vmware servervi3!30!20 server config
TRANSCRIPT
-
8/9/2019 VMWare Servervi3!30!20 Server Config
1/324
Server Configuration GuideESX Server 3.0 and VirtualCenter 2.0
-
8/9/2019 VMWare Servervi3!30!20 Server Config
2/324
You can find the most up-to-date technical documentation at:
http://www.vmware.com/support/pubs
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
2006 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242,6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022,6,961,941, 6,961,806 and 6,944,699; patents pending.
VMware, the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks ortrademarks of VMware, Inc. in the United States and/or other jurisdictions.
All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.3145 Porter DrivePalo Alto, CA 94304www.vmware.com
ii VMware, Inc.
Server Configuration Guide
Revision:20060615
Item:VI-ENG-Q206-215
mailto:[email protected]:[email protected] -
8/9/2019 VMWare Servervi3!30!20 Server Config
3/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
4/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
5/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
6/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
7/324
VMware, Inc. vii
Contents
RawDeviceMappingCharacteristics ...................................147
VirtualCompatibilityModeVersusPhysicalCompatibilityMode ........147
DynamicNameResolution..........................................148
RawDeviceMappingwithVirtualMachineClusters ...................150
ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess .151
ManagingRawDeviceMappings ......................................151
VMwareVirtualInfrastructureClient ................................151
CreatingaRawDeviceMapping ..................................152
ManagingPathsforRawDeviceMappings .........................153
The
vmkfstoolsUtility
.............................................154
FileSystemOperations .............................................154
Security
Chapter9SecurityforESXServerSystems ......................159
ESXServerArchitectureandSecurityFeatures ...........................160SecurityandtheVirtualizationLayer .................................160
SecurityandVirtualMachines .......................................161
SecurityandtheServiceConsole.....................................163
SecurityandtheVirtualNetworkingLayer............................165
SecurityResourcesandInformation ....................................171
Chapter10SecuringanESXServerConfiguration .............173SecuringtheNetworkwithFirewalls ...................................174
FirewallsforConfigurationswithaVirtualCenterServer................176
FirewallsforConfigurationsWithoutaVirtualCenterServer ............179
TCPandUDPPortsforManagementAccess ..........................180
ConnectingtoVirtualCenterServerThroughaFirewall .................182
ConnectingtotheVirtualMachineConsoleThroughaFirewall ..........183
ConnectingESXServerHostsThroughFirewalls.......................184
OpeningFirewallPortsforSupportedServicesandManagementAgents .185
SecuringVirtualMachineswithVLANs .................................188
SecurityConsiderationsforVLANs ..................................191
VirtualSwitchProtectionandVLANs ................................193
SecuringVirtualSwitchPorts ..........................................195
-
8/9/2019 VMWare Servervi3!30!20 Server Config
8/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
9/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
10/324
Server Configuration Guide
x VMware, Inc.
CreatingaVirtualCompatibilityModeRawDeviceMapping .........285
ListingAttributesofanRDM .....................................286
CreatingaPhysicalCompatibilityModeRawDeviceMapping ........286
CreatingaRawDeviceDescriptorFile .............................287
DisplayingVirtualDiskGeometry .................................287
DeviceOptions ...................................................287
ScanningAdapters ..............................................287
ManagingSCSIReservationsofLUNs..............................288
ExamplesUsingvmkfstools ...........................................289
Create
a
New
VMFS
3
File
System
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
289AddaPartitiontoVMFS3FileSystem .............................289
CreateaNewVirtualDisk ........................................289
CloneaVirtualDisk .............................................289
CreateaRawDeviceMapping ....................................290
ScananAdapterforChanges .....................................290
Index
.................................................................291
-
8/9/2019 VMWare Servervi3!30!20 Server Config
11/324
VMware, Inc. xi
Preface
ThisprefacedescribesthecontentsoftheServerConfigurationGuideandprovidespointerstotechnicalandeducationalresources.
Thisprefacecontainsthefollowingtopics:
! AboutThisBookonpage xii
! IntendedAudienceonpage xii
! DocumentFeedbackonpage xii
! VMwareInfrastructureDocumentationonpage xii
!
Conventions
and
Abbreviations
on
page xiii! TechnicalSupportandEducationResourcesonpage xiv
-
8/9/2019 VMWare Servervi3!30!20 Server Config
12/324
Server Configuration Guide
xii VMware, Inc.
About This BookThismanual,theServerConfigurationGuide,providesinformationonhowtoconfigurenetworking
for
ESX
Server,
including
how
to
create
virtual
switches
and
ports
and
how
tosetupnetworkingforvirtualmachines,VMotion,IPstorage,andtheserviceconsole.
ItalsocoversconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,Fibre
Channel,andsoforth.TohelpyouprotectyourESXServerinstallation,theguide
providesadiscussionofsecurityfeaturesbuiltintoESXServerandthemeasuresyou
cantaketosafeguarditfromattack.Inaddition,itincludesalistofESXServertechnical
supportcommandsalongwiththeirVIClientequivalentsandadescriptionofthe
vmkfstoolsutility.
Intended AudienceTheinformationpresentedinthismanualiswrittenforsystemadministratorswhoare
experiencedWindowsorLinuxsystemadministratorsandwhoarefamiliarwith
virtualmachinetechnologyanddatacenteroperations.
Document FeedbackIfyouhavecommentsaboutthisdocumentation, submityourfeedbackto:
VMware Infrastructure Documentation
TheVMware
Infrastructure
documentation
consists
of
the
combined
VirtualCenter
and
ESXServerdocumentationset.
YoucanaccessthebooksintheVMwareInfrastructuredocumentsetat:
http://www.vmware.com/support/pubs
mailto:[email protected]://www.vmware.com/support/pubsmailto:[email protected]://www.vmware.com/support/pubs -
8/9/2019 VMWare Servervi3!30!20 Server Config
13/324
VMware, Inc. xiii
Preface
Conventions and AbbreviationsThismanualusesthestyleconventionslistedinTable P1.
Abbreviations Used in Graphics
ThegraphicsinthismanualusetheabbreviationslistedinTable P2.
Table P-1. Type Conventions
Style Purpose
Monospace Usedforcommands,filenames,directories,paths.
Monospace bold Usedtoindicateuserinput.
Bold Usedfortheseterms:
!
Interface
objects,
keys,
buttons! Itemsofhighlightedinterest
! Glossaryterms
Italic Usedforbooktitles.
Usedtoindicatevariableandparameternames.
Table P-2. Abbreviations
Abbreviation Description
VC VirtualCenter
VI VirtualInfrastructureClient
server
VirtualCenterserver
database VirtualCenterdatabase
hostn VirtualCentermanagedhosts
VM# virtualmachinesonamanagedhost
user# userwithaccesspermissions
dsk# storagediskforthemanagedhost
datastore storageforthemanagedhost
SAN storageareanetworktypedatastoresharedbetweenmanagedhosts
tmplt template
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
8/9/2019 VMWare Servervi3!30!20 Server Config
14/324
Server Configuration Guide
xiv VMware, Inc.
Technical Support and Education ResourcesThefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou:
! SelfServiceSupport
! OnlineandTelephoneSupport
! SupportOfferings
! VMwareEducationServices
Self-Service SupportUsetheVMwareTechnologyNetworkforselfhelptoolsandtechnicalinformation:
! ProductInformationhttp://www.vmware.com/products/
! TechnologyInformationhttp://www.vmware.com/vcommunity/technology
! Documentationhttp://www.vmware.com/support/pubs
!
KnowledgeBase
http://www.vmware.com/support/kb
! DiscussionForumshttp://www.vmware.com/community
! UserGroupshttp://www.vmware.com/vcommunity/usergroups.html
FormoreinformationabouttheVMwareTechnologyNetwork,goto
http://www.vmtn.net.
Online and Telephone SupportUseonlinesupporttosubmittechnicalsupportrequests,viewyourproductand
contractinformation,andregisteryourproducts.Goto
http://www.vmware.com/support .
Forcustomerswithappropriatesupportcontracts,usetelephonesupportforthefastest
responseonpriority1issues.Goto
http://www.vmware.com/support/phone_support.html .
Support Offerings
FindouthowVMwaressupportofferingscanhelpyoumeetyourbusinessneeds.Go
tohttp://www.vmware.com/support/services.
http://www.vmware.com/products/http://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/support/pubshttp://www.vmware.com/support/kbhttp://www.vmware.com/communityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/vcommunityhttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/vcommunityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/communityhttp://www.vmware.com/support/kbhttp://www.vmware.com/support/pubshttp://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/products/ -
8/9/2019 VMWare Servervi3!30!20 Server Config
15/324
VMware, Inc. xv
Preface
VMware Education Services
VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcourse
materialsdesigned
to
be
used
as
on
the
job
reference
tools.
For
more
information
about
VMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.
http://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfm -
8/9/2019 VMWare Servervi3!30!20 Server Config
16/324
Server Configuration Guide
xvi VMware, Inc.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
17/324
VMware, Inc. 1
CHAPTER 1 Introduction
TheServerConfigurationGuidedescribesthetasksyouneedtocompletetoconfigureESXServerhostnetworking,storage,andsecurity.Inaddition,itprovidesoverviews,
recommendations,andconceptualdiscussionstohelpyouunderstandthesetasksand
howto
deploy
an
ESX
Server
host
to
meet
your
needs.
Before
using
the
information
in
theServerConfigurationGuide,readtheIntroductiontoVirtualInfrastructureforanoverviewofsystemarchitectureandthephysicalandvirtualdevicesthatmakeupa
VirtualInfrastructuresystem.
Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe
informationyouneed.Thisguidecoversthesesubjects:
! ESXServernetworkconfigurations
! ESXServerstorageconfigurations
! ESXServersecurityfeatures
! ESXcommandreference
! Thevmkfstoolscommand
Networking
TheESXServernetworkingchaptersprovideyouwithaconceptualunderstandingof
physicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedto
completetoconfigureyourESXServerhostsnetworkconnections,andadiscussionof
advancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthefollowing
chapters:
! NetworkingIntroduces
you
to
network
concepts
and
guides
you
through
the
mostcommontasksyouneedtocompletewhensettingupthenetworkfortheESX
Serverhost.
! AdvancedNetworkingCoversadvancednetworkingtaskssuchassettingup
MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,
itprovidestipsonmakingyournetworkconfigurationmoreefficient.
! NetworkingScenariosandTroubleshootingDescribescommonnetworking
configurationandtroubleshootingscenarios.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
18/324
Server Configuration Guide
2 VMware, Inc.
Storage
TheESXServerstoragechaptersprovideyouwithabasicunderstandingofstorage,a
description
of
the
basic
tasks
you
perform
to
configure
and
manage
your
ESX
Server
hostsstorage,andadiscussionofhowtosetuprawdevicemapping.Thestorage
sectioncontainsthefollowingchapters:
! IntroductiontoStorageIntroducesyoutothetypesofstorageyoucan
configurefortheESXServerhost.
! ConfiguringStorageExplainshowtoconfigurelocalSCSIstorage,Fibre
Channelstorage,andiSCSIstorage.ItalsoaddressesVMFSstorageand
networkattachedstorage.
! ManagingStorageExplainshowtomanageexistingdatastoresandthefile
systemsthatcomprisedatastores.
! RawDeviceMappingDiscussesrawdevicemapping,howtoconfigurethis
typeofstorage,andhowtomanagerawdevicemappingsbysettingup
multipathing,failover,andsoforth.
Security
TheESXServersecuritychaptersdiscusssafeguardsVMwarehasbuiltintoESXServer
andmeasuresyoucantaketoprotectyourESXServerhostfromsecuritythreats.These
measuresincludeusingfirewalls,leveragingthesecurityfeaturesofvirtualswitches,
andsettingupuserauthenticationandpermissions.Thesecuritysectioncontainsthe
followingchapters:
! SecurityforESXServerSystemsIntroducesyoutotheESXServerfeatures
thathelpyouensureasecureenvironmentforyourdataandgivesyouan
overviewofsystemdesignasitrelatestosecurity.
! SecuringanESXServerConfigurationExplainshowtoconfigurefirewall
portsforESXServerhostsandVMwareVirtualCenter,howtousevirtualswitches
andVLANstoensurenetworkisolationforvirtualmachines,andhowtosecure
iSCSIstorage.
! AuthenticationandUserManagementDiscusseshowtosetupusers,groups,
permissions,androlestocontrolaccesstoESXServerhostsandVirtualCenter.It
alsodiscussesencryptionanddelegateusers.
! ServiceConsoleSecurityDiscussesthesecurityfeaturesbuiltintotheservice
consoleandshowsyouhowtoconfigurethesefeatures.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
19/324
VMware, Inc. 3
Chapter 1 Introduction
! SecurityDeploymentsandRecommendations Providessomesample
deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhensetting
upyourownESXServerdeployment.Thischapteralsotellsyouaboutactionsyou
cantaketofurthersecurevirtualmachines.
Appendixes
TheServerConfigurationGuideincludesappendixesthatprovidespecializedinformationyoumayfindusefulwhenconfiguringanESXServerhost.
! ESXTechnicalSupportCommandsCoverstheESXServerconfiguration
commandsthat
can
be
issued
through
acommand
line
shell
such
as
SSH.
While
thesecommandsareavailableforyouruse,youshouldnotconsiderthemtobean
APIuponwhichyoucanbuildscripts.Thesecommandsaresubjecttochangeand
VMwaredoesnotsupportapplicationsandscriptsthatrelyonESXServer
configurationcommands.ThisappendixprovidesyouwithVMwareVirtual
InfrastructureClientequivalentsforthesecommands.
! UsingvmkfstoolsCoversthevmkfstoolsutility,whichyoucanusetoperform
managementandmigrationtasksforiSCSIdisks.
Ser er Config ration G ide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
20/324
Server Configuration Guide
4 VMware, Inc.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
21/324
VMware, Inc. 5
Networking
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
22/324
Server Configuration Guide
6 VMware, Inc.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
23/324
VMware, Inc. 7
CHAPTER 2 Networking
ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server
environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure
environment.
UsetheVirtualInfrastructure(VI)Clienttoaddnetworkingbasedonthreecategoriesthatreflectthethreetypesofnetworkservices:
! Virtualmachines
! VMkernel
! Serviceconsole
Thischapter
covers
the
following
topics:
! NetworkingConceptsonpage 8
! NetworkServicesonpage 13
! ViewingNetworkingInformationintheVI Clientonpage 13
! NetworkingTasksonpage 15
! VirtualNetworkConfigurationforVirtualMachinesonpage 15
! VMkernelConfigurationonpage 19
! ServiceConsoleConfigurationonpage 23
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
24/324
8 VMware, Inc.
Networking ConceptsAfewconceptsareessentialtoathoroughunderstandingofvirtualnetworking.Ifyou
arenew
to
ESX
Server
3.0,
VMware
highly
recommends
you
read
this
section.
Concepts Overview
Aphysicalnetworkisanetworkofphysicalmachinesthatareconnectedsothatthey
cansenddatatoandreceivedatafromeachother.VMwareESX Serverrunsona
physicalmachine.
Avirtualnetworkisanetworkofvirtualmachinesrunningonasinglephysical
machinethatareconnectedlogicallytoeachothersothattheycansenddatatoand
receivedatafromeachother.Virtualmachinescanbeconnectedtothevirtualnetworks
thatyoucreateintheproceduretoaddanetwork.Eachvirtualnetworkisservicedby
asinglevirtualswitch.Avirtualnetworkcanbeconnectedtoaphysicalnetworkby
associatingoneormorephysicalEthernetadapters,alsoreferredtoasuplinkadapters,
withthevirtualnetworksvirtualswitch.Ifnouplinkadaptersareassociatedwiththe
virtualswitch,alltrafficonthevirtualnetworkisconfinedwithinthephysicalhost
machine.Ifoneormoreuplinkadaptersareassociatedwiththevirtualswitch,virtualmachinesconnectedtothatvirtualnetworkarealsoabletoaccessthephysical
networksconnectedtotheuplinkadapters.
AphysicalEthernetswitchmanagesnetworktrafficbetweenmachinesonthephysical
network.Aswitchhasmultipleports,eachofwhichcanbeconnectedtoasingleother
machineoranotherswitchonthenetwork.Eachportcanbeconfiguredtobehavein
certainwaysdependingontheneedsofthemachineconnectedtoit.Theswitchlearns
whichhostsareconnectedtowhichofitsportsandusesthatinformationtoforwardtraffictothecorrectphysicalmachines.Switchesarethecoreofaphysicalnetwork.
Multipleswitchescanbeconnectedtogethertoformlargernetworks.
Avirtualswitch,vSwitch,worksmuchlikeaphysicalEthernetswitch.Itdetectswhich
virtualmachinesarelogicallyconnectedtoeachofitsvirtualportsandusesthat
informationtoforwardtraffictothecorrectvirtualmachines.AvSwitchcanbe
connectedtophysicalswitchesusingphysicalEthernetadapters,alsoreferredtoas
uplinkadapters,tojoinvirtualnetworkswithphysicalnetworks.Thistypeof
connectionissimilartoconnectingphysicalswitchestogethertocreatealarger
network.EventhoughavSwitchworksmuchlikeaphysicalswitch,itdoesnothave
someoftheadvancedfunctionalityofaphysicalswitch.Formoreinformationon
vSwitches,seeVirtualSwitchesonpage 9.
Chapter 2 Networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
25/324
VMware, Inc. 9
AportgroupspecifiesportconfigurationoptionssuchasbandwidthlimitationsandVLANtaggingpoliciesforeachmemberport.NetworkservicesconnecttovSwitches
throughportgroups.Portgroupsdefinehowaconnectionismadethroughthe
vSwitchtothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasinglevSwitch.Formoreinformationonportgroups,seePortGroupsonpage 12.
NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasingle
vSwitchtoformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicaland
virtualnetworksamongsomeorallofitsmembersorprovidepassivefailoverinthe
eventofahardwarefailureoranetworkoutage.
VLANs
enable
a
single
physical
LAN
segment
to
be
further
segmented
so
that
groups
ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.
802.1Qisthestandard.
TheVMkernelTCP/IPnetworkingstacksupportsiSCSI,NFS,andVMotion.Virtual
machinesruntheirownsystemsTCP/IPstacks,andconnecttotheVMkernelatthe
Ethernetlevelthroughvirtualswitches.TwonewfeaturesinESX Server3,iSCSIand
NFS,arereferredasIPstorageinthischapter.IPstoragereferstoanyformofstorage
thatuses
TCP/IP
network
communication
as
its
foundation.
iSCSI
can
be
used
as
a
virtualmachinedatastore,andNFScanbeusedasavirtualmachinedatastoreandfor
directmountingof.ISOfiles,whicharepresentedasCDROMstovirtualmachines.
NOTE ThenetworkingchapterscoverhowtosetupnetworkingforiSCSIandNFS.
ToconfigurethestorageportionofiSCSIandNFS,seethestoragechapters.
MigrationwithVMotionenablesapoweredonvirtualmachinetobetransferredfrom
oneESX Serverhosttoanotherwithoutshuttingdownthevirtualmachine.The
optionalVMotionfeaturerequiresitsownlicensekey.
