Edu en Vsos65 Lab Ie

VMware vSphere:
Optimize and Scale

Lab Manual
ESXi 6.5 and vCenter Server 6.5
VMware Education Services

VMware, Inc.
www.vmware.com/education
VMware vSphere:
Optimize and Scale
ESXi 6.5 and vCenter Server 6.5
Part Number EDU-EN-VSOS65-LAB (4/2017)
Lab Manual
Copyright 2017 VMware, Inc. All rights reserved. This manual and its accompanying materials
are protected by U.S. and international copyright and intellectual property laws. VMware products
are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a
registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.
All other marks and names mentioned herein may be trademarks of their respective companies.
The training material is provided as is, and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular purpose
or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the possibility of
such claims. This training material is designed to support an instructor-led training course and is
intended to be used for reference purposes in conjunction with the instructor-led training course.
The training material is not a standalone training tool. Use of the training material for self-study
without class attendance is not recommended.
These materials and the computer programs to which it relates are the property of, and embody
trade secrets and confidential information proprietary to, VMware, Inc., and may not be
reproduced, copied, disclosed, transferred, adapted or modified without the express written
approval of VMware, Inc.
www.vmware.com/education
C ONTENTS
Lab 1 Using vSphere Distributed Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Lab 2 Using Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Lab 3 Policy-Based Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Lab 4 Managing Datastore Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Lab 5 Working with Virtual Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Lab 6 Creating a Content Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Lab 7 Host Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Lab 8 Using vSphere Auto Deploy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Lab 9 Monitoring CPU Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Lab 10 Monitoring Memory Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Lab 11 Monitoring Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Lab 12 Monitoring Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Lab 13 Using vRealize Log Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Lab 14 Using vCenter Server High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Lab 15 Migrating Windows vCenter Server to vCenter Server Appliance . . . . . . . . . . . . . . . . . . . 115
Lab 16 Configuring Lockdown Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Lab 17 Working with Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Lab 18 Virtual Machine Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
iii
iv VMware vSphere: Optimize and Scale
Lab 1 Using vSphere Distributed
Switches
Objective: Create, configure, back up, and check a

distributed switch
In this lab, you perform the following tasks:
1. Log In to the Student Desktop

2. Verify That the vSphere Licenses Are Valid
3. Assign Valid vSphere Licenses
4. Create a Distributed Switch
5. Add ESXi Hosts to the New Distributed Switch
6. Examine Your Distributed Switch Configuration
7. Migrate the Virtual Machines to a Distributed Switch Port Group
8. Enable the Distributed Switch Health Check
9. Back Up the Distributed Switch Configuration
10. Cause Errors on the Distributed Switch
11. Monitor the Health of the Distributed Switch
12. Restore the Distributed Switch Configuration
1
Task 1: Log In to the Student Desktop
You access and log in to your student desktop system to perform all lab activities for this course.
Use the following information from the class configuration handout:
Student desktop user name
Standard lab password
1. Ask your instructor how to log in to the student desktop system in your lab environment.
For example, your instructor might have you use Remote Desktop Connection to connect to the
student desktop system.
2. Log in to the student desktop system, using your student desktop user name and the standard lab
password.
Task 2: Verify That the vSphere Licenses Are Valid

You verify that licenses for VMware vCenter Server and the VMware ESXi hosts are valid.
1. Log in to the VMware vSphere Web Client interface.
a. On the student desktop machine task bar, click the Internet Explorer shortcut.
b. From the Favorites bar, select vSphere Web Clients > SA-VCSA-01.
c. If you receive a security exception for vSphere Web Client, click the Continue to this
website (not recommended) link to open the login screen.
d. Log in with administrator@vsphere.local (the vCenter Server administrator user name) and
the standard lab password.
e. Point to the Home icon and select Home.
2. Verify that the licenses for the vCenter Server system and the ESXi hosts are valid.
a. On the Home page under Administration, click the Licensing icon.
b. In the center pane, click the Assets tab.
c. On the vCenter Server systems tab, verify that the vCenter Server system has a valid license.
d. Click the Hosts tab.
e. Verify that all ESXi hosts have valid licenses.
f. If the vCenter Server system and the ESXi hosts are not licensed or have licenses that are
expired, go to task 3.
g. If the licenses are valid, go to task 4.
2 Lab 1 Using vSphere Distributed Switches

Task 3: Assign Valid vSphere Licenses
If the vCenter Server system and ESXi hosts licenses are expired, you assign valid licenses to these
VMware vSphere components.
vCenter Server license key
vSphere Enterprise Plus license key
1. In the center pane, click the Licenses tab.
2. Click the Create New Licenses icon (green plus sign).
The New Licenses wizard appears.
3. In the License keys (one per line) text box, enter the license keys that your instructor gave you
(one per line) and click Next.
4. On the Edit license names page, enter the new license names vCenter Server and
Enterprise Plus in the License Name text boxes and click Next.
5. On the Ready to complete page, click Finish.
6. Assign a vCenter Server license key to the vCenter Server instance.
a. In the center pane, click the Assets tab.
b. Click the vCenter Server systems tab and click the Assign License icon.
c. In the Assign License dialog box, select the vCenter Server license key.
d. Click OK.
7. Assign the vSphere Enterprise Plus license key to the ESXi hosts.
a. In the center pane, click the Hosts tab.
b. Select all hosts by clicking the first host, holding the Shift key, and selecting the last host.
c. Click the Assign License icon.
d. In the Assign License dialog box, select the vSphere Enterprise Plus license key.
e. Click OK.
Lab 1 Using vSphere Distributed Switches 3

8. Reconnect the ESXi hosts.
a. Point to the Home icon and select Hosts and Clusters.
b. In the Navigation pane, expand SA Datacenter and select SA Management.
c. In the center pane, click the Hosts tab.
The three ESXi hosts have a status of Disconnected.
d. Select all three hosts by clicking the first host, holding the Shift key, and selecting the last host.
e. Right-click the host selection and select Connection > Connect.
f. Verify that all three ESXi hosts have a status of Connected.
Task 4: Create a Distributed Switch

You create a distributed switch that functions as a single virtual switch across all associated hosts in
your vSphere environment.
1. In vSphere Web Client, point to the Home icon and select Networking.
2. In the left pane, expand the inventory until you see SA Datacenter.
3. Right-click SA Datacenter and select Distributed Switch > New Distributed Switch.
4. On the Name and location page, enter dvs-Lab in the Name text box and click Next.
5. On the Select version page, leave Distributed switch: 6.5.0 selected and click Next.
6. On the Edit settings page, enter pg-SA Production in the Port group name text box, keep
all other defaults, and click Next.
7. On the Ready to complete page, review the configuration settings and click Finish.
The dvs-Lab distributed switch is listed in the left pane, also called the Navigator pane.
8. Configure the pg-SA Production port group to use only Uplink 2.
a. In the left pane, expand dvs-Lab and right-click pg-SA Production.
b. Select Edit Settings.
c. In the Edit Settings window, select Teaming and failover on the left.
d. Select Uplink 1 and click the down arrow until the uplink appears under Unused uplinks.
e. Select Uplink 3 and click the down arrow to move it to the Unused uplinks section.

f. Select Uplink 4 and move it to the Unused uplinks section.
g. Click OK.
Task 5: Add ESXi Hosts to the New Distributed Switch

You add ESXi hosts and physical adapters to the distributed switch.
1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Add and Manage
Hosts.
2. On the Select task page, leave Add hosts clicked and click Next.
3. On the Select hosts page, click New Hosts (the green plus sign).
4. Select sa-esxi-01.vclass.local and sa-esxi-02.vclass.local and click OK.
Do not select sa-esxi-03.vclass.local.
5. Click Next.
6. On the Select network adapter tasks page, deselect the Manage VMkernel adapters check box
and leave the Manage physical adapters check box selected.
7. Click Next.

8. On the Manage physical network adapters page, assign vmnic2 to Uplink 2 on sa-esxi-
01.vclass.local and sa-esxi-02.vclass.local.
a. Under sa-esxi-01.vclass.local, select vmnic2 and click Assign uplink.
b. Select Uplink 2 and click OK.

c. Under sa-esxi-02.vclass.local, select vmnic2 and click Assign uplink.
d. Select Uplink 2 and click OK.
e. Click Next.
9. On the Analyze impact page, verify that the status is No impact for both ESXi hosts and click Next.
10. On the Ready to complete page, review your settings and click Finish.
Task 6: Examine Your Distributed Switch Configuration

You examine the configuration of the distributed switch uplink, which is bound to the associated
physical interfaces on the ESXi hosts. You also examine other distributed switch features, including
the maximum transmission unit (MTU) value, VLAN capabilities, LACP aggregation groups,
NetFlow, and VMware vSphere Network I/O Control.
1. In the Navigator pane, select the dvs-Lab distributed switch.
2. In the center pane, click the Configure tab and select Topology on the left.

3. In the distributed switch topology diagram, click the arrow next to Uplink 2 to expand the view.
4. Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2.
5. In the center pane, click Properties on the left and verify the settings.
Network I/O Control is enabled.
Number of uplinks is 4.
The MTU size is 1500 bytes.
The Cisco Discovery Protocol is implemented.
6. Click each additional configuration link on the left and verify the settings.
LACP LAG is not defined.
Private VLAN is not defined.
NetFlow collector is not defined.
Port mirroring is not configured.
Health check is not enabled.
7. In the Navigator pane, select the pg-SA Production port group.
8. Click the Configure tab and select Properties on the left.
9. Verify the distributed port group settings.
Port binding is set to static binding.
Port allocation is set to elastic.
The number of ports is eight.

Task 7: Migrate the Virtual Machines to a Distributed Switch Port Group
You move the virtual machines from the pg-SA Management port group on the dvs-SA Datacenter
distributed switch to the pg-SA Production port group on the dvs-Lab distributed switch.
1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs to
Another Network.
The Migrate VMs to Another Network wizard appears.
2. Migrate the virtual machines from pg-SA Management on the dvs-SA Datacenter distributed
switch to the pg-SA Production network on the dvs-Lab distributed switch.
a. On the Select source and destination networks page, leave Specific network clicked for the
Source network and click Browse.
b. Select pg-SA Management and click OK.
c. For the Destination network, click Browse.
d. Select pg-SA Production and click OK.
e. Click Next.
f. On the Select virtual machines to migrate page, select the All virtual machines check box.
A warning message states that the destination network is inaccessible for one or more
virtual machines and that these virtual machines are not selected for migration.
g. Click OK.
The LAB-VCS-01 virtual machine is dimmed. You cannot migrate this virtual machine,
because it is hosted on the sa-esxi-03.vclass.local host, which is inaccessible to the pg-SA-
Production port group.
h. Click Next.
3. On the Ready to complete page, review the settings and click Finish.

4. Verify your distributed switch configuration.
a. In the Navigator pane, select dvs-Lab and click the Hosts tab in the center pane.
b. Verify that sa-esxi-01.vclass.local and sa-esxi-02.vclass.local are connected to the
distributed switch.
The state of the ESXi hosts should be Connected.
c. Click the VMs tab and verify that your virtual machines are listed.
If the virtual machines are listed, then they reside on the new distributed switch.
d. Click the Ports tab and verify that pg-SA Production is listed in the Port Group column and
that an uplink port group is created for the distributed switch.
You can expand the Port Group column so that you can view the full name of the uplink
port group.
5. In vSphere Web Client, point to the Home icon and select Hosts and Clusters.
6. Power on Linux01 and log in to its console.
a. In the Navigator pane, expand SA Datacenter and expand the SA Management cluster.
b. Right-click Linux01 and select Power > Power On.
c. Right-click Linux01 and select Open Console.
d. If you receive a security exception, click the Continue to this website (not
recommended) link to continue.
Wait for the virtual machine to finish booting.
e. Log in as user root and use the standard lab password.
7. Verify that the virtual machine has full network connectivity.
a. At the command prompt, ping 172.20.10.10 (the domain controllers IP address) to verify
the virtual machines network connectivity.
ping 172.20.10.10
The ping command should be successful.
b. If the ping command is successful, press Ctrl+C to end the ping command.
c. If the ping command is not successful, enter the service network restart command
to ensure that your virtual machine has a valid DHCP-assigned IP address.
d. Try the ping command again.
e. If the ping command is successful, press Ctrl+C to end the ping command.
8. Close the Linux01 virtual machine console tab.

Task 8: Enable the Distributed Switch Health Check
You enable the health check service on the dvs-Lab distributed switch.
1. In vSphere Web Client, point to the Home icon and select Networking.
3. In the center pane, click the Configure tab and select Health check on the left.
4. Click Edit.
5. Set VLAN and MTU to Enabled.
6. Set Teaming and failover to Enabled.
7. Click OK.
Task 9: Back Up the Distributed Switch Configuration

You save a backup of the dvs-Lab distributed switch configuration.
1. In the Navigator pane, right-click the dvs-Lab distributed switch.
2. Select Settings > Export Configuration.
3. In the Export Configuration dialog box, leave Distributed switch and all port groups clicked
and click OK.
4. When prompted, click Yes to save the exported configuration.
5. Save the distributed switch configuration to the desktop of the student desktop machine, using
the default backup.zip filename.
Task 10: Cause Errors on the Distributed Switch

You purposely cause errors by configuring an invalid VLAN ID on the pg-SA Production port group
and setting the MTU value to 9000 on the dvs-Lab distributed switch. These misconfigurations are
reported by the distributed switch health check service.
IMPORTANT
Use only the dvs-Lab distributed switch for this task. Do not try to cause errors on the dvs-SA
Datacenter distributed switch.

1. Configure an invalid VLAN ID on the distributed port group.
a. In the Navigator pane, right-click pg-SA Production and select Edit Settings.
b. In the Edit Settings window, click VLAN on the left.
c. From the VLAN type list, select VLAN.
d. In the VLAN ID box, enter 37.
VLAN ID 37 is not a valid VLAN ID because the physical switch is not configured for
VLAN 37. An invalid VLAN ID causes an error after you save the configuration.
e. Click OK.
2. Misconfigure the distributed switch by setting the MTU value to 9000.
a. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Edit
Settings.
b. In the Edit Settings dialog box, select Advanced on the left.
c. In the MTU (Bytes) box, change the value to 9000.
This setting causes an error after you save the configuration because jumbo frames are not
configured in your environment.
d. Click OK.
Task 11: Monitor the Health of the Distributed Switch

You check the health of the dvs-Lab distributed switch.
2. In the center pane, click the Monitor tab and click Health.
3. Select the first ESXi host in the list.
4. View the VLAN tab at the bottom of the page.
The VLAN configuration status might take a few minutes to update.
5. Wait for the VLAN configuration status to change to Not Supported.
You might need to click the Refresh icon a few times in the vSphere Web Client interface to
update the status.
6. Click the MTU tab at the bottom of the page.
The MTU configuration status might take a few minutes to update. Until then, the configuration
status is Unknown.
7. Wait for the MTU configuration status to change to Not Supported.
You might need to click the Refresh icon a few times in the vSphere Web Client interface to
update the status.

Task 12: Restore the Distributed Switch Configuration
You restore the dvs-Lab distributed switch configuration to reset any configuration change made
since the configuration was saved.
1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Restore
Configuration.
The Restore Configuration wizard appears.
2. On the Restore switch configuration page, click Browse, select the backup.zip file, and click
Open.
3. Leave Restore distributed switch and all port groups clicked and click Next.
5. If you lose connection to vSphere Web Client, restart the Internet Explorer browser.
6. After the switch configuration is restored, verify the configuration.
NOTE
If the switch configuration did not restore properly, repeat steps 1 through 4.
a. View the Health panel and verify that the overall health of the dvs-Lab distributed switch is
back to normal.
You might need to click the Refresh icon in the vSphere Web Client interface to update
the status.
b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is
configured.
c. View the advanced settings of the dvs-Lab distributed switch and verify that the MTU
value is 1500.
7. Point to the Home icon and select Home.

Lab 2 Using Port Mirroring
Objective: Configure port mirroring and capture network

traffic on a distributed switch
1. Prepare to Capture Mirrored Network Traffic

2. Configure Port Mirroring on the Distributed Switch
3. Verify That Port Mirroring Is Capturing Traffic
Task 1: Prepare to Capture Mirrored Network Traffic

You use the Linux01 virtual machine to capture and monitor mirrored traffic.
1. If you are logged out of vSphere Web Client, log back in.
a. Open a new tab in Internet Explorer.
b. From the Favorites bar, select vSphere Web Clients > SA-VCSA-01.
c. Log in with administrator@vsphere.local (the vCenter Server administrator user name) and
3. In the left pane, expand SA Datacenter and expand the SA Management cluster.
4. In the left pane, log in to the Linux01 virtual machine console.
a. Right-click Linux01 and select Open Console.
b. If prompted, click the Continue to this website (not recommended) link to continue.
You should be logged in to Linux01 as root.
c. If you are not logged in, then log in as user root with the standard lab password.
13
5. In the Linux01 console, monitor ICMP network traffic.
tcpdump -nn icmp
6. Monitor the command output for a few seconds and verify that ICMP traffic is not being
captured.
tcpdump output remains silent until ICMP traffic is detected on the network.
7. Leave the console window open, with the tcpdump command running uninterrupted.
8. In the Internet Explorer window, click the vSphere Web Client tab.
9. Power on the Linux02 virtual machine and log in to its console.
a. In the left pane, right-click Linux02 and select Power > Power On.
b. Right-click Linux02 and select Open Console.
c. If prompted, click the Continue to this website (not recommended) link to continue.
Wait for the virtual machine to finish booting.
d. Log in as user root and use the standard lab password.
The Linux02 virtual machine is used as the traffic source to be monitored.
10. At the Linux02 command prompt, ping 172.20.10.10 (the default router IP address).
ping 172.20.10.10
11. If the ping command does not work, enter service network restart and repeat step 10.
12. After the ping command begins working, click the Linux01 console tab.
13. In the Linux01 console window, verify that the running tcpdump command output remains
silent and has not captured any ICMP traffic.
Task 2: Configure Port Mirroring on the Distributed Switch

You configure port mirroring so that the port connected to the Linux02 machine is the mirror source
and the port connected to the Linux01 machine is the mirror destination. All the traffic present on
the Linux02 port is forwarded to the Linux01 port for examination.
2. Point to the Home icon and select Networking.
14 Lab 2 Using Port Mirroring

4. In the center pane, click the Configure tab and select Port mirroring on the left.
5. In the Port mirroring panel, click the New icon.
The Add Port Mirroring Session wizard appears.
6. On the Select session type page, leave Distributed Port Mirroring clicked and click Next.
When you select this session type, distributed ports can only be local. If the source and
destination ports are on different hosts, port mirroring between them does not work. The
Linux01 and Linux02 virtual machines both reside on sa-esxi-01.vclass.local.
7. On the Edit properties page, configure the port mirroring session.
a. Select Enabled from the Status drop-down menu.
b. Select Allowed from the Normal I/O on destination ports drop-down menu.
c. Keep the rest of the defaults and click Next.
8. On the Select sources page, configure the port mirroring source.
a. Click the Select distributed ports icon.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of
Linux02 and click OK.
c. Click Next.
9. On the Select destinations page, configure the port mirroring destination.
a. Click the Select distributed ports icon.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of
Linux01 and click OK.
c. Click Next.
Lab 2 Using Port Mirroring 15

Task 3: Verify That Port Mirroring Is Capturing Traffic
With mirroring between ports configured, you view the tcpdump command output and verify that
any ICMP traffic appearing on the Linux02 port is duplicated on the Linux01 port.
1. In the Internet Explorer window, click the Linux02 console tab.
2. Verify that the ping command is still reaching the default router IP address.
3. Click the Linux01 console tab.
4. In the Linux01 console, examine the tcpdump output in the terminal window.
The output looks similar to the screenshot.
5. Record the local address that appears in the captured traffic. __________
The local address begins with 172.20.11.
6. In the Linux01 console window, press Ctrl+C to stop the tcpdump command.
8. In the Linux02 console window, press Ctrl+C to stop the ping command.
9. At the Linux02 command prompt, examine the IP configuration.
ifconfig
10. Using the command output, verify that the Linux02 IP address matches the address that you
recorded in step 5.
11. Close the Linux01 and Linux02 console tabs.
12. Shut down Linux01 and Linux02.
b. In the left pane, right-click Linux01 and select Power > Shut Down Guest OS.
c. In the pop-up window, click Yes to confirm the shutdown operation.
d. Repeat steps b and c to shut down Linux02.
16 Lab 2 Using Port Mirroring

