Académique Documents
Professionnel Documents
Culture Documents
www.vmware.com/education
C ONTENTS
Lab 1 Using vSphere Distributed Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Lab 2 Using Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Lab 3 Policy-Based Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Lab 4 Managing Datastore Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Lab 5 Working with Virtual Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Lab 6 Creating a Content Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Lab 7 Host Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Lab 8 Using vSphere Auto Deploy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Lab 9 Monitoring CPU Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Lab 10 Monitoring Memory Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Lab 11 Monitoring Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Lab 12 Monitoring Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Lab 13 Using vRealize Log Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Lab 14 Using vCenter Server High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Lab 15 Migrating Windows vCenter Server to vCenter Server Appliance . . . . . . . . . . . . . . . . . . . 115
Lab 16 Configuring Lockdown Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Lab 17 Working with Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Lab 18 Virtual Machine Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
iii
iv VMware vSphere: Optimize and Scale
Lab 1 Using vSphere Distributed
Switches
1
Task 1: Log In to the Student Desktop
You access and log in to your student desktop system to perform all lab activities for this course.
Use the following information from the class configuration handout:
Student desktop user name
Standard lab password
1. Ask your instructor how to log in to the student desktop system in your lab environment.
For example, your instructor might have you use Remote Desktop Connection to connect to the
student desktop system.
2. Log in to the student desktop system, using your student desktop user name and the standard lab
password.
g. Click OK.
4. Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2.
5. In the center pane, click Properties on the left and verify the settings.
Network I/O Control is enabled.
Number of uplinks is 4.
The MTU size is 1500 bytes.
The Cisco Discovery Protocol is implemented.
6. Click each additional configuration link on the left and verify the settings.
LACP LAG is not defined.
Private VLAN is not defined.
NetFlow collector is not defined.
Port mirroring is not configured.
Health check is not enabled.
7. In the Navigator pane, select the pg-SA Production port group.
8. Click the Configure tab and select Properties on the left.
9. Verify the distributed port group settings.
Port binding is set to static binding.
Port allocation is set to elastic.
The number of ports is eight.
IMPORTANT
Use only the dvs-Lab distributed switch for this task. Do not try to cause errors on the dvs-SA
Datacenter distributed switch.
NOTE
If the switch configuration did not restore properly, repeat steps 1 through 4.
a. View the Health panel and verify that the overall health of the dvs-Lab distributed switch is
back to normal.
You might need to click the Refresh icon in the vSphere Web Client interface to update
the status.
b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is
configured.
c. View the advanced settings of the dvs-Lab distributed switch and verify that the MTU
value is 1500.
7. Point to the Home icon and select Home.
13
5. In the Linux01 console, monitor ICMP network traffic.
tcpdump -nn icmp
6. Monitor the command output for a few seconds and verify that ICMP traffic is not being
captured.
tcpdump output remains silent until ICMP traffic is detected on the network.
7. Leave the console window open, with the tcpdump command running uninterrupted.
8. In the Internet Explorer window, click the vSphere Web Client tab.
9. Power on the Linux02 virtual machine and log in to its console.
a. In the left pane, right-click Linux02 and select Power > Power On.
b. Right-click Linux02 and select Open Console.
c. If prompted, click the Continue to this website (not recommended) link to continue.
Wait for the virtual machine to finish booting.
d. Log in as user root and use the standard lab password.
The Linux02 virtual machine is used as the traffic source to be monitored.
10. At the Linux02 command prompt, ping 172.20.10.10 (the default router IP address).
ping 172.20.10.10
11. If the ping command does not work, enter service network restart and repeat step 10.
12. After the ping command begins working, click the Linux01 console tab.
13. In the Linux01 console window, verify that the running tcpdump command output remains
silent and has not captured any ICMP traffic.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of
Linux02 and click OK.
c. Click Next.
9. On the Select destinations page, configure the port mirroring destination.
a. Click the Select distributed ports icon.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of
Linux01 and click OK.
c. Click Next.
