong initiator, confirm the last 4 hexadecimal digits are XA:08 where X is your
team number.
b) In the Initiator Information section, select:
i)

iii) Select the Existing Host radio-button
iv) Select the Browse Host button
v) Select Host Name: team-X-new where X is your team number
9) Select the vHBA-1 initiators first login to VNX Storage Processor port.
a) Your teams initiator is identifiable by the WWNN of the blade followed by the WWPN of vHBA-1
b) Look for the initiator login below by replacing X with your team number. Notice the 3rd to last
hexadecimal digit is a B, denoting the B-Side vHBA. In a Vblock, all odd numbered vHBAs are pinned to
the B-Side UCS Fabric Interconnect:
VCE CONFIDENTIAL
76
20:00:00:25:B5:01:X0:01:20:00:00:25:B5:01:XB:08
c) Highlight the first object in the Initiators view with this name.
10) Register the vHBA-1 initiators first login to VNX Storage Processor port
a) Click the Register button at the bottom of the Initiators view. If the Register button is grayed out, then
you are selecting the wrong initiator, confirm the last 4 hexadecimal digits are XB:08 where X is your
team number.
i)

11) Select the vHBA-1 initiators second login to VNX Storage Processor port. This task must be completed for
both vHBA-1 logins even if the Host Name and Host IP Address fields in the Initiators view are already
populated.
a) Your teams initiator is identifiable by the WWNN of the blade followed by the WWPN of vHBA-1
b) Look for the initiator login below by replacing X with your team number:
20:00:00:25:B5:01:X0:01:20:00:00:25:B5:01:XB:08
c) Highlight the second object in the Initiators view with this name.
12) Register the vHBA-1 initiators second login to VNX Storage Processor port
a) Click the Register button at the bottom of the Initiators view
i)

x) At this point, the VNX is aware of the 2 VNX Storage Processor ports vHBA-0 is logged into, and 2
VNX Storage Processor ports vHBA-1 is logged into. The VNX is also aware that vHBA-0 and vHBA-1
belong to the same host (blade), all via the registration process.
13) Leave Unisphere for VNX open for the next lab exercise
VCE CONFIDENTIAL
77
D) Unisphere for VNX: Connecting to VNX Storage Storage Groups

In order to be able to see the LUNs on the new blade, we will need a storage group that includes our new
initiators and our host.
1) Create an empty Storage Group

a) Click on the Hosts tab at the top of the pane
b) Click on the Storage Groups link
c) Click Create
d) Create a Storage Group named sg_vbX where X is your team number
e) Click OK
f)
Click Yes to confirm the create the storage group operation
g) Click NO when prompted to add LUNs or hosts

2) Select your new Storage Group sg_vbX where X is your team number
3) Connect host to Storage Group
a) Click the button Connect Hosts
b) Select your team-X-new host where X is your team number
c) Move the selected host from the Available Hosts list to the Hosts to be Connected pane by clicking on
the Right Arrow icon between the lists
d) Click OK
e) Click Yes to confirm the operation
f)
Click OK to acknowledge the operation success message
4) Leave Unisphere for VNX open for the next lab exercise
E) Unisphere for VNX: Connecting to VNX Storage - Creating a boot LUN

1) Continuing in Unisphere from the previous lab
2) Create a boot LUN for your new blade
a) Click on the Storage tab and select the LUNs link
b) Click on the Create button
c) For the Storage Pool Type select the RAID Group radio button.
d) Leave the RAID Type selected to RAID5:Distributed Parity (High Throughput)
e) Leave the Storage Pool as 0
f)
In the LUN Properties section set the User Capacity to 20 GB
g) Set the LUN ID to 10X where X is your team number

h) Click the Name radio button and name the LUN vbX_Boot where X is your team number
i)
Set Number of LUNs to create to 1
j)
Click the Advanced tab
VCE CONFIDENTIAL
78
i)
Under the Default Owner heading select the SPA radio button if it is not already selected
ii) Verify the Default Owner is set to SPA

iii) Click Apply button.
v) Click Yes
vi) Click OK to confirm creation of the LUN
k) The Create LUN will remain open after your LUN is created. Click Cancel or clicking the X (Close) icon on
the top-right of the window to close the window
3) Display new LUN properties
a) Find your new LUN named vbX_Boot with an Id of 10X where X is your team number in the LUNs list and
select it.
b) Select the Properties button at the bottom of the window
c) Note the Unique ID (UID)
i)
When installing ESXi, the installer will prompt you for a LUN to install ESXi on, the Unique ID field will be
displayed at this time and can be used to accurately select the correct device
d) Click OK to close the Properties dialog

4) Add the new boot LUN to the new Storage Group
a) Highlight the Hosts tab and select Storage Groups
b) Select your new storage group sg_vbX from the list where X is your team number
c) Click on Connect LUNs button
d) Expand SPA to find your newly created LUN vbX_Boot where X is your team number
e) Select it and click the Add button to add it to your Storage Group
f)
Click OK to proceed with the operation
g) Click Yes to confirm the operation

h) Click OK to acknowledge the operation success message
5) Click on the LUNs tab in the Details section to confirm that the Host LUN ID field is 0
(You may have to move the slider to the right to see the Host LUN ID field)
F) Installing ESXi (OST)

2) In the Navigation pane, select the Servers tab
3) In the Filter dropdown select Service Profiles
4) In the Navigation pane, expand root, expand Sub-Organizations
5) In the Navigation pane, under your TeamX sub-organization, select the current service profile named
sp_TeamX where X is your team number
6) Invoke the KVM console
a) In the Content pane, in the General tab under Actions , click KVM Console
b) Click Run to ignore no trusted certificate
VCE CONFIDENTIAL
79
c) Click Accept to continue with unverifiable certificate

d) Select Apply
7) Select an ISO boot image
a) Select the Virtual Media tab
b) Click Accept to continue with unverifiable certificate
c) Under Detail, select and highlight Virtual CD/DVD as the Target Drive
d) Click on the Add Image button on the right
e) Browse to select the image file
i)
Click on the Browse button and select Computer in the left icon pane, or repeatedly click the Up
One Level icon or select from the Look in: dropdown to view Computer
ii) Double-click vblock_share in the content pane

iii) Double-click ESXi_ISO
iv) Double-click ESXi_5.5
v) Double-click the .iso image listed
f)
Under Client View, check the Mapped checkbox to the left of the new virtual media drive
g) Verify that the new ESXi ISO is now mapped as the Virtual CD/DVD in the Details box at the bottom of
the window
8) Click the Reset host icon at the top of the window
a) Click OK to ignore the reset power-up warning which does not apply in this case
b) Select the Power Cycle radio button
c) Click OK to proceed with the Reset operation
d) Click OK to acknowledge the operation initiation success
9) Select KVM tab
10) Wait for the ESXi installer to start
a) When prompted press <Enter> to continue the ESXi installation
b) Press <F11> to accept the EULA
c) On the Select a Disk to Install or Upgrade screen
i)
Use the down arrow key to scroll and select the single Remote storage device
ii) Select the 20.00 GiB VNX DGC RAID 5 disk using the arrow key. Confirm that the 20.00 GiB boot disk
is selected.
iii) Press <F1> to display device details. The Full Disk Name field can used to match the VNX UID field
mentioned back when the boot LUN was created.
iv) The storage unit gigabyte, symbolized by GB, is used to describe a storage capacity of 1,000,000,000
bytes. The storage unit gibibyte is a binary multiple of the byte. The storage unit gibibyte,
symbolized by GiB, is used to describe a storage capacity of 1,073,741,824 bytes. VMware uses the
GiB nomenclature when describing the capacity of the device to install ESXi upon.
v) Press <Enter> to exit the detailed display
d) Press <Enter> to Continue
i)
Leave the highlighted US Default keyboard layout selected, press <Enter> to Continue
VCE CONFIDENTIAL
80
ii) Set the root password

(1) Root password: enter emc123%%
(2) Confirm password: enter emc123%%
(3) Press <Enter> to Continue
iii) Wait while the system is scanned for additional system information
iv) Confirm installation on the selected array device, press <F11> to Install
v) Wait while ESXi is installed, observe the percentage complete on the progress bar.
vi) Wait until the installation completes, then press <Enter> to Reboot
e) Leave the KVM Console open
f)
Login to ESXi
i)
Upon successful reboot press F2 to configure the ESXi host
ii) For Login Name accept the default of root

iii) Arrow down and enter a Password of emc123%%
iv) Press <Enter> for OK to login
g) Configure the Management IP network
i)
Use the arrow keys to select Configure Management Network, press <Enter> to go into the change
dialog (if needed scroll the display to show the top of the window on the screen)
ii) Select VLAN (optional), press <Enter>

(1) For VLAN ID, enter the value assigned by your instructor for the management IP network
(2) For Vblock Setup A use VLAN ID 1100
(3) For Vblock Setup B use VLAN ID 1200
(4) For Vblock Setup C use VLAN ID 1300
(5) For Vblock Setup D use VLAN ID 1400
(6) For Vblock Setup E use VLAN ID 1500
(7) For Vblock Setup F use VLAN ID 1600
iii) Select IP Configuration, press <Enter>
(1) Select Set static IP option with your spacebar
IP Address: 192.168.1.19X where X is your team number
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.254
(2) Press <Enter> to continue
iv) Configure DNS
(1) Select DNS Configuration, press <Enter>
(2) Leave Use the following DNS server selected
(3) For Primary DNS Server enter the DNS Server IP Address of 192.168.1.30
(4) For Hostname enter team-X-esxi-alt.take.emc.edu where X is your team number
(5) Press <Enter> to continue
v) Apply the network settings
VCE CONFIDENTIAL
81
(1) Select <Esc> to exit the configuration menu

(2) Type Y for Yes to apply changes and restart the management network
vi) Test network connectivity
(1) Use the arrow keys to select Test Management Network, press <Enter>
(2) Press <Enter> to continue with a Ping of the Gateway and DNS Server, and resolving the
Hostname
(3) Notify your instructor if any of the tests have a FAILED status. All tests should have a status of
OK
(4) Press OK to exit the test
11) Leave the KVM Console open for the next lab
G) Restore Original Service Profile (OST)
2) Navigate to the current Service Profile
d) In the Navigation pane, under your TeamX sub-organization, select your new (now in use) service profile
named sp_TeamX where X is your team number
3) Disassociate the current (new) Service Profile
a) In the Content pane, under the Actions section select Disassociate Service Profile
b) Review the Are you sure warning message and proceed by clicking Yes
c) WARNING: Understand that disassociating a Service Profile not only shuts a host down, but it also may
scrub the bios and local disks. For the lab environment, there is no local storage, so with boot from SAN,
your new Service Profile and installed ESXi host remain ready to be reused as needed.
4) Observe the disassociation progress
a) In the Navigation pane, select the Equipment tab
b) In the Navigation pane, expand Chassis > Chassis 1 > Servers
c) In the Navigation pane, select your teams blade server Server X where X is your team number
d) In the Content pane, in the Status section, expand Status Details to show the detailed status
e) Observe the status progression waiting a few minutes until all changes complete and the Overall Status
becomes Unassociated
5) Associate the original Service Profile
a) In the Content pane, under Actions select Associate Service Profile
b) Click the radio button to your original team Service Profile TeamX_SAN_Boot_SP where X is your team
number
c) Click OK to proceed
d) Click on Yes to confirm your choice
VCE CONFIDENTIAL
82
e) Review the Associate Service Profile message confirming the planned change will trigger a User
f)
Click OK to acknowledge operation initiation success
6) Observe the association progress

a) In the Content pane, under Status, observe the expanded Status Details
b) Observe the status progression waiting a few minutes until all changes complete
i)
The Overall Status should be Ok
ii) The Assoc State should be Associated