Lab 3 Policy-Based Storage
Objective: Use policy-based storage to create tiered

storage
1. Add Datastores for Use by Policy-Based Storage

2. Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore
3. Configure Storage Tags
4. Create Virtual Machine Storage Policies
5. Assign Storage Policies to Virtual Machines
Task 1: Add Datastores for Use by Policy-Based Storage

You create two small datastores for use by your vCenter Server instance as simple tiered storage.
Each datastore is approximately 8 GB in size.
2. Point to the Home icon and select Storage.
3. Create a datastore named Gold.
a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore.
The New Datastore wizard appears.
b. On the Location page, click Next.
c. On the Type page, leave VMFS clicked and click Next.
d. On the Name and device selection page, enter Gold in the Datastore name text box.
e. In the Select a host to view its accessible disks/LUNs list, select sa-esxi-02.vclass.local.
17
f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI
device.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. If iSCSI devices are not present, ask the instructor for instructions on how to add them.
h. Click Next.
i. On the VMFS version page, leave VMFS 6 clicked and click Next.
j. On the Partition configuration page, keep the defaults and click Next.
k. On the Ready to complete page, review the settings and click Finish.
l. Verify that the Gold datastore appears in the Navigator pane.
4. Create a datastore named Silver.
a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore.
c. On the Type page, leave VMFS clicked and click Next.
d. On the Name and device selection page, enter Silver in the Datastore name text box.
e. In the Select a host to view its accessible disks/LUNs list, select sa-esxi-02.vclass.local.
f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI
device and click Next.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. On the VMFS version page, leave VMFS 6 clicked and click Next.
h. On the Partition configuration page, keep the defaults and click Next.
i. On the Ready to complete page, review the settings and click Finish.
j. Verify that the Silver datastore appears in the Navigator pane.
18 Lab 3 Policy-Based Storage

Task 2: Use vSphere Storage vMotion to Migrate a Virtual Machine to
the Gold Datastore
Use VMware vSphere Storage vMotion to migrate the VM01 virtual machine to the Gold
datastore.
1. Power on VM01.
b. Right-click VM01 and select Power > Power On.
c. When VM01 is powered on, go to the next step.
2. In the Navigator pane, right-click VM01 and select Migrate.
The Migrate wizard appears.
3. On the Select the migration type page, click Change storage only and click Next.
4. On the Select storage page, select the Gold datastore, leave all other settings at their default
values, and click Next.
6. In the Recent Tasks pane, monitor the migration task to completion.
7. Verify that the migration was successful.
You might have to refresh vSphere Web Client to see that the migration has completed.
a. In the left pane, select VM01.
b. In the center pane, click the Datastores tab and verify that the Gold datastore is listed.
Task 3: Configure Storage Tags

You create the tags necessary to implement simple tiering. The Storage Tiers tag category contains
the Gold and Silver identifier tags associated with individual datastores.
1. Point to the Home icon and select Tags & Custom Attributes from the list.
2. In the center pane, click the Tags tab.
Lab 3 Policy-Based Storage 19

3. Configure a new tag category and the Gold Tier identifier tag.
a. In the Tags panel, click the New tag icon.
b. From the Category drop-down menu, select New Category.

The dialog box expands to include both tag and category configuration options.
Categories can be created only as part of the identifier tag creation process.
c. In the Name text box, enter Gold Tier.
d. In the Category Name text box, enter Storage Tiers.
e. Keep the default values for the remaining settings and click OK.
4. Create a Silver Tier identifier tag.
a. In the center pane, click the New Tag icon.
b. In the Name text box, enter Silver Tier.
c. Select Storage Tiers from the Category drop-down menu and click OK.
5. Assign the Gold Tier tag to the Gold datastore.
a. Point to the Home icon and select Storage.
b. In the left pane, right-click the Gold datastore and select Tags & Custom Attributes >
Assign Tag.
c. Select the Gold Tier tag and click Assign.
d. In the left pane, select the Gold datastore.
e. In the center pane, click the Summary tab.
f. In the Tags panel, verify that the Gold Tier tag is associated with the Gold datastore.

6. Assign the Silver Tier tag to the Silver datastore.
a. Right-click the Silver datastore and select Tags & Custom Attributes > Assign Tag.
b. Select the Silver Tier tag and click Assign.
c. In the left pane, select the Silver datastore.
d. In the center pane, click the Summary tab.
e. In the Tags panel, verify that the Silver Tier tag is associated with the Silver datastore.
Task 4: Create Virtual Machine Storage Policies

You assign storage policies to virtual machines and specify the configuration settings to be enforced.
1. Point to the Home icon and select Policies and Profiles.
2. In the left pane, click VM Storage Policies.
3. Create a Gold Tier storage policy.
a. In the VM Storage Policies panel, click the Create VM Storage Policy icon.
The Create New VM Storage Policy wizard appears.

b. On the Name and description page, enter Gold Tier Policy in the Name text box and
click Next.
c. On the Policy structure page, review the information and click Next.
d. On the Common rules for data services provided by hosts page, click Next.
e. On the Rule-set 1 page, select Tags from category from the <Add rule> list.
f. From the Tags from category <Select category> drop-down menu, select Storage Tiers.
g. Click Add tags, select the Gold Tier check box, and click OK.
h. Click Next.
i. On the Storage compatibility page, verify that the Gold datastore is listed under Compatible
storage and click Next.
j. On the Ready to complete page, click Finish.
4. Repeat step 3 to create a Silver Tier policy, using the Silver Tier tag.

Task 5: Assign Storage Policies to Virtual Machines
You assign the Gold and Silver storage policies to individual virtual machines and mitigate
compliance issues.
1. Power off VM01.
A storage policy can be assigned to a virtual machine while the virtual machine is either
powered on or powered off.
b. Right-click VM01 and select Power > Power Off.
c. Click Yes to confirm the power-off operation.
2. Apply the Gold Tier storage policy to the VM01 virtual machine.
a. In the left pane, right-click VM01 and select VM Policies > Edit VM Storage Policies.
b. In the Edit VM Storage Policies dialog box, select Gold Tier Policy from the VM storage
policy drop-down menu and click Apply to all.
c. In the list, verify that the Gold Tier policy is assigned to VM home and Hard disk 1 and
click OK.
d. In the left pane, select VM01.
f. In the VM Storage Policies panel, verify that Gold Tier Policy appears and that VM01 is
compliant.
The VM01 virtual machine is compliant because it was already moved to a policy-
appropriate datastore.

3. Apply the Silver Tier storage policy to the VM02 virtual machine.
a. In the left pane, right-click VM02 and select VM Policies > Edit VM Storage Policies.
b. In the Edit VM Storage Policies dialog box, select Silver Tier Policy from the VM storage
policy drop-down menu and click Apply to all.
c. In the list, verify that the Silver Tier policy is assigned to VM home and Hard disk 1 and
click OK.
d. In the left pane, select VM02.
f. In the VM Storage Policies panel, click the Check Compliance link.
g. Verify that Silver Tier Policy appears and that VM02 is not compliant.
The VM02 virtual machine is noncompliant because its virtual disk is stored on a datastore
that is not tagged as a part of the assigned policy.
4. Remediate the compliance issue for VM02.

a. In the left pane, right-click VM02 and select Migrate.
b. On the Select the migration type page, click Change storage only and click Next.
c. On the Select storage page, select the Silver datastore in the datastore list and click Next.
With a virtual machine storage policy assigned to the VM02 virtual machine, datastores are
listed as either Compatible or Incompatible.
d. On the Ready to complete page, review the migration details and click Finish.
e. In the Recent Tasks pane, monitor the migration task to completion.
The migration must complete successfully.
5. Verify that VM02 is reported as compliant.
a. In the center pane, click the Check Compliance link in the VM Storage Policies panel.
b. Verify that the status changes to Compliant.

Lab 4 Managing Datastore Clusters
Objective: Create a datastore cluster and work with

vSphere Storage DRS
1. Create a Datastore Cluster with vSphere Storage DRS Enabled

2. Evacuate a Datastore Using Datastore Maintenance Mode
3. Run vSphere Storage DRS and Apply Migration Recommendations
4. Clean Up for the Next Lab
Task 1: Create a Datastore Cluster with vSphere Storage DRS Enabled

You create a datastore cluster that is enabled for VMware vSphere Storage DRS. The Gold and
Silver datastores are reused as members of the cluster.
3. In the left pane, right-click SA Datacenter and select Storage > New Datastore Cluster.
The New Datastore Cluster wizard appears.
4. On the Name and location page, name the datastore cluster and enable vSphere Storage DRS.
a. In the Datastore cluster name text box, enter Cluster-DRS.
b. Leave the Turn ON Storage DRS check box selected and click Next.
25
5. On the Storage DRS Automation page, view the automation settings.
a. Leave No Automation (Manual Mode) selected.
b. Keep the rest of the defaults and click Next.
6. On the Storage DRS Runtime Settings page, keep the defaults and click Next.
7. On the Select Clusters and Hosts page, select the SA Management check box on the Filter tab
and click Next.
8. On the Select Datastores page, select the datastores for the datastore cluster.
a. Select Show all datastores from the drop-down menu.
b. Select the Gold and Silver check boxes and click Next.
9. On the Ready to Complete page, review the configuration summary and click Finish.
In a production environment, the best practice is to select datastores that are connected to all
hosts in the cluster and to group them by storage capabilities.
10. In the left pane, expand Cluster-DRS and verify that the Gold and Silver datastores appear.
11. View information about the Gold datastore.

a. In the left pane, select the Gold datastore.
b. In the center pane, click the VMs tab.
c. Verify that the datastore contains only one virtual machine.
12. View information about the Silver datastore.
a. In the left pane, select the Silver datastore.
b. In the center pane, click the VMs tab.
c. Verify that the datastore contains only one virtual machine.
26 Lab 4 Managing Datastore Clusters

13. View information about the datastore cluster.
a. In the left pane, select Cluster-DRS.
b. In the center pane, click the Configure tab and click Storage DRS on the left.
c. In the vSphere Storage DRS panel, expand each item and verify the settings.
Cluster automation level is set to No Automation (Manual Mode).
Space threshold is 80 percent.
I/O metrics for vSphere Storage DRS recommendations are enabled.
Imbalances are checked every 8 hours.
Minimum space utilization difference is 5 percent.
Task 2: Evacuate a Datastore Using Datastore Maintenance Mode

You place a datastore in maintenance mode to demonstrate the capabilities of vSphere Storage DRS.
1. Put the Silver datastore in maintenance mode.
a. In the left pane, right-click the Silver datastore.
b. Select Maintenance Mode > Enter Maintenance Mode.
c. In the SDRS Maintenance Mode Migration Recommendations dialog box, read the
provided recommendation description.
d. Click Apply Recommendations.
e. If prompted to apply recommendations despite warnings, click Yes.
The VM02 virtual machine is migrated to the Gold datastore.
f. In the Recent Tasks pane, monitor the migration task to completion.
2. In the left pane, verify that the Silver datastore is in maintenance mode.
3. Click the Refresh icon in the vSphere Web Client interface.
Lab 4 Managing Datastore Clusters 27

4. View information about the Silver and Gold datastores.
a. Select the Silver datastore.
b. In the Details panel of the Summary tab, verify that zero virtual machines are stored on the
Silver datastore.
c. Select the Gold datastore.
d. In the Details panel of the Summary tab, verify that two virtual machines are stored on the
Gold datastore.
5. Take the Silver datastore out of maintenance mode.
a. Right-click the Silver datastore and select Maintenance Mode> Exit Maintenance Mode.
b. Verify that the Silver datastore icon no longer indicates maintenance mode.
6. Point to the Home icon and select Hosts and Clusters.
7. Power on the VM01 and VM02 virtual machines.
Task 3: Run vSphere Storage DRS and Apply Migration

Recommendations
You configure vSphere Storage DRS to maintain a balance in usage across all datastores in a cluster.
The cluster imbalance is mitigated by using vSphere Storage DRS recommendations.
2. In the left pane, select Cluster-DRS.
3. In the center pane, click the Configure tab and select Storage DRS on the left.
4. Configure vSphere Storage DRS so that recommendations are reported.
a. In the vSphere Storage DRS panel, click Edit.
b. In the Edit Storage DRS Settings dialog box, expand the Storage DRS Automation
section.
c. Next to Space Threshold, drag the Utilized Space slider to the far left to set the threshold
to 50 percent.
The imbalance between the Gold and Silver datastore utilization is detected at a 50 percent
space threshold trigger.
d. Click OK.

5. Run vSphere Storage DRS and review recommendations.
a. In the center pane, click the Monitor tab and click Storage DRS.
b. Select Recommendations on the left and click Run Storage DRS Now.
A vSphere Storage DRS recommendation appears in the recommendation list.
c. Review the recommendation and reason.
vSphere Storage DRS recommends the migration of the VM02 Hard disk 1.
6. Examine the vSphere Storage DRS recommendation alarm.
a. In the center pane, click the Summary tab and find the yellow vSphere Storage DRS
recommendation alarm.
The administrator can reset the recommendation alarm manually. The vSphere Storage
DRS recommendation alarm is reset when the recommendation is applied.
7. Apply the vSphere Storage DRS recommendation.
a. In the center pane, click the Monitor tab.
b. In the bottom-right corner of the Storage DRS Recommendations panel, click Apply
Recommendations.
c. In the Recent Tasks pane, monitor the migration task to completion.
8. In the center pane, click the Summary tab and verify that no alarms appear.
9. Review vSphere Storage DRS history.
The Storage DRS panel should appear.
b. Below the Recommendations link, click the History link.
c. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from
Gold to Silver.
d. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from
Silver to Gold.
This migration occurred when the Silver datastore was placed in maintenance mode.
Lab 4 Managing Datastore Clusters 29

Task 4: Clean Up for the Next Lab
You remove the vSphere Storage DRS cluster to prepare for the next lab.
2. Power off the VM01 and VM02 virtual machines.
3. Delete the vSphere Storage DRS cluster.
b. In the left pane, right-click Cluster-DRS and select Delete.
c. When prompted, click Yes to delete the datastore cluster.
d. After the cluster is deleted, verify that the Gold and Silver datastores appear in the left
pane, directly under the data center.

Lab 5 Working with Virtual Volumes
Objective: Configure NFS- and iSCSI-backed virtual

volumes
1. Register the Storage Provider

2. Create a NAS-Backed Virtual Volume Datastore
3. Create an iSCSI-Backed Virtual Volume Datastore
Task 1: Register the Storage Provider

You register the storage provider, and you confirm its URL and version. You also view the storage
systems that are made available by the storage provider.
2. At the top of the left pane, select sa-vcsa-01.vclass.local (your VMware vCenter Server
Appliance instance).
3. In the center pane, click the Configure tab and select Storage Providers on the left side.
4. In the center pane, click the Register a new storage provider icon.
31
5. In the New Storage Provider dialog box, configure the VASA storage provider.
Option Action
Name Enter VASASource.
URL Enter https://172.20.10.97:8443/vasa/version.xml.
User name Enter username.
Password Enter password.
6. Click OK.
7. Click Yes to acknowledge and accept the self-signed certificate warning.
8. Validate that the VASASource storage provider appears in the Storage Providers list.
Q1. In the storage providers window, what is the storage provider URL for VASASource?
1. http://172.20.10.97:8443/vasa/version.xml.
Q2. Which version of vSphere API for Storage Awareness appears in the VASA API
Version column?
2. Version 3.0.
Q3. Which types of storage systems are listed for this storage provider?
3. xVP SCSI Array and xVP NFS Array.
Task 2: Create a NAS-Backed Virtual Volume Datastore

You mount a virtual volume datastore by using an NFS protocol endpoint.
1. Create a virtual volume datastore by using the NFS container.
b. In the left pane, right-click sa-esxi-01.vclass.local and select Storage > New Datastore.
c. On the Type page, click VVol and click Next.
d. On the Name and container selection page, enter SA-NAS-VVol in the Datastore name
text box.
e. From the Backing Storage Container list, select SA-NFS-vVol and click Next.
f. On the Ready to complete page, click Finish.
32 Lab 5 Working with Virtual Volumes

2. Validate the new datastore by creating a folder in it.
b. In the left pane, select the SA-NAS-VVol datastore.
c. In the center pane, click the Files tab.
d. In the center pane, click the Create a new folder icon.
e. In the Create a new folder window, enter SA-NAS in the Enter a name for the new folder
text box and click Create.
The creation of the folder validates that the datastore is available.
Task 3: Create an iSCSI-Backed Virtual Volume Datastore

You create a virtual volume datastore that is backed by an iSCSI protocol endpoint.
1. Create a virtual volume datastore that uses the iSCSI storage container.
a. In the left pane, right-click SA Datacenter and select Storage > New Datastore.
c. On the Type page, click VVol and click Next.
d. On the Name and container selection page, enter SA-iSCSI-VVol in the Datastore name
text box.
e. In the Backing Storage Container list, select SA-iSCSI-vVol and click Next.
f. On the Select hosts accessibility page, select the sa-esxi-01.vclass.local check box and
click Next.
g. On the Ready to complete page, click Finish.
2. In the Recent Tasks pane, monitor the Create Virtual Volume datastore task to completion.
3. After the task completes, click the Refresh icon in vSphere Web Client.
Lab 5 Working with Virtual Volumes 33

4. In the left pane, verify that SA-iSCSI-VVol appears in the list.
After a short while, the datastore is marked as inactive.
Q1. Why is the virtual volume datastore that is backed by the iSCSI container marked as
inactive?
1. The datastore is inactive because the storage provider must also be configured as a target of
the software iSCSI adapter.
5. Create a folder on the datastore and validate that the folder is not available.
a. In the left pane, select the SA-iSCSI-VVol datastore.
b. In the center pane, click the Files tab.
c. In the center pane, click the Create a new folder icon.
d. In the Create a new folder window, enter SA-iSCSI in the Enter a name for the new
folder text box and click Create.
The folder creation fails, validating that the datastore is not accessible.
e. Close the folder creation failure alert.
6. Add the Storage Provider as a target to the hosts iSCSI storage adapter.
b. In the left pane, select sa-esxi-01.vclass.local.
c. In the center pane, click the Configure tab and select Storage Adapters on the left.
d. Scroll through the Storage Adapters list until the iSCSI software adapter is visible.
e. Select vmhba##, the iSCSI software adapter.
f. In the Adapter Details panel, click the Paths tab.
g. Scroll through the list.
Several paths appear in the list.
h. Click the Targets tab and click Add.
i. In the Add Send Target Server window, enter 172.20.10.97 in the iSCSI Server text box.
172.20.10.97 is the IP address of the VASA storage provider.
j. Click OK.

k. In the center pane, click the Rescan all storage adapters icon.
l. In the Rescan Storage window, click OK.

m. In the Adapter Details panel, click the Paths tab.
n. Verify that LUN 260 appears in the list.
LUN 260 is the LUN on which the SA-iSCSI-VVol datastore is located.
8. In the left pane, verify that the SA-iSCSI-VVol datastore is not inactive.
9. If the datastore appears as inactive, click the Refresh icon in vSphere Web Client.
10. Verify that the datastore is accessible.
a. In the left pane, select the SA-iSCSI-VVol datastore.
b. In the center pane, click the Create a new folder icon on the Files page.
c. In the Create a new folder window, enter SA-iSCSI in the text box and click Create.
The creation of the folder validates that the datastore is available.
Lab 5 Working with Virtual Volumes 35

Lab 6 Creating a Content Library
Objective: Create a multisite content library

1. Create a Content Library

2. Upload Data to the New Content Library
3. Create a Subscriber Content Library
4. Clone a Template to the Source Library
5. Synchronize the Content Libraries
6. Deploy a Virtual Machine from the Library
Task 1: Create a Content Library

You configure a local content library that you publish externally for other content libraries to
subscribe to.
1. In vSphere Web Client, point to the Home icon and select Content Libraries.
2. In the center pane, click the Objects tab and click the Create a new content library icon.
37
3. On the Name and location page, name the content library and verify the vCenter Server
location.
a. In the Name text box, enter SA-Source.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected and
click Next.
4. On the Configure content library page, configure a local content library.
a. Leave Local content library selected.
b. Select the Publish externally check box.
c. Select the Enable authentication check box.
d. In the Password and Confirm password text boxes, enter the standard lab password.
e. Click Next.
5. On the Add storage page, select the datastore to use for the content library.
a. Click Select a datastore.
b. Click SA-Source and click Next.
7. Verify that the content library appears in the list.
Task 2: Upload Data to the New Content Library