Virtual Switches
VirtualInfrastructure(VI)Clientletsyoucreateabstractednetworkdevicescalled
virtualswitches(vSwitches).AvSwitchcanroutetrafficinternallybetweenvirtual
machinesand
link
to
external
networks.
NOTE Youcancreateamaximumof248vSwitchesonasinglehost.
Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand
balancecommunicationstrafficamongthem.Theycanalsobeconfiguredtohandle
physicalNICfailover.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
26/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
27/324
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
28/324
12 VMware, Inc.
ApopupwindowdisplaysdetailedpropertiesasshowninFigure 23.
Figure 2-3. Virtual Switch Detailed Properties
Port Groups
Portgroupsaggregatemultipleportsunderacommonconfigurationandprovidea
stableanchorpointforvirtualmachinesconnectingtolabelednetworks.Eachport
groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.AVLANID,
whichrestrictsportgrouptraffictoalogicalEthernetsegmentwithinthephysical
network,isoptional.
NOTE Youcancreateamaximumof512portgroupsonasinglehost.
Labelednetworksareproperlyconfiguredonlywhenallportgroupsusingthesame
networklabelareabletoseethesamebroadcasttraffic.BecauseaVLANcanrestrict
visibilityonaphysicalnetwork,itmightbenecessarytosynchronizethenetworklabel
andVLANIDcontrolswhenoneofthemischanged.MorethanoneportgroupcanusethesameVLANID.
Chapter 2 Networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
29/324
VMware, Inc. 13
Network ServicesYouneedtoenabletwotypesofnetworkservicesinESX Server:
! Connectingvirtualmachinestothephysicalnetwork
! ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical
network
Theserviceconsole,whichrunsthemanagementservices,issetupbydefaultduring
theinstallationofESX Server.
Viewing Networking Information in the VI ClientTheVIClientdisplaysbothgeneralnetworkinginformationandinformationspecific
tonetworkadapters.
To view general networking information in the VI Client
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardware
configuration
page
for
this
server
appears.
2 ClicktheConfigurationtab,andclickNetworking.
ThenetworkingpaneldisplaysthefollowinginformationasshowninFigure
Figure 24:
! Virtualswitches
! Adapterinformationforeachadapter
! Linkstatus
! Apparentspeedandduplex
! ServiceconsoleandVMkernelTCP/IPservices
! IPaddress
! Serviceconsole
! Virtualdevicename
! Virtualmachines
! Powerstatus
! Connectionstatus
Server Configuration Guide
http://-/?-http://-/?-http://-/?-http://-/?- -
8/9/2019 VMWare Servervi3!30!20 Server Config
30/324
14 VMware, Inc.
! Portgroup
! Networklabelcommontoallthreeportconfigurationtypes
! Numberof
configured
virtual
machines
! VLANID,ifanycommontoallthreeportconfigurationtypes
Figure 2-4. General Networking Information
To view network adapter information in the VI Client
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworkAdapters.
Thenetworkadapterspaneldisplaysthefollowinginformation:
! DeviceNameofthenetworkadapter
! SpeedActualspeedandduplexofthenetworkadapter
IP address vSwitch
VM network properties pop-up network adapter
port groupREVISEDSee Updates
at the end
of this book.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
31/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
32/324
Chapter 2 Networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
33/324
VMware, Inc. 17
6 ClickNext.
TheNetworkAccessscreenappears.
Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchis
abletotransferdataonlytoexternalnetworkswhenoneormorenetworkadapters
areattachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,they
aretransparentlyteamed.
7 SelectCreateavirtualswitch.
YoucancreateanewvSwitchwithorwithoutEthernetadapters.
IfyoucreateavSwitchwithoutphysicalnetworkadapters,thenalltrafficonthat
vSwitchwillbeconfinedtothatvSwitch.Nootherhostsonthephysicalnetwork
orvirtualmachinesonothervSwitcheswillbeabletosendorreceivetrafficover
thisvSwitch.Youmightdothisifyouwantagroupofvirtualmachinestobeable
tocommunicatewitheachother,butnotwithotherhostsorwithvirtualmachines
outsidethegroup.
Changesappear
in
the
Preview
pane.
8 ClickNext.
TheConnectionSettingsscreenappears.
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
34/324
18 VMware, Inc.
9 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup
thatyouarecreating.
Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwoormorehosts.
10 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween1and
4094.
Ifyouareunsurewhattoenter,leavethisblankoraskyournetwork
administrator.
Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLAN
whileleavingtheVLANtagsintact.
Chapter 2 Networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
35/324
VMware, Inc. 19
11 ClickNext.
TheReadytoCompletescreenappears.
12 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.
NOTE Toenablefailover(NICteaming),bindtwoormoreadapterstothesame
switch.Ifoneuplinkadapterisnotoperational,networktrafficisroutedto
anotheradapterattachedtotheswitch.NICteamingrequiresbothEthernet
devicestobeonthesameEthernetbroadcastdomain.
VMkernel ConfigurationMovingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga
poweredonvirtualmachineiscalledVMotion.MigrationwithVMotion,designedto
beusedbetweenhighlycompatiblesystems,letsyoumigratevirtualmachineswithno
downtime.YourVMkernelnetworkingstackmustbesetupproperlytoaccommodate
VMotion.
IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasits
foundation,whichincludesiSCSIandNASforESX Server.Becausebothofthese
storagetypesarenetworkbased,bothtypescanusethesameportgroup.
ThenetworkservicesprovidedbytheVMkernel(iSCSI,NFS,andVMotion)usea
TCP/IPstackintheVMkernel.ThisTCP/IPstackiscompletelyseparatefromthe
TCP/IPstackusedintheserviceconsole.EachoftheseTCP/IPstacksaccessesvarious
networksby
attaching
to
one
or
more
port
groups
on
one
or
more
vSwitches.
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
36/324
20 VMware, Inc.
TCP/IP Stack at the Virtual Machine Monitor Level
TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,
NFS,andVMotioninthefollowingways:
! iSCSIasavirtualmachinedatastore.
! iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
! NFSasavirtualmachinedatastore.
! NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
! MigrationwithVMotion.
NOTE ESXsupportsonlyNFSversion3overTCP/IP.
Implications and Guidelines
RefertothefollowingguidelineswhenconfiguringVMkernelnetworking:
! TheIPaddressthatyouassigntotheserviceconsoleduringinstallationmustbe
differentfromtheIPaddressthatyouassigntoVMkernelsTCP/IPstackfromthe
Configuration>NetworkingtaboftheVirtualInfrastructureClient.
! BeforeconfiguringsoftwareiSCSIfortheESX Serverhost,openafirewallportby
enablingtheiSCSIsoftwareclientservice.Formoreinformation,seeOpening
FirewallPorts
for
Supported
Services
and
Management
Agents
on
page 185.
! UnlikeotherVMkernelservices,iSCSIhasaserviceconsolecomponent,so
networksthatareusedtoreachiSCSItargetsmustbeaccessibletobothservice
consoleandVMkernelTCP/IPstacks.
To set up the VMkernel
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
Chapter 2 Networking
4 S l VMk l d li kN t
-
8/9/2019 VMWare Servervi3!30!20 Server Config
37/324
VMware, Inc. 21
4 SelectVMkernelandclickNext.
SelectingVMotionandIPStorageletsyouconnecttheVMkernel,whichruns
servicesforVMotionandIPstorage(NFSoriSCSI),tothephysicalnetwork.
TheNetworkAccesspageappears.
5 SelectthevSwitchyouwouldliketouse,orselecttheCreateavirtualswitchradio
buttontocreateanewvSwitch.
6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.
YourchoicesappearinthePreviewpane.
Selectadapters
for
each
vSwitch
so
that
virtual
machines
or
other
services
that
connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters
appearunderCreateanewvirtualswitch,allthenetworkadaptersinthesystem
arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout
anetworkadapterorselectanetworkadapterusedbyanexistingvSwitch.
ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd
uplinkadaptersonpage 36.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
38/324
Chapter 2 Networking
10 Under IP Settings clickEdit to set theVMkernel Default Gateway for VMkernel
-
8/9/2019 VMWare Servervi3!30!20 Server Config
39/324
VMware, Inc. 23
10 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel
services,suchasVMotion,NAS,andiSCSI.
NOTE Makesure
that
you
set
adefault
gateway
for
the
port
that
you
created.
VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.You
mustuseavalidIPaddresstoconfiguretheVMkernelIPstack,nota
dummyaddress.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselectedasisthedomain.
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown
gatewayinformation.Agatewayisforneededifconnectivitytomachinesnoton
thesameIPsubnetastheserviceconsoleorVMkernel.
StaticIPsettingsisthedefault.
11 ClickOK
to
save
your
changes
and
close
the
DNS
Configuration
and
Routing
dialogbox.
12 ClickNext.
13 UsetheBackbuttontomakeanychanges.
14 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Service Console ConfigurationBoththeserviceconsoleandtheVMkernelusevirtualEthernetadapterstoconnectto
avSwitchandtoreachnetworksservicedbythevSwitch.
Basic Service Console Configuration Tasks
Therearetwocommonserviceconsoleconfigurationchanges:changingNICsand
changingthe
settings
for
an
existing
NIC
that
is
in
use.
Whenonlyoneserviceconsoleconnectionispresent,changingtheserviceconsole
configurationisnotallowed.Ifyouwantanewconnection,youmustchangethe
networksettingstouseanadditionalNIC.Afterverifyingthatthenewconnectionis
functioningproperly,removetheoldconnection.Youareswitchingovertothenew
NIC.