7) Test the Management Network to ensure the host was restored properly. Navigate to the
TeamX_SAN_Boot_SP.
b) In the Navigation pane, set the Filter dropdown menu to Service Profiles
e) In the Navigation pane, highlight your TeamX_SAN_Boot_SP Service Profile
8) The previous KVM console was forcibly closed when the Service Profile on a blade was switched. Re-open
the KVM Console.
b) Click the KVM Console, click Run to ignore no trusted certificate
c) A popup Unencrypted KVM Session window appears, select the Accept this session radio button, then
Apply
d) Once initialization completes, click the <Esc> key to wake up the KVM Console window
9) Test the management netword on the ESXi host.
a) Press <F2> to Customize System/View Logs
b) Log in using the User Name of root and Password of emc123%% for the ESXi Server
c) Use the arrow keys to select Test Management Network, press <Enter>
d) Press <Enter> to continue with a Ping of the Gateway and DNS Server, and resolving the Hostname
i)
Notify your instructor if any of the tests have a FAILED status. All tests should have a status of OK
e) Press OK to exit the test

10) Close the KVM Console
VCE CONFIDENTIAL
83
LAB 12. Deploying Virtual Machines

Now that Counterfake has some compute power to use, we are going to want to create some applications to
harness that power. As the administrator, you are going to be responsible to getting these systems running and
communicating. Here we are going to create some virtual machines to simulate these applications. Lets start
with how to deploy a Linux machine via an OVA file. Once we get that Linux machine up, we will explore some
ways to get it connected in a group of machines that are all related.
The application department has given us a number of requirements for application servers aside from the OS
level and version, they have indicated the systems must have a user named appuser, as well as some shared file
space for both Unix and Windows machines. So there are a few things we need to take care of so that as this
application pool of virtual machines grows, we can grow with it.
The first thing we need to do is setup a data store for our coming work.
Creating a New Datastore

A) Provision an Additional LUN (OST)
1) If necessary, log into the VNX Unisphere GUI
warning
f)
Log in using the VNX Control Station User Name of admin and Password of emc123%
2) Navigate to Storage Pools

a) Select VNX from the dropdown menu
b) Select the Storage tab, then select Storage Configuration, and Storage Pools
3) Create a new LUN to hold virtual machines
a) Right click on the Student Datastore and select Create LUN, in the VNX - Create LUN dialog:
b) for Storage Pool Type: leave the Pool radio button selected
c) For RAID Type: dropdown leave or select RAID5: Distributed Parity (High Throughput) selected
d) Check that the Storage Pool for new LUN: is Student Datastores
e) Under LUN Properties
i)
Select the Thin checkbox
ii) Set User Capacity to 4 GB

iii) Set the LUN ID to 12X where X is your team number
iv) Click the Name radio button and name the LUN vbX_Data where X is your team number
v) Set Number of LUNs to create to 1
vi) Click Apply
VCE CONFIDENTIAL
84
vii) Click Yes to confirm the LUN creation. Wait for the creation to complete
viii) Click OK to acknowledge the successful LUN Creation message
ix) Click Cancel to exit the Create LUN dialog
4) Add the new LUN to your teams Storage Group
a) Select the Student Datastore in the Storage Pools display
b) Select the LUNs tab in the Details window below the Pools section
c) Select the LUN ID 12X where X is your team number
d) Click the Add to Storage Group button
e) Select the team-X-esxi Storage Group where X is your team number, and then click on the right arrow.
The team-X-esxi Storage Group was moved from the Available Storage Groups pane to the Selected
Storage Groups pane.
f)
Click OK to proceed
g) Click Yes to confirm the operation

h) Click OK to dismiss the success message
5) Update Host
a) In the Details display, right-click on the LUN ID 12X where X is your team number, and select Update
Host Information
b) Click on the check box Select to perform a rescan on the host before update
c) Click Yes to confirm the operation
d) Click OK to dismiss the success message
6) Leave the Unisphere browser window open, as it will be used again later
7) Now that we have an additional LUN provisioned, our ESXi server should be able to access it. You need to
add this LUN to your datastore to expand the amount of storage available to your virtual machines.
B) Create a New Datastore (OST)
1) Continue with the vSphere Web Client from earlier in this lab
2) Navigate to select the New Datastore action
a) In the Navigator pane, select Home, select vCenter, and then select Datastores
b) Click the Volume icon with the green plus sign to create a new datastore
3) Create a New Datastore
a) On the Location screen expand your vCenter team-X-vcsa where X is your team number, expand the
Vblock data center, and then select your team-X-esxi.take.emc.edu ESXi host where X is your team
number.
b) Click Next on the Location screen
c) Select VMFS as the Type on the Type screen and click Next
d) In the Name and device selection screen
i)
In the Datastore name field enter appserver_datastore
ii) Select the DGC Fibre Channel Disk that is 4GB in capacity
iii) Click Next
VCE CONFIDENTIAL
85
e) Set the VMFS version to VMFS 5 and click Next

f)
On the Partition configuration screen, be sure the configuration is set to Use all available partitions,
and click Next
g) Review the summary and click Finish

h) The new datastore will take a minute or so to create
Creating a Virtual Machine

C) Creating a New VM in vSphere Web Client (OST)
1) Continue with the vSphere Web Client from the previous lab
2) Click on the Home icon
at the top of the display
3) In the Navigator pane select vCenter then Hosts and Clusters

4) In the Navigator pane expand vCenter > Vblock
5) Select team-X-esxi.take.emc.edu where X is your team number
6) Right Click on your team ESXi Server and select Deploy OVF Template
a) If prompted Allow the VMware Client Integrator plugin permission to run
b) On the Select source screen
i)
Select the Local File radio button
ii) Click on Browse

iii) Navigate to Computer > vblock_share > linux
iv) Select the LinuxLab.ova OVA file
v) Click Open
vi) Click Next
7) On the Review details screen
a) Note that the disk size needed thin provisioning will be the initial disk size if we do a thin provision;
thick provisioned is the size it will be allowed to grow without intervention
b) Click Next
8) On the Select name and folder screen
a) Enter vm1
b) Under Select a folder or datacenter expand team-X-vcsa
c) Select the Vblock data center
d) Click Next
9) On the Select storage screen
a) For Select virtual disk format select Thin Provision from the dropdown menu
b) Review the datastores listed, select the appserver_datastore
c) Note: The created datastore is obviously not large enough at 4GB, but its large enough for a thin
deployment of our first VM, and will be expanded in a later lab exercise
d) Click Next
VCE CONFIDENTIAL
86
e) If you get A connection error occurred message, simply click Next again until the wizard advances to the
next screen
10) On the Setup networks screen
a) For Destination network, select VM Network
b) Click Next
11) On the Ready to complete screen
a) Check the Power on after deployment checkbox at the bottom of the screen
b) Click Finish
12) View the Recent Tasks window in the Global Information pane on the far right
a) Watch the progress of the OVF deployment
b) Wait for it to complete
c) If the task fails, try redoing the steps in the Deploy OVF Template wizard again
D) Accessing and configuring the first Linux VM (OST)

1) Continuing in vSphere Web Client
2) Click on the Home icon
3) In the Navigator pane select vCenter > Hosts and Clusters

4) Expand the arrow
next to the Vblock datacenter and the team-X-esxi.take.emc.edu host
5) In the Navigator pane, select the vm1 Virtual Machine you just created
6) In the Content pane, select the Summary tab
7) From the Actions dropdown menu select Power On
8) Launch the console by selecting Actions dropdown menu item Open Console
9) If prompted with a certificate warning select Continue to this website
10) In the console window, login to your VM with a username of user and a password of user1234
11) Check the network address with the command ifconfig the eth0 network adapter should be configured
with the inet address of 192.168.2.1 and a network mask of 255.255.255.0.
12) Add a user to the system
a) Enter the command, type:
sudo adduser appuser
b) Enter, the password, type:
user1234
c) Enter, then confirm the password, type:
vceteam
d) For Full Name, type:
Application User
e) Press <Enter> to accept the default (empty) values for Room Number, Work Phone, Home Phone, and
Other
VCE CONFIDENTIAL
87
f)
Accept the settings, type:

y
13) Test the new user account

a) List the current user, type:
whoami
b) Switch the user, (yes there is a space after the dash) type:
su - appuser
c) For Password type:
vceteam
d) List the current user, type:
whoami
e) Return to the default user account
exit
14) Type <Control-Alt> to release the mouse from the terminal control and switch back to the vSphere Web
Client
Capacity Management
From the previous section we know the system will likely use up the capacity in the datastore once the Linux VM
has been running for a while while we benefited from thin provisioning, we laid down a 200GB OS on a
datastore that is only 4GB a recipe for problems. First, we will review the situation through monitoring, and
then we will address it by expanding our storage for the datastore.
E) VMware Capacity Monitoring (TST)
1) Use the vSphere Client to display vCenter Server overview and advanced performance charts
2) Continuing in vSphere Web Client, return to Home by selecting the Home icon
3) Go to the summary screen of the storage view by selecting vCenter > Storage in the Navigator pane
a) Expand the inventory and select the appserver_datastore in the inventory.
b) Select the Summary tab in the content pane.
4) Note that the datastore has a red icon flag next to it note in the summary screen the message about the
datastore usage on disk.
a) Investigate the alarm:
i)
Select Monitor tab, note the Issue listed
b) Under the Monitor tab, click the Performance sub-tab to view space utilization and performance charts
i)
View all of the charts on this screen to familiarize yourself with this pane
ii) Notice the total space used by virtual disks on the datastore
iii) Under the Performance sub-tab, change the View dropdown menu selection to Performance
(1) Change the Time Range dropdown menu to Realtime
(2) View the all the charts on this screen to familiarize yourself with this pane
5) Display the overview performance charts for your ESXi host:
a) Click on the Home icon

VCE CONFIDENTIAL
88
b) In the Navigator pane select vCenter > Hosts and Clusters

c) Expand the arrow
host
next to the Vblock datacenter and select the team-X-esxi.take.emc.edu
d) In the Content area click on the Monitor tab, and select the Performance sub-tab
e) The Overview performance charts are displayed
i)
f)
Look at all of the charts to familiarize yourself with the available information
Under the Performance sub-tab select Advanced

i)
In the Performance Chart Legend select the Measurement column header to sort the entries
ii) Select the entry for your team-X-esxi.take.emc.edu host for CPU usage in MHz. Note how you can
call out specific entries.
g) Display the memory performance chart with custom settings:
i)
Directly above the chart being displayed, click the Chart Options link. The Customize Performance
Chart dialog box is displayed
ii) In the Chart Options dialog