You upload an Open Virtualization Format (OVF) file from your student desktop to the new content
library.
1. In the center pane, right-click the SA-Source library and select Import Item.
2. In the Import Library Item window, click Local file and click Browse.
3. In the Choose File to Upload window, click the Desktop icon on the left bar.
4. Double-click the Class Materials and Licenses folder and double-click the Downloads folder.
5. In the Downloads folder, double-click the SampleVM folder.
6. Double-click SampleVM.ovf.
7. In the Select referenced files window, click Browse.
8. Select the SampleVM-1.vmdk file, click Open, and click OK.
9. Click OK.
10. View the Recent Tasks pane to monitor the task to completion.
38 Lab 6 Creating a Content Library

11. After the task is complete, click the name of the content library in the center pane to open the
content library.
12. In the left pane, click the Templates link.
The uploaded SampleVM template is listed in the left pane.
Task 3: Create a Subscriber Content Library

You configure a content library that is subscribed to the first library.
1. At the top of the left pane, click the navigation back arrow until the Content Libraries center
pane appears.
2. Copy to the clipboard the link to the local content library.
a. In the center pane, click the SA-Source link.
b. In the center pane, click the Summary tab and scroll down until the Publication panel
appears.
c. In the Publication panel, click Copy Link.
3. Point to the Home icon and select Content Libraries.
4. In the center pane, click Create a new content library.
The New Content Library wizard appears.
5. On the Name and location page, name the content library and verify the vCenter Server
location.
a. In the Name text box, enter SA-Subscriber.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected.
c. Click Next.
6. On the Configure content library page, configure a subscribed content library.
a. Click Subscribed content library.
b. Click the Subscription URL text box and press Ctrl+V.
The subscription URL is pasted into the text box. If Ctrl+V does not work, you must enter
the URL manually.
c. Select the Enable Authentication check box.
d. In the Password text box, enter the standard lab password.
e. Click Download library content only when needed.
f. Click Next.
Lab 6 Creating a Content Library 39

7. On the Add storage page, select the SA-Subscriber datastore and click Next.
9. View the Recent Tasks pane to monitor the task to completion.
10. View the contents of the content library subscriber.
a. In the left pane, select the SA-Subscriber library.
b. In the center pane, click the Templates tab.
c. On the Templates tab, verify that the SampleVM template is present.
This virtual machine template is the same one that is in the source content library.
d. Verify that the Stored Content Locally column indicates No.
The SA-Subscriber library is configured to download library content only when needed. As
a result, only the templates metadata has been synchronized. The actual template has not
been synchronized with the SA-Subscriber library, because it is not needed yet.
11. Turn off enable automatic synchronization.
a. In the center pane, click the Summary tab.
b. In the Subscription panel, click the Edit Settings link.
c. Deselect the Enable automatic synchronization with the external content library check
box.
d. Even though the Password text box appears to be populated, reenter the standard lab password.
Otherwise, the process fails.
e. Click OK.
f. In the Subscription panel, verify that automatic synchronization is off.

Task 4: Clone a Template to the Source Library
You use vSphere Web Client to clone a virtual machine template into the published content library.
2. In the left pane, right-click the VM01 virtual machine and select Clone > Clone to Template
in Library.
The Clone to Template in Content Library window appears.
3. In the Filter tab, select the SA-Source library.
4. Append -Library to the virtual machine name in the Template name text box and click OK.
5. In the Recent Tasks pane, view the tasks that start up and monitor the tasks to completion.
6. View the template list in both libraries.
a. Point to the Home icon and select Content Libraries.
b. In the left pane, select the SA-Source library.
c. In the center pane, click the Templates tab and verify that both templates are listed.
d. In the left pane, select the SA-Subscriber library.
e. In the center pane, view the Templates tab and verify that only the original template is
listed.
Task 5: Synchronize the Content Libraries

You use vSphere Web Client to synchronize the content libraries.
1. In the center pane at the top, click the Synchronize icon.
2. In the Recent Tasks pane, monitor the task to completion.

The synchronization might take a few minutes to complete. You might need to press the
synchronization icon a few times before you see both files.
3. Verify that both the virtual machine templates appear in the SA-Subscriber library.
Lab 6 Creating a Content Library 41

Task 6: Deploy a Virtual Machine from the Library
You use vSphere Web Client to deploy a new virtual machine from the VM01-Library template
available in the SA-Subscriber library.
1. In the left pane, select the SA-Subscriber library.
2. In the center pane, right-click VM01-Library and select New VM from This Template.
The New Virtual Machine from Content Library wizard appears.
3. On the Select name and location page, name the virtual machine and select the inventory tree
location.
a. In the Name text box, enter VM03.
b. Select SA Datacenter and click Next.
4. On the Select a resource page, expand SA Management, select sa-esxi-01.vclass.local, and
click Next.
5. On the Review details page, click Next.
6. On the Select storage page, configure the virtual disk format and select a datastore.
a. Select Thin provision from the Select virtual disk format list.
b. Select None from the VM storage policy list.
c. In the Filter > Datastores tab, click SA-Shared-01-Remote and click Next.
7. On the Select networks page, keep the default and click Next.
9. View the Stored Content Locally column.
The column value changed to Yes because this template is now needed because it is used to
deploy a virtual machine.
10. In the Recent Tasks pane, view the tasks that are started and monitor the tasks to completion.
11. Verify that the virtual machine is deployed.
b. In the left pane, verify that the VM03 virtual machine is displayed in the inventory.

Lab 7 Host Profiles
Objective: Use host profiles and manage compliance

1. Create and Export a Host Profile

2. Import a Host Profile
3. Attach an ESXi Host to the Imported Host Profile
4. Run an Initial Compliance Check
5. Introduce a Configuration Drift
6. Run a Compliance Check and Remediate the Configuration Drift
7. Detach the Host Profile
Task 1: Create and Export a Host Profile

A host profile is a configuration template that is applied to any or all ESXi hosts in a cluster to
verify and enforce specific configuration rules. Normally, a host profile has a reference host.
You export a profile for importation. The imported profile lacks a reference host.
1. In vSphere Web Client, point to the Home icon and select Policies and Profiles.
2. In the left pane, select Host Profiles.
43
3. Extract a host profile from an ESXi host.
a. In the Objects panel, click the Extract profile from a host icon (green plus sign).
The Extract Host Profile wizard appears.
b. On the Select Host page, click sa-esxi-01.vclass.local and click Next.
c. On the Name and Description page, enter Local-Profile in the Name text box and click
Next.
d. On the Ready to complete page, click Finish.
e. In the Recent Tasks pane, monitor the task to completion.
4. Export the host profile to a file.
a. In the center pane, right-click the new profile and select Export Host Profile.
b. In the warning message box, click Save.
c. Navigate to the desktop of the student machine and save the profile as profile.vpf.
Task 2: Import a Host Profile

You import the host profile that you exported in task 1. Because host profiles do not store the
reference host, host profiles can easily be imported and exported.
1. At the top of the Objects panel, click the Import Host Profile icon.
2. In the Import Host Profile dialog box, import the host profile that you previously saved.
a. Click Browse, navigate to the desktop of the student machine, select the profile.vpf file,
and click Open.
b. Enter Imported-Profile in the Name text box and click OK.
c. In the Recent Tasks pane, monitor the task to completion.
44 Lab 7 Host Profiles

Task 3: Attach an ESXi Host to the Imported Host Profile
Hosts and clusters can be attached or detached from a host profile in the host profiles view or in the
Hosts and Clusters inventory.
1. In the Objects panel, click the Imported-Profile link to navigate to that object.
2. In the center pane, click the Configure tab.
You can review and edit the comprehensive list of configuration settings that define the host
profile.
3. Select Attach/Detach Hosts and Clusters from the Actions drop-down menu.
The Attach/Detach Hosts and Clusters wizard appears.

4. On the Select hosts/clusters page, attach sa-esxi-01.vclass.local to the host profile.
a. In the Host/Cluster list, expand the SA Management cluster and select sa-esxi-
01.vclass.local.
b. Click Attach > to move the selected host to the list on the right and click Next.
A list of settings that can be customized for the first ESXi host appears. The customized
values are prepopulated based on information extracted from the selected host.
c. Review the host customization settings and click Finish.
d. In the Recent Tasks pane, monitor the task to completion.
Lab 7 Host Profiles 45

Task 4: Run an Initial Compliance Check
You run a compliance check to verify the attached host configuration against all the settings that are
specified by the host profile.
1. In the center pane, click the Monitor tab and click Compliance.
2. Select sa-esxi-01.vclass.local and click the Check Host Profile Compliance icon.
3. In the Recent Tasks pane, monitor the compliance check to completion.

4. Select the ESXi host and view the compliance information near the bottom of the panel.
The host is not compliant, because the IPv6 vmknic gateway configuration does not match the
specification.
5. Resolve the IPv6 configuration issue occurring on the ESXi host.
a. In the center pane, click the Configure tab.
b. Click Edit Host Profile.
The Edit Host Profile wizard appears.
c. On the Name and description page, click Next.
d. On the Edit host profile page, expand Networking configuration > Host virtual NIC.
e. Expand dvs-SA Datacenter: pg-SA Management: management.
f. Select IP address settings.
g. In the right pane, from the Vnic Default gateway for IPv6 routing list, select User must
explicitly choose the policy option and click Finish.
h. In the Recent Tasks pane, monitor the task to completion.

6. Check the ESXi host for compliance.
b. Select the ESXi host and click the Check Host Profile Compliance icon.
c. In the Recent Tasks pane, monitor the compliance check to completion.
d. View the Compliance panel.
e. Verify that the host is compliant.
Task 5: Introduce a Configuration Drift

You test host profile compliance verification and remediation by introducing a noncompliant change
on the host. The noncompliant change is that you remove the vmnic2 adapter from the dvs-Lab
distributed switch.
2. In the left pane, right-click the dvs-Lab distributed switch and select Add and Manage Hosts.
The Add and Manage Hosts wizard appears.
3. On the Select task page, select Manage host networking and click Next.
4. On the Select hosts page, click Attached hosts.
5. In the Select member hosts window, select the sa-esxi-01.vclass.local check box and click OK.
6. Click Next.
7. On the Select network adapter tasks page, deselect the Manage VMkernel adapters check box
and click Next.
8. On the Manage physical network adapters page, unassign the vmnic2 adapter on sa-esxi-
01.vclass.local.
a. Under the sa-esxi-01.vclass.local, select vmnic2 and record the attached uplink.
__________
b. Click Unassign adapter and click Next.
c. Click OK in the warning message dialog box.
9. On the Analyze impact page, click Next.

Task 6: Run a Compliance Check and Remediate the Configuration Drift
You run a compliance check to detect noncompliant configuration changes that were made to hosts
attached to a host profile.
2. In the left pane, select Host Profiles.
3. In the left pane, select Imported-Profile.
4. In the center pane, click Monitor > Compliance.
5. Select the ESXi host and click the Check Host Profile Compliance icon.
6. In the Recent Tasks pane, monitor the compliance check to completion.
7. In the Compliance panel, review the compliance categories.
Q1. How do the results of the compliance check differ from the compliance check
performed in task 4?
1. The Virtual Network Setting category appears. If the category was previously reported, a new
issue is added relating to the uplink reconfiguration.
Q2. In the new category, does the specific issue reported relate to the configuration
change made in task 5?
2. Yes. The uplink is not connected to the expected physical NIC on dvs-Lab.
8. Remediate the host.

a. Click the Remediate host based on its host profile icon.
The ESXi host is listed on the Ready to complete page.

b. Click Pre-check Remediation.
The precheck remediation takes several seconds to complete.
Q3. Will the host be put in maintenance mode?

3. Yes.
For the host to enter maintenance mode, the virtual machines on this host must be powered
off or moved to another host. All virtual machines on this host are currently powered off.
c. Expand the ESXi host to review the host customization tasks to be performed.
d. Click Finish.
9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to
completion.
10. Verify that the host is now compliant.
11. Verify the action taken by host remediation.
a. Point to the Home icon and select Networking.
b. In the left pane, select the dvs-Lab distributed switch.
c. In the center pane, click the Configure tab and click Topology on the left.
d. Verify that remediation automatically reconnected vmnic2 on sa-esxi-01.vclass.local to the
appropriate uplink.
Task 7: Detach the Host Profile

Detach the host profile from sa-esxi-01.vclass.local.
2. In the left pane, click Host Profiles.
3. In the left pane, select Imported-Profile.
4. In the center pane, select Attach/Detach Hosts and Clusters from the Actions drop-down
menu.
The Attach/Detach Hosts and Clusters wizard appears.
5. On the Select hosts/clusters page, detach sa-esxi-01.vclass.local from the host profile.
a. In the Host/Cluster list on the right, select sa-esxi-01.vclass.local.
b. Click < Detach to move the selected host to the list on the left.
c. Click Next.

6. On the Customize hosts page, click Finish.

Lab 8 Using vSphere Auto Deploy
Objective: Configure vSphere Auto Deploy on vCenter

Server Appliance to boot stateless hosts
1. Create a Container for Autodeployed Hosts

2. Start the vSphere Auto Deploy Service
3. Start the vSphere ESXi Image Builder Service
4. Import a Software Depot and Create a Custom Depot
5. Create a Custom Image Profile and Export the Image Profile
6. Create and Activate a Deployment Rule
7. Configure DHCP
8. Start the TFTP Service on vCenter Server Appliance
9. Review the Autodeployment Preparation Steps
10. Prepare to Monitor ESXi Bootup During the Autodeploy Process
11. Power On the ESXi Host and Monitor the Bootup Process
12. Check the Host Profile Compliance of the Autodeployed Host
51
Task 1: Create a Container for Autodeployed Hosts
You create a folder in the vCenter Server inventory into which autodeployed hosts are placed. A
deploy rule assigns hosts to this folder.
2. In the Hosts and Clusters inventory tree, right-click SA Datacenter and select New Folder >
New Host and Cluster Folder from the drop-down menu.
3. Enter Auto-Deployed-Hosts in the folder name text box and click OK.
At this stage, you can create clusters, folders, or other vSphere configurations to apply to
autodeployed hosts. Deploy rules enable selective application of host profiles and destination
containers to hosts that are booting up.
Task 2: Start the vSphere Auto Deploy Service

The VMware vSphere Auto Deploy capability is already installed on vCenter Server Appliance,
but the service is not started by default. You start the service and set the startup type to automatic.
2. Select the vSphere Auto Deploy service.
a. In the center pane, click the System Configuration icon under Administration.
b. In the left pane, select Services.
c. Under Services, select Auto Deploy.
3. Start the vSphere Auto Deploy service.
a. Select Start from the Actions drop-down menu.
b. In the center pane, view the Summary tab and verify that the service state is Running.
4. Configure the vSphere Auto Deploy service to automatically start when vCenter Server starts.
a. Select Edit Startup Type from the Actions drop-down menu.
b. In the Edit Startup Type window, click Automatic and click OK.
c. In the Summary tab, verify that the startup type is Automatic.
52 Lab 8 Using vSphere Auto Deploy

Task 3: Start the vSphere ESXi Image Builder Service
On vCenter Server Appliance, the VMware vSphere ESXi Image Builder CLI capability is
already installed, but the service is not started by default.
1. In the left pane under Services, select ImageBuilder Service.
2. Start the vSphere ESXi Image Builder service.
a. Select Start from the Actions drop-down menu.
b. In the center pane, view the Summary tab and verify that the service state is Running.
3. Configure the vSphere ESXi Image Builder service to automatically start when vCenter Server
starts.
a. Select Edit Startup Type from the Actions drop-down menu.
b. In the Edit Startup Type window, select Automatic and click OK.
c. In the Summary tab, verify that the startup type is Automatic.
4. Make the Auto Deploy icon visible in vSphere Web Client.
The Auto Deploy icon is not visible until you log out and log back in to vSphere Web Client.
a. Log out of vSphere Web Client.
b. Log in to vSphere Web Client as administrator@vsphere.local, using the standard lab
password.
Task 4: Import a Software Depot and Create a Custom Depot

You use vSphere Web Client to import an ESXi software depot into vCenter Server and to create a
custom software depot.
2. In the center pane, click the Auto Deploy icon under Operations and Policies.
Lab 8 Using vSphere Auto Deploy 53

3. Import an ESXi software depot into vCenter Server.
a. In the center pane, click the Software Depots tab.
b. Click the Import software depot icon.
c. In the Name text box, enter SA Depot.

d. Click Browse next to the File text box.
e. In the Choose File to Upload window, navigate to C:\Materials\Downloads.
f. Select VMware-ESXi-6.5.0-depot.zip and click Open.
g. Click Upload and wait for the file to upload.
h. When the file is successfully uploaded, click Close.
i. Verify that the software depot appears in the list.
4. Create a custom software depot.
a. Click the Add Software Depot icon.
b. In the Add Software Depot dialog box, click Custom depot.

c. In the Name text box, enter My Depot.
d. Click OK.

Task 5: Create a Custom Image Profile and Export the Image Profile
You use vSphere Web Client to clone an image profile and export the profile to a ZIP archive.
1. Clone an image profile.
a. In the center pane, select SA Depot on the Software Depots tab.
b. Under Image Profiles, select the image profile whose name ends in -no-tools.
c. Click the Clone image profile icon.
The Clone Image Profile wizard appears.

d. On the Name and details page, keep the default name in the Name text box.
e. In the Vendor text box, enter VMware.
f. From the Software depot list, select My Depot and click Next.
g. On the Select software packages page, view the various software packages and click Next.
h. On the Ready to complete page, click Finish.
2. Verify that the clone is created.
a. Select My Depot.
b. Under Image Profiles, verify that the cloned image profile appears.

3. Export the image profile to a ZIP archive.
a. Under Image Profiles, select the cloned image profile.
b. Click the Export the selected image profile as ISO or ZIP icon.
c. In the Export Image Profile dialog box, click ZIP.

d. Click Generate image.
e. When the image generation completes, click the Download image link.
A new Internet Explorer browser tab opens.

f. If you receive a security exception, click Continue to this website (not recommended).
g. In the pop-up window, click Save as.
h. Save the ZIP file to the desktop, using the default name.
i. Click Close in the View Downloads - Internet Explorer window that opened when you
downloaded the image.
j. In the Export Image Profile dialog box, verify that the image is generated successfully and
click Close.

Task 6: Create and Activate a Deployment Rule
Deployment rules associate host profiles, image profiles, destination containers, and many other
capabilities to hosts engaged in the autodeploy process. Different sets of rules can associate different
characteristics to hosts, based on several conditions and qualifiers, such as the network on which the
host boots.
1. Create a deployment rule.
a. In the center pane, click the Deploy Rules tab.
b. Click the New Deploy Rule icon.
The New Deploy Rule wizard appears.
c. On the Name and hosts page, enter SA Deploy Rule in the Name text box.
d. Verify that Hosts that match the following pattern is clicked.
e. From the <Add pattern> list, select IPv4.
f. In the IPv4 text box, enter 172.20.10.219 and click Next.
172.20.10.219 is the IP address that you will assign to the ESXi host to autodeploy.
g. On the Select image profile page, select My Depot from the Software depot list.
h. Verify that the clone of the image profile is selected and click Next.
i. On the Select host profile page, click Autodeployed-Host-Profile and click Next.
Autodeployed-Host-Profile is preconfigured for use in this lab.
j. On the Select host location page, expand SA Datacenter and select Auto-Deployed-Hosts.
k. Click Next.
l. On the Ready to complete page, click Finish.
m. In the Recent Tasks pane, monitor the task to completion.
This task takes several minutes.
n. Verify that the deploy rule is successfully created.

2. Activate the deployment rule.
a. In the center pane, select SA Deploy Rule.
b. Click Activate/Deactivate rules.
The Activate and Reorder wizard appears.
c. On the Activate and reorder page, select the rule at the bottom and click Activate.
d. Click Next.
e. On the Ready to complete page, click Finish.
f. Verify that the rule status changes to Active.
Task 7: Configure DHCP

You configure a single DHCP reservation in the Management network scope to focus vSphere Auto
Deploy on a single ESXi host based on the host MAC address. Individual reservations are used,
instead of configuring options for a full scope. More realistically, you can simultaneously
autodeploy hosts using the same DHCP scope with different options set for each reservation.
MAC address of ESXi host to autodeploy
1. On the student machine desktop, click the DHCP icon in the task bar.
2. In the left pane, expand DHCP and expand dc.vclass.local.