Server Configuration Guide
To configure service console networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
40/324
24 VMware, Inc.
To configure service console networking
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardware
configuration
page
for
this
server
appears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
4 SelectServiceConsoleontheConnectionTypesscreen,andclickNext.
TheService
Console
Network
Access
page
appears.
5 SelectthevSwitchyouwanttousefornetworkaccess,orselectCreateanew
vSwitchandclickNext.
IfnoadaptersappearunderCreateanewvirtualswitch,allthenetworkadapters
inthe
system
are
being
used
by
existing
vSwitches.
For
information
on
moving
networkadaptersbetweenvSwitches,seeToadduplinkadaptersonpage 36.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
41/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
42/324
Chapter 2 Networking
6 Tocontinuewiththeserviceconsoleconfiguration,clickContinuemodifyingthis
-
8/9/2019 VMWare Servervi3!30!20 Server Config
43/324
VMware, Inc. 27
connection.
TheServiceConsolePropertiesdialogboxappears.
7 Editportproperties,IPsettings,andeffectivepoliciesasnecessary.
8 ClickOK.
OnlyonedefaultgatewaycanbeconfiguredperTCP/IPstack.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
44/324
-
8/9/2019 VMWare Servervi3!30!20 Server Config
45/324
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
46/324
30 VMware, Inc.
CHAPTER 3 Advanced Networking
-
8/9/2019 VMWare Servervi3!30!20 Server Config
47/324
VMware, Inc. 31
g
ThischapterguidesyouthroughadvancednetworkingtopicsinanESX Server
environmentandhowtosetupandchangeadvancednetworkingconfiguration
options.
Thischapter
covers
the
following
topics:
! AdvancedNetworkingTasksonpage 32
! VirtualSwitchConfigurationonpage 32
! PortGroupConfigurationonpage 46
! DNSandRoutingonpage 48
! SettingUp
MAC
Addresses
on
page 50
! NetworkingTipsandBestPracticesonpage 53
Server Configuration Guide
Advanced Networking Tasks
-
8/9/2019 VMWare Servervi3!30!20 Server Config
48/324
32 VMware, Inc.
Thischapteroutlineshowtoperformthefollowingadvancednetworkingtasks:
!
Toedit
the
number
of
ports
for
avSwitch
on
page 32
! Toconfiguretheuplinknetworkadapterbychangingitsspeedonpage 35
! Toadduplinkadaptersonpage 36
! ToedittheLayer2Securitypolicyonpage 39
! ToedittheTrafficShapingpolicyonpage 41
! Toedit
the
failover
and
load
balancing
policy
on
page 43
! Toeditportgrouppropertiesonpage 46
! Tooverridelabelednetworkpoliciesonpage 47
! TochangetheDNSandRoutingconfigurationonpage 48
! TosetupaMACaddressonpage 52
Virtual Switch ConfigurationThissectioncontainsthefollowinginformation:
! VirtualSwitchPropertiesonpage 32
! VirtualSwitchPoliciesonpage 39
Virtual Switch Properties
VirtualswitchsettingscontrolvSwitchwidedefaultsforports,whichcanbe
overriddenbyportgroupsettingsforeachvSwitch.
Editing Virtual Switch Properties
EditingvSwitchpropertiesconsistsof:
! Configuringports
! Configuringtheuplinknetworkadapters
To edit the number of ports for a vSwitch
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
Chapter 3 Advanced Networking
3 Ontherightsideofthewindow,findthevSwitchthatyouwanttoedit.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
8/9/2019 VMWare Servervi3!30!20 Server Config
49/324
VMware, Inc. 33
-
8/9/2019 VMWare Servervi3!30!20 Server Config
50/324
Chapter 3 Advanced Networking
To configure the uplink network adapter by changing its speed
1 Log into the VMware VI Client and select the server from the inventory panel
-
8/9/2019 VMWare Servervi3!30!20 Server Config
51/324
VMware, Inc. 35
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthevSwitchPropertiesdialogbox,clicktheNetworkAdapterstab.
5 Tochangetheconfiguredspeed,duplexvalueofanetworkadapter,selectthe
networkadapterandclickEdit.
TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe
correctchoice.
Server Configuration Guide
6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe
dropdownmenu.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
52/324
36 VMware, Inc.
ChoosetheconnectionspeedmanuallyiftheNICandaphysicalswitchmightfail
tonegotiatetheproperconnectionspeed.Symptomsofmismatchedspeedandduplexincludelowbandwidthornolinkconnectivityatall.
Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame
value,thatis,auto/autoorND/NDwhereNDissomespeedandduplex,butnot
auto/ND.
7 ClickOK.
To add uplink adapters
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthePropertiesdialogboxforthevSwitch,clicktheNetworkAdapterstab.
Chapter 3 Advanced Networking
5 ClickAddtolaunchtheAddAdapterWizard.
YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
53/324
VMware, Inc. 37
p p g p g
Suchateamcansharetrafficandprovidefailover.
CAUTION MisconfigurationcanresultinthelossoftheVIClientabilityto
connecttothehost.
6 Selectoneormoreadaptersfromthelist,andclickNext.
7 ToordertheNICs,selectaNICandclickthebuttonstomoveitupordowninto
thecategory(ActiveorStandby)thatyouwant.
! ActiveAdaptersAdapterscurrentlyusedbythevSwitch.
Server Configuration Guide
! StandbyAdaptersAdaptersthatbecomeactiveintheeventthatoneor
moreoftheactiveadaptersshouldfail.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
54/324
38 VMware, Inc.
8 ClickNext.
TheAdapterSummarypageappears.
9 Reviewtheinformationonthispage,usetheBackbuttontochangeanyentries,
andclickFinishtoleavetheAddAdapterWizard.
Thelistofnetworkadaptersreappears,showingthoseadaptersnowclaimedby
thevSwitch.
10 ClickClose
to
exit
the
vSwitch
Propertiesdialog
box.
TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin
theirdesignatedorderandcategories.
Chapter 3 Advanced Networking
Virtual Switch Policies
You can apply a set of vSwitch wide policies by selecting the vSwitch at the top of the
-
8/9/2019 VMWare Servervi3!30!20 Server Config
55/324
VMware, Inc. 39
YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe
Ports
tab
and
clicking
Edit.
Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.
AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups
onthatvSwitchexceptforthoseconfigurationoptionsthathavebeenoverriddenby
theportgroup.
ThevSwitchpoliciesconsistof:
!
Layer2Security
policy
! TrafficShapingpolicy
! LoadBalancingandFailoverpolicy
Layer 2 Security Policy
Layer2isthedatalinklayer.ThethreeelementsoftheLayer2Securitypolicyare
promiscuousmode,
MAC
address
changes,
and
forged
transmits.
Innonpromiscuousmode,aguestadapterlistenstotrafficonlyonitsownMAC
address.Inpromiscuousmode,itcanlistentoallthepackets.Bydefault,guestadapters
aresettononpromiscuousmode.
Forfurtherinformationonsecurity,seeSecuringVirtualSwitchPortsonpage 195.
To edit the Layer 2 Security policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClickPropertiesforthevSwitchwhoseLayer2Securitypolicyyouwanttoedit.
4 InthePropertiesdialogboxforthevSwitch,clickthePortstab.
5 SelectthevSwitchitemandclickEdit.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
56/324
Chapter 3 Advanced Networking
! ForgedTransmits
! RejectAnyoutboundframewithasourceMACaddressthatis
diff t f th tl t th d t ill b d d
-
8/9/2019 VMWare Servervi3!30!20 Server Config
57/324
VMware, Inc. 41
differentfromtheonecurrentlysetontheadapterwillbedropped.
! AcceptNofilteringisperformedandalloutboundframesarepassed.
8 ClickOK.
Traffic Shaping Policy
ESX Servershapestrafficbyestablishingparametersforthreeoutboundtraffic
characteristics:averagebandwidth,burstsize,andpeakbandwidth.Youcansetvalues
forthesecharacteristicsthroughtheVI Client,establishingatrafficshapingpolicyfor
eachuplinkadapter.
! AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe
vSwitchaveragedovertimetheallowedaverageload.
! BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst
exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.
Ifthequeueisfull,thepacketsaredropped.Whenyouspecifyvaluesforthesetwocharacteristics,youindicatewhatyouexpectthevSwitchtohandleduringnormal
operation.
! PeakBandwidthisthemaximumbandwidththevSwitchcanabsorbwithout
droppingpackets.Iftrafficexceedsthepeakbandwidthyouestablish,excess
packetsarequeuedforlatertransmissionaftertrafficontheconnectionhas
returnedtotheaverageandthereareenoughsparecyclestohandlethequeued
packets.Ifthequeueisfull,thepacketsaredropped.Evenifyouhavesparebandwidthbecausetheconnectionhasbeenidle,thepeakbandwidthparameter
limitstransmissiontonomorethanpeakuntiltrafficreturnstotheallowed
averageload.
To edit the Traffic Shaping policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 SelectthevSwitchandclickEdit.
ThePropertiesdialogboxfortheselectedvSwitchappears.
Server Configuration Guide
6 ClicktheTrafficShapingtab.
ThePolicyExceptionspaneappears.Whentrafficshapingisdisabled,thetunable
features are dimmed You can selectively override all traffic shaping features at the
-
8/9/2019 VMWare Servervi3!30!20 Server Config
58/324
42 VMware, Inc.
featuresaredimmed.Youcanselectivelyoverridealltrafficshapingfeaturesatthe
portgroup
level
if
traffic
shaping
is
enabled.
Thesearethepoliciestowhichtheperportgroupexceptionsareapplied.
Thepolicyhereisappliedtoeachvirtualadapterattachedtotheportgroup,nottothevSwitchasawhole.
! StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting
limitsontheamountofnetworkingbandwidthallocationeachvirtualadapter
associatedwiththisparticularportgroup.Ifyoudisablethepolicy,services
willhaveafree,clearconnectiontothephysicalnetworkbydefault.
Theremaining
fields
define
network
traffic
parameters:
! AverageBandwidthAvaluemeasuredoveraparticularperiodoftime.
! PeakBandwidthAvaluethatisthemaximumbandwidthallowedandthat
canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe
maximumbandwidthduringaburst.
! BurstSizeAvaluespecifyinghowlargeaburstcanbeinkilobytes(K).This
parametercontrolstheamountofdatathatcanbesentinoneburstwhileexceedingtheaveragerate.
Chapter 3 Advanced Networking
Load Balancing and Failover Policy
LoadBalancingandFailoverpoliciesallowyoutodeterminehownetworktrafficis
distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter
-
8/9/2019 VMWare Servervi3!30!20 Server Config
59/324
VMware, Inc. 43
i i u e e ee a ap e a o o e ou e a i i e e e o a a ap e
failureby
configuring
the
following
parameters:
! LoadBalancingpolicy
TheLoadBalancingpolicydetermineshowincomingandoutgoingtrafficis
distributedamongthenetworkadaptersassignedtoavSwitch.
! FailoverDetection:LinkStatus/BeaconProbing
! NetworkAdapterOrder(Active/Standby)
To edit the failover and load balancing policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickEdit.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 ToedittheFailoverandLoadBalancingvaluesforthevSwitch,selectthevSwitch
itemandclickProperties.
ThePropertiesdialogboxforthevSwitchappears.
Server Configuration Guide
6 ClicktheNICTeamingtab.
ThePolicyExceptionsareaappears.Youcanoverridethefailoverorderattheport
group level. By default, new adapters are active for all policies. New adapters carry
-
8/9/2019 VMWare Servervi3!30!20 Server Config
60/324
44 VMware, Inc.
grouplevel.Bydefault,newadaptersareactiveforallpolicies.Newadapterscarry
trafficfor
the
vSwitch
and
its
port
group
unless
you
specify
otherwise.
7 InthePolicyExceptionspane:
! LoadBalancingSpecifyhowtochooseanuplink.
! RoutebasedontheoriginatingportIDChooseanuplinkbasedonthe
virtualportwherethetrafficenteredthevirtualswitch.
! RoutebasedoniphashChooseanuplinkbasedonahashofthe
sourceanddestinationIPaddressesofeachpacket.FornonIPpackets,
whateverisatthoseoffsetsisusedtocomputethehash.
Chapter 3 Advanced Networking
! RoutebasedonsourceMAChashChooseanuplinkbasedonahash
ofthesourceEthernet.
! UseexplicitfailoverorderAlwaysusethehighestorderuplinkfrom
-
8/9/2019 VMWare Servervi3!30!20 Server Config
61/324
VMware, Inc. 45
p y g p
thelist
of
Active
adapters
which
passes
failover
detection
criteria.
! NetworkFailoverDetectionSpecifythemethodtouseforfailover
detection.
! LinkStatusonlyReliessolelyonthelinkstatusprovidedbythe
networkadapter.Thisdetectsfailures,suchascablepullsandphysical
switchpowerfailures,butnotconfigurationerrors,suchasaphysical
switchportbeingblockedbyspanningtreeormisconfiguredtothe
wrongVLANorcablepullsontheothersideofaphysicalswitch.
! BeaconProbingSendsoutandlistensforbeaconprobesonallNICsin
theteamandusesthisinformation,inadditiontolinkstatus,to
determinelinkfailure.Thisdetectsmanyofthefailuresmentionedabove
thatarenotdetectedbylinkstatusalone.
! NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.
IfyouselectYes,wheneveravirtualNICisconnectedtothevSwitchor
wheneverthatvirtualNICstrafficwouldberoutedoveradifferentphysical
NICintheteamduetoafailoverevent,anotificationissentoutoverthe
networktoupdatethelookuptablesonphysicalswitches.Inalmostallcases,
thisisdesirableforthelowestlatencyoffailoveroccurrencesandmigrations
withVMotion.
NOTE Donotusethisoptionwhenthevirtualmachinesusingtheport
groupareusingMicrosoftNetworkLoadBalancinginunicastmode.
NosuchissueexistswithNLBrunninginmulticastmode.
! RollingFailoverSelectYesorNotodisableorenablerolling.
Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter
recoveringfromafailure.IfrollingissettoNo,theadapterisreturnedto
activedutyimmediatelyuponrecovery,displacingthestandbyadapterthat
tookoveritsslot,ifany.IfrollingissettoYes,afailedadapterisleftinactive
evenafterrecoveryuntilanothercurrentlyactiveadapterfails,requiringits
replacement.
Server Configuration Guide
! FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Ifyou
wanttousesomeadaptersbutreserveothersforemergenciesincasetheones
inusefail,youcansetthisconditionusingthedropdownmenutoplacethem
into the two groups:
-
8/9/2019 VMWare Servervi3!30!20 Server Config
62/324
46 VMware, Inc.
intothetwogroups:
! ActiveAdaptersContinuetouseitwhenthenetworkadapter
connectivityisupandactive.
! StandbyAdaptersUsethisadapterifoneoftheactiveadapters
connectivityisdown.
! UnusedAdaptersNottobeused.
Port Group ConfigurationYoucanchangethefollowingportgroupconfigurations:
! Portgroupproperties
! Labellednetworkpolicies
To edit port group properties
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 Ontherightsideofthewindow,clickPropertiesforanetwork.
ThevSwitchPropertiesdialogboxappears.
4 ClickthePortstab.
5 SelecttheportgroupandclickEdit.
6 InthePropertiesdialogboxfortheportgroup,clicktheGeneraltabtochange:
! NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis
labelwhenconfiguringavirtualadaptertobeattachedtothisportgroup,
eitherwhenconfiguringvirtualmachinesorVMkernelservices,suchasVMotionandIPstorage.
! VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
7 ClickOKtoexitthevSwitchPropertiesdialogbox.
Chapter 3 Advanced Networking
To override labeled network policies
1 Tooverrideanyofthesesettingsforaparticularlabelednetwork,selectthe
network.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
63/324
VMware, Inc. 47
2 ClickEdit.
3 ClicktheSecuritytab.
4 Selectthecheckboxforthelabelednetworkpolicythatyouwanttooverride.
Forinformationonthesesettings,seeLayer2SecurityPolicyonpage 39.
5 ClicktheTrafficShapingtab.
6 SelectthecheckboxtooverridetheenabledordisabledStatus.Forinformationon
theStatussettings,seeTrafficShapingPolicyonpage 41.
7 ClicktheNICTeamingtab.
Server Configuration Guide
8 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder
policies.
Forinformationonthesesettings,seeLoadBalancingandFailoverPolicyon
-
8/9/2019 VMWare Servervi3!30!20 Server Config
64/324
48 VMware, Inc.
page 43.
9 ClickOKtoexitthelabeledVMNetworkPropertiesdialogbox.
DNS and RoutingConfigureDNSandroutingthroughtheVI Client.
To change the DNS and Routing configuration
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickDNSand
Routing.
Chapter 3 Advanced Networking
3 Ontherightofthewindow,clickProperties.
4 IntheDNSConfigurationtab,entervaluesfortheNameandDomainfields.
5 ChoosetoeitherobtaintheDNSserveraddressautomaticallyoruseaDNSserver
-
8/9/2019 VMWare Servervi3!30!20 Server Config
65/324
VMware, Inc. 49
y
address.
NOTE DHCPissupportedonlyiftheDHCPserverisaccessibletotheservice
console.Inotherwords,theserviceconsolemusthaveavirtualinterface
(vswif)configuredandattachedtothenetworkwheretheDHCPserver
resides.
6 Specifythedomainsinwhichtolookforhosts.
Server Configuration Guide
7 IntheRoutingtab,changedefaultgatewayinformationasneeded.
Youneedtoselectagatewaydeviceonlyifyouhaveconfiguredtheservice
consoletoconnecttomorethanonesubnet.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
66/324
50 VMware, Inc.
8 ClickOKtoclosetheDNSConfigurationdialogbox.
Setting Up MAC AddressesMACaddressesaregeneratedforvirtualnetworkadaptersusedbytheserviceconsole,
theVMkernalandvirtualmachines.Inmostcases,theseMACaddressesare
appropriate.However,youmightneedtosetaMACaddressforavirtualnetwork
adapterasinthefollowingcases:
! Virtualnetworkadaptersondifferentphysicalserverssharethesamesubnetand
areassigned
the
same
MAC
address,
causing
aconflict.
! YouwanttoensurethatavirtualnetworkadapteralwayshasthesameMAC
address.
ThefollowingsectionsdescribehowMACaddressesaregeneratedandhowyoucan
settheMACaddressforavirtualnetworkadapter.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
67/324
Server Configuration Guide
Setting MAC Addresses
Tocircumventthelimitof256virtualnetworkadaptersperphysicalmachineand
possibleMACaddressconflictsbetweenvirtualmachines,systemadministratorscan
-
8/9/2019 VMWare Servervi3!30!20 Server Config
68/324
52 VMware, Inc.
manually assign MAC addresses. VMware uses this OUI for manually generatedaddresses:00:50:56.