10. On the Ready to complete page, review the settings and click Finish.
5. Record the local address that appears in the captured traffic. __________
The local address begins with 172.20.11.
6. In the Linux01 console window, press Ctrl+C to stop the tcpdump command.
7. In the Internet Explorer window, click the Linux02 console tab.
8. In the Linux02 console window, press Ctrl+C to stop the ping command.
9. At the Linux02 command prompt, examine the IP configuration.
ifconfig
10. Using the command output, verify that the Linux02 IP address matches the address that you
recorded in step 5.
11. Close the Linux01 and Linux02 console tabs.
12. Shut down Linux01 and Linux02.
a. Point to the Home icon and select Hosts and Clusters.
b. In the left pane, right-click Linux01 and select Power > Shut Down Guest OS.
c. In the pop-up window, click Yes to confirm the shutdown operation.
d. Repeat steps b and c to shut down Linux02.
13. Point to the Home icon and select Home.
17
f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI
device.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. If iSCSI devices are not present, ask the instructor for instructions on how to add them.
h. Click Next.
i. On the VMFS version page, leave VMFS 6 clicked and click Next.
j. On the Partition configuration page, keep the defaults and click Next.
k. On the Ready to complete page, review the settings and click Finish.
l. Verify that the Gold datastore appears in the Navigator pane.
4. Create a datastore named Silver.
a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore.
The New Datastore wizard appears.
b. On the Location page, click Next.
c. On the Type page, leave VMFS clicked and click Next.
d. On the Name and device selection page, enter Silver in the Datastore name text box.
e. In the Select a host to view its accessible disks/LUNs list, select sa-esxi-02.vclass.local.
f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI
device and click Next.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. On the VMFS version page, leave VMFS 6 clicked and click Next.
h. On the Partition configuration page, keep the defaults and click Next.
i. On the Ready to complete page, review the settings and click Finish.
j. Verify that the Silver datastore appears in the Navigator pane.
25
5. On the Storage DRS Automation page, view the automation settings.
a. Leave No Automation (Manual Mode) selected.
b. Keep the rest of the defaults and click Next.
6. On the Storage DRS Runtime Settings page, keep the defaults and click Next.
7. On the Select Clusters and Hosts page, select the SA Management check box on the Filter tab
and click Next.
8. On the Select Datastores page, select the datastores for the datastore cluster.
a. Select Show all datastores from the drop-down menu.
b. Select the Gold and Silver check boxes and click Next.
9. On the Ready to Complete page, review the configuration summary and click Finish.
In a production environment, the best practice is to select datastores that are connected to all
hosts in the cluster and to group them by storage capabilities.
10. In the left pane, expand Cluster-DRS and verify that the Gold and Silver datastores appear.
31
5. In the New Storage Provider dialog box, configure the VASA storage provider.
Option Action
Name Enter VASASource.
6. Click OK.
7. Click Yes to acknowledge and accept the self-signed certificate warning.
8. Validate that the VASASource storage provider appears in the Storage Providers list.
Q1. In the storage providers window, what is the storage provider URL for VASASource?
1. http://172.20.10.97:8443/vasa/version.xml.
Q2. Which version of vSphere API for Storage Awareness appears in the VASA API
Version column?
2. Version 3.0.
Q3. Which types of storage systems are listed for this storage provider?
3. xVP SCSI Array and xVP NFS Array.
e. In the Create a new folder window, enter SA-NAS in the Enter a name for the new folder
text box and click Create.
The creation of the folder validates that the datastore is available.
Q1. Why is the virtual volume datastore that is backed by the iSCSI container marked as
inactive?
1. The datastore is inactive because the storage provider must also be configured as a target of
the software iSCSI adapter.
5. Create a folder on the datastore and validate that the folder is not available.
a. In the left pane, select the SA-iSCSI-VVol datastore.
b. In the center pane, click the Files tab.
c. In the center pane, click the Create a new folder icon.
d. In the Create a new folder window, enter SA-iSCSI in the Enter a name for the new
folder text box and click Create.