3. Expand IPv4.
The IPv4 scopes are visible.
4. Resize the left pane by dragging the pane separator to the right.
5. Expand the Scope [172.20.10.0] SA-Management scope and select Reservations.

6. Configure a new reservation that uses the MAC address of your ESXi host.
a. Right-click Reservations and select New Reservation.
b. In the Reservation Name text box, enter SA_reservation.
c. In the IP address text box, enter 172.20.10.219 (the IP address of the ESXi host to
autodeploy).
d. In the MAC address text box, enter the MAC address of the ESXi host to autodeploy.
The MAC address is in the class configuration handout.
You must use hyphens, not colons, between hexadecimal values.
For example: 00-50-56-01-34-28
e. Leave the rest of the settings at their defaults and click Add.
f. Click Close.
The new reservation appears in the DHCP console window, in the right pane.
7. In the left pane, expand Reservations so that your new reservation appears.
The reservation name is in the form [172.20.10.219] SA_reservation.
8. Select your reservation and verify that options inherited from the parent scope appear in the
right pane.
The scope-inherited options should include the following items:
003 Router
006 DNS Servers
015 DNS Domain Name
9. In the left pane, right-click your reservation and select Configure Options.
10. On the General tab of the Reserved Options dialog box, scroll down to the 066 Boot Server
Host Name option.
11. Select the 066 Boot Server Host Name check box and enter 172.20.10.94 in the String
value text box.
172.20.10.94 is the IP address of the vCenter Server Appliance instance.
12. In the options list, select the 067 Bootfile Name check box and enter undionly.kpxe.vmw-
hardwired in the String value text box.
13. Click OK.

14. Verify that your new options appear in the right pane.
The inherited options and reservation-specific options have different icons to identify them.
15. Minimize the DHCP console window.
Task 8: Start the TFTP Service on vCenter Server Appliance

vCenter Server Appliance is already configured to serve as a TFTP server for vSphere Auto Deploy.
The service must be started.
1. Start an SSH session to vCenter Server Appliance.
a. On the student desktop task bar, click the MTPuTTY shortcut.
b. In the Servers pane on the left, double-click SA-VCSA-01.
c. If the PuTTY security alert appears, click Yes.
You are automatically logged in to vCenter Server Appliance as user root.
2. At the command prompt, enter shell to start the Bash shell.
3. At the Bash prompt, view the TFTP service configuration.
cat /etc/sysconfig/atftpd
Q1. What is the TFTP directory set to?

1. ATFTPD_DIRECTORY = /var/lib/tftpboot.
4. View the contents of the TFTP directory.

ls /var/lib/tftpboot
Q2. In the /var/lib/tftpboot file list, do you see the TFTP boot image filename that you
entered when configuring DHCP options for your reservation?
2. Yes. It is undionly.kpxe.vmw-hardwired.
5. Start the TFTP service.

service atftpd start
6. Verify that the TFTP service has started.
service atftpd status
The TFTP service does not start automatically when the vSphere Auto Deploy service is started
from vSphere Web Client.
7. Open the TFTP firewall port on the vCenter Server Appliance instance.
iptables -A port_filter -p udp -m udp --dport 69 -j ACCEPT
8. Enter exit and enter exit again to close the MTPuTTY window.

Task 9: Review the Autodeployment Preparation Steps
You review your work and prepare for autodeployment.
1. Review the configuration and autodeployment steps.
Containers and host profiles for use by autodeployed hosts are configured.
The use of containers can be beneficial when designing prestaging and poststaging
scenarios for host deployments.
The vSphere Auto Deploy service is started in vSphere Web Client.
A custom host image profile is created.
Custom image profiles enable you to customize deployments for different sets of hosts and
can be updated and customized with additional VMware or third-party software packages.
A deployment rule is created to associate an image profile, a host profile, and a container to
specific autodeployed hosts.
Using rules with different patterns enables different image, host profile, and other
configurations to be assigned to groups of hosts.
DHCP options are configured to identify a TFTP server and a boot image filename.
The TFTP service is started on vCenter Server Appliance.
For the sake of expediency, the lab environment uses vCenter Server Appliance as the
TFTP server. In production, a compatible TFTP service can be used that is not colocated
with vCenter Server Appliance.
Task 10: Prepare to Monitor ESXi Bootup During the Autodeploy

Process
You move out of your student desktop and use the VMware OneCloud Web interface to open a
console to the ESXi host to autodeploy.
1. Verify that you have your student login credentials.
Your login credentials are sent to you in a class welcome email. Your instructor can help you if
you have lost your login information.
2. Record the VMware OneCloud URL provided by your instructor. __________
The URL should be similar to wdc-vclass-a.vmeduc.com/cloud/org/classroom-101.
3. Minimize the Remote Desktop Protocol (RDP) session to the student desktop machine in your
lab sandbox.
You can access the desktop of the server that you first logged in to at the start of the class.
4. On the login server desktop, double-click the Internet Explorer shortcut.
5. In the Internet Explorer window, browse to the VMware OneCloud URL that you recorded in
step 2.
6. When prompted, log in using the student credentials.
The user name and password are the same as those that you used to access the login server at
the start of the class.
7. In the VMware vCloud Director OneCloud interface, one vApp appears on the Home tab.
8. In the vApp panel, click the Open link above the Stop icon.
The vCloud Director OneCloud interface changes to the My Cloud tab, with the vApp details
in the right pane.
9. In the right pane, click the Virtual Machines tab.
10. In the virtual machines list, find SA-ESXi-04.
SA-ESXi-04 is the name of the ESXi host to autodeploy.
Task 11: Power On the ESXi Host and Monitor the Bootup Process
You power on the ESXi host to autodeploy (SA-ESXi-04), and you monitor the ESXi host console
to observe the autodeploy process.
1. Power off and power on the ESXi host to autodeploy.
a. Right-click SA-ESXi-04 and select Power Off.
b. Click Yes to confirm the power-off operation.
c. Right-click SA-ESXi-04 and select Power On.
2. When the ESXi host status changes to Powered On, right-click SA-ESXi-04 and select Popout
Console.
A new window shows the console view of the selected ESXi host.
3. If the Internet Explorer pop-up blocker blocks the console from opening, select the Always
allow pop-ups option and repeat step 2.

4. If a window appears asking if you want to upgrade to a newer version of the Client Integration
Plug-In, click No.
5. Monitor the ESXi host bootup process.
The host performs a network preboot execution environment (PXE) boot. The host contacts the
TFTP server identified in the DHCP scope options.
The image binaries are transferred to the host and installed. This process can take up to 20
minutes to complete.
ESXi modules are loaded and associated host profile tasks are performed.
Services are started.
6. Wait for the autodeploy process to complete.
The autodeploy process is complete when the main Direct Console User Interface screen
appears.
7. Restore the minimized RDP session to the student desktop machine.

Task 12: Check the Host Profile Compliance of the Autodeployed Host
Each autodeployed host must be minimally configured so that the host can handle workloads as a
member of a cluster. You perform the minimal configuration of the host networking.
1. Restore the minimized Internet Explorer window and click the vSphere Web Client tab.
4. In the left pane, expand the Auto-Deployed-Hosts folder.
The autodeployed host appears in the folder, with the reservation IP as the host name.
6. In the left pane, click Host Profiles.
7. In the left pane, select Autodeployed-Host-Profile.
8. In the center pane, click the Monitor tab and click Compliance.
9. In the host list, select the autodeployed ESXi host.
10. Click the Check Host Profile Compliance icon.
11. In the Recent Tasks pane, monitor the task and wait for the compliance check to complete.
12. Verify that the ESXi host is in compliance with the host profile.

Lab 9 Monitoring CPU Performance
Objective: Use the esxtop command to monitor CPU

performance
1. Set vSphere DRS to Manual Mode

2. Run a Single-Threaded Program in a Single-vCPU Virtual Machine
3. Start esxtop and View Statistics
4. Record Statistics for Case 1: Single Thread and Single vCPU
5. Run a Single-Threaded Program in a Dual-vCPU Virtual Machine
6. Record Statistics for Case 2: One Thread and Two vCPUs
7. Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine
8. Record Statistics for Case 3: Two Threads and Two vCPUs
9. Analyze the Test Results
65
Task 1: Set vSphere DRS to Manual Mode
You set the VMware vSphere Distributed Resource Scheduler automation mode to manual to
ensure that vSphere DRS does not migrate virtual machines to different hosts.
This lab requires that the virtual machines remain on their current host.
2. In the left pane, select the SA Management cluster.
4. Select vSphere DRS on the left and click Edit.
5. From the DRS Automation drop-down menu, select Manual and click OK.
Task 2: Run a Single-Threaded Program in a Single-vCPU Virtual

Machine
You run a test program to generate continuous database activity on the test virtual machine for
statistical analysis. The test virtual machine is configured with one vCPU.
1. Confirm that the Linux01 virtual machine is hosted on sa-esxi-01.vclass.local.
a. In the left pane, select Linux01.
b. In the center pane, click the Summary tab.
c. Verify that the host on which Linux01 resides is sa-esxi-01.vclass.local.
2. If Linux01 is not hosted on sa-esxi-01, migrate Linux01 to sa-esxi-01.
a. Right-click Linux01 and click Migrate.
b. On the Select the migration type page, click Change compute resource only and click
Next.
c. On the Select a compute resource page, select sa-esxi-01.vclass.local and click Next.
d. On the Select networks page, keep the default and click Next.
e. On the Ready to complete page, click Finish.
f. Wait for the migration to complete.
3. Power on the Linux01 virtual machine.
4. In the Power On Recommendations dialog box, verify that Linux01 will be placed on sa-esxi-
01.vclass.local and click OK.
66 Lab 9 Monitoring CPU Performance

5. Log in to the Linux01 virtual machine console.
a. Right-click Linux01 and select Open Console.
b. If you receive the security exception message, click the Continue to this website (not
recommended) link.
c. Wait for the virtual machine to complete its bootup process.
d. Log in as user root and use the standard lab password.
6. Verify that you are in the /root directory.
pwd
7. If you are not in the /root directory, enter cd /root.
8. Start the test program on Linux01.
./starttest1
The test program generates database operations to a medium-size database and writes output to
the screen. The program must run uninterrupted.
Task 3: Start esxtop and View Statistics

You use the esxtop command to observe performance statistics for supported objects.
1. Start an SSH session to sa-esxi-01.vclass.local.
a. On the student desktop task bar, click the MTPuTTY shortcut.
b. In the Servers pane on the left, double-click SA-ESXi-01.
c. If the PuTTY security alert appears, click Yes.
You are automatically logged in to the appliance as user root.
2. Start esxtop.
By default, esxtop starts with the CPU screen.
3. Change the update delay from the default (5 seconds) to 10 seconds.
a. Enter s.
b. Enter 10.
c. Press Enter.
4. To filter the CPU screen output only to the virtual machines, enter uppercase V.
By default, the CPU screen shows statistics for virtual machine processes and active ESXi host
processes.
5. In the output table, find the Linux01 virtual machine statistics.
Lab 9 Monitoring CPU Performance 67

Task 4: Record Statistics for Case 1: Single Thread and Single vCPU
You record statistics for the first test case.
1. After 30 seconds of statistics collection, record the values for the Linux01 virtual machine in
the Case 1 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute (opm) value in the test script.
a. In the Internet Explorer window, switch to the Linux01 console tab.
b. Record the opm reported by the test script in the Case 1 column in the class configuration
handout.
The counter value is reported with each iteration that the test script performs. Use the
counter reported in the last iteration.
3. Press Ctrl+C to stop the test script.
4. Close the Linux01 console tab.
Task 5: Run a Single-Threaded Program in a Dual-vCPU Virtual

Machine
You modify the Linux01 virtual machine to have two vCPUs, and you restart the test script.
1. Shut down the Linux01 virtual machine.
2. Wait for the running indicator to be removed from the Linux01 virtual machine icon in the
inventory tree.
3. Add a second vCPU to the Linux01 virtual machine.
a. In the left pane, right-click Linux01 and select Edit Settings.
b. On the Virtual Hardware tab in the Edit Settings dialog box, select 2 from the CPU drop-
down menu and click OK.
c. In the Recent Tasks pane, monitor the reconfiguration task to completion.
4. Power on the Linux01 virtual machine and verify that Linux01 will be placed on sa-esxi-
01.vclass.local.
5. Click the Linux01 console tab and log in to Linux01 as user root with the standard lab
password.

6. On the Linux01 console tab, restart the test program.
./starttest1
This script generates database operations to a medium-size database. The number of threads is
set to 1. The script must run uninterrupted.
Task 6: Record Statistics for Case 2: One Thread and Two vCPUs
You record statistics for the second test case.
1. Record the esxtop counter values.
a. Switch to the MTPuTTY window.
b. Enter e.
c. Enter the GID for Linux01.
d. Examine the two lines in the NAME column that start with vmx-vcpu.
These two lines show the activity of each of the vCPUs in the Linux01 virtual machine.
e. After 30 seconds of statistics collection, record the values for vCPU0 and vCPU1 in the
Case 2 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute value in the test script.
b. Record the opm value reported by the test script in the Case 2 column in the class
configuration handout.
Task 7: Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine

You configure the third case parameters by running a two-threaded test program on a virtual
machine with two vCPUs.
1. On the Linux01 console tab, start the two-threaded test program.
./starttest2
This script generates database operations to a medium-size database. The number of threads is
set to 2. The script must run uninterrupted.
Lab 9 Monitoring CPU Performance 69

Task 8: Record Statistics for Case 3: Two Threads and Two vCPUs
You record statistics for the final test case.
1. Record the esxtop counter values.
b. Examine the two lines in the NAME column that start with vmx-vcpu.
These two lines show the activity of each of the vCPUs in the Linux01 virtual machine.
c. After 30 seconds of statistics collection, record the values for vCPU0 and vCPU1 in the
Case 3 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute value in the test script.
b. Record the opm value reported by the test script in the Case 3 column in the class
configuration handout.
4. Stop the esxtop program.
b. Enter q to stop esxtop.
c. Keep the SA-ESXi-01 MTPuTTY session open for the next lab.
Task 9: Analyze the Test Results

You analyze the captured statistics and document your conclusions.
1. Review the statistics that you recorded in tasks 4, 6, and 8.
2. Record the conclusions that you can draw from the data. __________

Lab 10 Monitoring Memory Performance
Objective: Use the esxtop command to monitor memory

performance under load
1. Generate Database Activity in the Test Virtual Machine

2. Check for Overcommittment of Virtual Machine Memory
3. Configure esxtop to Report Virtual Machine Memory Statistics
4. Observe Memory Statistics
5. Start a Memory Test on ResourceHog01 and ResourceHog02
6. Record Memory Statistics
71
Task 1: Generate Database Activity in the Test Virtual Machine
You start the test program to generate database activity.
2. If necessary, log in to the Linux01 virtual machine as user root with the standard lab password.
3. In the Linux01 console, enter ./starttest2.
This test program performs continuous database operations to a medium-size database. The
number of threads is set to 2. The script must run uninterrupted.
Task 2: Check for Overcommittment of Virtual Machine Memory

You use resource allocation reports to determine whether memory is overcommitted for a virtual
machine.
3. In the left pane, select the Linux01 virtual machine.
4. In the center pane, click the Monitor tab and click Utilization.
5. Find the Virtual Machine Memory panel.
6. Record the value for VM Consumed. __________
7. Find the Guest Memory panel, in the lower-left corner of the pane.
8. Record the value for Active Guest Memory. __________
Q1. Is the consumed host memory greater than the active guest memory?
1. Answers vary depending on the current workload.
If the consumed host memory is greater than the active guest memory, memory is not
overcommitted. If the consumed host memory is less than active guest memory, then
overcommitment is occurring and might cause degraded performance.
72 Lab 10 Monitoring Memory Performance

Task 3: Configure esxtop to Report Virtual Machine Memory Statistics
You start esxtop and configure it for memory statistics.
1. Switch to the MTPuTTY window for sa-esxi-01.vclass.local.
a. If you need to restart the SSH session to sa-esxi-01.vclass.local, click the MTPuTTY
shortcut on the task bar.
b. In the Servers pane on the left, double-click SA-ESXi-01.
c. When the PuTTY security alert appears, click Yes.
You are automatically logged in to sa-esxi-01.vclass.local as user root.
2. Start esxtop.
3. In esxtop, enter m to view the memory statistics screen.
4. Set a 10-second update delay.
a. Enter s to display the delay prompt.
b. At the delay prompt, enter 10 and press Enter.
5. Enter uppercase V to filter only the display virtual machine statistics.
6. Remove all statistics columns from the output table, except D, H, J, and K.
Removing counters that are not monitored during the test can make isolation of the desired
counters easier.
a. Enter f to access the field order screen.
b. For fields other than D, H, J, and K, if an asterisk appears to the left of the field name,
press the corresponding letter to remove the asterisk.
c. For the D, H, J, and K fields, if an asterisk does not appear to the left of the field name,
press the corresponding letter to add an asterisk.
d. Press Enter to return to the memory statistics output.
Task 4: Observe Memory Statistics

You observe esxtop counters to determine memory conditions.
1. Examine esxtop statistics.
a. In the esxtop output, view the Linux01 virtual machine statistics.
b. Verify that the MCTLSZ, MCTLTGT, SWCUR, SWTGT, SWR/s, and SWW/s values are
at or near zero.
c. If you cannot see all of values listed in step b, close the left pane.
Lab 10 Monitoring Memory Performance 73

2. Record the operations per minute (opm) value in the test script.
b. Record the opm value reported by the test script. __________
Task 5: Start a Memory Test on ResourceHog01 and ResourceHog02

You start a memory test on the ResourceHog01 and ResourceHog02 virtual machines.
1. Switch to the vSphere Web Client tab in Internet Explorer.
2. Power on, open a console, and boot to the ResourceHog01 virtual machine.
You must enter the console within 30 seconds.
a. Right-click ResourceHog01 and select Power > Power On.
b. In the Power On Recommendations window, verify that ResourceHog01 will be placed on
sa-esxi-01.vclass.local and click OK.
c. Right-click ResourceHog01 and select Open Console.
d. Click anywhere in the console window.
e. At the BIOS screen, press Enter.
f. At the boot: prompt, press Enter to load the Ultimate Boot CD menu.
If you see a Booting prompt, you did not enter the console within 30 seconds. You must
return to substep a to reset the power on the virtual machine and enter the console to the
virtual machine within 30 seconds.
g. Use the arrow keys and the Enter key to select Mainboard Tools > Memory Tests >
Memtest86+ V1.70.
The exact keystroke sequence is Enter, down arrow, down arrow, Enter, down arrow, down
arrow, Enter.
h. After the memory test utility is running, press Ctrl+Alt to release the pointer focus.
3. Switch to the vSphere Web Client tab.
4. Repeat step 2 for the ResourceHog02 virtual machine.

Task 6: Record Memory Statistics
You record and evaluate memory statistics with a significant load consuming ESXi host memory.
1. Switch to the MTPuTTY window.
2. After at least one minute of statistics collection, record the values for the ResourceHog02,
ResourceHog01, and Linux01 virtual machines in the class configuration handout.
MCTL?
MCTLSZ
MCTLTGT
SWCUR
SWTGT
SWR/s
SWW/s
Q1. For Linux01, does the value of MCTLSZ converge with the value of MCTLTGT?
1. Yes, the values should converge over time.
Q2. For Linux01, does the value of SWCUR converge with the value of SWTGT?
3. Monitor the statistics output until the host reaches a steady state where the counters in each set
are close in value to each other.
If the counters in each set are close in value to each other, the host has reached a steady state.
4. To determine which virtual machines do not have the balloon driver installed, examine the
MCTL? value for each virtual machine.
The MCTL? field indicates the presence of the balloon driver. If the MCTL? value is Y, then
that virtual machine has a balloon driver installed. Otherwise, the virtual machine lacks a
balloon driver.
Q3. Which virtual machines do not have the balloon driver installed?
3. ResourceHog02 and ResourceHog01.
5. To determine whether the virtual machines are swapping, examine the values for SWR/s and
SWW/s for each virtual machine.
Q4. Which virtual machines are swapping?