(1) Under Chart Metrics section select Memory
(2) For the Timespan field select Last day
(3) For the Chart Type field, select Stacked Graph (Per VM)
(4) Under the Target Objects section to the right, click All
(5) Under the Select counters section at the bottom of the dialog, if necessary, click None to
deselect all, then check the box for the Usage counter
(6) Towards the top of the dialog, click on Save Options As and give the chart the name
teamX<LastName> where X is tour team number, click Ok
(7) Click Ok to exit the Chart Options dialog
(8) Verify that your chart name appears in the Chart options dropdown
(9) At the bottom of the dialog box, click Ok
iii) The memory performance chart displays the Usage counter for each of the virtual machines as well
as the ESXi host
(1) Notice your saved chart name also appears in the View dropdown above the chart
h) Switch between the default performance charts and your custom performance chart:
i)
At the top right of the Performance sub-tab, display the chart names in the View dropdown
ii) Switch between the charts in the list, including the custom chart that you created
i)
Select your vm1 virtual machine in the Navigator pane inventory

i)
In the Content pane click the Monitor tab and the Performance sub-tab
ii) Under the Performance sub-tab click Advanced

iii) Display the different charts in the View dropdown
iv) Is the data in these charts different than the data in step above?
(hint: look at the Performance Chart Legend)
VCE CONFIDENTIAL
89
Monitoring Storage
F) Monitor a Storage Pool (TST)
1) Continue in the EMC Unisphere for VNX browser window
2) Select the VNX in the dropdown menu
3) Select the Storage tab, Storage Configuration, then Storage Pools
4) In the Pools tab, select the Student Datastores pool (expand the list of Pools displayed if it is not visible),
and then click the Properties button, a new window is opened.
5) From the Storage Pool Properties window, there are four tabs that can be used to monitor different aspects
of the storage pool
a) The General tab shows the physical and virtual capacities, including total capacity, consumed capacity
and the percentage full
b) Select the Disks tab to view the state of the individual drives that make up the storage pool
c) Select the Advanced tab
i)
Select Percentage Full Threshold, verify it is set 60%. This will cause an alert to occur when the pool
reaches 60% capacity. This will generate an alert in EMC Unisphere for VNX, that will also propagate
through to VCE Vision
d) Select the Tiering tab, and notice there is only a single tier
e) Click OK when done
6) In the Pools tab, select the Tiered Storage pool, and then click Properties
a) Now under the Tiering tab notice there are now two tiers in the Tier Details display
b) Explore other tabs and click OK when done
G) Monitoring a RAID group (TST)
3) Select the Storage tab, Storage Configuration, then RAID Groups
4) Monitoring a RAID group on a Vblock System
a) Select the RAID Groups tab
b) Right-click the first RAID Group in the list and select the Properties button
c) Explore the General, and Disks tabs and how they can be used to monitor different aspects of the RAID
group such as total capacity and free capacity
d) Explore the Partitions tab. In a RAID group, a LUN is a partition (the green portion) that spans all the
drives in the RAID group. Partitions are created starting on the outer rims of the platters, moving inward
for each new LUN created.
e) Click OK when done
Capacity Expansion
VCE CONFIDENTIAL
90
H) Expand A Storage Pool (TST)

3) Select the Storage tab, Storage Configuration, then Storage Pools
4) When the Pools window appears, select the Student Datastore storage pool and click the Properties button
a) Select the Disks tab to display the disks currently in the pool
b) Click the Expand button. An error dialog stating that there are no more disks available to expand this
pool appears.
i)
Click OK to dismiss the error message
c) Click OK to close the Storage Pool Properties dialog. Note that you can also use the Expand button right
on the Pools detail window to expand an existing Storage Pool.
5) In any case, since the requirement is to make more space available to the virtual machines, the next step
would be to expand an existing LUN, or create a new LUN. One method of doing this is to use the simple
LUN Provisioning Wizard in the Wizards list to the right of the screen. However, we will perform the
process manually to gain an understanding of all of the steps involved.
I)
Expand an Existing LUN (OST)

3) Select the Storage tab, Storage Configuration, then LUNs
a) Locate the vbX_Data LUN, LUN ID 12X where X is your tem number that was created at the beginning of
this lab. It will be 4GB and in Host Information it will have your team ESXi server hostname.
b) Right click on this LUN and select Expand
c) Enter 50 in New User Capacity
d) Click OK
e) When it is finished, note the new User Capacity in the table
4) Now that we have expanded our LUN, we need to tell the datastore in vSphere about the additional space
available.
J) Expand a Data Store (OST)
1) Continue with the vSphere Web Client from earlier in this lab
2) Select the Home icon
3) In the Navigator pane select vCenter, Storage, and then appserver_datastore
4) In the Content pane, click on Actions, then select Increase Datastore Capacity from the menu
a) In the Select Device screen, select DGC Fibre Channel Disk from the list. This is the same LUN we
expanded in Unisphere from 4GB to 50GB, but vSphere is not aware of the additional space yet.
5) Select this LUN and click Next
6) The partition layout will show the 4GB already used, and now be aware of the new size of the LUN. From
the Partition Configuration menu, select Use Free space: 46.00 GB to expand the datastore
VCE CONFIDENTIAL
91
7) Click Next
8) Review the configuration and formatting and select Finish
9) Observe the task running in Recent Tasks pane under the All heading. When it is complete, the red flag for
appserver_datastore in the navigation pane should disappear, indicating it is no longer running low on
space
10) In the Content pane, select the Summary tab, note the usage bar on the right and note the usage bar graph.
11) Select the Manage tab
12) From the Settings sub-tab select Device Backing
a) Under the Capacity column heading, note the capacity is now 50GB
Virtual Machine Template Creation and Usage

We now have our first VM. Our application group has given us a number of requirements for these application
servers, one of which is they needed to have a user named appuser. This is representative of a lot of different
configuration changes we might have done to support the application group. In any event, once we have
customized the first VM we created to the right requirements, we can create a template from that VM. After that,
whenever we create a VM for the application group, we can use the template and it will already have all these
customizations embedded in it. For Counterfake, the group only said that it needed that extra user, which we
created in the earlier lab. So now you will create a template from vm1 now, and test that template by deploying a
second application virtual machine.
K) Creating a VM Template in vSphere Web Client (OST)

1) Continue with the vSphere Web Client
3) In the Navigator pane select vCenter > VMs and Templates
4) In the Content pane from the Actions menu select New Virtual Machine
a) On the Select a creation type screen
i)
From the list select Clone virtual machine to template
ii) Click Next

b) On the Select a virtual machine screen
i)
Under Select a virtual machine to clone, expand the team-X-vcsa vCenter, expand the Vblock
datacenter, select the vm1 virtual machine
ii) Click Next

c) On the Select a name and folder screen
i)
Name the template AppImage
ii) Click Next

d) On the Select a compute resource screen
i)
Select your team-X-esxi.take.emc.edu host as the resource (you can assign a template to a host or a
cluster)
ii) Click Next

e) On the Select storage screen
i)
Leave the default settings (use the same storage settings for the template that exist in the VM itself)
VCE CONFIDENTIAL
92
ii) Click Next

f)
On the Ready to complete screen

i)
Review the settings, and then click Finish
5) View the Recent Tasks pane, All tab to the far right
a) Watch the progress of cloning the VM to a template
b) When the clone to template operation is complete, we can move on to the next section
L) Creating a VM from a Template (OST)

1) Continue with the vSphere Web Client
4) In the Content pane, from the Actions menu select New Virtual Machine
5) From the list of How to create the VM, select Deploy from template, click Next
6) Expand Vblock and locate the appImage template that you just created and select it
a) On the Select a creation type screen
i)
From the list select Deploy from template
ii) Click Next

b) On the Select a template screen
i)
Under Select a template to deploy from, expand the team-X-vcsa vCenter, expand the Vblock
datacenter, select the AppImage template
ii) Place a check in the Power On Virtual Machine after creation checkbox
iii) Click Next
c) On the Select a name and folder screen
i)
Name the template vm2
ii) Expand the team-X-vcsa vCenter, select the Vblock datacenter

iii) Click Next
d) On the Select a compute resource screen
i)
Select your team-X-esxi.take.emc.edu host as the resource
ii) Click Next

e) On the Select storage screen
i)
Select the appserver_datastore
ii) Leave the other default settings

iii) Click Next
f)
On the Ready to complete screen

i)
Review the settings, and then click Finish
g) View the Recent Tasks pane on the far right

i)
Watch the progress of the template deployment
VCE CONFIDENTIAL
93
ii) Wait for it to complete

M) Accessing the new VM Created from a Template (OST)
1) Continuing in vSphere Web Client
4) In the Navigator pane, expand team-X-vcsa, and double-click the Vblock datacenter
5) In the Navigator pane, select Virtual Machines
6) In the bottom of the Navigator pane, select vm2
7) In the Content pane, select the Summary tab
8) Launch the console by selecting the Launch Console link below the console image
9) Click on the vm2 tab in Internet Explorer to be in the console window
10) In the console window, login to your VM with a User Name of user and Password of user1234
11) Check the network address with the command ifconfig the eth0 network adapter should be configured
with the address 192.168.2.1 and a network mask of 255.255.255.0. This conflicts with our vm1, so we need
to change it.
a) Change directories to /etc/network, type:
cd /etc/network
b) List the network configuration files, type:
ls
c) The /etc/network/<interfaces file name> contains network interface configuration information. View
the contents of the interfaces.server2 file, type:
cat interfaces.server2
d) Replace the interfaces file. The interfaces file will be overwritten with the contents of the
interfaces.server2 file, type:
sudo cp interfaces.server2 interfaces
e) Enter the password for the user account if prompted, type:
user1234
f)
Stop the network services, type:

sudo ifdown eth0
g) Start the network services, type:

sudo ifup eth0
h) Check that the network address is now set to 192.168.2.2, type:
ifconfig
12) Check that this VM already has the appuser user that was already created in our template. The grep
command will search the passwd file for an entry named appuser, type;
grep appuser /etc/passwd
13) This should result in an entry being printed for the appuser user
VCE CONFIDENTIAL
94
14) Test connectivity to the peer VM. The virtual machines vm1 and vm2 are on the same vlan, and should be
able to communicate. For a count of 1, ping vm1s IP address from vm2. This should result in 0% packet loss
which implies connectivity, type:
ping c 1 192.168.2.1
15) Type <Control><Alt> to release the mouse from the terminal control and switch back to the vSphere Web
Client.
VLAN Creation
VLANs give us the ability to create an isolated network for specific traffic or groups of applications. We have our
new application servers online, but we connected them to a default network. Lets isolate these application
servers so they have their own private network to communicate on. To do this, we want to create a new VLAN.
While this task doesnt require getting to hosts outside of our current Virtual Distributed Switch, it is easy to
imagine that this group of application servers could spread across a broader set of hosts or even Vblocks, so lets
make sure we have a VLAN that can be used by a related application anywhere in the Counterfake environment.
To do this, we need to create the VLAN on the UCS, and make sure its in the upstream switches, as well as
adding it to our VMware infrastructure. First let us tackle the individual elements.
N) Add a VLAN on UCS (OST)