The folder creation fails, validating that the datastore is not accessible.
e. Close the folder creation failure alert.
6. Add the Storage Provider as a target to the hosts iSCSI storage adapter.
a. Point to the Home icon and select Hosts and Clusters.
b. In the left pane, select sa-esxi-01.vclass.local.
c. In the center pane, click the Configure tab and select Storage Adapters on the left.
d. Scroll through the Storage Adapters list until the iSCSI software adapter is visible.
e. Select vmhba##, the iSCSI software adapter.
f. In the Adapter Details panel, click the Paths tab.
g. Scroll through the list.
Several paths appear in the list.
h. Click the Targets tab and click Add.
i. In the Add Send Target Server window, enter 172.20.10.97 in the iSCSI Server text box.
172.20.10.97 is the IP address of the VASA storage provider.
j. Click OK.
37
3. On the Name and location page, name the content library and verify the vCenter Server
location.
a. In the Name text box, enter SA-Source.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected and
click Next.
4. On the Configure content library page, configure a local content library.
a. Leave Local content library selected.
b. Select the Publish externally check box.
c. Select the Enable authentication check box.
d. In the Password and Confirm password text boxes, enter the standard lab password.
e. Click Next.
5. On the Add storage page, select the datastore to use for the content library.
a. Click Select a datastore.
b. Click SA-Source and click Next.
6. On the Ready to complete page, click Finish.
7. Verify that the content library appears in the list.
43
3. Extract a host profile from an ESXi host.
a. In the Objects panel, click the Extract profile from a host icon (green plus sign).
The Extract Host Profile wizard appears.
b. On the Select Host page, click sa-esxi-01.vclass.local and click Next.
c. On the Name and Description page, enter Local-Profile in the Name text box and click
Next.
d. On the Ready to complete page, click Finish.
e. In the Recent Tasks pane, monitor the task to completion.
4. Export the host profile to a file.
a. In the center pane, right-click the new profile and select Export Host Profile.
b. In the warning message box, click Save.
c. Navigate to the desktop of the student machine and save the profile as profile.vpf.
2. In the Import Host Profile dialog box, import the host profile that you previously saved.
a. Click Browse, navigate to the desktop of the student machine, select the profile.vpf file,
and click Open.
b. Enter Imported-Profile in the Name text box and click OK.
c. In the Recent Tasks pane, monitor the task to completion.
Q1. How do the results of the compliance check differ from the compliance check
performed in task 4?
1. The Virtual Network Setting category appears. If the category was previously reported, a new
issue is added relating to the uplink reconfiguration.
Q2. In the new category, does the specific issue reported relate to the configuration
change made in task 5?
2. Yes. The uplink is not connected to the expected physical NIC on dvs-Lab.
For the host to enter maintenance mode, the virtual machines on this host must be powered
off or moved to another host. All virtual machines on this host are currently powered off.
c. Expand the ESXi host to review the host customization tasks to be performed.
d. Click Finish.
9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to
completion.
10. Verify that the host is now compliant.
11. Verify the action taken by host remediation.
a. Point to the Home icon and select Networking.
b. In the left pane, select the dvs-Lab distributed switch.
c. In the center pane, click the Configure tab and click Topology on the left.
d. Verify that remediation automatically reconnected vmnic2 on sa-esxi-01.vclass.local to the
appropriate uplink.
51
Task 1: Create a Container for Autodeployed Hosts
You create a folder in the vCenter Server inventory into which autodeployed hosts are placed. A
deploy rule assigns hosts to this folder.
1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters.
2. In the Hosts and Clusters inventory tree, right-click SA Datacenter and select New Folder >
New Host and Cluster Folder from the drop-down menu.