4. Although all three VMs might be swapping, the levels of swapping on ResourceHog01 and
ResourceHog02 are going to be much larger than the level of swapping on Linux01.
Lab 10 Monitoring Memory Performance 75

6. Determine which virtual machines have experienced degraded performance due to swapping.
a. Enter lowercase c to switch to the CPU screen.
b. Enter uppercase V to display only virtual machine statistics.
c. Examine the %SWPWT value for each virtual machine identified as actively swapping.
As %SWPWT exceeds 5 percent, the performance of the virtual machine degrades
significantly.
Q5. What are the %SWPWT values for each of the virtual machines?
5. ResourceHog01 and ResourceHog02 should be experiencing high %SWPWT values because
their memory is being swapped out and they must wait whenever those pages are accessed.
Linux01 should be experiencing low %SWPWT values, possibly zero.
7. Enter m to return to the esxtop memory screen.
Q6. What is the memory state: high, clear, soft, hard, or low?
6. Answers vary.
8. Record the opm value in the test script.

b. Record the opm value reported by the test script. __________
c. Compare this opm value with the value that you recorded in task 4, step 2, substep b.
Q7. Has the performance of the test script degraded?

7. Answers vary.

You stop the test script on the Linux01 virtual machine. You also stop the memory tests on
ResourceHog01 and ResourceHog02.
1. In the MTPuTTY window, select View > Servers to display the Servers pane on the left.
2. Keep esxtop running in the MTPuTTY window.
3. Switch to the Internet Explorer window.
4. On the Linux01 console tab, press Ctrl+C to stop the test script.
Keep the console tab open.
5. Close the ResourceHog01 and ResourceHog02 console tabs.
6. On the vSphere Web Client tab, power off the ResourceHog01 and ResourceHog02 virtual
machines.

Lab 11 Monitoring Storage Performance
Objective: Use the esxtop command to monitor disk

performance across a series of tests
1. Prepare to Run Tests

2. Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore
3. Measure Continuous Random Write Activity to a Virtual Disk on a Remote Datastore
4. Measure Continuous Random Read Activity to a Virtual Disk on a Remote Datastore
5. Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore
6. Analyze the Test Results
Task 1: Prepare to Run Tests

You use several test scripts on the Linux01 virtual machine to generate continuous random and
sequential I/O operations against both local and remote (network) datastores.
The Linux01 virtual machine is located on sa-esxi-01.vclass.local and is configured with two hard
drives to serve as local and remote I/O targets. The SCSI (0:1) drive is stored on SA-ESXi-01-Local,
the local datastore. The SCSI (0:2) drive is stored on SA-Shared-01-Remote, the remote datastore.
You monitor storage preparation tasks to completion and then change folders.
2. If necessary, log in as user root with the standard lab password.
77
3. Configure storage.
./storageconfig.sh
The storage preparation might take a few minutes to complete. The script must run
uninterrupted to completion.
4. When the script is complete, navigate to the test scripts folder.
cd aio-stress
Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk

on a Remote Datastore
You run the logwrite.sh test script to generate continuous sequential write activity to the hard
disk on the remote datastore.
1. Start the logwrite.sh test script.
./logwrite.sh
2. Allow the script to run uninterrupted.
3. View the MTPuTTY session to the sa-esxi-01 host.
MTPuTTY should be logged in to SA-ESXi-01, and esxtop should be running.
4. If MTPuTTY is not logged in, and esxtop is not running, start a new MTPuTTY session to sa-
esxi-01.vclass.local.
a. In the MTPuTTY window, open a connection to SA-ESXi-01.
b. Enter esxtop at the command prompt.
c. Set a 10-second update delay by entering s, and then entering 10 and pressing Enter.
5. Enter d to display device adapter output and examine the reads and writes to the adapter paths.
Q1. Which adapter has the most disk I/O activity?

1. vmhba65, the software iSCSI adapter.
6. Enter u to display individual device output, and examine the reads and writes to the devices.
One of the remote devices has more disk I/O activity than the others.
7. Enter v to display virtual machine output.
8. After 30 seconds of statistics collection, record the values for the Linux01 virtual machine in
the Sequential Writes/Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
78 Lab 11 Monitoring Storage Performance

Task 3: Measure Continuous Random Write Activity to a Virtual Disk

You run the datawrite.sh test script to generate continuous random write activity to the virtual
machine hard disk on the remote datastore.
1. In the Linux01 console, start the datawrite.sh test script.
./datawrite.sh
3. Return to the MTPuTTY window.
5. Enter u to display individual device output and examine the reads and writes to the devices.
7. After 30 seconds of statistics collection, record the values for Linux01 in the Random Writes/
Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
Task 4: Measure Continuous Random Read Activity to a Virtual Disk

You run the fileserver2.sh test script to generate continuous random read activity from the hard
disk on the remote datastore.
1. In the Linux01 console, start the fileserver2.sh test script.
./fileserver2.sh
3. Return to the MTPuTTY window.
5. Enter u to display individual device output and examine the reads and writes to the devices.
Lab 11 Monitoring Storage Performance 79

7. After 30 seconds of statistics collection, record the values for Linux01 in the Random Reads/
Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
Task 5: Measure Continuous Random Read Activity to a Virtual Disk

on a Local Datastore
You run the fileserver1.sh test script to generate continuous random read activity from the
virtual machine hard disk on the local datastore attached to the ESXi host.
1. In the Linux01 console, start the fileserver1.sh test script.
./fileserver1.sh
This test script first creates the file to be read, which can take 5 minutes or more.
The test script must run uninterrupted.
2. Monitor the script output.
The output remains silent during file creation.
3. After the Starting with random read message appears, view information in esxtop.
a. Enter d to display device adapter output.
Q1. Which adapter has the most disk I/O activity?

1. vmhba1, a local host bus adapter.
b. Enter u to display individual device output.

One of the local devices, rather than a remote device, is used for this test.
c. Enter v to display virtual machine output.
4. After 30 seconds of statistics collection, record the values for Linux01 in the Random Reads/
Local Datastore column in the class configuration handout.
READS/s
WRITES/s

Task 6: Analyze the Test Results
Your instructor conducts an in-class review to compare test results from each group.
1. Record the conclusions that you draw from the test data collected in tasks 2 through 5.
__________
2. In the Internet Explorer window, leave the vSphere Web Client and the Linux01 tabs open for
the next lab.
Lab 11 Monitoring Storage Performance 81

Lab 12 Monitoring Network Performance
Objective: Use the esxtop command to monitor network

performance
1. Prepare to Monitor Network Performance

2. Prepare the Client and the Server Virtual Machines
3. Measure Network Activity on an ESXi Physical Network Interface
4. Use Traffic Shaping to Simulate Network Congestion
5. Position the Client and the Server on the Same Port Group
6. Restart the Test and Measure Network Activity
7. Stop the Test and Analyze Results
Task 1: Prepare to Monitor Network Performance

You use the esxtop network statistics screen to monitor network performance.
1. View the MTPuTTY session to the sa-esxi-01 host.
MTPuTTY should be logged in to the sa-esxi-01 host, and esxtop should be running.
2. If MTPuTTY is not logged in, and esxtop is not running, start a new MTPuTTY session to
sa-esxi-01.vclass.local.
a. In the MTPuTTY window, open a connection to SA-ESXi-01.
b. Enter esxtop at the command prompt.
c. Set a 10-second update delay.
83
3. Enter n to switch to the network statistics screen.
4. Remove unused counters to make the esxtop network screen easier to monitor.
a. Enter f to display the Current Field Order table.
b. In the Current Field Order table, enter g and j to remove PKTRX/s and PKTTX/s from the
esxtop display.
c. Press Enter to return to the network statistics screen.
Task 2: Prepare the Client and the Server Virtual Machines

You use scripts on the Linux01 and Linux02 virtual machines to generate network traffic so that
network performance can be measured.
The Linux01 virtual machine acts as a client, and the Linux02 virtual machine acts as a server. The
Linux01 virtual machine is connected to the pg-SA Production port group. You move the Linux02
virtual machine to the pg-SA Management port group so that the virtual machines are connected to
different virtual switches, forcing their traffic to traverse the physical network.
1. Migrate the Linux02 virtual machine to the pg-SA Management port group.
a. In the Internet Explorer window, click the vSphere Web Client tab.
b. Point to the Home icon and select Networking.
c. In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs
to Another Network.
d. For the source network, leave Specific network selected, click Browse, select pg-SA
Production, and click OK.
e. For the destination network, click Browse, select the pg-SA Management port group, and
click OK.
f. Click Next.
g. On the Select virtual machines to migrate page, select the Linux02 check box and click
Next.
h. On the Ready to complete page, click Finish.
i. In the Recent Tasks pane, monitor the migration task to completion.
84 Lab 12 Monitoring Network Performance

2. View the IP address of the Linux02 virtual machine.
b. Power on the Linux02 virtual machine.
c. In the Power On Recommendations window, keep the recommendation to place Linux02
on host sa-esxi-01.vclass.local selected and click OK.
Wait for the virtual machine to boot up completely.
d. In the left pane, select Linux02.
e. From the Summary tab in the center pane, record the Linux02 IP address. __________
The Linux02 IP address starts with 172.20.10 (the management network DHCP range).
3. View the IP address of the Linux01 virtual machine.
a. In the left pane, select the Linux01 virtual machine.
b. From the Summary tab, record the Linux01 IP address. __________
The Linux01 IP address starts with 172.20.11 (the production network DHCP range).
4. Start the server on Linux02.
a. In the left pane, right-click the Linux02 virtual machine and select Open Console.
b. In the Linux02 console window, log in as user root with the standard lab password.
c. Navigate to the network scripts folder.
cd netperf
d. Start the server program.
./netserver
The server program runs as a background process.
e. Verify that the server program is running.

ps -ef | grep netserver
The server and grep processes are listed.
Lab 12 Monitoring Network Performance 85

Task 3: Measure Network Activity on an ESXi Physical Network
Interface
You measure the network performance of the ESXi host network interface with the Linux01 and
Linux02 virtual machines positioned on different physical network segments across a router.
Requests sent from the Linux01 client enter the physical network through the ESXi network
interface vmnic2 that is bound to a dvs-Lab distributed switch uplink. The client requests are routed
to the management network where the Linux02 server is positioned, using the pg-SA Management
port group on the dvs-SA Datacenter distributed switch.
1. Switch to the Linux01 console tab.
2. Start the client on Linux01.
a. Navigate to the network scripts folder.
cd /root/netperf
b. Start the client test script.
./nptest1.sh server_IP_address
server_IP_address is the Linux02 IP address that you recorded in task 2.
The client and server programs must run uninterrupted.
3. Monitor network activity and record your findings.
b. In the esxtop output, find the vmnic2 physical network interface.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2
column in the class configuration handout.
MbTX/s
MbRX/s
Task 4: Use Traffic Shaping to Simulate Network Congestion

You use traffic shaping to control the network speed to simulate congestion.
1. Switch to the Internet Explorer window and click the vSphere Web Client tab.
3. In the networking inventory, expand the dvs-Lab distributed switch.
4. Right-click the pg-SA Production port group and select Edit Settings.
5. In the Edit Settings dialog box, click Traffic shaping on the left.

6. Select Enabled from the Status drop-down menus for ingress traffic shaping and egress traffic
shaping.
7. Configure ingress and egress traffic shaping.
Option Action
Average bandwidth (kbit/s) Enter 10000.
Peak bandwidth (kbits/s) Enter 10000.
Burst size (KB) Enter 10000.
8. Verify that you configured both ingress and egress traffic shaping and click OK.
9. Monitor network performance and record your findings.
b. In the esxtop output, find the vmnic2 physical interface item.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2 10 Mb/
s column in the class configuration handout.
MbTX/s
MbRX/s
10. Disable ingress and egress traffic shaping.
a. Switch to the vSphere Web Client tab in the Internet Explorer window.
b. Right-click the pg-SA Production port group and select Edit Settings.
c. Click Traffic shaping.
d. For both ingress and egress traffic shaping, select Disabled from each Status drop-down
menu.
e. Click OK to close the Edit Settings dialog box.

Task 5: Position the Client and the Server on the Same Port Group
You migrate the Linux02 virtual machine back to the pg-SA Production port group to show that
virtual machines communicating on the same ESXi host and virtual switch port group can
communicate at a faster rate than the rate dictated by the physical network hardware.
1. Stop the client.
a. In the Internet Explorer window, click the Linux01 console tab.
b. In the Linux01 console, press Ctrl+C to stop the test script.
2. Stop the server.
a. Click the Linux02 console tab.
b. In the Linux02 console, end the server program.
kill process_id
In the kill command, process_id is the netserver process ID as reported by the ps
command.
In the example ps output, the netserver process ID is 6487. The screenshot does not
include the leftmost columns of the ps output.
3. Migrate the Linux02 virtual machine to the pg-SA Production port group.
a. Click the vSphere Web Client tab.
b. In the left pane, right-click the dvs-Lab distributed switch and select Migrate VMs to
Another Network.
c. For the source network, leave Specific network selected, click Browse, select pg-SA
Management, and click OK.
d. For the destination network, click Browse, select the pg-SA Production port group, and
click OK.
e. Click Next.
f. Under Select virtual machines to migrate, select the Linux02 check box and click Next.
g. Click Finish.
h. In the Recent Tasks pane, monitor the migration task to completion.

5. Restart the network service, and verify that the IP address is within the production network
DHCP range.
a. In the terminal window, restart the network service.
service network restart
The network service might take up to a minute to restart and acquire a new DHCP address.
b. Verify that a new DHCP-assigned address was acquired.
ifconfig
c. In the ifconfig command output, verify that the IP address starts with 172.20.11 (the
production network DHCP range).
d. Record the postmigration Linux02 IP address. __________
Task 6: Restart the Test and Measure Network Activity

You measure network activity when the client and the server communicate across a virtual network
contained within a single ESXi host and port group.
1. In the Linux02 console window, start the server program.
./netserver
3. Start the client script.
./nptest1.sh server_IP_address
server_IP_address is the postmigration Linux02 IP address that you recorded in task 5.
4. Monitor network activity and record your findings.
b. In the esxtop output, find the vmnic2 row and verify that the traffic is no longer traversing
the physical interface.
c. Find the Linux01.eth0 row.
d. After 30 seconds of statistics collection, record the values for Linux01.eth0 in the
Linux01.eth0 column in the class configuration handout.
MbTX/s
MbRX/s

Task 7: Stop the Test and Analyze Results
You use samples that you recorded to determine whether network performance was affected by the
simulated congestion in an expected manner and to determine the fastest network configuration.
1. Stop the test.
a. Switch to the Internet Explorer window and click the Linux01 console tab.
b. In the Linux01 console, press Ctrl+C to stop the client script.
c. Click the Linux02 console tab.
d. In the Linux02 console, kill the server process to end the server program.
kill process_id
process_id is the netserver process ID that appears in the ps command output.
2. Review the sample values that you recorded in task 6.
Q1. Do you see an obvious difference in network throughput for each test?
1. Yes. Network throughput values will vary.
Q2. Which test resulted in the highest throughput (highest values)?

2. The test with the client and server on the same port group.
Q3. Why was this test the fastest?

3. Because network I/O did not pass through the physical network hardware.

You end esxtop and you close the Linux01 and Linux02 console tabs. You also change the
vSphere DRS automation mode to Fully Automated.
1. In the MTPuTTY window, enter q to end esxtop.
2. Close the MTPuTTY session.
3. In the Internet Explorer window, close the Linux01 and Linux02 console tabs.
4. Power off Linux01 and Linux02.
5. On the vSphere Web Client tab, point to the Home icon and select Hosts and Clusters.

6. Change the vSphere DRS automation mode to Fully Automated.
a. In the left pane, select the SA Management cluster.
b. In the center pane, click the Configure tab.
c. Select vSphere DRS on the left and click Edit.
d. From the DRS Automation drop-down menu, select Fully Automated and click OK.
7. Migrate the local storage of Linux01 to shared storage.
a. Right-click Linux01 and select Migrate.
b. On the Select the migration type page, click Change storage only and click Next.
c. On the Select storage page, select SA-Shared-01-Remote and click Next.
d. On the Ready to complete page, click Finish.
e. In the Recent Tasks pane, monitor the migration task to completion.

Lab 13 Using vRealize Log Insight
Objective: Configure and use vRealize Log Insight

1. Configure vRealize Log Insight

2. Configure vRealize Log Insight to Ingest Data from vSphere
3. Create Events to Analyze
4. Examine vRealize Log Insight Dashboards
5. Use vRealize Log Insight Interactive Analytics to Search for an Event
6. Examine vRealize Log Insight Resource Usage
7. Create an Additional vRealize Log Insight User
8. Access vRealize Log Insight as Another User
9. Prepare for the Next Lab
Task 1: Configure vRealize Log Insight

You configure VMware vRealize Log Insight.
vRealize Log Insight license key
1. Open a new tab in Internet Explorer.
2. From the Favorites bar, select vRealize Log Insight.
3. If you receive a security exception, click the Continue to this website (not recommended)
link.
93
4. On the Setup page for vRealize Log Insight, click Next.
5. On the Choose Deployment Type page, click Start New Deployment.
It can take a couple of minutes to start the new deployment.
6. On the Admin Credentials page, configure the email address and password.
Option Action
Email Enter administrator@vclass.local.
New password Enter the standard lab password.
Confirm new password Enter the standard lab password.
7. Click Save and Continue.

8. On the License page, verify that the license is still valid.
9. If the license has expired, add a new license.
a. Click +Add New License.
b. In the License Key text box, enter the vRealize Log Insight license key provided by your
instructor.
c. Click Add License.
d. Click Save and Continue.
10. On the General Configuration page, do not join the customer experience improvement program.
a. Deselect the Join the VMware Customer Experience Improvement Program check
box.
b. Click Save and Continue.
11. On the Time Configuration page, synchronize server time with the ESXi host.
a. From the Sync Server Time With drop-down menu, select ESX/ESXi host.
b. Click Save and Continue.
12. On the SMTP Configuration page, click Skip.
13. On the Setup Complete page, click Finish.
94 Lab 13 Using vRealize Log Insight

Task 2: Configure vRealize Log Insight to Ingest Data from vSphere
You add your vSphere details to vRealize Log Insight so that it can use vSphere logs.
1. In the top-right corner, click the menu icon and select Administration.
2. In the left pane, click vSphere under Integration.

3. In the vSphere Integration panel, specify the vCenter Server name and login credentials.
Option Action
Hostname Enter sa-vcsa-01.vclass.local.
Username Enter administrator@vsphere.local.
Password Enter the standard lab password.
4. Click Test Connection.

Verify that the test is successful.
5. Click Save.
6. When the configuration is complete, click OK.
Task 3: Create Events to Analyze

You create events in the logs of ESXi hosts that will be analyzed by vRealize Log Insight. The
events are to allow and disallow access through the firewall for the SSH client.
2. Allow SSH client access through the firewall.
a. In the left pane, select sa-esxi-01.vclass.local.
b. In the center pane, click the Configure tab and select Security Profile on the left.
c. In the Firewall panel, click Edit.
d. In the Edit Security Profile dialog box, select the SSH Client check box.
e. Click OK.
Lab 13 Using vRealize Log Insight 95

3. Disallow SSH client access through the firewall.
a. In the Firewall panel, click Edit.
b. In the Edit Security Profile dialog box, deselect the SSH Client check box.
c. Click OK.
4. Repeat steps 2 and 3 for the sa-esxi-02.vclass.local and sa-esxi-03.vclass.local hosts.
Task 4: Examine vRealize Log Insight Dashboards

You examine the information provided by the standard dashboards available from vRealize Log
Insight.
1. Click the vRealize Log Insight tab.
2. At the top of the vRealize Log Insight interface, click Dashboards.
The Overview dashboard appears.
3. In the left pane, select Event Types and examine the dashboard.
For example, you can view the number of unique event types and the pie chart that shows the
unique event types by host name.
4. In the left pane, select Security and examine the dashboard.
For example, you can view the bar graph that shows the number of events that contain user
information over time.
5. From the drop-down menu in the top left pane, select VMware - vSphere.
The General-Overview dashboard appears.