TheMACaddressrangeis
00:50:56:00:00:00-00:50:56:3F:FF:FF
Youcansettheaddressesbyaddingthefollowinglinetoavirtualmachines
configurationfile:
ethernet .address = 00:50:56:XX:YY:ZZ
wherereferstothenumberoftheEthernetadapter,XX isavalidhexadecimal
numberbetween00and3F,andYYandZZarevalidhexadecimalnumbersbetween00
andFF.ThevalueforXXmustnotbegreaterthan3FtoavoidconflictwithMAC
addressesthataregeneratedbytheVMwareWorkstationandVMwareGSXServer
products.ThemaximumvalueforamanuallygeneratedMACaddressis
ethernet.address = 00:50:56:3F:FF:FF
Youmustalsosettheoptioninavirtualmachinesconfigurationfile:
ethernet.addressType="static"
BecauseVMwareESX ServervirtualmachinesdonotsupportarbitraryMAC
addresses,theaboveformatmustbeused.Aslongasyouchooseauniquevaluefor
XX:YY:ZZ amongyourhardcodedaddresses,conflictsbetweentheautomatically
assignedMACaddressesandthemanuallyassignedonesshouldneveroccur.
Using MAC Addresses
TheeasiestwaytofamiliarizeyourselfwithMACaddressesistosetupaMACaddress.
To set up a MAC address
1 SettheMACaddressstatically.
2 Removethevirtualmachineconfigurationfileoptions:
ethernet.address, ethernet.addressType
and
ethernet.generatedAddressOffset
Chapter 3 Advanced Networking
3 VerifythatthevirtualmachinereceivesageneratedMACaddress.
VMwareguarantees,however,thattheMACaddresswillneverconflictwithany
physicalhostbyusingtheVMwareOUIs(00:0C:29and00:50:56),whichareuniqueto
l
h
-
8/9/2019 VMWare Servervi3!30!20 Server Config
69/324
VMware, Inc. 53
virtual machines.
Networking Tips and Best PracticesThissectionprovidesinformationabout:
! Networkingbestpractices
! Networkhints
Networking Best Practices
Considerthesebestpracticesforconfiguringyournetwork:
! Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter
performance.
Ifyouwantaparticularsetofvirtualmachinestofunctionatthehighest
performancelevels,putthemonaseparatephysicalNIC.Thisseparationallows
foraportionofthetotalnetworkingworkloadtobemoreevenlysharedacross
multipleCPUs.Theisolatedvirtualmachinesarethenmoreabletoservetraffic
fromaWebclient,forinstance.
! TherecommendationsbelowcanbesatisfiedeitherbyusingVLANstosegmenta
singlephysicalnetworkorbyusingseparatephysicalnetworks(thelatteris
preferable).
! Keepingtheserviceconsoleonitsownnetworkisanimportantpartof
securingtheESXsystem.Considertheserviceconsolenetworkconnectivity
inthesamelightasanyremoteaccessdeviceinaserverbecausecompromise
oftheserviceconsolegivesanattackerfullcontrolofallvirtualmachines
runningonthesystem.
!Keeping
the
VMotion
connection
on
aseparate
network
devoted
to
this
purposeisimportantbecausewhenmigrationwithVMotionoccurs,the
contentsoftheguestoperatingsystemsmemoryaretransmittedoverthe
network.
Server Configuration Guide
Mounting NFS Volumes
InESX Server3.0,themodelofhowESXaccessesNFSstorageofISOimagesthatare
usedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelusedin
ESX Server2.x.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
70/324
54 VMware, Inc.
ESX Server3.0hassupportforVMkernelbasedNFSmounts.Thenewmodelisto
mountyourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.
AllNFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual
machineconfigurationeditorallowsyoutobrowsetheserviceconsolefilesystemfor
ISOimagestobeusedasvirtualCDROMdevices.
Networking TipsConsiderthefollowingnetworkhints:
! Theeasiestwaytophysicallyseparatenetworkservicesandtodedicatea
particularsetofNICstoaspecificnetworkserviceistocreateavSwitchforeach
service.Ifthisisnotpossible,theycanbeseparatedfromeachotheronasingle
vSwitchbyattachingthemtoportgroupswithdifferentVLANIDs.Ineithercase,
confirmwithyournetworkadministratorthatthenetworksorVLANsyouchoose
areisolatedintherestofyourenvironment,thatis,noroutersconnectthem.
! YoucanaddandremoveNICsfromthevSwitchwithoutaffectingthevirtual
machinesorthenetworkservicethatisrunningbehindthatvSwitch.Ifyou
removedalltherunninghardware,thevirtualmachineswouldstillbeableto
communicateamongstthemselves,asiftheyweregoingouttothenetworkand
back.Moreover,ifyouleftoneNICintact,allofthevirtualmachineswouldstillbe
abletoconnectwiththephysicalnetwork.
! Useportgroupswithdifferentsetsofactiveadaptersintheirteamingpolicyto
separatevirtualmachinesintogroups.Thesecanuseseparateadaptersaslongas
alladaptersareupbutstillfallbacktosharingintheeventofanetworkor
hardwarefailure.
! Deployfirewallsinvirtualmachinesthatroutebetweenvirtualnetworkswith
uplinkstophysicalnetworksandpurevirtualnetworkswithnouplinkstoprotect
yourmostsensitivevirtualmachines.
CHAPTER 4 Networking Scenarios and
Troubleshooting
-
8/9/2019 VMWare Servervi3!30!20 Server Config
71/324
VMware, Inc. 55
Thischapterdescribescommonnetworkingconfigurationandtroubleshooting
scenarios.
Thischaptercoversthefollowingtopics:
! NetworkingConfigurationforSoftwareiSCSIStorageonpage 56
! ConfiguringNetworkingonBladeServersonpage 62
! Troubleshootingonpage 67
Server Configuration Guide
Networking Configuration for Software iSCSI StorageThestorageyouconfigureforanESX Serverhostmightincludeoneormorestorage
areanetworks(SANs)thatuseiSCSI,whichisameansofaccessingSCSIdevicesand
exchangingdata
records
using
TCP/IP
protocol
over
anetwork
port
rather
than
-
8/9/2019 VMWare Servervi3!30!20 Server Config
72/324
56 VMware, Inc.
exchanging data records using TCP/IP protocol over a network port rather thanthroughadirectconnectiontoaSCSIdevice.IniSCSItransactions,blocksofrawSCSI
dataareencapsulatediniSCSIrecordsandtransmittedtotherequestingdeviceoruser.
BeforeyoucanconfigureiSCSIstorage,youmustcreateaVMkernelporttohandle
iSCSInetworkingandaserviceconsoleconnectiontotheiSCSInetwork.
To create a VMkernel port for software iSCSI
1 Loginto
the
VMware
VI Client,
and
select
the
server
from
the
inventory
panel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
4 SelectVMkernelandclickNext.
ThisletsyouconnecttheVMkernel,whichrunsservicesforiSCSIstorage,tothe
physicalnetwork.
TheNetworkAccesspageappears.
5 SelectthevSwitchyouwanttouseortheCreateavirtualswitchradiobutton.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
73/324
Server Configuration Guide
8 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.
! NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attachedtothisportgroup,whenconfiguringiSCSIstorage.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
74/324
58 VMware, Inc.
! VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
Chapter 4 Networking Scenarios and Troubleshooting
9 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforiSCSI.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselected as is the domain.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
75/324
VMware, Inc. 59
preselectedasisthedomain.
Server Configuration Guide
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown
gatewayinformation.Agatewayisneededforconnectivitytomachinesnotonthe
sameIPsubnetastheserviceconsoleorVMkernel.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
76/324
60 VMware, Inc.
NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.
YoumustuseavalidstaticIPaddresstoconfiguretheVMkernelstack.
10 ClickOKtosaveyourchanges,andclosetheDNSand
Routing
Configuration
dialogbox.
11 ClickNext.
12 UsetheBackbuttontomakeanychanges.
13 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Afteryou
create
aVMkernel
port
for
iSCSI,
you
must
create
aservice
console
connectiononthesamevSwitchastheVMkernelport.
To configure a service console connection for software iSCSI storage
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
77/324
Server Configuration Guide
7 EntertheIPAddressandSubnetMask,orselecttheDHCPoptionObtainIP
settingautomaticallyfortheIPaddressandsubnetmask.
8 ClicktheEditbuttontosettheServiceConsoleDefaultGateway.
SeeTosetthedefaultgatewayonpage 28.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
78/324
62 VMware, Inc.
9 ClickNext.
TheReadytoCompletescreenappears.
10 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.
AfteryoucreateaVMkernelportandserviceconsoleconnection,youareabletoenable
andconfiguresoftwareiSCSIstorage.ForinformationonconfiguringiSCSIadapters
andstorage,seeiSCSIStorageonpage 96.
Configuring Networking on Blade ServersBecausebladeserversmayhavealimitednumberofnetworkadapters,itwilllikelybe
necessarytouseVLANstoseparatetrafficfortheserviceconsole,VMotion,IPstorage,
andvariousgroupsofVMs. VMwarebestpracticesrecommendthattheservice
consoleandVMotionhavetheirownnetworksforsecurityreasons. Ifyoudedicate
physicaladapterstoseparatevSwitchesforthispurpose,youwilllikelyhavetogive
upredundant(teamed)connectionsorgiveupisolatingthevariousnetworkingclients,
orboth.
VLANs
allow
you
to
achieve
network
ostentation
without
having
to
use
multiplephysicaladapters.
ForthenetworkbladeofabladeservertosupportanESX Serverportgroupwith
VLANtaggedtraffic,youmustconfigurethebladetosupport802.1Qandconfigurethe
portasataggedport.
Chapter 4 Networking Scenarios and Troubleshooting
Themethodforconfiguringaportasataggedportdiffersfromservertoserver.The
followinglistdescribeshowtoconfigureataggedportonthreeofthemostcommonly
usedbladeservers:
! HPBladeSettheportsVLANTaggingtoenabled.