3. Enter Auto-Deployed-Hosts in the folder name text box and click OK.
At this stage, you can create clusters, folders, or other vSphere configurations to apply to
autodeployed hosts. Deploy rules enable selective application of host profiles and destination
containers to hosts that are booting up.
Q2. In the /var/lib/tftpboot file list, do you see the TFTP boot image filename that you
entered when configuring DHCP options for your reservation?
2. Yes. It is undionly.kpxe.vmw-hardwired.
8. In the vApp panel, click the Open link above the Stop icon.
The vCloud Director OneCloud interface changes to the My Cloud tab, with the vApp details
in the right pane.
9. In the right pane, click the Virtual Machines tab.
10. In the virtual machines list, find SA-ESXi-04.
SA-ESXi-04 is the name of the ESXi host to autodeploy.
Task 11: Power On the ESXi Host and Monitor the Bootup Process
You power on the ESXi host to autodeploy (SA-ESXi-04), and you monitor the ESXi host console
to observe the autodeploy process.
1. Power off and power on the ESXi host to autodeploy.
a. Right-click SA-ESXi-04 and select Power Off.
b. Click Yes to confirm the power-off operation.
c. Right-click SA-ESXi-04 and select Power On.
2. When the ESXi host status changes to Powered On, right-click SA-ESXi-04 and select Popout
Console.
A new window shows the console view of the selected ESXi host.
3. If the Internet Explorer pop-up blocker blocks the console from opening, select the Always
allow pop-ups option and repeat step 2.
65
Task 1: Set vSphere DRS to Manual Mode
You set the VMware vSphere Distributed Resource Scheduler automation mode to manual to
ensure that vSphere DRS does not migrate virtual machines to different hosts.
This lab requires that the virtual machines remain on their current host.
1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters.
2. In the left pane, select the SA Management cluster.
3. In the center pane, click the Configure tab.
4. Select vSphere DRS on the left and click Edit.
5. From the DRS Automation drop-down menu, select Manual and click OK.
Task 6: Record Statistics for Case 2: One Thread and Two vCPUs
You record statistics for the second test case.
1. Record the esxtop counter values.
a. Switch to the MTPuTTY window.
b. Enter e.
c. Enter the GID for Linux01.
d. Examine the two lines in the NAME column that start with vmx-vcpu.
These two lines show the activity of each of the vCPUs in the Linux01 virtual machine.
e. After 30 seconds of statistics collection, record the values for vCPU0 and vCPU1 in the
Case 2 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute value in the test script.
a. In the Internet Explorer window, switch to the Linux01 console tab.
b. Record the opm value reported by the test script in the Case 2 column in the class
configuration handout.
The counter value is reported with each iteration that the test script performs. Use the
counter reported in the last iteration.
3. Press Ctrl+C to stop the test script.
71
Task 1: Generate Database Activity in the Test Virtual Machine
You start the test program to generate database activity.
1. In the Internet Explorer window, click the Linux01 console tab.
2. If necessary, log in to the Linux01 virtual machine as user root with the standard lab password.
3. In the Linux01 console, enter ./starttest2.
This test program performs continuous database operations to a medium-size database. The
number of threads is set to 2. The script must run uninterrupted.
Q1. Is the consumed host memory greater than the active guest memory?
1. Answers vary depending on the current workload.
If the consumed host memory is greater than the active guest memory, memory is not
overcommitted. If the consumed host memory is less than active guest memory, then
overcommitment is occurring and might cause degraded performance.
Q1. For Linux01, does the value of MCTLSZ converge with the value of MCTLTGT?
1. Yes, the values should converge over time.
Q2. For Linux01, does the value of SWCUR converge with the value of SWTGT?
2. Yes, the values should converge over time.
3. Monitor the statistics output until the host reaches a steady state where the counters in each set
are close in value to each other.
If the counters in each set are close in value to each other, the host has reached a steady state.
4. To determine which virtual machines do not have the balloon driver installed, examine the
MCTL? value for each virtual machine.