2) In the Navigation pane, click on the LAN tab
3) In the Navigation pane, for the Filter dropdown, select LAN Cloud
4) Right click on VLANs, and select Create VLANs
i)
Enter the TeamX in the VLAN Name/Prefix field, where X is your team number
ii) Verify the Common/Global radio button option is selected, which means the VLANs apply to both
Fabric Interconnect A and B. The Common setting also ensures the Fabric Interconnects use the
same configuration parameters in both cases.
iii) Leave the Multicast Policy Name as is
iv) Enter the VLAN ID 200X where X is your team number
v) Leave the Sharing Type option as None
vi) Click the Check Overlap button to make sure the VLAN ID does not overlap with any other IDs on the
system
(1) The list of overlapping VLAN IDs should be empty
(2) Click OK to exit the Check Overlap dialog
vii) Click OK to exit the Create VLANs dialog
viii) Click OK to acknowledge the success message
b) Verify that the new VLAN appears in the list of VLANs in the Navigation pane (expand VLANs if not
already expanded)
5) Modify the VLAN in the Service Profile Template for your team. Your ESXi host is still bound to the updating
template you previously defined. You will define this new VLAN in the original initial Service Profile
Template, which you will later bind to the Service Profile for the blade hosting your ESXi server.
b) In the Navigation pane, in the Filter dropdown select Service Profile Templates
VCE CONFIDENTIAL
95
c) In the Navigation pane, expand root, expand Sub-Organizations, expand TeamX where X is your team
number
d) In the Navigation pane, expand Service Template TeamX_SAN_Boot
i)
Expand the vNICs heading for your Service Profile Template
ii) Select vNIC vNIC-0

e) In the Content pane, notice the warming that this vNIC is not modifiable because it is bound to a LAN
template
6) Unbind vNIC-0 from the LAN template
a) In the Content pane, notice the name of the LAN template it is bound to
b) In the Content pane, under Actions , click Unbind from a Template
c) Click Yes to verify the action
d) Click OK to acknowledge operation success
7) Repeat the unbind operation for vNIC-1
a) In the Navigation pane, select vNIC vNIC-1
b) In the Content pane, notice the name of the LAN template it is bound to
c) In the Content pane, under Actions , click Unbind from a Template
d) Click Yes to verify the action
10) Navigate to define new LAN Templates
a) In the Navigation pane, select the LAN tab
b) In the Navigation pane, in the Filter dropdown select Policies
c) In the Navigation pane, expand root, expand Sub-Organizations, expand TeamX
d) In the Navigation pane, expand vNIC Templates for your team
11) Review the original LAN Templates in preparation to build new templates
a) In the Navigation pane, select vNIC Template vNIC-Fabric-A
b) In the Content pane, notice that the Fabric ID is set to the Fabric A radio button
VCE CONFIDENTIAL
96
c) Notice the Template Type is the Updating Template radio button

d) Notice the MTU is set to 1500
e) Notice the MAC Pool is set to TeamX_MAC_Fabric_A
f)
Notice all other policies are not set except Stat Threshold Policy is set to default
g) In the Navigation pane, select vNIC Template vNIC-Fabric-B

h) Notice the only difference are:
i)
The Fabric ID is the Fabric B radio button
ii) The MAC Pool is set to TeamX_MAC_Fabric_B

12) Define a new app specific LAN Template for Fabric A
a) In the Navigation pane, right-click vNIC Templates for your team and select Create vNIC Template
b) For Name enter vNIC-app-FabricA
c) For Description enter Fabric A VLAN including isolated app VLAN
d) For Fabric ID select the Fabric A radio button
e) For Template Type select the Updating Template radio button
f)
From the VLANs list, check all the boxes under Select except for the default VLAN
i)
Notice this includes your new app specific vLAN TeamX which is not in the original LAN template
g) Notice MTU and other policies all default to the correct values
h) Click OK to proceed with the creation
i)
Click OK to acknowledge operation success
j)
Notice the new vNIC Template at the top of the Content pane
13) Define a new app specific LAN Template for Fabric B

a) In the Navigation pane, right-click vNIC Templates for your team, and select Create vNIC Template
b) For Name enter vNIC-app-FabricB
c) For Description enter Fabric B VLAN including isolated app VLAN
d) For Fabric ID select the Fabric B radio button
e) For Template Type select the Updating Template radio button
f)
From the VLANs list, check all the boxes under Select except for the default VLAN
i)
Notice this includes your new app specific vLAN TeamX which is not in the original LAN template
g) Click OK to proceed with the creation

14) Bind the new VLAN Template to the Service Profile Template
b) In the Navigation pane, for your teams Service Profile Template TeamX_SAN_Boot, select vNIC vNIC-0
c) In the Content pane, under Actions select Bind to a Template
i)
In the vNIC Template dropdown, select the new vNIC-app-FabricA template

iii) Click OK to acknowledge operation success
15) Repeat the bind new VLAN Template for vNIC-1
VCE CONFIDENTIAL
97

b) In the Content pane, under Actions select Bind to a Template
i)
In the vNIC Template dropdown, select the new vNIC-app-FabricB template
ii) Did you remember to switch to the template for Fabric B?

i)
In the vNIC Template dropdown the new template vNIC-app-FabricA
ii) Did you remember to switch to the template for Fabric A?

i)
In the vNIC Template dropdown the new template vNIC-app-FabricB
ii) Did you remember to switch to the template for Fabric B?

18) Leave the UCS Manager window open
O) Adding a VLAN to the Cisco Nexus 5000 (OST)

1) This step has to be performed for both fabric switches. We will start with the A-Side Nexus 5548 switch.
2) From the Windows Management host open a putty ssh session to the Nexus-5548 switch
Open.
d) After the login as: prompt, enter the User Name of admin, enter <CR>
3) View the existing VLANs, type:
show vlan
4) Enter the Configuration Terminal in order to make changes
configure terminal
5) Add a VLAN. This number should match the number used in the UCS Add VLAN section where X is your
team number type:
vlan 200X
VCE CONFIDENTIAL
98
6) Give the VLAN a name. This name should match the name used in the UCS Add VLAN section where X is your
team number, type:
name TeamX
7) Exit the VLAN, type:
exit
8) Exit the Configuration Terminal, type:
exit
9) Verify the VLAN was successfully added, where X is your team number, type:
show vlan id 200X
10) Close the putty session, type:
exit
11) We will now configure the B-Side Nexus 5548 switch.
12) From the Windows Management host open a putty ssh session to the Nexus-5548 switch
Open.
d) After the login as: prompt, enter the User Name of admin, enter <CR>
show vlan
configure terminal
team number type:
vlan 200X
team number, type:
name TeamX
exit
exit
show vlan id 200X
exit
VCE CONFIDENTIAL
99
P) Adding a VLAN to the Cisco Nexus 1000V (OST)

You have a choice in how you deal with your virtual switching, using either the Cisco Nexus 1000V or VMware
Distributed Virtual Switches. We have a Nexus 1000v in this environment, but we use VMware DVS either is
fine, but lets walk through adding the VLAN to the Nexus 1000v for environments that use that.
1) This step has to be performed once the Nexus 1000v Virtual Supervisor Module (VSM) switch.
2) From the Windows Management host open a putty ssh session to the Nexus 1000v switch
b) In the Host Name (or IP address) field, enter the Nexus 1000v VSM IP of 192.168.1.7X where X is your
team number
c) Click Open
f)

show vlan
configure terminal
team number type:
vlan 200X
team number, type:
name TeamX
exit
exit
show vlan id 200X
exit
Q) Adding the VLAN to VMware Virtual Switch (OST)

2) Double-click on the vSphere Web Client desktop icon. Use it to log in to your vCenter Appliance system with
the User Name of root and Password of vmware
3) If a Certificate Error warning comes up, choose Continue to this website
5) In the Navigator pane, select vCenter > Hosts and Clusters
VCE CONFIDENTIAL
100
6) In the Navigator pane, expand team-X-vcsa, and the Vblock datacenter under it.
7) Select your ESXi host team-X-esxi.take.emc.edu
9) Under the Manage tab, select the Networking sub-tab
10) Click on the Virtual switches heading in the Networking sub-tab, and select vSwitch0, this is our VMware
virtual switch
11) Under Virtual Switches, hover over the small global icon
, it should provide a tooltip of Add host
networking. Click the
icon, and the Add Networking popup appears.
a) On the Select connection type screen
i)
Select Virtual Machine Port Group for a Standard Switch radio button
ii) Click Next

b) On the Select target device screen
i)
Verify Select an existing standard switch is set to vSwitch0
ii) Click Next

c) On the Connection settings screen
i)
For Network label, enter appNetwork
ii) For VLAN ID enter 200X where X is your team number

iii) Select Next
d) On the Ready to complete screen
i)
Click Finish
12) Observe the task running in Recent Tasks pane under the All heading.
13) When the task is complete, note the new network connected to vSwitch0 in the diagram at the bottom of
the screen
R) Changing the VLAN for the Application VMs (OST)

1) Continuing in the vSphere Web Client
3) In the Navigator pane, select vCenter > Hosts and Clusters
4) In the Navigator pane, expand team-X-vcsa, the Vblock datacenter, and the team-X-esxi.take.emc.edu host
5) In the Navigator pane, select vm1, the first application VM we created
a) In the Content pane, select the Summary tab
b) In the VM Hardware section, at the bottom, select the Edit Settings link
c) Under Network adapter 1, click the drop down list and select our new network, appNetwork
d) Click on OK
e) Wait for the task to complete and the Network adapter 1 to change to our new network appNetwork
f)
At this point, vm1 and vm2 are on different VLANs. Lets check click on Launch Console in the content
pane (this will be the vm1 console)
g) In the Navigator pane verify vm1 is selected.

VCE CONFIDENTIAL
101
h) In the Content pane, select the Summary tab

i)
If a browser tab named vm1 is not already open, click the Launch Console link.
j)
Login to the console with a User Name of user and a Password of user1234
k) Try to ping vm2, which is on a different VLAN. The command below is a continuous ping, the ping should
fail. Let the command continue to run after executing, type:
ping 192.168.2.2
l)
So they are indeed isolated! Lets put vm2 into our new VLAN as well. Type <Control><Alt> to get the
mouse point back and switch over to our vSphere window.
6) In the navigation pane, select vm2, the second application VM we created

a) Continue with the vSphere Web Client
b) In the Content pane, select the Summary tab
c) In the VM Hardware section, at the bottom, select the Edit Settings link
d) Under Network adapter 1, click the drop down list and select our new network, appNetwork
e) Click on OK
f)
Wait for the task to complete and the Network adapter 1 to change to our new network appNetwork
g) At this point, vm1 and vm2 are on the same VLANs.

h) Switch back to the vm1 console browser tab. The ping command should now be receiving
acknowledgements from our peer vm2. Success!
VCE CONFIDENTIAL
102
LAB 13. Creating NFS Stores

Now that we have our application servers setup, they will likely need some shared storage lets create a file
system that they can both access, so they can share data between them.
A) Configuring advanced settings for VMware vSpere ESXi (TST)

Use this procedure to configure advanced VMware vSphere ESXi settings including:
Disk.UseDeviceReset 0
NFS.MaxVolumes 256
Net.TcpipHeapSize 30
Net.TcpipHeapMax 128
NFS.HeartbeatFrequency 12
NFS.HeartbeatTimeout 5
NFS.HeartbeatMaxFailures 10
When you set advanced configuration options for VMware vSphere ESXi, NFS performance is enhanced. VCE
recommends that you apply the NFS-related options before connecting any NFS share to the VMware vSphere
ESXi hosts.
You can configure the settings on each host individually using the VMware vSphere client or run the VMware
vSphere PowerCLI script to configure the settings on all VMware vSphere ESXi hosts.
1) Continuing in the vSphere Web Client

3) In the Navigator pane, select vCenter > Hosts and Clusters, and the team-X-esxi.take.emc.edu host
5) In the Content pane, select the Settings sub-tab
6) In the Content pane, select Advanced System Settings
7) Change the setting for Disk.UseDeviceReset
a) Under Advanced System Settings, scroll to the first parameter to be changed in alphabetic order,
Disk.UseDeviceReset
b) Select and highlight the row for Disk.UseDeviceReset
c) Click the pencil icon at the top of the table to enter edit mode
d) Change the value from 1 to 0 (zero)
e) Click OK to save the change
f)
Wait while the wheel shows work in progress, when done, the value will be changed in the display
8) Reset (change back) the setting for Disk.UseDeviceReset

a) Select and highlight the row for Disk.UseDeviceReset
b) Click the pencil icon
c) Change the value from 0 to 1
d) Click OK to save the change
e) Wait while the wheel shows work in progress, when done, the value will be changed in the display
VCE CONFIDENTIAL
103
9) Observe that a reboot is needed for some changed settings to take effect
a) Enter net.tcpiph into the search box (to the right of the pencil icon), press <Enter> to search
b) Select and highlight the row for Net.TcpipHeapMax
c) Click the pencil icon
d) Notice the description states that changing this parameter requires a reboot
i)
In a production environment, once completing changing multiple settings, you would reboot the
VMware vSphere ESXi host for the new parameter(s) to take effect
ii) Since this exercise was merely an example of how to change parameters, DO NOT REBOOT or save
any changes
e) Click Cancel to exit the Edit Advanced Option dialog without making a change
B) Configure File System and NFS Exports (OST)
warning
f)
g) Select VNX from the dropdown menu