6. At the top of the right pane, select Latest 48 hours of data from the drop-down menu.
7. Click the refresh icon and examine the changes made in the output.
8. In the left pane, select vSphere-Overview and examine the dashboard.
Most of the charts in the dashboard contain no results because vRealize Log Insight is only now
starting to collect data.
9. In the left pane, select vSphere-ESXi and examine the dashboard.
10. View the ESX/ESXi VOB events by component and event type panel.
The firewall.config.changed event type has a count of 6, which corresponds to the number of
times that you changed the firewall configuration on your ESXi hosts in task 3.
Task 5: Use vRealize Log Insight Interactive Analytics to Search for

an Event
You use vRealize Log Insight interactive analytics to search for types of events.
1. At the top of the vRealize Log Insight interface, click Interactive Analytics.
2. From the Chart Type drop-down menu, near the middle-right side of the window, select Line.

3. Notice how the graph display changes.
4. Search for events that contain the word firewall.
a. In the wide text box in the middle of the window, enter firewall.
b. From the time range drop-down menu, select Latest 6 hours of data.
c. Click the search icon.
d. View all the events that are found.

5. Create a filter to find firewall events for the sa-esxi-01 host.
a. Click Add Filter.
b. From the first drop-down menu, select hostname.
c. From the second drop-down menu, select contains.
d. In the text box, enter sa-esxi-01 and press Enter.
e. Click the search icon.

f. View all the events that are found.
6. Create a filter to find firewall events on the sa-esxi-01host that contain the word disable.
a. Click Add Filter.
b. From the first drop-down menu, select text.
c. From the second drop-down menu, select contains.
d. In the text box, enter disable and press Enter.
e. Click the search icon.

f. View all the events that are found.
g. Delete disable from the text box, enter enable, and press Enter.
h. Click the search icon.
i. View all the events that are found.
7. Clear the filters.
a. Click Clear All Filters.
b. Delete firewall from the search text box.
c. Click the search icon.

Task 6: Examine vRealize Log Insight Resource Usage
You use the reporting feature in vRealize Log Insight to examine the resources that it is using.
1. In the top-right corner, click the menu icon and select Administration.
2. In the left pane, select System Monitor.
3. In the center pane, select Resources and examine the output.
4. In the center pane, select Statistics and examine the output.
Task 7: Create an Additional vRealize Log Insight User

You create a user who can access vRealize Log Insight.
1. In the left pane, select Access Control.
2. In the center pane, select Users and click New User.
3. On the New User page, configure the users name, password, and role.
a. In the Username text box, enter regadmin.
b. In the Password text box, enter the standard lab password.
c. In the Roles panel, select the Dashboard User check box and deselect all other check
boxes.
d. Click Save.
Task 8: Access vRealize Log Insight as Another User

You log in to vRealize Log Insight as a user other than Admin, and you access various dashboards.
1. At the top right of the vRealize Log Insight interface, click admin and select Logout.
2. Log in to vRealize Log Insight as user regadmin.

a. In the Username text box, enter regadmin.
b. In the Password text box, enter the standard lab password and click Login.
3. Verify that Interactive Analytics does not appear at the top of the vRealize Log Insight
interface.
The user regadmin is allowed only to view dashboards.

4. Examine various dashboards.
a. At the top of the vRealize Log Insight interface, click Dashboards.
b. Ensure that General is selected from the drop-down menu at the top of the left pane.
c. In the left pane, select Overview and examine the dashboard.
d. In the left pane, select Event Types and examine the dashboard.
e. In the left pane, select Security and examine the dashboard.
f. From the drop-down menu at the top of the left pane, select VMware - vSphere.
g. In the left pane, select General-Overview and examine the dashboard.
h. In the left pane, select vSphere-Overview and examine the dashboard.
5. At the top right of the vRealize Log Insight interface, click regadmin and select Logout.
6. In the Internet Explorer window, close the vRealize Log Insight tab.
Task 9: Prepare for the Next Lab

In preparation for the next lab, you add a second adapter to the VCHA virtual machine and you
power on the VCHA virtual machine.
1. In the vSphere Web Client tab, point to the Home icon and select Hosts and Clusters.
2. Add a second network adapter to the VCHA virtual machine.
a. In the left pane, right-click VCHA and select Edit Settings.
The Edit Settings dialog box appears.
b. Near the bottom of the dialog box, select Network from the New device drop-down menu.
c. Click Add.
The new network adapter is added to the virtual hardware list.
d. Select pg-VCHA-Cluster from the New Network drop-down menu.
You might have to select Show more networks from the drop-down menu before you can
select the pg-VCHA-Cluster network.
e. In the Edit Settings dialog box, click OK.
3. Power on the VCHA virtual machine.
The VCHA virtual machine takes a few minutes to start up completely.
You use the VCHA virtual machine to configure VMware vCenter Server High Availability in
the next lab.

Lab 14 Using vCenter Server High
Availability
Objective: Configure vCenter Server Appliance for high

availability
1. Configure the vCenter Server High Availability Network

2. Log In to the High Availability vCenter Server Appliance Instance
3. Configure vCenter Server High Availability
4. Create the Passive Node
5. Create the Witness Node
6. Finish Configuring vCenter Server High Availability
7. (Optional) Redo the vCenter Server High Availability Configuration If Failure Occurred
8. Manually Initiate a vCenter Server Failover
9. Verify That Your vCenter Server Failover Occurred
10. Prepare for the Next Lab
103
Task 1: Configure the vCenter Server High Availability Network
At the end of lab 13, you added the second network adapter to the vCenter Server Appliance
instance that you will use for this lab exercise. The second network adapter is used for the private,
vCenter Server High Availability network, which is used for communication between the vCenter
Server High Availability nodes.
You ensure that the vCenter Server Appliance instance is powered on, you view information about
the network adapters, and you verify that the second network adapter is online.
3. In the left pane, verify that the VCHA virtual machine is powered on.
4. If you did not power on VCHA before the start of the lab, power on the virtual machine now.
5. View information about the network adapters connected to VCHA.
a. In the left pane, select VCHA.
c. Expand the VM Hardware panel.
d. Verify that Network adapter 1 is connected to the pg-VCHA-Management network.
e. Verify that Network adapter 2 is connected to the pg-VCHA-Cluster network.
pg-VCHA-Cluster is the private network used for communication between the vCenter
Server High Availability nodes.
6. Verify that the second network adapter on VCHA is online.
a. Open a new tab in the Internet Explorer window.
b. In the URL box, enter https://vcha.vclass.local:5480.
vcha.vclass.local is the name of the vCenter Server Appliance instance that you will make
highly available.
c. If you receive a security exception, click the Continue to this website link to display the
login screen.
The VMware vSphere Appliance Management login page appears.
d. Log in as user root with the standard lab password.
e. In the Navigator pane, select Networking and click the Manage tab.
f. Under Networking Interfaces, verify that both nic0 and nic1 are up.
104 Lab 14 Using vCenter Server High Availability

7. If nic1 is down, then configure the IP settings for nic1.
a. Click Edit next to Networking Interfaces.
The Edit IP Configuration dialog box appears.
b. Expand nic1 and click Use the following IPv4 settings.
c. In the IPv4 Address text box, enter 192.168.1.95.
d. In the IPv4 Address Prefix text box, enter 24.
e. Keep the rest of the defaults and click OK.
f. Verify that the status of nic1 is Up.
8. In the Navigator pane, select Access.
9. In the right pane, verify that SSH Login is enabled.
10. Log out of the Virtual Appliance Management interface and close the tab.
Task 2: Log In to the High Availability vCenter Server Appliance

Instance
You use vSphere Web Client to log in to the vCenter Server Appliance instance that will be
configured for high availability.
1. Open a new tab in Internet Explorer.
2. In the Favorites bar, select vSphere Web Clients > VCHA.
3. When the security exception for vSphere Web Client appears, click the Continue to this
website link to display the login screen.
If you did not power on VCHA before the start of this lab, then the Web server takes a few
minutes to initialize. When the Web server finishes initializing, the VMware vCenter Single
Sign-On login page appears.
4. In the User name text box, enter administrator@vcha.local.
The domain is vcha.local, not vsphere.local.
5. In the Password text box, enter the standard lab password.
6. Click Login.
The vSphere Web Client page appears.
Lab 14 Using vCenter Server High Availability 105

Task 3: Configure vCenter Server High Availability
You configure the vCenter Server Appliance instance for high availability. You perform the
advanced configuration, which means that you must manually create the passive node and the
witness node.
1. In the left pane, select vcha.vclass.local.
2. In the center pane, click the Configure tab and select vCenter HA on the left.
3. In the upper-right corner of the center pane, click Configure.
The Configure vCenter HA wizard appears.
4. On the Select a configuration option page, select Advanced and click Next.
5. On the Connection IP settings page, configure the IP settings for the passive node and the
witness node.
a. Under Passive Node, enter 192.168.1.96 in the vCenter HA IP address text box.
This address is the IP address on the private vCenter Server High Availability network for
the passive node.
b. In the Subnet mask (prefix for IPv6) text box, enter 255.255.255.0.
c. Under Witness Node, enter 192.168.1.97 in the vCenter HA IP address text box.
This address is the IP address on the private network for the witness node.
d. In the Subnet mask (prefix for IPv6) text box, enter 255.255.255.0.
e. Click Next.
The Clone VMs page appears. Do not click Finish yet.
You must create the passive node and the witness node before you can complete the
vCenter Server High Availability configuration.
Task 4: Create the Passive Node

You create the passive node by cloning the vCenter Server High Availability active node. The active
node is the vCenter Server Appliance instance, VCHA. The passive node is created on sa-esxi-
02.vclass.local.
1. In Internet Explorer, switch to the vSphere Web Client tab for sa-vcsa-01.vclass.local.
2. In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine.
The Clone Existing Virtual Machine wizard appears.
3. On the Select a name and folder page, enter VCHA-Passive for the virtual machine name and
click Next.

4. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi-
02.vclass.local.
5. Click Next.
6. On the Select storage page, select the datastore and virtual disk format.
a. Select SA-ESXi-02-Local.
b. From the Select virtual disk format drop-down menu, select Same format as source.
c. Click Next.
7. From the Select clone options page, select the Customize the operating system check box and
select the Power on virtual machine after creation check box.
8. Click Next.
9. On the Customize guest OS page, create a new customization specification for the passive node.
A preconfigured customization specification named VCHA Passive Specification was created
for the sake of convenience. As an alternative to performing step 9, you can select VCHA
Passive Specification and click Next, instead of creating a new customization specification.
a. Click the Create a new specification icon.
The New VM Guest Customization Spec wizard appears.
b. On the New Customization Specification page, enter the name of your choice in the
Customization Spec Name text box and click Next.
c. On the Computer Name page, select the Enter a name check box and enter vcha in the
text box.
The computer name of the passive node must match the computer name of the active node.
d. In the Domain name text box, enter vclass.local and click Next.
e. On the Time Zone page, configure the time zone settings and click Next.
Option Action
Area Select America.
Location Select Los Angeles.
f. On the Configure Network page, select NIC1 and click the Edit icon.
g. Click Use the following IP settings.

h. Configure the IP settings for NIC1 and click OK.
Option Action
IP Address Enter 172.20.110.95.
This IP address is the public address of the active node.
Subnet Mask Enter 255.255.255.0.
Default Gateway Enter 172.20.110.10.
Alternate Gateway Leave blank.
i. On the Configure Network page, select NIC2 and click the Edit icon.
j. Click Use the following IP settings.
k. Configure the IP settings for NIC2 and click OK.
Option Action
Default Gateway Leave blank.
l. On the Configure Network page, click Next.

m. On the Enter DNS and Domain Settings page, configure the DNS and domain information
and click Add.
Option Action
Primary DNS Enter 172.20.110.10.
Secondary DNS and Tertiary DNS Leave blank.
DNS Search Path Enter vclass.local.

n. Click Next.
o. On the Ready to complete page, review the settings and click Finish.
The Clone Existing Virtual Machine wizard reappears.
p. On the Customize guest OS page, select the passive node customization specification that
you created and click Next.
11. View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion.
This task takes several minutes to complete.
You must wait for this task to complete before going to the next task.
12. In the left pane, verify that the VCHA-Passive virtual machine appears and is powered on.
Task 5: Create the Witness Node

You create the witness node by cloning the vCenter Server High Availability active node. The active
node is the vCenter Server Appliance instance, VCHA. The witness node is created on sa-esxi-
03.vclass.local.
1. In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine.
The Clone Existing Virtual Machine wizard appears.
2. On the Select a name and folder page, enter VCHA-Witness for the virtual machine name and
click Next.
3. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi-
03.vclass.local.
4. Click Next.
5. On the Select storage page, select the datastore and virtual disk format.
a. Select SA-ESXi-03-Local.
b. From the Select virtual disk format drop-down menu, select Same format as source.
c. Click Next.
6. From the Select clone options page, select the Customize the operating system check box and
select the Power on virtual machine after creation check box.
7. Click Next.

8. On the Customize guest OS page, create a new customization specification for the witness node.
A preconfigured customization specification named VCHA Witness Specification was created
for the sake of convenience. As an alternative to performing step 8, you can select VCHA
Witness Specification and click Next, instead of creating a new customization specification.
a. Click the Create a new specification icon.
The New VM Guest Customization Spec wizard appears.
b. On the New Customization Specification page, enter the name of your choice in the
Customization Spec Name text box and click Next.
c. On the Computer Name page, select the Enter a name check box and enter vcha-
witness in the text box.
The computer name of the witness node must not match the computer name of the active
node.
d. In the Domain name text box, enter vclass.local and click Next.
e. On the Time Zone page, configure the time zone settings and click Next.
Option Action
Area Select America.
Location Select Los Angeles.
f. On the Configure Network page, select NIC1 and click the Edit icon.
g. Leave Use DHCP to obtain an IP address automatically clicked and click OK.
h. On the Configure Network page, select NIC2 and click the Edit icon.
i. Click Use the following IP settings, configure the IP settings for NIC2, and click OK.
Option Action
Default Gateway Leave blank.

j. On the Configure Network page, click Next.
k. On the Enter DNS and Domain Settings page, configure the DNS and domain information
and click Add.
Option Action
Primary DNS Enter 172.20.110.10.
Secondary DNS and Tertiary DNS Leave blank.
DNS Search Path Enter vclass.local.
l. Click Next.
m. On the Ready to complete page, review the settings and click Finish.
The Clone Existing Virtual Machine wizard reappears.
n. On the Customize guest OS page, select the witness node customization specification that
you created and click Next.
10. View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion.
This task takes several minutes to complete.
You must wait until this task completes before continuing.
11. In the left pane, verify that the VCHA-Witness virtual machine appears and is powered on.
12. Wait at least one minute before going to the next task.
Waiting for at least one minute gives the wizard enough time to finish preparing the witness
node.
Task 6: Finish Configuring vCenter Server High Availability

With the passive node and the witness node created, you finish configuring vCenter Server High
Availability on the high availability vCenter Server Appliance instance.
1. In Internet Explorer, switch to the vSphere Web Client tab for vcha.vclass.local.
The Configure vCenter HA wizard is open.
2. On the Clone VMs page, click Finish to complete the vCenter High Availability configuration.

3. While you wait for the configuration task to complete, view the Recent Tasks pane to monitor
the configuration task.
The configuration task takes several minutes to complete.
4. Verify that vCenter Server High Availability is successfully configured.
a. Verify that the center pane shows that vCenter HA is enabled.
b. In the upper-right corner of the center pane, click the vCenter HA Monitoring link.
c. Verify that the health is good for the active, passive, and witness nodes.
d. In the upper-right corner of the center pane, click the vCenter HA Settings link.
Task 7: (Optional) Redo the vCenter Server High Availability

Configuration If Failure Occurred
You remove the existing passive and witness nodes, and you revert the VCHA virtual machine to a
known good starting point.
IMPORTANT
Perform this task only if your vCenter Server High Availability configuration failed in task 6. If you
successfully configured vCenter Server High Availability in task 6, go to task 8.
1. In Internet Explorer, switch to the vSphere Web Client tab for sa-vcsa-01.local.
3. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines.
4. Revert to the last snapshot for VCHA.
a. Right-click VCHA and select Snapshots > Revert to Latest Snapshot.
b. Click Yes to confirm reverting to the latest (most recent) snapshot.
The latest snapshot has network adapter 2 already configured for you.
5. Delete the VCHA-Passive and VCHA-Witness virtual machines.
a. Right-click VCHA-Passive and select Delete from Disk.
b. Click Yes to confirm deletion.
c. Right-click VCHA-Witness and select Delete from Disk.
d. Click Yes to confirm deletion.
6. Perform tasks 2 through 6 again.

Task 8: Manually Initiate a vCenter Server Failover
You use vSphere Web Client to initiate a vCenter Server failover from the active vCenter Server
Appliance instance.
1. In the upper-right corner in the center pane, click Initiate Failover.
2. In the Initiate vCenter HA Failover window, click Yes.
As the failover takes place, connectivity to the vCenter Server Appliance instance is lost for a
short time.
It might take 5 minutes before you see the Connection Error dialog box indicating a loss of
connectivity to the vCenter Server Appliance instance.
3. After connectivity to the vCenter Server instance is lost, close the vSphere Web Client tab to
vcha.vclass.local.
4. Open a new tab and select vSphere Web Clients > VCHA in the Favorites bar.
Failover takes several minutes to complete. It will still be in progress.
5. Periodically click the Refresh icon in the Web browser to refresh the tab.
You can expect to see Failover in Progress messages every time you refresh the browser
page for as long as 15 minutes before you see the VMware vCenter Single Sign-On screen.
Failover is complete when the VMware vCenter Single Sign-On screen appears.
Task 9: Verify That Your vCenter Server Failover Occurred

You use vSphere Web Client to examine the settings and events to verify that the active vCenter
Server instance is the peer vCenter Server instance.
1. In the vSphere Web Client tab for vcha.vclass.local, log in to as administrator@vcha.local with
It might take up to 5 minutes after you log in before the vSphere Web Client screen appears.
2. In the left pane, click vcha.vclass.local at the top of the inventory tree.
3. In the center pane, click the Configure tab and click vCenter HA on the left.
4. In the center pane, select the Active node.
5. In the Active Settings pane, view the IP address of the active node.
The IP address belongs to the VCHA-Passive virtual machine.
6. Verify that the virtual machine is the passive node, VCHA-Passive.
7. In the center pane, click the Monitor tab and click Tasks & Events.

8. Select Tasks on the left and examine the output for indications that a vCenter Server failover
was initiated.
9. Select Events and examine the output for indications that a vCenter Server failover occurred.
10. In the center pane, click the Monitor tab and click vCenter HA.
11. Examine the health of the cluster.
12. Close the vSphere Web Client tab to vcha.vclass.local.
Task 10: Prepare for the Next Lab

In preparation for the next lab, you power off all the vCenter Server High Availability nodes, and
you power on the LAB-VCS-01 virtual machine.
1. On the vSphere Web Client tab for sa-vcsa-01.vclass.local, point to the Home icon and select
Hosts and Clusters.
2. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines.
3. Power on the LAB-VCS-01 virtual machine.
LAB-VCS-01 takes a few minutes to start up completely.
The LAB-VCS-01 virtual machine is a Windows vCenter Server 5.5 system that you migrate to
a vCenter Server Appliance instance in the next lab.