The MCTL? field indicates the presence of the balloon driver. If the MCTL? value is Y, then
that virtual machine has a balloon driver installed. Otherwise, the virtual machine lacks a
balloon driver.
Q3. Which virtual machines do not have the balloon driver installed?
3. ResourceHog02 and ResourceHog01.
5. To determine whether the virtual machines are swapping, examine the values for SWR/s and
SWW/s for each virtual machine.
Q5. What are the %SWPWT values for each of the virtual machines?
5. ResourceHog01 and ResourceHog02 should be experiencing high %SWPWT values because
their memory is being swapped out and they must wait whenever those pages are accessed.
Linux01 should be experiencing low %SWPWT values, possibly zero.
Q6. What is the memory state: high, clear, soft, hard, or low?
6. Answers vary.
77
3. Configure storage.
./storageconfig.sh
The storage preparation might take a few minutes to complete. The script must run
uninterrupted to completion.
4. When the script is complete, navigate to the test scripts folder.
cd aio-stress
6. Enter u to display individual device output, and examine the reads and writes to the devices.
One of the remote devices has more disk I/O activity than the others.
7. Enter v to display virtual machine output.
8. After 30 seconds of statistics collection, record the values for the Linux01 virtual machine in
the Sequential Writes/Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
83
3. Enter n to switch to the network statistics screen.
4. Remove unused counters to make the esxtop network screen easier to monitor.
a. Enter f to display the Current Field Order table.
b. In the Current Field Order table, enter g and j to remove PKTRX/s and PKTTX/s from the
esxtop display.
c. Press Enter to return to the network statistics screen.
Option Action
Average bandwidth (kbit/s) Enter 10000.
8. Verify that you configured both ingress and egress traffic shaping and click OK.
9. Monitor network performance and record your findings.
a. Switch to the MTPuTTY window.
b. In the esxtop output, find the vmnic2 physical interface item.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2 10 Mb/
s column in the class configuration handout.
MbTX/s
MbRX/s
10. Disable ingress and egress traffic shaping.
a. Switch to the vSphere Web Client tab in the Internet Explorer window.
b. Right-click the pg-SA Production port group and select Edit Settings.
c. Click Traffic shaping.
d. For both ingress and egress traffic shaping, select Disabled from each Status drop-down
menu.
e. Click OK to close the Edit Settings dialog box.
3. Migrate the Linux02 virtual machine to the pg-SA Production port group.
a. Click the vSphere Web Client tab.
b. In the left pane, right-click the dvs-Lab distributed switch and select Migrate VMs to
Another Network.
c. For the source network, leave Specific network selected, click Browse, select pg-SA
Management, and click OK.
d. For the destination network, click Browse, select the pg-SA Production port group, and
click OK.
e. Click Next.
f. Under Select virtual machines to migrate, select the Linux02 check box and click Next.
g. Click Finish.
h. In the Recent Tasks pane, monitor the migration task to completion.
4. In the Internet Explorer window, click the Linux02 console tab.
Q1. Do you see an obvious difference in network throughput for each test?
1. Yes. Network throughput values will vary.
93
4. On the Setup page for vRealize Log Insight, click Next.
5. On the Choose Deployment Type page, click Start New Deployment.
It can take a couple of minutes to start the new deployment.
6. On the Admin Credentials page, configure the email address and password.
Option Action
Email Enter administrator@vclass.local.
Option Action
Hostname Enter sa-vcsa-01.vclass.local.
7. Click the refresh icon and examine the changes made in the output.
8. In the left pane, select vSphere-Overview and examine the dashboard.
Most of the charts in the dashboard contain no results because vRealize Log Insight is only now
starting to collect data.
9. In the left pane, select vSphere-ESXi and examine the dashboard.
10. View the ESX/ESXi VOB events by component and event type panel.
The firewall.config.changed event type has a count of 6, which corresponds to the number of
times that you changed the firewall configuration on your ESXi hosts in task 3.
b. From the time range drop-down menu, select Latest 6 hours of data.