2) Review network settings for file access
a) Select the Settings tab, Network, and then Settings For File
b) View the results in the Interfaces sub-tab
c) You will be using cge1-0 port
3) Create a new file system for NFS export to the VMware ESXi host as a data store.
a) Select the Storage tab, Storage Configuration, and then File Systems
b) In the File Systems sub-tab click the Create button
c) Fill in the required information as follows:
i)
File System Name: vbX where X is your team number.
ii) Storage Capacity: 1024

iii) Select MB (megabytes) from the drop down menu for the Storage Capacity field
iv) Auto Extend Enabled: Leave the default
v) Thin Enabled: Checked
vi) High Water Mark: 80
vii) Maximum Capacity (MB): 5120
viii) Later, on your ESXi host you will see a capacity of 5120 MB since Thin was selected.
ix) Slice Volume: Leave the default
x) Deduplication Enabled: Leave the default
VCE CONFIDENTIAL
104
xi) VMware VAAI Nested: Leave the default

xii) Data Mover: Leave the default
xiii) Mount Point:
(1) Select the Custom radio button
(2) In the Pathname field type: /vbX where X is your team number.
d) Access-Checking Policy: Leave the default
e) Click OK
4) Modify file system properties
a) Click on the Mounts sub-tab
b) Right click on the file system /vbX where X is your team number.
c) Select Properties
d) Check the Set Advanced Options checkbox
e) Notice the new fields appear after you select this option.
f)
Set the Virus Checking Enabled field to Unchecked
g) Set the Direct Writes Enabled field to Checked

h) Set the CIFS Notify Enabled field to Unchecked
i)
Click OK
5) Create an export for your NFS file system

a) Click on Storage
b) Click on Shared Folders
c) Click on NFS
d) Click on the Create button
e) From the drop down select your file system vbX where X is your team number.
f)
Select your Path /vbX where X is your team number.
g) From the Lab Logins Spreadsheet

h) Using the ESXi host VMkernel port IP address for your team complete the following fields:
i)
For Root Hosts: where X is your team number use 192.168.1.6X/24
ii) For Access Hosts: where X is your team number use 192.168.1.6X/24
iii) The appended /24 is for the CIDR notation (Classless Inter-Domain Routing) to the Root Hosts and
Access Hosts IP Address
i)
Click OK
6) Leave Unisphere open

C) ESXi NFS Configuration (OST)
Continue in the vSphere Web Client This next step does not conform to best practices. In an ideal production
environment the VMkernel port is located on a dedicated standard/distributed switch. If this is not possible,
VLAN tagging should be used. This is to ensure that the traffic associated with the VMkernel port does not
compete with the guest operating systems.
1) Continue in the vSphere Web Client
VCE CONFIDENTIAL
105

3) In the Navigator pane select vCenter > Host and Clusters
4) In the Navigator pane expand team-X-vcsa, Vblock, and then select your team-X-esxi.tak.emc.edu ESXi host
5) Create a VMkernel Port
a) Ensure that your ESXi host is highlighted in the left hand pane
b) In the Content pane, select the Manage tab, and the Networking sub-tab
6) Click the
icon, and the Add Networking popup appears.
a) On the Select connection type screen

i)
Select VMkernel Network Adapter radio button
ii) Click Next

b) On the Select target device screen
i)
Verify Select an existing standard switch is set to vSwitch0
ii) Click Next

c) On the Port Properties screen
i)
For Network label, enter nfsstorage
ii) For VLAN ID, enter the value assigned by your instructor for the Vblock ESXi NFS network
(1) For Vblock Setup A use VLAN ID 1109
(2) For Vblock Setup B use VLAN ID 1209
(3) For Vblock Setup C use VLAN ID 1309
(4) For Vblock Setup D use VLAN ID 1409
(5) For Vblock Setup E use VLAN ID 1509
(6) For Vblock Setup F use VLAN ID 1609
iii) Select Next
d) On the IPv4 Settings screen
i)
Select Use static IPv4 settings
ii) Where X is your team number use an IPv4 address of 192.168.1.6X

iii) For Subnet Mask use 255.255.255.0
iv) Click Next
e) Summary:
f)
Click Finish
7) On the Ready to complete screen

i)
Click Finish
8) Add your NFS datastore to your ESXi host

a) Click on the Actions drop down menu, and select New Datastore
b) Click on Next
c) Select Storage Type:
i)
Select the Network File System
ii) Click Next

VCE CONFIDENTIAL
106
d) Locate Network File System

i)
Server: enter the VNXs Data Mover Interface IP address of your Data Mover of 192.168.1.14
ii) Folder: /vbX where X is your team number.

iii) Mount NFS read only: Do not select
iv) Data store Name: TeamX_nfs where X is your team number.
v) Click Next
vi) Click Finish
9) Your ESXi host now has a NFS data store.
a) Highlight the newly added data store
b) Verify the properties.
c) Explore the dialogue boxes and notice you are unable to locate information like Data Mover,
Filesystem, Model
d) Exit the vSphere Client if not continuing to the next step.
VM Access to the NFS File System

The goal here was to create a shared file system for use by our application group. We have the file systems
created, and have shown some ways of access it, but lets get to the meat of what we meant to do, making it
accessible by our application servers.
Recall that the VMs are on their own private VLAN, isolating their VM traffic. This is great, but the issue is that
our VNX NFS interface isnt in that VLAN to get connectivity for the NFS piece, we will need access to another
VLAN. To do this, we will need another network interface on our VMs, and to put connect that interface to the
VLAN that the VNX NFS interface is on.
Additionally, NFS traffic is another item that is perfect for isolation using VLANs. The Vblock typically comes with
a default NFS VLAN (vblock_ESX_NFS). Since this VLAN already exists in the Vblock, we dont need to add it to
the UCS or network switches in this lab but we do need to find the VLAN ID. We also need to ensure that the
VNX can provide NFS access to that VLAN, in addition to creating the new interfaces on the virtual machines.
D) Finding the NFS VLAN

1) Access the UCS Manager browser window on the Windows Management Server you connected to through
the Internet Explorer icon as instructed in LAB 2 A) UCS Manager GUI (TST): Capture Compute Resource
Configuration on page 17
2) Click on the LAN tab in the navigation pane
3) Expand LAN Cloud
4) Expand VLANs
5) In the list of VLANs, find vblock_ESX_NFS and note this number
E) Adding a New Interface To VNX
1) Access the EMC Unisphere for VNX browser window on the Windows Management Server you connected to
through the Internet Explorer icon as instructed in LAB 2 C)LAB 1 UCS Manager GUI (TST): Capture Compute
Resource Configuration on page 23
VCE CONFIDENTIAL
107
2) Navigate to your VNX system, select Settings from the top level tool bar
3) Select Network
4) Select Settings for File
5) Select the Create button at the bottom of the screen
6) Locate the entries for Private NFS Interface Hostname and Private NFS Interface Address and Private NFS
Netmask of 255.255.255.0. Use these values for Name, Address and Netmask respectively.
7) Enter the NFS VLAN identified in the last lab in the VLAN ID
8) Click Ok
F) Create new network in vSphere
1) Continuing in vSphere from the previous section
2) Navigate to vCenter > Hosts and Clusters
3) In the navigation window, expand team-X-vcsa and the Vblock datacenter under that. Select your ESXi host.
4) In the content pane, select the Manage tab.
5) Select the Networking tab under that.
6) Click on Virtual switches, and select vSwitch0 this is our VMware virtual switch
7) Under Virtual Switches, hover over the small global icon, it should provide a tooltip of Add host networking.
Click that icon.
8) In the Add Networking popup, select Virtual Machine Port Group for a Standard Swtich
9) Click Next
10) Under Select an existing standard switch, be sure vSwitch0 is selected, and click Next
11) In the Network label, enter NFS, and in the VLAN ID enter the VLAN ID we discovered on the UCS in the
previous section
12) Select Next
13) Review the settings, and select Finish
14) Note the new network connected in the bottom diagram
G) Create new NIC the Application VMs
1) Continuing in vSphere from the previous section
Navigate to vCenter > Hosts and Clusters
2) Expand your ESXi server to reveal the two applications VMs, and select vm1
3) Click on Summary
4) In the content pane, in the section labeled VM Hardware, click Edit Settings
5) In the Edit Settings window, at the bottom, click on the New Device dropdown, and select Network
6) Click on Add
7) When the Network adapter 2 appears, select the drop down list and select the NFS network from the list
8) Select OK at the bottom
9) Now we need to repeat this for the second VM, so in the navigation pane select vm2
10) Click on Summary
VCE CONFIDENTIAL
108
11) In the content pane, in the section labeled VM Hardware, click Edit Settings
12) In the Edit Settings window, at the bottom, click on the New Device dropdown, and select Network
13) Click on Add
14) When the Network adapter 2 appears, select the drop down list and select the NFS network from the list
15) Select OK at the bottom
16) Watch the Recent Tasks and wait for both Reconfigure Virtual machine tasks to complete
17) With vm2 still highlighted, select Launch Console in the top of the content pane
18) When the console appears, login to the VM
19) Change to the network configuration directory with the command cd /etc/network
20) Change the interface file by copying the appropriate file based on your team number:
sudo cp interfaces_TeamX_server2 interfaces
21) Reboot so the system can register its new interface card
22) Type Control-Alt to get the cursor back from the console and switch back to vSphere Web Client
23) Select the vm1 VM in the navigation pane
24) Select the Summary tab
25) Select the Launch Console button in the top of the content pane
26) When the console appears, login to the VM
27) Change to the network configuration directory with the command cd /etc/network
28) Change the interface file by copying the appropriate file based on your team number:
sudo cp interfaces_TeamX_server2 interfaces
29) Reboot so the system can register its new interface card
H) Create The NFS Mount on the VM

1) Return to the console for vm1 when it is finished rebooting and login
2) Verify that the network is setup correctly with the command ifconfig
a) Verify the IP address for eth1 against the entry for VM1 NFS Interface Address and Netmask
3) Verify that we can communicate with the VNX NFS interface by pinging the address from our Lab Logins
Sheet labeled Private NFS Interface Address: ping c1 IPADDRESS
4) Verify that we can ping the other VM on this new network by pinging the IP address labeled VM2 NFS
Interface Address from the Lab Login sheet: ping c1 IPADDRESS
5) Make a directory to contain the mount point: sudo mkdir /nfs_fs
6) Mount the NFS file system from VNX: sudo mount IPADDRESS:/vbX /nfs_fs where X is your team number,
and IPADDRESS is the address listed in the Lab Logins Spreadsheet labeled Private NFS Interface Address
7) Check the contents of the NFS mount: cd /nfs_fs; ls
8) Repeat this for vm2 start by typing Control-Alt to release the cursor, and switching back to vSphere
9) Select vm2 in the Navigation pane
10) Select Open Console in the content pane
11) Verify that the network is setup correctly with the command ifconfig
VCE CONFIDENTIAL
109
a) Verify the IP address for eth1 against the entry for VM1 NFS Interface Address and Netmask
12) Verify that we can communicate with the VNX NFS interface by pinging the address from our Lab Logins
Sheet labeled Private NFS Interface Address: ping c1 IPADDRESS
13) Verify that we can ping the other VM on this new network by pinging the IP address labeled VM2 NFS
Interface Address from the Lab Login sheet: ping c1 IPADDRESS
14) Make a directory to contain the mount point: sudo mkdir /nfs_fs
15) Mount the NFS file system from VNX: sudo mount IPADDRESS:/vbX /nfs_fs where X is your team number,
and IPADDRESS is the address listed in the Lab Logins Spreadsheet labeled Private NFS Interface Address
16) Check the contents of the NFS mount: cd /nfs_fs; ls
VCE CONFIDENTIAL
110
LAB 14. Managing CIFS