Lab 15 Migrating Windows vCenter
Server to vCenter Server Appliance
Objective: Migrate a Windows vCenter Server instance to

vCenter Server Appliance
1. Confirm That vCenter Server for Windows Is Running

2. Start the Migration Assistant on the Windows vCenter Server System
3. Run the vCenter Server Appliance Installer and Perform Stage 1 of the Migration Process
4. Monitor Stage 1 of the Deployment Process
5. Perform Stage 2 of the Deployment Process
6. Confirm Successful Migration
7. Clean Up for Later Labs
Task 1: Confirm That vCenter Server for Windows Is Running

You log in to the Windows vCenter Server 5.5 system, verify that vCenter Server is running, and
view its inventory.
1. In the Internet Explorer window, go to the vSphere Web Client tab for sa-vcsa-01.vclass.local.
3. In the left pane, verify that the LAB-VCS-01 virtual machine is powered on.
4. If the LAB-VCS-01 virtual machine is not powered on, power it on and wait a few minutes for
it boot up completely and for the vCenter services to start.
115
5. Use vSphere Web Client to log in to the Windows vCenter Server system.
a. Open a new tab in Internet Explorer.
b. From the Favorites bar, select vSphere Web Clients > LAB-VCS-01.
This shortcut goes to https://lab-vcs-01.vclass.local:9443/vsphere-client.
If you did not power on LAB-VCS-01 before the start of this lab, then it takes a few
minutes for the vSphere Client Web server to initialize. When the Web server finishes
initializing, the vSphere Web Client login screen appears.
d. In the login screen, enter administrator@vsphere.local in the User name text box.
e. In the Password text box, enter the standard lab password and click Login.
6. Verify that vCenter Server 5.5 for Windows is running.
a. From the Help menu in the upper-right corner, select About VMware vSphere.
The About VMware vSphere window appears.
b. View the vSphere Web Client line (the first line in the window) and verify that you are
running version 5.5.0.
c. Click OK to close the About VMware vSphere window.
7. On the Home page, point to the Home icon and select Hosts and Clusters.
8. In the left pane, verify that you have two objects: Training Datacenter and Lab Cluster.
9. Close the vSphere Web Client tab to lab-vcs-01.vclass.local.
116 Lab 15 Migrating Windows vCenter Server to vCenter Server Appliance

Task 2: Start the Migration Assistant on the Windows vCenter Server
System
The Migration Assistant is an application that runs on the Windows vCenter Server 5.5 system. You
use the Migration Assistant to extract the configuration data from the Windows vCenter Server 5.5
system and send it to a vCenter Server Appliance 6.5 instance.
The Migration Assistant is in the migration-assistant folder.
1. Open a console to the LAB-VCS-01 virtual machine.
a. Click the Remote Desktop Connection Manager icon in the Windows desktop toolbar.
The Remote Desktop Connection Manager window appears.

b. In the left pane, double-click LAB-VCS-01 (vclass.local).
c. If you do not connect to LAB-VCS-01, then right-click LAB-VCS-01 (vclass.local) and
select Connect server.
The desktop for LAB-VCS-01 appears in the center pane.
2. Open the Migration-assistant folder on the LAB-VCS-01 desktop.
3. Double-click VMware-Migration-Assistant to start the Migration Assistant.
The Migration Assistant console window appears.
4. If you see a security warning, click Run.
5. For the Administrator@vsphere.local password, enter the standard lab password.
Extracting the Migration Assistant scripts and running the prechecks takes a couple of minutes.
Information about the existing deployment appears on the screen. The migration steps are also
detailed there.
6. Wait until the Waiting for migration to start message appears.
The Migration Assistant pauses at this screen while the migration is in progress.
IMPORTANT
Do not close the console until the migration is complete.
7. Minimize the Remote Desktop Connection Manager window.
You return to this window later.
Lab 15 Migrating Windows vCenter Server to vCenter Server Appliance 117

Task 3: Run the vCenter Server Appliance Installer and Perform Stage
1 of the Migration Process
You use the vCenter Server Appliance installer to perform stage 1 of the migration process.
1. Mount the vCenter Server Appliance installer ISO file.
a. On the Student-a-01desktop, double-click Class Materials and Licenses.
b. Double-click Downloads.
c. Double-click VMware-VCSA-all-6.5.0.iso.
This file contains the vCenter Server Appliance installer ISO image.
The installer ISO file is mounted as the E: drive.
2. Run the vCenter Server Appliance installer program.
a. Navigate to vcsa-ui-installer\win32.
The installer.exe file is in this folder.
b. Double-click installer.exe to start the migration process.
c. If you see a security warning, click Run.
The vCenter Server Appliance 6.5 Installer window appears.
3. Select the Migrate option.
The Migrate - Stage 1: Deploy appliance wizard appears.
4. On the Introduction page, read the information about what occurs during the migration process
and click Next.
5. On the End user license agreement page, accept the license agreement and click Next.
6. On the Connect to source server page, specify the Windows vCenter Server instance.
a. In the Source Windows server text box, enter lab-vcs-01.vclass.local.
b. In the SSO password text box, enter the standard lab password and click Next.
c. In the Verify Thumbprint window, click Yes to accept the certificate.

7. On the Appliance deployment target page, specify the ESXi host on which to deploy the
vCenter Server Appliance instance.
a. In the ESXi host or vCenter Server name text box, enter sa-esxi-01.vclass.local.
In this lab, you deploy to an ESXi host. However, you can deploy to a vCenter Server
system as well.
b. In the User name text box, enter root.
c. In the Password text box, enter the standard lab password and click Next.
d. In the Certificate Warning window, click Yes to accept the certificate.
8. On the Set up target appliance VM page, configure the appliance name and the root password.
a. In the VM name text box, enter VCSA-02.vclass.local.
b. In the Root password and Confirm root password text boxes, enter the standard lab
password and click Next.
9. On the Select deployment size page, keep the default (Tiny) and click Next.
10. On the Select datastore page, specify the datastore information.
a. Select the SA-ESXi-01-Local datastore.
b. Select the Enable Thin Disk Mode check box and click Next.
11. On the Configure network settings page, configure the vCenter Server Appliance network settings.
Option Action
Network Select pg-SA Management.
This port group uses ephemeral port binding,
which is a requirement for the migration.
IP version Select IPv4.
IP assignment Select static.
Temporary IP address Enter 172.20.10.70.
Subnet mask or prefix length Enter 24.
Default gateway Enter 172.20.10.10.
DNS servers Enter 172.20.10.10.
12. Click Next.

13. On the Ready to complete stage 1 page, review your settings and click Finish.
Stage 1 takes several minutes to complete.
14. Go to the next task to monitor the progress of stage 1.
Task 4: Monitor Stage 1 of the Deployment Process

You monitor the progress of stage 1 of the deployment process.
1. Use VMware Host Client to log in to SA-ESXi-01.
a. In the Internet Explorer window, open a new tab.
b. In the Favorites toolbar, select Host Clients > SA-ESXi-01.
c. If you receive a security exception for VMware Host Client, click the Continue to this
website link.
The ESXi login page appears.
d. On the login page, enter root in the User name text box.
e. Enter the standard lab password in the Password text box.
f. Click Log in.
g. In the informational message window, deselect the Join CEIP check box and click OK.
The VMware Host Client page appears.
2. Open a console window to monitor the deployment of vCenter Server Appliance.
a. In the left pane, click Virtual Machines.
b. Wait until VCSA-02.vclass.local is powered on.
c. In the center pane, right-click VCSA-02.vclass.local and select Console > Open console
in new window.
3. Monitor the progress of the stage 1 deployment process.
a. Position the VCSA-02 console window and the vCenter Server Appliance Installer
progress bar window so that both windows are visible on your monitor.
Or you can alternate between viewing the two windows.
b. Notice changes that occur on the console screen.
For example, if the progress bar is at about 80 percent, the VCSA-02 console window
changes to a virtual appliance screen.
c. In the vCenter Server Appliance Installer progress bar window, wait for stage 1 to be 100
percent complete.
d. When stage 1 is complete, click Continue.
The Stage 2: vCenter Server Appliance with an Embedded PSC wizard appears.

4. Monitor messages in the Migration Assistant on the Windows vCenter Server system.
a. Switch back to the Migration Assistant in the Remote Desktop Connection Manager window.
b. Confirm that the Successfully returned cached prechecks result message
appears in the Migration Assistant output.
c. Return to the vCenter Server Appliance Installer window.
Task 5: Perform Stage 2 of the Deployment Process

You perform stage 2 of the migration process.
1. On the Introduction page of the vCenter Server Appliance Installer window, read the
information and click Next.
2. On the Join AD Domain page, configure the Active Directory domain settings.
Option Action
AD domain Verify that the domain is vclass.local.
AD User name Enter administrator.
AD Password Enter the standard lab password.
3. Click Next.
4. On the Select migration data page, select Configuration, events, tasks, and performance
metrics and click Next.
5. On the Configure CEIP page, deselect the Join the VMwares Customer Experience
Improvement Program (CEIP) check box and click Next.
6. On the Ready to complete page, select the I have backed up the source vCenter Server and
all the required data from the database check box.
7. Click Finish.
The Shutdown Warning window warns that vCenter Server will shut down when the network
configuration is enabled on the destination vCenter Server Appliance.

8. Click OK.
The rest of the migration takes about 30 minutes to complete:
Data transfer - Export data: Data will be copied from the source vCenter Server instance to
the target vCenter Server instance.
Shutdown source machine: After the data is copied, the source vCenter Server instance will
be shut down.
Copy data from source vCenter Server to target vCenter Server: The Active Directory
configuration will be applied.
Set up target vCenter Server and start services: The vCenter Server service will be configured.
Import data: Some vCenter services will be stopped, and the data copied from the source
vCenter Server instance will be imported to the target vCenter Server instance.
Migration complete: After the data is transferred, the migration of the Windows vCenter
Server instance to the vCenter Server Appliance instance is complete.
When stage 2 is complete, the Complete screen appears.
9. Click Close to exit the vCenter Server Appliance Installer.

Task 6: Confirm Successful Migration
You confirm that the Windows vCenter Server system was migrated to vCenter Server Appliance.
1. Use vSphere Web Client to log in to the newly migrated vCenter Server instance.
a. Open a new Internet Explorer tab.
b. From the Favorites bar, select vSphere Web Clients > LAB-VCS-01.
d. Log in with the vCenter Server Appliance user name and the standard lab password.
2. Point to the Home icon and select Host and Clusters.
3. In the left pane, select LAB-VCS-01.vclass.local.
4. In the center pane, click the Summary tab.
5. In the Version Information panel, verify that the version is 6.5.
6. In the left pane, verify that you have two objects in the inventory tree: Training Datacenter and
Lab Cluster.
7. Point to the Home icon and select Administration.
8. In the left pane, select System Configuration.
9. Select Nodes.
10. Select LAB-VCS-01.vclass.local and review the information about the vCenter Server
Appliance instance.
11. Log out of vSphere Web Client and close the tab.
Task 7: Clean Up for Later Labs

You delete the new vCenter Server Appliance instance to free up resources in the lab.
1. Click the vSphere Web Client tab for sa-vcsa-01.vclass.local.
3. In the left pane, select VCSA-02.vclass.local.
4. Shut down VCSA-02.vclass.local.
5. Right-click VCSA-02.vclass.local and select Delete from Disk.

Lab 16 Configuring Lockdown Mode
Objective: Configure and test lockdown mode

1. Start the vSphere ESXi Shell and SSH Services

2. Test the SSH Connection
3. Enable and Test Lockdown Mode
4. Disable Lockdown Mode
5. Examine the DCUI.Access List
Task 1: Start the vSphere ESXi Shell and SSH Services

You use vSphere Web Client to start VMware vSphere ESXi Shell and SSH services on your
host.
1. In the Internet Explorer window, click the vSphere Web Client tab to sa-vcsa-01.vclass.local.
3. In the left pane, select sa-esxi-01.vclass.local.
5. On the left under System, click Security Profile.
6. In the center pane, scroll down to the Services panel.
To make navigation easier, you can minimize the Firewall Incoming Connections list and the
Firewall Outgoing Connections list.
7. Click Edit next to Services.
125
8. Verify that the vSphere ESXi Shell service is running.
a. In the Edit Security Profile window, select ESXi Shell.
b. In the Service Details pane, confirm that the correct settings are configured.
Startup policy is set to Start and stop with host.
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.
By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
9. Verify that the SSH service is running.
a. In the Edit Security Profile window, select SSH.
b. In the Service Details pane, confirm that the correct settings are configured.
Startup policy is set to Start and stop with host.
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.
By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
d. Click OK.
Task 2: Test the SSH Connection

You use MTPuTTY to connect to the ESXi host and confirm that SSH is working.
1. Click MTPuTTY in the Windows desktop taskbar.
The MTPuTTY utility window appears.
2. In the left pane, double-click SA-ESXi-01.
A new SA-ESXi-01 tab opens in the center pane.
MTPuTTY is configured to automatically log in to the ESXi host as user root.
3. If the login is successful, enter exit.
126 Lab 16 Configuring Lockdown Mode

Task 3: Enable and Test Lockdown Mode
You use vSphere Web Client to enable lockdown mode for your assigned ESXi host.
2. In the left pane, select sa-esxi-01.vclass.local.
4. On the left, click Security Profile and scroll down until the Lockdown Mode panel is visible.
5. Enable normal lockdown mode.
a. Click Edit next to Lockdown Mode.
The Lockdown Mode wizard appears.
b. On the Lockdown Mode page, click Normal.
c. Click Exception Users on the left.
Users are not listed.
d. Click OK.
6. Verify that normal lockdown mode works properly.
The user root must be denied access in an SSH session. In general, all users, including user root,
will be denied access in an SSH session.
a. Go to the MTPuTTY window.
b. In the left pane, double-click SA-ESXi-01.
MTPuTTY automatically tries to log in as root.
c. Verify that user root is not logged in and that the Access Denied message appears.
d. Close the MTPuTTY window.
Task 4: Disable Lockdown Mode

You use vSphere Web Client to disable lockdown mode.
2. Click Edit next to Lockdown Mode.
3. On the Lockdown Mode page, click Disabled.
4. Click OK.
Lab 16 Configuring Lockdown Mode 127

Task 5: Examine the DCUI.Access List
The DCUI.Access list is a list of local users on an ESXi host. These users have rights to disable
lockdown mode when a catastrophic failure occurs and administrators need direct host access again.
These users do not need the administrator role on the ESXi host.
1. In the center pane on the left, click Advanced System Settings under System.
2. In the Advanced System Settings pane, scroll down to the DCUI.Access entry.
You can also use the Filter box and search for DCUI.
3. Examine the value of the DCUI.Access setting.
The root user is added to the DCUI.Access list by default. Thus, the root user can disable
lockdown mode but cannot bypass lockdown mode.
128 Lab 16 Configuring Lockdown Mode

Lab 17 Working with Certificates
Objective: Generate and replace a vCenter Server

certificate
1. Examine vSphere Certificates

2. Create a Windows 2012 Certificate Authority Template for vSphere
3. Create a Certificate Signing Request
4. Download the CSR to the Student Desktop
5. Request a Signed Custom Certificate
6. Replace a Machine Certificate with the New Custom Certificate
Task 1: Examine vSphere Certificates

You examine the default certificates issued by VMware Certificate Authority in a nonproduction
vCenter Server system.
1. In the Internet Explorer window, go to the vSphere Web Client tab for sa-vcsa-01.vclass.local.
2. Point to the Home icon and select Administration.
3. In the left pane, click System Configuration.
4. In the left pane, click Nodes and click sa-vcsa-01.vclass.local.
5. In the center pane, click the Manage tab and click Certificate Authority.
6. In the Certificate Authority panel, click the Verify password link.
129
7. In the Password text box, enter the standard lab password and click OK.
Q1. How many active certificates are in the certificate store for this node?
1. The total might vary. Typically, eight or more certificates are in the Active Certificates list.
Q2. How long are the certificates valid for?

2. By default, tickets issued by VMware CA are valid for 10 years.
Q3. On what date do the certificates expire?

3. The expiration date varies in different lab environments.
8. Select the first C=US,CN=sa-vcsa-01.vclass.local certificate in the list.

9. Record the expiration date of the certificate. __________
10. Click the Show Details for certificate icon.
Q4. Who issued the certificate?

4. The Issuer Common Name field contains CN=CA, which indicates that VMware CA issued the
certificate.
11. Click OK.

12. Widen the Subject column in the center pane until you can see the CN= part of the subject
name for each certificate.
13. Select the first certificate in the list that has a Subject field that begins with OU=.
Q5. Based on the Common name field under Subject, what is the type of this
certificate?
5. The certificate is a machine certificate.
15. Click OK.
130 Lab 17 Working with Certificates

16. Use the Show Details for certificate icon to examine the other certificates with Subject fields
that begin with OU=.
These certificates are called vSphere solution user certificates.
Q6. How many solution user certificates do you see?

6. Five solution user certificates are in this configuration.
Q7. What are the names of the solution users that have certificates (from the
Subject field)?
7. Machine, vsphere-webclient, vpxd, vpxd-extension, and localhost.
17. In the center pane, click Root Certificates.

18. Select the root certificate in the list.
The certificate begins with OU=VMware Engineering.
Q8. What is the organization in the Issuer section of this certificate?

8. The organization is the name of your Platform Services Controller instance, which, in this lab
environment, is embedded in the vCenter Server instance. In this lab configuration, the name is
sa-vcsa-01.vclass.local. This name is specified in the O= field in the Subject field. This certificate
is the VMware CA root certificate in which VMware CA is a standalone root certificate authority.
20. Click OK.
Task 2: Create a Windows 2012 Certificate Authority Template for

vSphere
You create a vSphere 6.5 certificate template on a Windows 2012 Server domain controller that you
can use to create certificates that work with vSphere 6.5. The certificate template can be used to
create machine SSL or solution user certificates in VMware CA.
1. Open a console to dc.vclass.local.
a. Click the Remote Desktop Connection Manager icon in the Windows desktop toolbar.
The Remote Desktop Connection Manager window appears.
b. In the left pane, double-click DC (vclass.local).
The desktop for dc.vclass.local appears in the center pane.
You are automatically logged in as a domain administrator.
Lab 17 Working with Certificates 131

2. Open the certification authority console.
a. Click the Windows Start button on the dc.vclass.local desktop.
b. On the Apps page, click the up arrow icon.
c. Click Administrative Tools.
d. In the Administrative Tools window, double-click Certification Authority.
The Certification Authority window appears.
3. Open the certificate templates console.
a. Expand vclass-DC-CA.
b. Right-click Certificate Templates and select Manage.
4. Configure a new certificate template.
a. Right-click the existing Web Server template and select Duplicate Template.
The Properties of New Template dialog box appears.
b. Click the General tab and enter vSphere65 in the Template display name text box.
c. Click the Extensions tab.
d. Select Key Usage and click Edit.
e. In the Edit Key Usage Extension dialog box, select the Signature is proof of origin
(nonrepudiation) check box and the Allow encryption of user data check box.
f. Click OK.
g. Select Application Policies and click Edit.
h. In the Edit Application Policies Extension dialog box, click Add and select Client
Authentication.
i. Click OK and click OK again.
j. Click the Request Handling tab and select the Allow private key to be exported check box.
k. Click OK to save the new certificate template.
l. Close the Certificate Templates Console window.

5. Enable the new certificate template.
a. In the Certification Authority console window, right-click Certificate Templates and
select New > Certificate Template to Issue.
The Enable Certificate Templates window appears.
b. Select vSphere65 and click OK.
c. Close all open windows.
d. In the left pane of the Remote Desktop Connection Manager, right-click DC (vclass.local)
and select Disconnect server.
6. Close the Remote Desktop Connection Manager window.
Task 3: Create a Certificate Signing Request

You use vSphere Certificate Manager to create a certificate signing request (CSR) that you use to
request a signed custom certificate from the domain controller certificate authority (CA) for the lab.
1. Start an SSH session with SA-VCSA-01.
a. Click MTPuTTY in the Windows desktop toolbar.
The MTPuTTY utility window appears.
b. In the left pane, double-click SA-VCSA-01.
A new SA-VCSA-01 tab opens in the center pane.
c. Enter shell to start a Bash shell.
2. Create a certificate signing request.
a. Enter /usr/lib/vmware-vmca/bin/certificate-manager and press Enter.
The vSphere Certificate Manager program starts.
b. Enter 1 to select the Replace Machine SSL certificate with Custom Certificate option.
c. Press Enter to accept the default user name of Adminstrator@vsphere.local.
d. Enter the standard lab password.
e. Enter 1 to select the Generate Certificate Signing Request option.
f. For the output directory path, enter /var/tmp.
The /var/tmp directory on Linux and UNIX systems is a temporary directory. The
contents of the/var/tmp directory are not deleted during a reboot.

3. Configure the certificate properties.
a. For Country, press Enter to accept the default.
b. For Name, enter VMware.
c. For Organization, enter VMeduc.
d. For OrgUnit, enter vclass.
e. For State, press Enter.
f. For Locality, press Enter.
g. For IPAddress, press Enter.
h. For Email, enter certadmin@vclass.local.
i. For Hostname, enter sa-vcsa-01.vclass.local.
4. Enter 2 to exit vSphere Certificate Manager.
Task 4: Download the CSR to the Student Desktop

You download the CSR from the vCenter Server system to your student desktop.
1. Enter chsh -s /bin/bash to temporarily change the login shell of the root account to /bin/
bash.
This step is necessary for WinSCP to connect to the vCenter Server system so that you can
download the CSR to your student desktop.
2. Start the WinSCP application.
a. On the student desktop taskbar, click the WinSCP icon.

c. In the Warning dialog box, click Update to accept and remember the Certificate Lab vCenter
Server public key for SSH.
d. Click Continue to close the Authentication Banner dialog box.
In the WinSCP window, you should see the C:\Materials\Downloads folder on your
student desktop in the left pane and the /root directory on the vCenter Server Appliance
instance in the right pane.
3. Use the folder controls to navigate to the /var/tmp directory in the right pane.