103
Task 1: Configure the vCenter Server High Availability Network
At the end of lab 13, you added the second network adapter to the vCenter Server Appliance
instance that you will use for this lab exercise. The second network adapter is used for the private,
vCenter Server High Availability network, which is used for communication between the vCenter
Server High Availability nodes.
You ensure that the vCenter Server Appliance instance is powered on, you view information about
the network adapters, and you verify that the second network adapter is online.
1. In the Internet Explorer window, click the vSphere Web Client tab.
2. Point to the Home icon and select Hosts and Clusters.
3. In the left pane, verify that the VCHA virtual machine is powered on.
4. If you did not power on VCHA before the start of the lab, power on the virtual machine now.
5. View information about the network adapters connected to VCHA.
a. In the left pane, select VCHA.
b. In the center pane, click the Summary tab.
c. Expand the VM Hardware panel.
d. Verify that Network adapter 1 is connected to the pg-VCHA-Management network.
e. Verify that Network adapter 2 is connected to the pg-VCHA-Cluster network.
pg-VCHA-Cluster is the private network used for communication between the vCenter
Server High Availability nodes.
6. Verify that the second network adapter on VCHA is online.
a. Open a new tab in the Internet Explorer window.
b. In the URL box, enter https://vcha.vclass.local:5480.
vcha.vclass.local is the name of the vCenter Server Appliance instance that you will make
highly available.
c. If you receive a security exception, click the Continue to this website link to display the
login screen.
The VMware vSphere Appliance Management login page appears.
d. Log in as user root with the standard lab password.
e. In the Navigator pane, select Networking and click the Manage tab.
f. Under Networking Interfaces, verify that both nic0 and nic1 are up.
Option Action
Area Select America.
f. On the Configure Network page, select NIC1 and click the Edit icon.
g. Click Use the following IP settings.
Option Action
IP Address Enter 172.20.110.95.
This IP address is the public address of the active node.
i. On the Configure Network page, select NIC2 and click the Edit icon.
j. Click Use the following IP settings.
k. Configure the IP settings for NIC2 and click OK.
Option Action
IP Address Enter 192.168.1.96.
Option Action
Primary DNS Enter 172.20.110.10.
The computer name of the witness node must not match the computer name of the active
node.
d. In the Domain name text box, enter vclass.local and click Next.
e. On the Time Zone page, configure the time zone settings and click Next.
Option Action
Area Select America.
f. On the Configure Network page, select NIC1 and click the Edit icon.
g. Leave Use DHCP to obtain an IP address automatically clicked and click OK.
h. On the Configure Network page, select NIC2 and click the Edit icon.
i. Click Use the following IP settings, configure the IP settings for NIC2, and click OK.
Option Action
IP Address Enter 192.168.1.97.
Option Action
Primary DNS Enter 172.20.110.10.
l. Click Next.
m. On the Ready to complete page, review the settings and click Finish.
The Clone Existing Virtual Machine wizard reappears.
n. On the Customize guest OS page, select the witness node customization specification that
you created and click Next.
9. On the Ready to complete page, review the settings and click Finish.
10. View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion.
This task takes several minutes to complete.
You must wait until this task completes before continuing.
11. In the left pane, verify that the VCHA-Witness virtual machine appears and is powered on.
12. Wait at least one minute before going to the next task.
Waiting for at least one minute gives the wizard enough time to finish preparing the witness
node.
IMPORTANT
Perform this task only if your vCenter Server High Availability configuration failed in task 6. If you
successfully configured vCenter Server High Availability in task 6, go to task 8.
1. In Internet Explorer, switch to the vSphere Web Client tab for sa-vcsa-01.local.
2. Point to the Home icon and select Hosts and Clusters.
3. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines.