For your Windows (and even Samba-based Unix/MAC) clients, we can also create CIFS file systems in the
storage array. This is a little more involved than an NFS mount, as we have to define a CIFS Server to service up
the shares.
A) Creating a CIFS Server

1) Access the EMC Unisphere for VNX browser window on the Windows Management Server you connected to
through the Internet Explorer icon as instructed in LAB 2 C)LAB 1 UCS Manager GUI (TST): Capture Compute
2) Click on the VNX system, and navigate to Storage > Shared Folders > CIFS
3) In the content pane, click on the CIFS Servers tab
4) Click on Create at the bottom of the window
a) Next to the Server Type, click on the Standalone radio button
b) In the NETBios field, enter cifs_X where X is your team number
c) In the Workgroup field, enter group_X where X is your team number
d) In the Interface field, select the mover_2 interface. The IP address listed should match the address on
the Lab Login Spreadsheet labeled VNX cge-0
e) Enter the password start in the each of the two password fields
f)
In the Interfaces list, locate the interface with the address from the Lab Logins Sheet labeled NFS Private
Interface Address and select it
g) Click OK to create the CIFS server

h) When a message window displays informing you that local users can be disabled, click Ok.
i)
Click Ok when the confirmation window appears.
5) With a VNX CIFS Server, the initial password must be changed before it can be used. On your workstation,
Select the Start menu and navigate to Windows Security > Change a Password
6) In the User field, enter the username prefaced by the IP address from the Lab Logins Spreadsheet labeled
VNX cge-0 the IP address we used for our CIFS Server interface, followed by a backslash and the username
Administrator for instance, the field may be 192.168.1.14\Administrator
7) Enter the password start in the first Password field, and enter emc123 in both of the new password fields.
8) Press the arrow icon next to the second password field
9) Press Ok when the system informs you the password has been changed.
B) Create a Volume
1) Continuing with Unisphere from the previous section
2) Navigate to Storage > Storage Configuration > Volumes
In the content pane, click Create
In the Volume Create dialog that comes up, under Type, select the Slice radio button.
Under Volume Name enter TeamXY where XY is your setup and team number
VCE CONFIDENTIAL
111
Under Size (MB) enter 1024 for a 1GB volume
Press Ok to create the Volume
Dismiss the success message by pressing Ok
C) Creating a File System Pool

1) Continuing with Unisphere from the previous section
2) Navigate to Storage > Storage Configuration > Storage Pools for File
Click on the Create button in the bottom of the content pane
Select the Meta Volume radio button under Create
Under Name, enter pool_XY where X is your lab setup and Y is your team number
Under Volumes, select the TeamXY volume you created in the previous section
Leaving the rest of the settings to the defaults, click Ok to create the File System Pool
Click Ok to dismiss the success window and return to Unisphere
D) Creating a CIFS file system

1) Continuing in Unisphere from the previous section
2) Navigate to Storage < Storage Configuration > File Systems
In the bottom of the content pane, click the Create button
Name the filesystem fsXY where X is your setup and Y is your team number
Under Stoage Capacity enter 512 MB
Select the Thin Enabled check box
Set the Maximum Capacity (MB) to 512
Check the Deduplication Enabled checkbox
Check that the Data Mover (R/W) is set to server_2
Leave the mount point default set
Select the Pool that you just created, pool_XY where X is your setup and Y is your team number.
Click OK to create the file system
E) Mount a File System on the CIFS Server in VNX

Now that you have a file system created in the VNX data mover, we need to mount it in the CIFS server you
created in the first section. This will make the file system available to CIFS clients.
1) Continuing in Unisphere from the previous section

2) Navigate to Storage > Shared Folders > CIFS
In the content window, at the bottom select the Create button
Under the Data Mover select server_2
VCE CONFIDENTIAL
112
In the Name field, name the share cifs_team_XY where X is your setup and Y is your team number
Under File System, select the file system you just created, fsXY where X is your setup and Y is your team
number
In the CIFS Server section, be sure your CIFS Server is selected
Now click the Ok button to mount the file system on the CIFS Server
F) Test the CIFS File System on your Management Workstation

1) On your Management Workstation, select the Start Menu and select Windows Explorer
2) In the address pane at the top, click to begin editing the address and enter //IP-ADDR where IP-ADDR is the
IP Address of the cge0 entry from your Lab Logins Spreadsheet
3) Enter the credentials for the CIFS Server set in the earlier lab: Administrator and emc123
4) Note the CIFS share we created in the window, and double click on it to access it
5) Verify that you can see the files in the share
G) Mount CIFS on VM
Now let us mount the CIFS share on our Linux VM to be sure we can see it there as well.
1) Return to the Console of the Linux VM.

2) Create a directory to mount the CIFS volume: sudo mkdir /cifs_dir
3) Mount the CIFS Share with the command mount t cifs o username=Administrator,password=emc123
//IP_ADDRESS/cifs_team_XY /cifs_dir where IP_ADDRESS is the IP Address of your VNX cge0 (NFS) entry on
the Lab Logins Spreadsheet, and XY is your setup and team number. Note that the cifs_team_XY is the name
we used in section E)
4) Change in the newly mounted share to see the contents: cd /cifs_dir; ls
VCE CONFIDENTIAL
113
LAB 15. Protecting Vblock System Metadata

As you can see from these labs, the configuration of your Vblock system is pretty dynamic and involved. It is
important to keep the configuration as protected as possible, so if there are any issues, you know exactly how
your Vblock configured for operation.
A) VCE Vision Configuration Backup

The VCE Vision appliance has a set of configuration files. The VCE Vision Appliance automatically creates an
archive of important configuration files daily (at midnight by default) and places the archive in
/opt/vce/fm/backup/snapshots.
1) Open Putty and connect to the VCE Vision Console

2) Run cd /opt/vce/fm/backup/snapshots
3) Run ls
4) These are directories in the format YEAR_MONTH_DAY_HOUR_MINUTE
5) Change into one of them with the cd command
6) Run ls
7) The backup.tar.gz archive contains the backup. The backup.tar.gz.md5 contains a checksum of that file that
can be used for verification. There is also a log. This entire directory should be included in your sites backup
procedures and copied offsite.
8) Run mkdir /tmp/NAME.backup where NAMEis the last name of one of your team
9) Run /opt/vce/fm/install/backupConfig.sh -d /tmp/NAME.backup
10) This created an adhoc backup archive in the directory /tmp/NAME.backup
B) VCE Vision Configuration Restoration
(Do not Run this in the lab)
1) To restore the configuration to a specific backup archive file:

/opt/vce/fm/install/restoreConfig.sh -f filename
This is useful for restoring a file that you originally had backed up offsite
Sometimes during maintenance, if the configuration of the VCE Vision system becomes broken, you can
restore it to the state prior to the change (or the state at midnight on any of the previous 10 days):
/opt/vce/fm/install/restoreConfig.sh
It will prompt you with the dates of all available restoration snapshots.
VCE CONFIDENTIAL
114
C) VCE Vision Interface to Vblock System Configuration

VCE Vision provides the user with the ability to quickly collect the configuration files from the various Vblock
components. VCE Vision is backing these configuration files up on a regular basis, but the user can download
the current collection at any time with a network browser. Actually, most of the Vision capabilities are available in
the way we are about to use!
1) Open up Internet Explorer
Navigate to the address below - in your environment, you would use the hostname you gave to
the vision system: https://vision:8443/fm/configcollector
Provide the CAS credentials
user name: admin
password: dangerous
This will bring up a download window, as the browser downloads a zip file containing all of the
configuration files.
Save this file on the desktop and use Windows (File) Explorer to investigate its contents.
D) Backup of UCS Manager

VCE Vision manages the backup of your UCS chassis, and the above collector will let you save the configuration
backup to your workstation. However, sometimes it is desirable to grab individual backups as well.
1) Create the Backup Image of UCS Manager
Access the UCS Manager browser window on the Windows Management Server you connected
to through the Internet Explorer icon as instructed in LAB 2 A)LAB 1 UCS Manager GUI (TST):
Capture Compute Resource Configuration on page 17
Click on the Admin tab in the in the navigation pane
Click on General in the content pane
Click on Backup Configuration in the content pane
Click on Create Backup Operation link
In Type, click on Full State
For Location of the Backup file, select Local File System
In the filename area, enter C:\fullstate.gz
Press OK
This will create a backup and download it to your C:\
E) Backup of the Nexus 5k Switch

1) Access the Nexus 5548 A NX-OS CLI on the Windows Management Server you connected to through the
Internet Explorer icon as instructed in LAB 2 G) CLI for Nexus 5548 (TST): Capture Network Configuration on
page 29
2) Execute copy startup-config bootflash:myconfig
VCE CONFIDENTIAL
115
3) The bootflash can be replaced with scp, tftp, ftp or sftp if you have those types of file servers configured in
your environment. The general format is protocol://username@hostname/filename-or-path
F) Backup of the MDS Switch
1) Access the MDS Switch A NX-OS CLI on the Windows Management Server you connected to through the
Internet Explorer icon as instructed in LAB 2 F)LAB 1 CLI for MDS Switch (TST): Capture Storage Area
Network (SAN) Configuration on page 28
Execute copy startup-config bootflash:myconfig
The bootflash can be replaced with scp, tftp, ftp or sftp if you have those types of file servers configured
in your environment. The general format is protocol://username@hostname/filename-or-path
VCE CONFIDENTIAL
116
LAB 16. Protecting Vblock System Production Data

Protecting your meta-data is important, but the most critical piece of data is the production data your users create
and use every day. The Vblock has a number of options for protecting your production data (including EMC
Avamar, EMC Data Domain).
At Counterfake, we have some application VMs and storage devices we created during this lab. We are going to
explore some basic data protection techniques in both vSphere and Unisphere. These techniques can be used
independently, in unison, or wrapped into a larger protection methodology (e.g. other products that utilize them, or
automating these techniques through scripting.
Of course this lab doesnt constitute a data protection strategy that would require a multi-week course all by
itself. Be sure to marry these techniques with a full blow data protection approach.
A) Protection in Unisphere
The storage subsystems provide a number of key features for building a production data protection strategy. One
of those features is snapshotting. Lets create a snapshot of our VM created earlier.
1) Access the EMC Unisphere for VNX browser window on the Windows Management Server you connected
to through the Internet Explorer icon as instructed in LAB 2 C)LAB 1 UCS Manager GUI (TST): Capture
Compute Resource Configuration on page 23
Navigate to Storage > LUNs by hovering over the Storage icon, and selecting LUNs
Locate the LUN that we created earlier by selecting the Host Information column to order by host,
finding your team host (team-X-esxi.take.emc.com) and selecting the 50GB LUN that you created
Click on the Properties button
In the LUN Properties, select LUN Name and give it a more descriptive name. We could have done this
during creation as well, but this allows us to rename any LUN. Name it after your team: team-Xdatastore1
Click OK, and click Yes on the confirmation dialog that displays
Click Ok on the success dialog
Click on Create Snap
Put in the description Initial snapshot of datastore for team X
Click Ok. And Click Ok on the confirmation dialog.
Navigate to Data Protection > Snapshots
Locate the snapshot you just created it will be listed by the name you used: team-X-datastore1
Click on Properties, and then on the Snapshots tab
Snapshots use a variable amount of space as applications write new data to the underlying
LUN, the data that would be overwritten is copied to the snapshot, so the snapshot grows as the
protected LUN is modified. The amount of allocation a snapshot is using is listed in the Snapshot
Summary.
This is also where one could create a mount point of an existing snapshot this can be used to
test the snapshot, or to restore individual pieces of the snapshot.
VCE CONFIDENTIAL
117
Consistency Groups
This mechanism works for stand-alone LUNs, but when there are multiple LUNs that are interrelated, taking
snapshots of each LUN wont produce a consistent image. This allows you to group multiple LUNs together,
telling the VNX that they are, in fact, interrelated and that snapshots must be consistent across the whole set of
LUNs. Lets quickly create a couple of LUNs to be used at Counterfake for an Oracle database. Since they will be
used by a database, both LUNs will require protection through a consistency group.
B) Creating Application LUNs