4. If the left pane is not C:\Materials\Downloads, then use the folder controls to navigate to
the C:\Materials\Downloads folder.
5. Drag the vmca_issued_csr.csr and vmca_issued_key.key files from the /var/tmp
directory in the right pane to the C:\Materials\Downloads folder in the left pane.
This action copies the files from the vCenter Server system to the Downloads folder on your
student desktop.
6. Leave the WinSCP window open.
Task 5: Request a Signed Custom Certificate

You request a signed custom certificate from the domain controller CA for the lab.
1. Copy the contents of the vmca_issued_csr.csr file to the clipboard.
a. On your student desktop, open Windows Explorer and navigate to the
C:\Materials\Downloads folder.
b. Right-click the vmca_issued_csr.csr file and select Open with.
c. Open vmca_issued_csr.csr in WordPad.
d. Click Select all in the WordPad toolbar.
e. Press Ctrl+C to copy the selected text to the clipboard.
2. Go to the certificate services program on the domain controller and request a certificate.
a. On your student desktop, open a new Internet Explorer tab and go to
http://dc.vclass.local/certsrv.
b. Log in with user name administrator and the standard lab password.
c. On the Microsoft Active Directory Certificate Services page, click the Request a
certificate link.
d. Click the advanced certificate request link.
e. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file,
or submit a renewal request by using a base-64-encoded PKCS #7 file.
f. Under Saved Request, press Ctrl+V to paste the CSR text into the Base-64-encoded
certificate request text box.
g. From the Certificate Template drop-down menu, select vSphere65.
h. Click Submit.
i. Click Base 64 encoded.
j. Click the Download certificate link.

k. Click Save As in the Internet Explorer dialog box and navigate to the
C:\Materials\Downloads folder on your student desktop to save the certificate.
l. Save the file as machine_ssl.cer.
NOTE
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.
3. Download the certificate chain.
a. In the Internet Explorer window, click the Download certificate chain link.
Base 64 encoded should still be clicked.
b. Click Save as in the Internet Explorer dialog box and navigate to the
C:\Materials\Downloads folder on your student desktop to save the certificate.
c. Save the file as cachain.p7b.
NOTE
script to use it.
d. Close the Microsoft Active Directory Certificate Services page.
e. If WordPad is open, close it.
4. Export the root certificate.
a. Switch to the Windows Explorer window and navigate to the C:\Materials\Downloads
directory.
b. Right-click the cachain.p7b file and select Open.
The Certificate Manager Console opens.
c. In the left pane, expand the inventory tree until you see the Certificates folder.
d. Select the Certificates folder.
You should see two certificates: the root certificate for your domain controller and the
custom certificate for your vCenter Server Appliance instance.
The custom certificate appears as VMware. vSphere65 appears under the Certificate
Template column at the far right.
e. To export the root certificate, right-click the root certificate vclass-DC-CA and select All
Tasks > Export.
The Certificate Export wizard appears.

f. Click Next.
g. On the Export File Format page, click Base-64 encoded X.509 (.CER) and click Next.
h. On the File to Export page, click Browse.
i. Navigate to the C:\Materials\Downloads folder.
j. Enter root-64.cer in the File name text box.
NOTE
script to use it.
k. Click Save.
l. On the File to Export page, click Next.
m. Click Finish.
n. Click OK.
o. Close the Certificate Manager Console.
Task 6: Replace a Machine Certificate with the New Custom Certificate

You replace the machine SSL certificate for vCenter Server with the new custom certificate so that
VMware CA acts as a subordinate CA to the domain controller CA.
1. Copy the certificate files from the student desktop to the vCenter Server system.
a. Switch to the WinSCP window.
b. In the WinSCP window, drag the machine_ssl.cer and root-64.cer files from the
C:\Materials\Downloads folder to the /var/tmp folder in the right pane.
This action copies the certificate files from the student desktop to the vCenter Server
system.
2. In the MTPuTTY session, change the login shell of the root account back to the vCenter Server
Appliance shell.
b. If the SSH session to SA-VCSA-01 is not open, reconnect to SA-VCSA-01.
c. If you see the message timed out waiting for input: auto-logout, enter shell.
d. Enter chsh -s /bin/appliancesh to change the login shell of the root account back to
the vCenter Server Appliance shell.
This step returns the vCenter Server system to its more secure posture.

3. Replace the machine SSL certificate with the custom certificate.
a. Enter cd /var/tmp to change to the /var/tmp directory.
If you run vSphere Certificate Manager from the /var/tmp directory, you do not have to
enter the full path for each of the certificate and key files that you import.
b. Enter /usr/lib/vmware-vmca/bin/certificate-manager to start vSphere
Certificate Manager.
c. Enter 1 to select the Replace Machine SSL certificate with Custom Certificate option.
d. Press Enter to use the default user name of Administrator@vsphere.local.
e. When prompted, enter the standard lab password.
f. Enter 2 to select the Import custom certificate(s) and key(s) option.
g. Import the custom certificate.
Option Action
Please provide valid custom certificate for Enter machine_ssl.cer.
Machine SSL
Please provide valid custom key for Machine SSL Enter vmca_issued_key.key.
Please provide the signing certificate of the Enter root-64.cer.

Machine SSL certificate
You are going to replace Machine SSL cert using Enter y.

custom cert. Continue operation: Option[Y/N]?:
You must wait for the process to complete. This process takes several minutes while the
services are restarted.
During this operation, notice the number of services that are updated.
h. Wait until the 100% Complete [All tasks completed successfully] message
appears.
i. After the operation is 100 percent complete, press Ctrl+D.

4. Close and reopen Internet Explorer, and log back in to vSphere Web Client.
a. Close the Internet Explorer window.
b. Start Internet Explorer.
c. From the Favorites bar, select vSphere Web Clients > SA-VCSA-01.
The vSphere Web Client login screen appears.
d. Log in to vSphere Web Client as administrator@vsphere.local with the standard lab
password.
Q1. What color is the background of the Internet Explorer location bar?
1. The location bar can be blue or gray, but it should not be red.
5. In Internet Explorer, click the Security report icon (padlock) to the right of the Location text
box.
6. View information about the machine certificate.
a. Click the View certificates link.
The Certificate dialog box appears.
In this dialog box, you can view the machine certificate that was used to authenticate the
vCenter Server system.
b. Click the Details tab.
c. Scroll down and click Subject Alternative Name.
Q2. To which machine was the certificate issued?

2. The certificate was issued to the vCenter Server-Platform Services Controller system, sa-vcsa-
01.vclass.local.
d. Scroll up and click Issuer.
Q3. Who issued the certificate?

3. The domain controller CA issued the certificate.
e. Click Valid from.
Q4. On what day did the certificate become valid?

4. The certificate was signed now, so it is valid from today.

f. Click the Certification Path tab.
Q5. What is the certificate signing chain?

5. The domain controller CA is the root. The vCenter Server certificate is subordinate to the root
certificate.
Q6. Why does Internet Explorer on your student desktop trust the vCenter Server
certificate?
6. The student desktop is a member of the same Active Directory domain, and Internet Explorer is
using the same certificate store. Because the vCenter Server certificate is signed by the domain
controller CA, Internet Explorer trusts the subordinate certificate.
g. Click OK to close the Certificate dialog box.

7. In vSphere Web Client, point to the Home icon and select Home.
8. Leave vSphere Web Client open.
9. Close all other applications.
a. Close the WordPad application.
b. Close the WinSCP application.
c. Close the MTPuTTY application.
d. Close the Windows Explorer window.

Lab 18 Virtual Machine Encryption
Objective: Register a KMS with vCenter Server and

encrypt a virtual machine
1. Verify Access to the Key Management Server

2. Register the KMS with vCenter Server
3. Create an Encryption Storage Policy
4. Encrypt a Virtual Machine
5. Check vCenter Server Events
6. Use Encrypted vSphere vMotion to Migrate Virtual Machines
Task 1: Verify Access to the Key Management Server

You verify that you can access the key management server (KMS).
The KMS used in this lab is a simple Python-based key server that keeps keys while the KMS is running.
1. Use MTPuTTY to log in to vCenter Server Appliance.
a. On the taskbar, click the MTPuTTY icon.
You are logged in to vCenter Server Appliance as user root.
141
2. Ping sa-keyserver-01, the key management server.
a. At the command prompt, enter shell.
b. At the shell command prompt, ping the key management server.
ping sa-keyserver-01
c. Verify that the ping is successful.
d. Press Ctrl+C to end the ping command.
3. Exit the MTPuTTY session and close the MTPuTTY window.
Task 2: Register the KMS with vCenter Server

You register the KMS with vCenter Server, and you mark the KMS cluster as the default.
2. At the top of the left pane, select sa-vcsa-01.vclass.local.
3. In the center pane, click the Configure tab and click Key Management Servers on the left.
4. Click Add KMS.
5. In the Add KMS dialog box, enter SA KMS-Cluster in the Cluster name text box.
6. In the Server alias text box, enter KMS1.
7. In the Server address text box, enter 172.20.10.201.
172.20.10.201 is the IP address of the KMS.
8. In the Server port text box, enter 5696.
9. Leave the rest of the text boxes blank and click OK.
10. When prompted to set the default KMS cluster, click Yes.
11. When the trust certificate window appears, click Trust.
12. Verify that the KMS appears in the list and that the KMS cluster that you created is marked as
the default cluster.
142 Lab 18 Virtual Machine Encryption

Task 3: Create an Encryption Storage Policy
You create a virtual machine storage policy that includes only the encryption common rule.
Although a prebuilt policy called VM Encryption Policy is available, you should understand how
the policy is created.
2. In the Navigator pane, select VM Storage Policies.
3. In the center pane, click the Create VM Storage Policy icon.
The Create New VM Storage Policy wizard appears.

4. On the Name and description page, enter SA Encryption Policy in the Name text box and
click Next.
5. On the Policy structure page, click Next.
6. On the Common rules page, select the Use common rules in the VM storage policy check
box.
7. Click Add component and select Encryption > Custom.
The custom properties show that the provider is VMware VM Encryption and that I/O filters are
not allowed before encryption.
8. Click Next.
9. On the Rule-set 1 page, deselect the Use rule-sets in the storage policy check box and click
Next.
10. On the Storage compatibility page, review the compatible storage.
All storage is compatible with the encryption filter because the filter is applied as a common
rule, so the filter is storage agnostic.
11. Click Next.
13. Verify that your encryption policy appears in the storage policies list.
Lab 18 Virtual Machine Encryption 143

Task 4: Encrypt a Virtual Machine
You encrypt a virtual machine.
2. In the left pane, right-click VM01 and select VM Policies > Edit VM Storage Policies.
3. In the Edit VM Storage Policies dialog box, select SA Encryption Policy from the VM storage
policy drop-down menu.
4. Click Apply to all and click OK.
6. Verify that the virtual machine is encrypted.
a. In the left pane, select VM01.
c. Expand the VM Hardware panel.
The panel states that the virtual machine configuration files and the hard disk are encrypted.
Task 5: Check vCenter Server Events

You view vCenter Server cryptographic events.
1. At the top of the left pane, select sa-vcsa-01.vclass.local.
2. In the center pane, click the Monitor tab.
3. Click Tasks & Events and click Events on the left.
4. In the filter box, enter crypto and press Enter.
5. Select the cryptographic operation that was performed when the virtual machine was encrypted.
The cryptographic operation is recorded along with the user that initiated the task.

Task 6: Use Encrypted vSphere vMotion to Migrate Virtual Machines
You use encrypted vSphere vMotion to migrate VM01 (the encrypted virtual machine) and VM02
(an unencrypted virtual machine) to a different host.
1. View the vSphere vMotion encryption state on VM01.
a. In the left pane, right-click VM01 and select Edit Settings.
b. Click the VM Options tab.
c. Expand the Encryption panel.
Because VM01 is encrypted, the Encrypted vMotion state is always Required and cannot
be changed.
d. Click Cancel.
2. View the vSphere vMotion encryption state on VM02.
a. In the left pane, right-click VM02 and select Edit Settings.
b. Click the VM Options tab.
c. Expand the Encryption panel.
Because VM02 is not encrypted, the default state is Opportunistic.
d. Keep the default and click Cancel.
3. Power on VM01 and VM02.
4. Migrate VM01 and VM02 to sa-esxi-03.vclass.local.
a. Right-click VM01 and select Migrate.
b. On the Select the migration type page, leave Change compute resource only clicked and
click Next.
c. On the Select a compute resource page, click sa-esxi-03.vclass.local and click Next.
d. On the Select networks page, select pg-SA Management and click Next.
e. On the Select vMotion priority page, click Next.
f. On the Ready to complete page, click Finish.
g. Click the Summary tab of VM01 and verify that VM01 is now on sa-esxi-03.vclass.local.
h. Repeat steps a through g to migrate VM02.
Lab 18 Virtual Machine Encryption 145

5. View the hot migration events that occurred.
a. At the top of the left pane, select sa-vcsa-01.vclass.local.
b. In the center pane, click the Monitor tab.
c. Click Tasks & Events and click Events on the left.
d. In the filter box, enter encryption.
You should see two events that begin with Hot migrating VM02 and Hot migrating
VM01.
e. Select each of these events and view the description.
The description mentions that a hot migration was performed with encryption.

Answer Key
Lab 5: Working with Virtual Volumes

Task 1: Register the Storage Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
1. http://172.20.10.97:8443/vasa/version.xml. 3. xVP SCSI Array and xVP NFS Array.
2. Version 3.0.
Task 3: Create an iSCSI-Backed Virtual Volume Datastore . . . . . . . . . . . . . . . . . . . . . . . .33
1. The datastore is inactive because the storage
provider must also be configured as a target of
the software iSCSI adapter.
Lab 7: Host Profiles

Task 6: Run a Compliance Check and Remediate the Configuration Drift . . . . . . . . . . . . .48
1. The Virtual Network Setting category appears. 2. Yes. The uplink is not connected to the
If the category was previously reported, a new expected physical NIC on dvs-Lab.
issue is added relating to the uplink 3. Yes.
reconfiguration.
Lab 8: Using vSphere Auto Deploy

Task 8: Start the TFTP Service on vCenter Server Appliance . . . . . . . . . . . . . . . . . . . . . .60
1. ATFTPD_DIRECTORY = /var/lib/tftpboot. 2. Yes. It is undionly.kpxe.vmw-hardwired.
Lab 10: Monitoring Memory Performance

Task 2: Check for Overcommittment of Virtual Machine Memory . . . . . . . . . . . . . . . . . . . .72
1. Answers vary depending on the current
workload.
Task 6: Record Memory Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
3. ResourceHog02 and ResourceHog01.
147
4. Although all three VMs might be swapping, 5. ResourceHog01 and ResourceHog02 should
the levels of swapping on ResourceHog01 be experiencing high %SWPWT values
and ResourceHog02 are going to be much because their memory is being swapped out
larger than the level of swapping on Linux01. and they must wait whenever those pages are
accessed. Linux01 should be experiencing
low %SWPWT values, possibly zero.
6. Answers vary.
7. Answers vary.
Lab 11: Monitoring Storage Performance

Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote
Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
1. vmhba65, the software iSCSI adapter.
Task 5: Measure Continuous Random Read Activity to a Virtual Disk on a Local
Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
1. vmhba1, a local host bus adapter.
Lab 12: Monitoring Network Performance

Task 7: Stop the Test and Analyze Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
1. Yes. Network throughput values will vary. 3. Because network I/O did not pass through the
2. The test with the client and server on the same physical network hardware.
port group.
Lab 17: Working with Certificates

Task 1: Examine vSphere Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
1. The total might vary. Typically, eight or more 7. Machine, vsphere-webclient, vpxd, vpxd-
certificates are in the Active Certificates list. extension, and localhost.
2. By default, tickets issued by VMware CA are 8. The organization is the name of your Platform
valid for 10 years. Services Controller instance, which, in this lab
3. The expiration date varies in different lab environment, is embedded in the vCenter
environments. Server instance. In this lab configuration, the
4. The Issuer Common Name field contains name is sa-vcsa-01.vclass.local. This name is
CN=CA, which indicates that VMware CA specified in the O= field in the Subject field.
issued the certificate. This certificate is the VMware CA root
certificate in which VMware CA is a
5. The certificate is a machine certificate.
standalone root certificate authority.
6. Five solution user certificates are in this
configuration.
Task 6: Replace a Machine Certificate with the New Custom Certificate . . . . . . . . . . . . .137
1. The location bar can be blue or gray, but it 3. The domain controller CA issued the
should not be red. certificate.
2. The certificate was issued to the vCenter 4. The certificate was signed now, so it is valid
Server-Platform Services Controller system, from today.
sa-vcsa-01.vclass.local.
148
5. The domain controller CA is the root. The 6. The student desktop is a member of the same
vCenter Server certificate is subordinate to Active Directory domain, and Internet Explorer
the root certificate. is using the same certificate store. Because
the vCenter Server certificate is signed by the
domain controller CA, Internet Explorer trusts
the subordinate certificate.
149
150

Edu en Vsos65 Lab Ie

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Edu en Vsos65 Lab Ie

Transféré par

Droits d'auteur :

Formats disponibles

VMware vSphere:

Optimize and Scale

VMware Education Services

Objective: Create, configure, back up, and check a

1. Log In to the Student Desktop

Task 2: Verify That the vSphere Licenses Are Valid

2 Lab 1 Using vSphere Distributed Switches

Lab 1 Using vSphere Distributed Switches 3

Task 4: Create a Distributed Switch

4 Lab 1 Using vSphere Distributed Switches

Task 5: Add ESXi Hosts to the New Distributed Switch

Lab 1 Using vSphere Distributed Switches 5

b. Select Uplink 2 and click OK.

Task 6: Examine Your Distributed Switch Configuration

6 Lab 1 Using vSphere Distributed Switches

Lab 1 Using vSphere Distributed Switches 7

8 Lab 1 Using vSphere Distributed Switches

Lab 1 Using vSphere Distributed Switches 9

Task 9: Back Up the Distributed Switch Configuration

Task 10: Cause Errors on the Distributed Switch

10 Lab 1 Using vSphere Distributed Switches

Task 11: Monitor the Health of the Distributed Switch

Lab 1 Using vSphere Distributed Switches 11

12 Lab 1 Using vSphere Distributed Switches

Objective: Configure port mirroring and capture network

1. Prepare to Capture Mirrored Network Traffic

Task 1: Prepare to Capture Mirrored Network Traffic

Task 2: Configure Port Mirroring on the Distributed Switch

14 Lab 2 Using Port Mirroring

Lab 2 Using Port Mirroring 15

16 Lab 2 Using Port Mirroring

Objective: Use policy-based storage to create tiered

1. Add Datastores for Use by Policy-Based Storage

Task 1: Add Datastores for Use by Policy-Based Storage

18 Lab 3 Policy-Based Storage

Task 3: Configure Storage Tags

Lab 3 Policy-Based Storage 19

b. From the Category drop-down menu, select New Category.

20 Lab 3 Policy-Based Storage

Task 4: Create Virtual Machine Storage Policies

The Create New VM Storage Policy wizard appears.

Lab 3 Policy-Based Storage 21

22 Lab 3 Policy-Based Storage

4. Remediate the compliance issue for VM02.

Lab 3 Policy-Based Storage 23

Objective: Create a datastore cluster and work with

1. Create a Datastore Cluster with vSphere Storage DRS Enabled

Task 1: Create a Datastore Cluster with vSphere Storage DRS Enabled

11. View information about the Gold datastore.

26 Lab 4 Managing Datastore Clusters

Task 2: Evacuate a Datastore Using Datastore Maintenance Mode

3. Click the Refresh icon in the vSphere Web Client interface.

Lab 4 Managing Datastore Clusters 27

Task 3: Run vSphere Storage DRS and Apply Migration

28 Lab 4 Managing Datastore Clusters

Lab 4 Managing Datastore Clusters 29

30 Lab 4 Managing Datastore Clusters

Objective: Configure NFS- and iSCSI-backed virtual

1. Register the Storage Provider

Task 1: Register the Storage Provider

URL Enter https://172.20.10.97:8443/vasa/version.xml.

User name Enter username.

Password Enter password.

Task 2: Create a NAS-Backed Virtual Volume Datastore