4. Revert to the last snapshot for VCHA.
a. Right-click VCHA and select Snapshots > Revert to Latest Snapshot.
b. Click Yes to confirm reverting to the latest (most recent) snapshot.
The latest snapshot has network adapter 2 already configured for you.
5. Delete the VCHA-Passive and VCHA-Witness virtual machines.
a. Right-click VCHA-Passive and select Delete from Disk.
b. Click Yes to confirm deletion.
c. Right-click VCHA-Witness and select Delete from Disk.
d. Click Yes to confirm deletion.
6. Perform tasks 2 through 6 again.
115
5. Use vSphere Web Client to log in to the Windows vCenter Server system.
a. Open a new tab in Internet Explorer.
b. From the Favorites bar, select vSphere Web Clients > LAB-VCS-01.
This shortcut goes to https://lab-vcs-01.vclass.local:9443/vsphere-client.
c. If you receive a security exception for vSphere Web Client, click the Continue to this
website link to display the login screen.
If you did not power on LAB-VCS-01 before the start of this lab, then it takes a few
minutes for the vSphere Client Web server to initialize. When the Web server finishes
initializing, the vSphere Web Client login screen appears.
d. In the login screen, enter administrator@vsphere.local in the User name text box.
e. In the Password text box, enter the standard lab password and click Login.
6. Verify that vCenter Server 5.5 for Windows is running.
a. From the Help menu in the upper-right corner, select About VMware vSphere.
The About VMware vSphere window appears.
b. View the vSphere Web Client line (the first line in the window) and verify that you are
running version 5.5.0.
c. Click OK to close the About VMware vSphere window.
7. On the Home page, point to the Home icon and select Hosts and Clusters.
8. In the left pane, verify that you have two objects: Training Datacenter and Lab Cluster.
9. Close the vSphere Web Client tab to lab-vcs-01.vclass.local.
IMPORTANT
Do not close the console until the migration is complete.
7. Minimize the Remote Desktop Connection Manager window.
You return to this window later.
Option Action
Network Select pg-SA Management.
This port group uses ephemeral port binding,
which is a requirement for the migration.
Option Action
AD domain Verify that the domain is vclass.local.
3. Click Next.
4. On the Select migration data page, select Configuration, events, tasks, and performance
metrics and click Next.
5. On the Configure CEIP page, deselect the Join the VMwares Customer Experience
Improvement Program (CEIP) check box and click Next.
6. On the Ready to complete page, select the I have backed up the source vCenter Server and
all the required data from the database check box.
7. Click Finish.
The Shutdown Warning window warns that vCenter Server will shut down when the network
configuration is enabled on the destination vCenter Server Appliance.
125
8. Verify that the vSphere ESXi Shell service is running.
a. In the Edit Security Profile window, select ESXi Shell.
b. In the Service Details pane, confirm that the correct settings are configured.
Startup policy is set to Start and stop with host.
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.
By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
9. Verify that the SSH service is running.
a. In the Edit Security Profile window, select SSH.
b. In the Service Details pane, confirm that the correct settings are configured.
Startup policy is set to Start and stop with host.
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.
By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
d. Click OK.
129
7. In the Password text box, enter the standard lab password and click OK.
Q1. How many active certificates are in the certificate store for this node?
1. The total might vary. Typically, eight or more certificates are in the Active Certificates list.
Q5. Based on the Common name field under Subject, what is the type of this
certificate?
5. The certificate is a machine certificate.
Q7. What are the names of the solution users that have certificates (from the
Subject field)?
7. Machine, vsphere-webclient, vpxd, vpxd-extension, and localhost.
This step is necessary for WinSCP to connect to the vCenter Server system so that you can
download the CSR to your student desktop.
2. Start the WinSCP application.
a. On the student desktop taskbar, click the WinSCP icon.
NOTE
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.
3. Download the certificate chain.
a. In the Internet Explorer window, click the Download certificate chain link.