1) Continuing in Unisphere for VNX
2) Navigate back to Storage > LUNs
3) Click on Create
4) Select RAID Group radio button
5) Select 5 GB as the User Capacity
6) Select 2 for Number of LUNs to create
7) Click on the radio button for Name under LUN Name and enter team-X-oracle
8) Enter 1 in the Starting ID box under name
9) Click Ok, and click Next on the confirmation dialog about FAST Cache
10) Note on the success message that two LUNs were created:
a) The first was team-X-oracle_1
b) The second was team-X-oracle_2
11) Click Ok to dismiss this window and click the x icon on the Create LUN window
C) Creating a Consistency Group

1) Continuing in Unisphere for VNX
2) Navigate back to Data Protection > Snapshots
3) Click on the Create Group button at the bottom
4) Click on Next
5) Enter a group name in Name using team-X-oracle-cg where X is your team number
Click Next
Select the LUNs we just created the Oracle LUNs
Select Finish, and Click OK to dismiss the properties dialog
Select Finish again
Select Create Snapshot
Give it a description: Initial Snapshot of the Oracle data store
D) Protection in vSphere
We have a snapshot of the LUNs being used for database, we also have a series of virtual machines we have
created, and VMware allows the user to manage creating snapshots of these servers.
VCE CONFIDENTIAL
118
1) Access the vSphere Web Client browser window on the Windows Management Server you connected to
through the desktop icon as instructed in LAB 2 H)LAB 1 vSphere Web Client (TST): Explore vCenter
2) Navigate to vSphere > VMs and Templates
3) Click on Actions
4) Select Take Snapshot
5) Give the snapshot a name: appserver-initial
6) Click ok, and watch the running task in the right hand panel, waiting for completion
7) When it is complete, take another snapshot of the same VM by selecting Actions and the Take Snapshot
option
8) Wait for this second snapshot to complete by observing the task status in the right hand panel
9) When complete, select Action > Manage Snapshots
10) Note the history of the VM, where the currently running snapshot is in the history
VCE CONFIDENTIAL
119
LAB 17. Vblock System Assurance

A) Running Compliance Scans
The Vision package also has the ability to validate the compliance level of a Vblock against release matrixes,
giving the administrator quick insight into system assurance.
First lets check our assurance levels with the VCE Vision Plugin for vCenter.
1) Access the vSphere Web Client browser window on the Windows Management Server you connected to
through the desktop icon as instructed in LAB 2 H)LAB 1 vSphere Web Client (TST): Explore vCenter
From the Home screen, in the select the Vblock icon in the center panel
Select the Vblock logo in the Navigation pane
Run a Compliance Scan
Select Actions at the top of the right hand panel and select Compliance Scan.
This will start the compliance scan wizard, which allows the administrator to select a specific
release matrix and validate the Vblock against that matrix.
Click Next to proceed from Welcome screen
Select the most recent certification matrix at the bottom of the list
Run the scan by finishing the wizard, clicking Finish on the last Screen
Click on the Manage tab, and watch for the compliance scan to complete - you can click on the Refresh
button to force a refresh.
Wait until Complete
The compliance scan will result in an overall system score based on how well the Vblock matches against
the release matrix.
After a short wait, the new compliance scan just ran will show up in the compliance scan list
Compile a Report from a Scan
Select the first scan in the list
Click on the Compliance Report button (located at the top of the list).
This will bring up the compliance scan report, which includes a summary window, as well as the ability
to investigate each major component involved in the scan.
Explore the report, looking in particular at the various components and how their current
firmware levels compare against the latest release matrix.
Select the Compute tab
Next select the B-series Blade Firmware Version item.

You should be able to see that the current firmware level of the Vblock UCS Blades is 2.0(4b) not the matrix specified version of 2.1(1e).
VCE CONFIDENTIAL
120
B) Installing New Certification Matrixes

When VCE releases a new Release Certification Matrix, you will need to update the RCM content on your Vblock
System. This will allow you to perform System Assurance against the latest versions of qualification from VCE.
The updated RCM content is posted to the VCE Support portal at http://support.vce.com. For the lab, we have
placed a compliance file in:
Z:\\Vision\System Library\vce-compliance-content-2.0.0-1266.x86_64.rpm
The format of the filename will always include the complete version number - which is the major, minor and
build number. In the above file, this content is for version 2.0.0 of the compliance checker, and its build 1266
of the RCM.
1) On your Management Workstation, under Start > Programs > putty, open PSFTP
Change the local working directory to our source location with lcd z:\vision\system
library
Connect to the Vision appliance with the command open vision.take.emc.edu
Login using the VCE Vision OS Appliance Console with User Name of root and a Password of
V1rtu@1c3!
Change to the temporary directory with cd /tmp
Send the content file over with put vce-compliance-content-2.0.0-1266.x86_64.rpm
Quit PSFTP and open a putty Session to the VCE Vision OS Appliance Console
Change directory to the temporary directory with cd /tmp
Install the new RCM:
rpm -Uvh vce-compliance-content-2.0.0-1266.x86_64.rpm
This installs the content into the compliance directory /opt/vce/compliance/content/rcm
Run the script /opt/vce/compliance/content/install_content.sh
You will need to provide the VCE Vision CAS Authentication on System Library with a User
Name of admin and a Password of dangerous
The process is complete when the command prints the message

RCM content import successful
C) Installing Optional components in a Compliance Scan

The Compliance Checker comes configured for standard Vblock system components. It can be extended to
cover optional components of your Vblock System. Each different Vblock System has a different set of optional
components. The full list can be found in your VCE Vision Administration Manual, however the installation
process is smart enough to know which components are available for your system.
1) Open up a putty session to your VCE Vision console.
Change directory the RCM repository: cd /opt/vce/compliance/content/rcm
Run the customize command: ./customize_content.sh
This will display the components that are optional for your system.
Note: Each item in the list will list a True or False to indicate whether it is installed in your
compliance Checker already
For each item in the list that is set to false, perform these tasks
VCE CONFIDENTIAL
121
Type the number that precedes the item
Verify that the rule now has toggled to True on the next page
When everything is set to True, select the number next to Save and Quit
The customized content is stored in a hidden file, .customized - perform a ls -a to see it
Run the install command again to import the new content: ./install_content.sh
You will need to provide the VCE Vision CAS Authentication on System Library credentials from
the Lab Logins Spreadsheet
The process is complete when the command prints the message

RCM Content import successful
VCE CONFIDENTIAL
122
LAB 18. Proactive Monitoring

Scenario: While it is important to be able to investigate and monitor for issues and failures in the Vblock, proper
management means requires a more proactive approach to monitoring. In preparation for production you need
to validate and configure availability notifications. You can configure and monitor SNMP and Syslog alarms and
notifications using the different options on the Vblock System. SNMP provides a set of preconfigured traps and
informs that are automatically generated and sent to the destinations (trap receivers) that you identify.
Component threshold management lets you configure thresholds for specific events that trigger log entries or
notifications.
Simple Network Management Protocol (SNMP)
SNMP is an application layer protocol that facilitates the exchange of management information between
network devices. SNMP, integrated with the VCE Vision product, will already be configured on your Vblock
based on your customer survey provided to VCE. At Counterfake, Inc, you indicated that the desired
configuration was to use a single SNMP community name of csnpub for both internal Vblock components and
the VCE Vision normalized data. We will validate that these SNMP settings were properly configured.
A) Validating SNMP Setting within the UCS

1) Access the UCS Manager.
a) Open Internet Explorer and enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1.
download the GUI
2) In the Navigation pane, click the Admin tab
On the Admin tab, expand All > Communication Management > Communication Services
Select the Communication Services tab
Locate the SNMP area
Check that the community name is set to csnpub.
System Contact is a text field where information needed to contact the person responsible for
the SNMP implementation can be documented.
System Location is a text field of up to 510 characters and should contain the host on which the
SNMP agent (server) runs.
Validate SNMP traps.
In the SNMP Traps area, there should be registered host, which will be the VCE Vision Console IP
Address from the Lab Logins Spreadsheet. The Community should be set to csnpub.
*The default SNMP v1 or v2c community name or SNMP v3 username Cisco UCS Manager
includes on any trap messages it sends to the SNMP host.
The port field should be 162.
The version field should be V2.
VCE CONFIDENTIAL
123
B) Validating SNMP on the MDS switches

1) Access the MDS Switch
a) From the Windows Management host open a putty ssh session to the MDS-Series switch
b) In the Host Name (or IP address) field, enter the A-Side MDS Switch IP Address of192.168.1.6.
c) Click Open
f)
Validate the configuration.
Type the following command at the prompt: show snmp
This should show the community name of csnpub, and the group network-operator.
There should be traps being sent to the VCE Vision console IP address, version 2c on port 162.
Now validate the syslog server setup. This is the target host the switch will forward its syslog output.
Type the following command at the prompt: show logging
This should show a logging server of the VCE Vision console.
Close the putty window
Validate the B-Side MDS switch. Repeat steps 1-4 for MDS-Switch B-Side switch with an IP address of
192.168.1.7
C) Validating SNMP on Nexus 5K Switches

1) Access the Nexus 5548
a) From the Windows Management host open a putty ssh session to the Nexus-Series switch
b) In the Host Name (or IP address) field, enter the A-Side Nexus 5548 Switch IP Address of192.168.1.4.
c) Click Open
f)
Validate the configuration.
Type the following command at the prompt: show snmp
This should show the community name of csnpub, and the group network-operator.
There should be traps being sent to the VCE Vision console IP address, version 2c on port 162.
Now validate the syslog server setup. This is the target host the switch will forward its syslog output.
Type the following command at the prompt: show logging
This should show a logging server of the VCE Vision console.
Close the putty window
Validate the B-Side Nexus 5548 switch. Repeat steps 1-4 for Nexus-5548 B-Side switch with an IP
address of 192.168.1.5
VCE CONFIDENTIAL
124
D) Validating SNMP on VNX

1) Access the EMC Unisphere for VNX
b) In the Connect Host name or IP address field, enter the VNX Control Station IP address of 192.168.1.15
d) Login with the VNX Control Station Username of admin and Password of emc123%%
Select the storage system (VNX)
Click the System tab.
Select Hardware > Storage Hardware
Under Component, expand the Storage Processors,
Right-click SPA and select Properties.
Click the Network tab.
Validate the SNMP Community is set to csnpub.
Right-click SPB and select Properties.
Click the Network tab.
Validate the SNMP Community is set to csnpub.
Do not close Unisphere, as it will be used in the following lab
E) Validating SNMP trap forwarding in EMC Unisphere