! Dell PowerEdge Set the port to Tagged.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
79/324
VMware, Inc. 63
! DellPowerEdge SettheporttoTagged.
! IBMeServerBladeCenterSelectTagintheportsconfiguration.
To configure a virtual machine port group with VLAN on a blade server
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
The
hardware
configuration
page
for
this
server
appears.2 ClicktheConfigurationtab,andclickNetworking.
3 Ontherightsideofthescreen,clickPropertiesforvSwitchassociatedwiththe
serviceconsole.
4 OnthePortstab,clickAdd.
TheAddNetworkWizardappears.
5 Asaconnectiontype,selectVirtualMachines,whichisthedefault.
6 ClickNext.
TheConnectionSettingspageappears.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
80/324
Chapter 4 Networking Scenarios and Troubleshooting
5 SelectVMkernelandclickNext.
ThisletsyouconnecttheVMkernel,whichrunsservicesforVMotionandIP
storage(NFSoriSCSI),tothephysicalnetwork.
TheConnection
Settings
page
appears.
6 Under Port Group Properties select or enter a network label and a VLAN ID
-
8/9/2019 VMWare Servervi3!30!20 Server Config
81/324
VMware, Inc. 65
6 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.
! NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attachedtothisportgroup,whenconfiguringVMkernelservices,suchas
VMotionandIPstorage.
! VLANID
IdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
7 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto
advertiseitselftoanotherESX ServerasthenetworkconnectionwhereVMotion
trafficshouldbesent.
YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor
eachESX Server
host.
If
this
property
is
not
enabled
for
any
port
group,
migration
withVMotiontothishostisnotpossible.
Server Configuration Guide
8 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel
services,suchasVMotion,NAS,andiSCSI
NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.
VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.YoumustuseavalidIPaddresstoconfiguretheVMkernelIPstack,nota
-
8/9/2019 VMWare Servervi3!30!20 Server Config
82/324
66 VMware, Inc.
dummyaddress.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselectedas
is
the
domain.
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown
gatewayinformation.Agatewayisneededifconnectivitytomachinesnotonthe
sameIPsubnetastheserviceconsoleorVMkernel.
StaticIPsettingsisthedefault.
9 ClickOKtosaveyourchanges,andclosetheDNSConfigurationandRouting
dialogbox.
10 ClickNext.
11 UsetheBackbuttontomakeanychanges.
12 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Chapter 4 Networking Scenarios and Troubleshooting
TroubleshootingThefollowingsectionguidesyouthroughtroubleshootingcommonnetworkingissues.
Thissectioncoversthefollowingtopics:
! TroubleshootingServiceConsoleNetworkingonpage 67
-
8/9/2019 VMWare Servervi3!30!20 Server Config
83/324
VMware, Inc. 67
! TroubleshootingNetworkAdapterConfigurationonpage 68
! TroubleshootingPhysicalSwitchConfigurationonpage 69
! TroubleshootingPortGroupConfigurationonpage 69
Troubleshooting Service Console NetworkingIfcertainpartsoftheserviceconsolesnetworkingaremisconfigured,youwilllose
yourabilitytoaccessyourESXServerhostwiththeVIClient.Intheeventthatthis
happens,youcanreconfigurenetworkingbyconnectingdirectlytoserviceconsoleand
usingthefollowingserviceconsolecommands:
! esxcfg-vswif -l
Providesalistoftheserviceconsolescurrentnetworkinterfaces.
Checkthatvswif0ispresentandthatthecurrentIPaddressandNetmaskare
correct.
! esxcfg-vswitch -l
Providesalistofcurrentvirtualswitchconfigurations.
Check
that
the
uplink
adapter
configured
for
the
service
console
is
connected
to
the
appropriatephysicalnetwork.
! exscfg-nics -l
Providesalistofcurrentnetworkadapters.
Checkthattheuplinkadapterconfiguredfortheserviceconsoleisupandthatthe
speedandduplexarebothcorrect.
! esxcfg-nics -s
Changesthespeedofanetworkadapter.
! esxcfg-nics -d
Changestheduplexofanetworkadapter.
Server Configuration Guide
! esxcfg-vswif -i vswifX
ChangestheserviceconsolesIPaddress.
! esxcfg-vswif -n vswifX
Changestheserviceconsolesnetmask.
! f it h U ld i i l it h
-
8/9/2019 VMWare Servervi3!30!20 Server Config
84/324
68 VMware, Inc.
! esxcfg-vswitch -U
Removestheuplinkfortheserviceconsole
! esxcfg-vswitch -L
Changestheuplinkfortheserviceconsole.
Ifyouencounterlongwaitswhenusingesxcfg-*commands,itispossiblethatDNSis
misconfigured.Theesxcfg-*commandsrequirethatDNSbeconfiguredsothat
localhostnameresolutionworksproperly.Thisrequiresthatthe/etc/hostsfile
containanentryfortheconfiguredIPaddressandthe127.0.0.1localhostaddress.
Troubleshooting Network Adapter Configuration
Addinganew
network
adapter,
in
certain
cases,
can
cause
loss
of
service
console
connectivityandmanageabilityusingtheVI Clientduetonetworkadaptersgetting
renamed.
Ifthishappens,youmustrenametheaffectednetworkadaptersusingtheservice
console.
To rename network adapters using the service console
1 Login
directly
to
your
ESX
Server
sconsole.
2 Usethecommandesxcfg-nics -ltoseewhichnameshavebeenassignedtoyour
networkadapters.
3 Usethecommandesxcfg-vswitch -ltoseewhichvSwitches,ifany,arenow
associatedwithdevicenamesnolongershownbyesxcfgnics.
4 Usethecommandesxcfg-vswitch -U toremoveany
networkadaptersthathavebeenrenamed.
5 Usethecommandesxcfg-vswitch -L toreaddthe
networkadapters,givingthemthecorrectnames.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
85/324
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
86/324
70 VMware, Inc.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
87/324
VMware, Inc. 71
Storage
Server Configuration Guide
-
8/9/2019 VMWare Servervi3!30!20 Server Config
88/324
72 VMware, Inc.
CHAPTER 5 Introduction to Storage
-
8/9/2019 VMWare Servervi3!30!20 Server Config
89/324
VMware, Inc. 73
ThischaptercontainsoverviewinformationabouttheavailablestorageoptionsforESX
Server.
ForinformationaboutconfiguringSANs,seetheSANConfigurationGuide.Forinformationaboutconfiguringvirtualmachines,seetheVirtualMachineManagementGuide.
Thischaptercoversthefollowingtopics:
! StorageConceptsonpage 74
! StorageOverviewonpage 75
! ViewingStorageInformationintheVirtualInfrastructureClientonpage 79
! VMwareFileSystemonpage 82
! ConfiguringandManagingStorageonpage 86
-
8/9/2019 VMWare Servervi3!30!20 Server Config
90/324
Chapter 5 Introduction to Storage
! NFS(networkfilesystem)FilesharingprotocolESXServersupportsto
communicatewithaNASdevice.
! RawdeviceDiskuseddirectlybyavirtualmachine.
!
Raw
device
mapping
(RDM)Special
file
in
aVMFS
volume
that
acts
as
aproxy
forarawdeviceandmapsSANLUNsdirectlytoavirtualmachine.
! Spanned volume Dynamic volume that uses disk space on more than one
-
8/9/2019 VMWare Servervi3!30!20 Server Config
91/324
VMware, Inc. 75
Spannedvolume Dynamicvolumethatusesdiskspaceonmorethanone
physicaldisk,yetappearsasasinglelogicalvolume.
! StoragedevicePhysicaldiskorstoragearraythatcaneitherbeinternalorlocated
outsideofyoursystemandconnectedtothesystemeitherdirectlyorthroughan
adapter.
! VMFS(VMwareFileSystem)Highperformanceclusterfilesystemthat
providesstoragevirtualizationoptimizedforvirtualmachines.
! VolumeLogicalstorageunit,whichcanusediskspaceononephysicaldevice,
oritspart,orspanseveralphysicaldevices.
Storage OverviewInthemostcommonconfiguration,avirtualmachineusesavirtualharddisktostore
itsoperatingsystem,programfiles,andotherdataassociatedwithitsactivities.A
virtualdiskisalargephysicalfilethatcanbecopied,moved,archived,andbackedup
aseasyasanyotherfile.
Virtualdiskfilesresideonspeciallyformattedvolumescalleddatastores.Adatastore
canbedeployedonthehostmachinesinternaldirectattachedstoragedevicesoron
networkedstoragedevices.Anetworkedstoragedevicerepresentsanexternalsharedstoragedeviceorarraythatislocatedoutsideofyoursystemandistypicallyaccessed
overanetworkthroughanadapter.
Storingvirtualdisksandotheressentialpiecesofyourvirtualmachineonasingle
datastoresharedbetweenphysicalhostsletsyou:
! UsesuchfeaturesasVMwareDRS(DistributedResourceScheduling)and
VMware
HA
(High
Availability
Options).! UseVMotiontomoverunningvirtualmachinesfromoneESXServertoanother
withoutserviceinterruption.
! UseConsolidatedBackuptoperformbackupsmoreefficiently.
! Havebetterprotectionfromplannedorunplannedserveroutages.
! Havemorecontroloverloadbalancing.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
92/324
Chapter 5 Introduction to Storage
FormoreinformationonVMFS,seeVMwareFileSystemonpage 82.
AsanalternativetousingtheVMFSbaseddatastore,yourvirtualmachinecan
havedirectaccesstorawdevicesusingaRawDeviceMapping(RDM)asaproxy.
FormoreinformationonRawDeviceMapping,seeRawDeviceMappingon
page 141.