Base 64 encoded should still be clicked.
b. Click Save as in the Internet Explorer dialog box and navigate to the
C:\Materials\Downloads folder on your student desktop to save the certificate.
c. Save the file as cachain.p7b.
NOTE
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.
d. Close the Microsoft Active Directory Certificate Services page.
e. If WordPad is open, close it.
4. Export the root certificate.
a. Switch to the Windows Explorer window and navigate to the C:\Materials\Downloads
directory.
b. Right-click the cachain.p7b file and select Open.
The Certificate Manager Console opens.
c. In the left pane, expand the inventory tree until you see the Certificates folder.
d. Select the Certificates folder.
You should see two certificates: the root certificate for your domain controller and the
custom certificate for your vCenter Server Appliance instance.
The custom certificate appears as VMware. vSphere65 appears under the Certificate
Template column at the far right.
e. To export the root certificate, right-click the root certificate vclass-DC-CA and select All
Tasks > Export.
The Certificate Export wizard appears.
NOTE
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.
k. Click Save.
l. On the File to Export page, click Next.
m. Click Finish.
n. Click OK.
o. Close the Certificate Manager Console.
Option Action
Please provide valid custom certificate for Enter machine_ssl.cer.
Machine SSL
Please provide valid custom key for Machine SSL Enter vmca_issued_key.key.
You must wait for the process to complete. This process takes several minutes while the
services are restarted.
During this operation, notice the number of services that are updated.
h. Wait until the 100% Complete [All tasks completed successfully] message
appears.
i. After the operation is 100 percent complete, press Ctrl+D.
Q1. What color is the background of the Internet Explorer location bar?
1. The location bar can be blue or gray, but it should not be red.
5. In Internet Explorer, click the Security report icon (padlock) to the right of the Location text
box.
6. View information about the machine certificate.
a. Click the View certificates link.
The Certificate dialog box appears.
In this dialog box, you can view the machine certificate that was used to authenticate the
vCenter Server system.
b. Click the Details tab.
c. Scroll down and click Subject Alternative Name.
Q6. Why does Internet Explorer on your student desktop trust the vCenter Server
certificate?
6. The student desktop is a member of the same Active Directory domain, and Internet Explorer is
using the same certificate store. Because the vCenter Server certificate is signed by the domain
controller CA, Internet Explorer trusts the subordinate certificate.
141
2. Ping sa-keyserver-01, the key management server.
a. At the command prompt, enter shell.
b. At the shell command prompt, ping the key management server.
ping sa-keyserver-01
c. Verify that the ping is successful.
d. Press Ctrl+C to end the ping command.
3. Exit the MTPuTTY session and close the MTPuTTY window.
5. In the Add KMS dialog box, enter SA KMS-Cluster in the Cluster name text box.
6. In the Server alias text box, enter KMS1.
7. In the Server address text box, enter 172.20.10.201.
172.20.10.201 is the IP address of the KMS.
8. In the Server port text box, enter 5696.
9. Leave the rest of the text boxes blank and click OK.
10. When prompted to set the default KMS cluster, click Yes.
11. When the trust certificate window appears, click Trust.
12. Verify that the KMS appears in the list and that the KMS cluster that you created is marked as
the default cluster.
147
4. Although all three VMs might be swapping, 5. ResourceHog01 and ResourceHog02 should
the levels of swapping on ResourceHog01 be experiencing high %SWPWT values
and ResourceHog02 are going to be much because their memory is being swapped out
larger than the level of swapping on Linux01. and they must wait whenever those pages are
accessed. Linux01 should be experiencing
low %SWPWT values, possibly zero.
6. Answers vary.
7. Answers vary.
148
5. The domain controller CA is the root. The 6. The student desktop is a member of the same
vCenter Server certificate is subordinate to Active Directory domain, and Internet Explorer
the root certificate. is using the same certificate store. Because
the vCenter Server certificate is signed by the
domain controller CA, Internet Explorer trusts
the subordinate certificate.
149
150