1) Access the EMC Unisphere for VNX
b) In the Connect Host name or IP address field, enter the VNX Control Station IP address of 192.168.1.15
d) Login with the VNX Control Station Username of admin and Password of emc123%%
Select System > Monitoring and Alerts > Notifications for Block and select the Notification Templates
tab.
Select Create and name the template after your team (TeamXY)
On the General tab, select General Events and then select each severity and category type.
Click the SNMP tab.
For SNMP Management Host, type the IP address of the VCE Vision OS Appliance Console from the Lab
Logins Spreadsheet
Open a putty session to the Vision Console using the lab login sheet
Execute tail -f /opt/vce/fm/logs/FMagent.log
Back in EMC Unisphere
Click Test to test the response and verify that the Vision console is receiving the test trap
Note that one can also tie notification to email or paging systems with the other tabs
Click OK to close the Template dialog box
VCE CONFIDENTIAL
125
F) Configure UCS Threshold Policies

1) Access the UCS Manager browser window on the Windows Management Server you connected to through
the Internet Explorer icon as instructed in LAB 2 A)LAB 1 UCS Manager GUI (TST): Capture Compute
2) Change Statistics Collection and Reporting
Navigate to Admin > Stats Management in the Navigation pane
Select Collection Policies > Collection Policy chassis and right-click the label
Validate that the Collection Interval is set to 30 seconds, and the Reporting Interval is set to 15
minutes
Identify Current Statistical Values
Navigate to Equipment > Chassis > Chassis 1 > Servers > Server 1 in the Navigation pane.
Select the Statistics tab in the content pane
Navigate to Motherboard > Motherboard Power Counters > Motherboard Input Voltage in the
content pane
Write down the Avg value
Repeat step 3 for the rest of the Servers in that chassis 1.
Identify the minimum and maximum values across all the Avg values of the servers in the chassis
Calculate the average of these minimum and maximum values (Add the two values and divide by
2)
Change a Threshold Policy
Navigate to Admin > Stats Management and select Root in the content pane
Right-click on Root in the content pane, and select Create Threshold Policy
Type input_volt_TeamX in the Name text field (16 character max) of the Threshold Policy
creation wizard (where X is your team number) and click the Next button
Click the Add button at the bottom of the creation wizard
Select Motherboard Power Statistics in the Stat Class dropdown menu and click the Next
button
Click the Add button at the bottom of the creation wizard
Select Motherboard Power Statistics Input Voltage in the Property Type drop down
Type the average value you calculated in step 4b into the Normal Value text field
In the Alarm Triggers (above normal value) section, click the Critical checkbox
In the first text field for Critical, type in a value that is 0.1 units more than the average value you
previously calculated
In the second text field for Critical, type in a value that is 0.4 units more than the average value
you previously obtained
In the Alarm Triggers (below normal value) section, click the Info checkbox
In the first text field for Info, type in a value that is 0.2 units less than the average value you
specified in step 5h
VCE CONFIDENTIAL
126
In the second text field for Info, type in a value that is 0.4 units less than the average value you
calculated
Click OK at the bottom of the window
Click the Finish button at the bottom of the creation wizard
Click the Finish button at the bottom of the creation wizard (again)
Click OK
Do not exit UCS Manager at it will be used in the next lab
G) Syslog Management
All of the components in the Vblock that support syslog, are forwarding syslog messages to the VCE Vision
console. On the console, we can instruct VCE Vision to forward these messages to any other remote syslog
server. In this lab we will verify the UCS syslog settings, review syslog messages on the Vision console, and setup
a syslog server on our management stations.
1) Continue using the UCS Manager session you started in the previous lab or restart it using the instructions
found in step 1 of the previous lab
Navigate to Admin > Faults, Events and Audit Log > Syslog in the Navigation pane
In the Hostname field, you should find the IP address of the Vision Console
Open up a putty connection to the VCE Vision OS Appliance Console
On the Vision Console, execute: tail /var/log/boot.log
There should be entries from components in the Vblock here
This is the local file log.
To forward copies of the syslog streams, use configureSyslogForward
Run configureSyslogForward -a <ip addr> 3000 replacing ip addr with

the IP address of your Windows Management Host
3000 is the port - we use that in this lab environment to avoid some conflicts
On your management workstation, start the Kiwi Syslog Server Console using the icon on your desktop
Click on File > Setup
Select UDP and uncheck the Listen for UDP Syslog messages
Select TCP and select the Listen for TCP Syslog Messages
Set the port to 3000
Click OK
In the Hostname field, the IP address should be the Vision console IP address from the Labs
Login Spreadsheet
Click Save Changes if you had to change any values (and then Click OK on the pop up)
You should be receiving the syslog messages coming from your Vblock. Note that the other
teams have configured their management stations as syslog servers as well; Vision can forward
to any number of syslog servers
VCE CONFIDENTIAL
127
H) Using VCE Vision SNMP in Network Management Systems

VCE Vision delivers a converged model for the Vblock, allowing data center operations teams to monitor their
Vblocks as holistic units as opposed to just a collection of components. Since each operations team has a
different set of tools they use for network management, it is important to understand how to enable an NMS
system to do this Vblock-centric monitoring.
This is accomplished by loading the VCE Vision SNMP MIBs into the target Network Management System. For
this lab, we will use a free personal version of the NMS from iReasoning. The tool is installed on the teams
management station.
1) Obtaining the VCE MIBs
The VCE Vision MIBs are located on the System Library appliance for easy access
For any Vision-enabled Vblock, the process to obtain the MIBs involves:
Copying the zip file from the system library located in the directory
/opt/vce/fm/doc/mibs to the computer with the targeted network management
system
The MIB file is always in the format mibs-dist-YYYY-MM-DD-VERSION.zip, indicating the

version of the MIB collection by date
In the case of the lab System Library, the file is mibs-dist-2013-03-14-19-25-46.zip
Using PSFTP (Putty FTP), download the lab System Library MIBs file to the management station
Open psftp, and type open <IPADDR> where IPADDR is the VCE Vision OS Appliance Console IP
Address from the Labs Login Spreadsheet
Type cd /opt/vce/fm/doc/mibs
Type ls and note the filename
Type lcd C:\ to change the local working directory (this is where psftp will save your files)
Type mget mibs-dist* (mget allows the use of the * wildcards; you could also type get with
the full filename)
The file will now be located on your management host in the C:\ directory.
Browse into the ZIP file, and copy all of the files in the directory MIB to
C:\Program Files (x86)\ireasoning\mibbrowser\mibs
From the Start menu, select All Programs > iReasoning > MIB Browser
The process to load the VCE MIBs is to click File > Load MIBs.
It is important to load the VCE MIBs in the right order.
The iReasoning has a 10 MIB limit for this edition; first be sure there are no MIBs already loaded
by Selecting File > UnLoad MIBs - the list should be empty, if not, select all the MIBs and unload
them.
Using the following table, load each MIB into the browser, one at a time.
MIB Module
Description
ENTITY-MIB
ENTITY-STATE-TC-MIB
VCE-SMI-MIB
VCE-VBLOCK-HEALTH-MIB
Vblock System Inventory

State textual conventions shared among VCE MIBS
Top-level organization of VCE namespace
Two tables for health status, parallel to entity MIB
VCE CONFIDENTIAL
128
VCE-PORT-INTERCONNECT-MIB
VCE-VBLOCK-LOCATION-MIB
VCE-FM-AGENT-MIB
VCE-AGENT-CAPS-MIB
RFC1155-SMI
I)
Single table of port interconnect info

Vblock system location
Foundation Manager MIB
Definitions of Agent capabilities
SNMPv2 SMI MIB
Keep the iReasoning MIB Browser open for continued operations in the next lab
Testing System Library Configuration
1) Continuing using iReasoning MIB browser opened in the previous lab

2) Find the box labeled Address
Enter the IP address of the VCE Vision OS Appliance Console
Once entered, click on the Advanced button next to the Address box
In the Advanced tab enter csnpub for the community strings (READ/WRITE), and ensure that the
SNMP Version is set to 2.
In the SNMP Class tree panel on the left, under ios.org.dod.internet > mgmt > mib-2, right click on
system
Select Get Subtree
Under EntityMIB > entityMIBObjects > entityPhysical select entityPhysicalTable
Retrieve the subtree for entPhysicalTable.
This will retrieve the initial results, and begin appending it to the Results table on the
right hand panel.
This will display the physical containment hierarchy of the Vblock.
To view the logical containment, retrieve the tree under entityLogical > entLogicalTable.
End of Exercises
VCE CONFIDENTIAL
129

2014 April 14 Lab Guide Vce Vblock System Administration v0.62

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

2014 April 14 Lab Guide Vce Vblock System Administration v0.62

Загружено:

Авторское право:

Доступные форматы

VCE VBLOCK SYSTEM ADMINSTRATION

2014 VCE Company LLC. All rights reserved.

2014 VCE Company LLC. All rights reserved.

2014 VCE Company LLC. All rights reserved.

Lab Scenario: Company Profile and Business Problem Statement

2014 VCE Company LLC. All rights reserved.

1 - Health Check and Alerting

2014 VCE Company LLC. All rights reserved.

Cisco Unified Computing System Manager (UCSM)

Cisco Nexus Operating System (NX-OS)

EMC Unisphere for VNX

EMC Unisphere for VMAX

2014 VCE Company LLC. All rights reserved.

Vblock System Administration and Management Lab Diagram

2014 VCE Company LLC. All rights reserved.

Lab Use Cases for Counterfake Inc.

2014 VCE Company LLC. All rights reserved.

Table of Contents: Vblock Systems Administration and

VCE Vision Plug-in for vCenter................................................................................... 37

LAB 5. Monitoring for Component Errors or Failures .......................................................... 40

Adjusting Syslog maximum log file size (TST) ........................................................... 44

LAB 7. Trusted Multi-tenant in a Vblock System ................................................................... 48

Managing Boot Devices and Paths ........................................................................ 66

UCS Manager: Create a Service Profile from Scratch .......................................... 72

Capacity Expansion ................................................................................................................... 90

Managing CIFS ....................................................................................................... 111

Protecting Vblock System Metadata .................................................................... 114

Creating a Consistency Group ................................................................................. 118

Vblock System Assurance .................................................................................... 120

2014 VCE Company LLC. All rights reserved.

Connecting to the VDC

A) Accessing your assigned Windows Management Host.

This will disconnect your Remote Desktop Services session. Your

ii) Click OK to disconnect in this way

2014 VCE Company LLC. All rights reserved.

2014 VCE Company LLC. All rights reserved.

About this Lab

This Lab Guide is prepared in a Run Book format as a reference guide to

2014 VCE Company LLC. All rights reserved.

2014 VCE Company LLC. All rights reserved.

Capturing the Vblock System Configuration Baseline

Establish a Vblock System Configuration Baseline

A) UCS Manager GUI (TST): Capture Compute Resource Configuration

Log in using the User Name of admin and Password of emc123%%

If an Unknown Certificate warning pops up, click Accept to continue

3) View chassis details.

Identify if there any Servers that are inoperable

Expand Fabric Interconnect A

ii) Expand Fixed Module

Identify ports that are configured as Server ports

ii) Identify ports that are configured as Network ports

Expand Fixed Module

2014 VCE Company LLC. All rights reserved.

ii) Select Ethernet Ports

Identify ports that are configured as Server ports

ii) Identify ports that are configured as Network ports

Under Fixed Module select FC Ports

c) For Fabric Interconnect model number Cisco UCS 6120XP only:

Under Expansion Module 2 select FC Ports

Notice the Enabled versus Disabled ports

ii) In the Navigation pane, select the first FC Port

Under Fixed Module select FC Ports

c) For Fabric Interconnect model number Cisco UCS 6120XP only:

Under Expansion Module 2 select FC Ports