! NFSESXServercanuseadesignatedNFSvolumelocatedonanNFSserver.ESX
Server mounts the NFS volume creating one directory for each virtual machine
-
8/9/2019 VMWare Servervi3!30!20 Server Config
93/324
VMware, Inc. 77
ServermountstheNFSvolumecreatingonedirectoryforeachvirtualmachine.
Fromtheviewpointoftheuseronaclientcomputer,themountedfilesare
indistinguishablefromlocalfiles.
Types of StorageDatastorescanresideonavarietyofstoragedevices.Youcandeployadatastoreon
yoursystemsdirectattachedstoragedeviceoronanetworkedstoragedevice.
ESXServersupportsthefollowingtypesofstoragedevices:
! LocalStoresfileslocallyonaninternalorexternalSCSIdevice.
! FibreChannelStoresfilesremotelyonaStorageAreaNetwork(SAN).Requires
FibreChanneladapters.
! iSCSI(hardwareinitiated)StoresfilesonremoteiSCSIstoragedevices.Filesare
accessedoverTCP/IPnetworkusinghardwarebasediSCSIHBAs(hostbus
adapters).
! iSCSI(softwareinitiated)StoresfilesonremoteiSCSIstoragedevices.Filesare
accessedoverTCP/IPnetworkusingsoftwarebasediSCSIcodeintheVMkernel.
Requiresastandard
network
adapter
for
network
connectivity.
! Networkfilesystem(NFS)Storesfilesonremotefileservers.Filesareaccessed
overTCP/IPnetworkusingtheNFSprotocol.Requiresastandardnetwork
adapterfornetworkconnectivity.
NOTE ESXServerdoesntcurrentlysupportstoringvirtualmachinefilesonSAS,
SATA,IDE,orEIDEdrives.
YouusetheVIClienttoaccessstoragedevicesmappedtoyourESXServersystemand
deploydatastoresonthem.Formoreinformation,refertoConfiguringStorageon
page 89.
REVISEDSee Updates
at the end
of this book.
Server Configuration Guide
Supported Storage Adapters
Toaccessdifferenttypesofstorage,yourESXServersystemneedsdifferentadapters
thatprovideconnectivitytothestoragedevice.ESXServersupportsPCIbasedSCSI
andiSCSI,RAID,FibreChannel,andEthernetadaptersandaccessesthemdirectly
throughdevicedriversintheVMkernel.
How Virtual Machines Access Storage
-
8/9/2019 VMWare Servervi3!30!20 Server Config
94/324
78 VMware, Inc.
g
Whenavirtualmachinecommunicateswithitsvirtualdiskstoredonadatastore,it
issuesSCSIcommands.Becausedatastorescanexistonvarioustypesofphysical
storage,thesecommandsareencapsulatedintootherformsdependingontheprotocol
theESXServersystemusestoconnecttoastoragedevice.ESXServersupportsFibre
Channel(FC),InternetSCSI(iSCSI),andNFSprotocols.
ThediagraminFigure 51depictsfivevirtualmachinesusingdifferenttypesofstorage
toillustratethedifferencesbetweeneachtype.
Figure 5-1. Types of storage
NOTE Thisdiagramisforconceptualpurposesonly.Itisnotarecommended
configuration.
Youcanconfigureavirtualmachinetoaccessthevirtualdisksonthephysicalstorage
devices.Toconfigureavirtualmachine,refertotheVirtualMachineManagementGuide.
iSCSI array NAS appliancefibre array
ESX Server
VMFS
localethernet
SCSI
VMFS VMFS NFS
virtualmachine
virtualmachine
virtualmachine
virtualmachine
virtualmachine
SAN LAN LAN LAN
iSCSIhardware
initiator
fbre
channel
HBA
ethernet
NIC
ethernet
NIC
software initiator
requires TCP/IP connectivity
Key
physicaldisk
datastore
virtualdisk
-
8/9/2019 VMWare Servervi3!30!20 Server Config
95/324
Server Configuration Guide
InFigure 52,thedatastoresymm07isselectedfromthelistofavailabledatastores.
TheDetailsviewprovidesinformationabouttheselecteddatastore.
configured datastores datastore details
-
8/9/2019 VMWare Servervi3!30!20 Server Config
96/324
80 VMware, Inc.
Figure 5-2. Datastore information
Youcaneditorremoveanyoftheexistingdatastores.Whenyoueditadatastore,you
canchangeitslabel,addextents,ormodifypathsforstoragedevices.Youcanalso
upgradethedatastore.Formoreinformation,seeManagingStorageonpage 125.
Viewing Storage Adapters
TheVIClientdisplaysanystorageadaptersavailabletoyoursystem.
Todisplaystorageadapters,onthehostConfigurationtab,clicktheStorageAdapters
link.
Youcanviewthefollowinginformationaboutthestorageadapters:
! Existingstorageadapters.
! Typeofstorageadapter,suchasFibreChannelSCSIoriSCSI.
! Detailsforeachadapter,suchasthestoragedeviceitconnectstoandtargetID.
Toviewconfigurationpropertiesforaspecificadapter,selecttheadapterfromthe
StorageAdapterslist.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
97/324
Server Configuration Guide
TheabbreviationvmhbareferstodifferentphysicalHBAsontheESXServersystem.It
canalsorefertothevirtualiSCSIinitiatorthatESXServerimplementsusingthe
VMkernelnetworkstack.TheforthnumberindicatesapartitiononadiskorLUN.
WhenadatastoreoccupiestheentirediskorLUN,theforthnumberisntpresent.
Thevmhba1:1:3:1examplereferstothefirstpartitiononSCSILUN3,SCSItarget1,whichisaccessedthroughHBA1.
Whilethethirdandtheforthnumbersneverchange,thefirsttwonumberscanchange.
-
8/9/2019 VMWare Servervi3!30!20 Server Config
98/324
82 VMware, Inc.
Forexample,afterrebootingtheESXServersystem,vmhba1:1:3:1canchangeto
vmhba3:2:3:1,however,thenamestillreferstothesamephysicaldevice.Thefirstand
thesecondnumberscanchangeforthefollowingreasons:
!
Thefirst
number,
the
HBA,
changes
when
an
outage
on
the
Fibre
Channel
or
iSCSI
networkoccurs.Inthiscase,theESXServersystemhastouseadifferentHBAto
accessthestoragedevice.
! Thesecondnumber,theSCSItarget,changesincaseofanymodificationsinthe
mappingsoftheFibreChanneloriSCSItargetsvisibletotheESXServerhost.
VMware File SystemAfilesystemisamethodforstoring,organizing,accessing,navigating,andretrieving
computerfilesandthedatatheycontain.Filesystemscomeindifferentformats,
includingFAT,NTFS,HPFS,UFS,andEXT3.VMwareoffersaspecialhigh
performancefilesystem,VMwarefilesystem(VMFS),optimizedforstoringESXServer
virtualmachines.
VMFS VersionsESXServeroffersthefollowingversionsofthisfilesystem:
! VMFS2ThisfilesystemiscreatedwithESXServerversion2.x.
! VMFS3ThisfilesystemiscreatedwithESXServerversion3.VMFS3
enhancementsincludemultidirectorysupport.Avirtualmachinemustresideon
aVMFS3filesystembeforeanESXServerversion3hostcanpoweriton.
Table 5-1. Host Access to VMFS File Systems
Host VMFS2 Datastore VMFS3 Datastore
ESXServerversion2host Read/Write(RunsVMs) Noaccess
ESXServerversion3host ReadOnly(CopiesVMs) Read/Write(RunsVMs)
Chapter 5 Introduction to Storage
Creating and Growing VMFS
VMFScanbedeployedonavarietyofSCSIbasedstoragedevices,includingFibre
ChannelandiSCSISANequipment.AvirtualdiskstoredonVMFSalwaysappearsto
thevirtualmachineasamountedSCSIdevice.Thevirtualdiskhidesaphysicalstorage
layerfromthevirtualmachinesoperatingsystem.ThisallowsyoutorunevenoperatingsystemsnotcertifiedforSANinsidethevirtualmachine.
Fortheoperatingsysteminsidethevirtualmachine,VMFSpreservestheinternalfile
i hi h li i b h i d d i i f
-
8/9/2019 VMWare Servervi3!30!20 Server Config
99/324
VMware, Inc. 83
systemsemantics,whichensurescorrectapplicationbehavioranddataintegrityfor
applicationsrunninginvirtualmachines.
YoucansetupVMFSbaseddatastoresinadvanceonanystoragedevicethatyourESX
Serverdiscovers.
Select
alarge
LUN
if
you
plan
to
create
multiple
virtual
machines
on
it.Youcanthenaddvirtualmachinesdynamicallywithouthavingtorequest
additionaldiskspace.
However,ifmorespaceisneeded,youcanincreasetheVMFSvolumeatanytimeup
to64TB.
Considerations when Creating VMFS
YouneedtoplanhowtosetupstorageforyourESXServersystemsbeforeyouformatstoragedeviceswithVMFS.YoushouldalwayshaveonlyoneVMFSvolumeperLUN.
Youcan,however,decidetouseonelargeVMFSvolumeormultiplesmallerVMFS
volumes.ESXServerletsyouhaveupto256VMFSvolumespersystemwiththe
minimumvolumesize1.2GB.
Youmightwantfewer,largerVMFSvolumesforthefollowingreasons:
!More
flexibility
to
create
virtual
machines
without
going
back
to
the
storage
administratorformorespace.
! Moreflexibilityforresizingvirtualdisks,doingsnapshots,andsoon.
! FewerVMFSbaseddatastorestomanage.
Youmightwantmore,smallerVMFSvolumesforthefollowingreasons:
! LesscontentiononeachVMFSduetolockingandSC