vmware vsphere 4.1 deep dive - part 2
DESCRIPTION
This is a level 200 - 300 presentation.It assumes:Good understanding of vCenter 4, ESX 4, ESXi 4. Preferably hands-onWe will only cover the delta between 4.1 and 4.0Overview understanding of related products like VUM, Data Recovery, SRM, View, Nexus, Chargeback, CapacityIQ, vShieldZones, etcGood understanding of related storage, server, network technologyTarget audienceVMware Specialist: SE + Delivery from partnersTRANSCRIPT
© 2009 VMware Inc. All rights reserved
Confidential
4.1 New Features: Network
2 Confidential
Network
Receive Side Scaling (RSS) Support Enhancements
• Improvements to RSS support for guests via enhancements to VMXNET3.
Enhanced VM to VM Communication
• Further, inter-VM throughput performance will be improved under conditions where VMs are communicating directly with one another over the same virtual switch on the same ESX/ESXi host (inter-VM traffic).
• This is achieved through networking asynchronous TX processing architecture which enables the leveraging of additional physical CPU cores for processing inter-VM traffic.
• VM – VM throughput improved by 2X, to up to 19 Gbps
10% improvement when going out to physical network
3 Confidential
Other Improvements – Network Performance
NetQueue Support Extension
• NetQueue support is extended to include support for hardware based LRO (large receive off-load) further improving CPU and throughput performance in 10 GE environments.
LRO support
• Large Receive Offload Each packets transmitted causes CPU to react
Lots of small packets received from physical media result in high CPU load
LRO merges packets and transmits them at once
Receive tests indicate 5-30% improvement in throughput
40 - 60% decrease in CPU cost
• Enabled for pNICs Broadcoms bnx2x and Intels Niantic
• Enabled for vNIC vmxnet2 and vmxnet3, but only recent Linux guestOS
3
4 Confidential
IPv6—Progress towards full NIST “Host” Profile Compliance
VI 3 (ESX 3.5)
• IPv6 supported in guests
vSphere 4.0
• IPv6 support for ESX 4
vSphere Client
vCenter
vMotion
IP Storage (iSCSI, NFS) — EXPERIMENTAL
• Not supported for vSphere vCLI, HA, FT, Auto Deploy
vSphere 4.1
• NIST compliance with “Host” Profile (http://www.antd.nist.gov/usgv6/usgv6-v1.pdf)
• Including IPSEC, IKEv2, etc.
• Not supported for vSphere vCLI, HA, FT
5 Confidential
Cisco Nexus 1000V—Planned Enhancements
Easier software upgrade
• In Service Software Upgrade (ISSU) for VSM and VEM
• Binary compatibility
Weighted Fair Queuing (s/w scheduler)
Increased Scalability, inline with vDS scalability
SPAN to and from Port Profile
VLAN pinning to PNIC
Installer app for VSM HA and L3 VEM/VSM communication
Start of EAL4 Common Criteria certification
4094 active VLANs
Scale Port Profiles > 512
Always check with Cisco for latest info.
6 Confidential
Network I/O Control
7 Confidential
• NICs dedicated for some traffic types
e.g. vMotion, IP Storage
• Bandwidth assured by dedicated physical
NICs
Network Traffic Management—Emergence of 10 GigE
FT vMotion NFS
vSwitch
TCP/IP
iSCSI
1GigE pNICs
FT vMotion NFS
vSwitch
TCP/IP
iSCSI
10 GigE pNICs
1GigE10 GigE
• Traffic typically converged to two 10 GigE NICs
• Some traffic types & flows could dominate others through oversubscription
Traffic Types compete.
Who gets what share of the vmnic?
8 Confidential
Traffic Shaping
Features in 4.0/4.1
• vSwitch or vSwitch Port Group Limit outbound traffic
Average bandwidth
Peek bandwidth
Burst Size
• vDS dvPortGroup Ingress/ Egress Traffic Shaping
Average bandwidth
Peak bandwidth
Burst Size
Not optimised for 10 GE
iSCSI
vMotion
COS
VMs
10 Gbit/s NIC
9 Confidential
Traffic Shaping
Traffic Shaping Disadvantages
• Limits are fixed- even if there is bandwidth available it will not be used for other services
• bandwidth cannot be guaranteed without limiting other traffic (like reservations)
• VMware recommended to have separate pNICs for iSCSI/ NFS/ vMotion/ COS to have enough bandwidth available for these traffic types
• Customers don’t want to waste 8-9Gbit/s if this pNIC is dedicated for vMotion Instead of 6 1Gbit pNICs customers might have two 10Gbit pNICs
sharing traffic
Guaranteed bandwidth for vMotion limits bandwidth for other traffic even in the case where there is no vMotion active
• Traffic shaping is only a static way to control traffic
iSCSI
vMotion
COS
VMs
10Gbit/s NIC
unused
unused
10 Confidential
Network I/O Control
Network I/O Control Goals
• Isolation One flow should not dominate others
• Flexible Partitioning Allow isolation and over commitment
Guarantee Service Levels when flows compete
Note: This feature is only available with vDS (Enterprise Plus)
11 Confidential
Overall Design
12 Confidential
Parameters
Limits and Shares
• Limits specify the absolute maximum bandwidth for a flow over a Team Specified in Mbps
Traffic from a given flow will never exceed its specified limit
Egress from ESX host
• Shares specify the relative importance of an egress flow on a vmnic i.e. guaranteed minimum Specified in abstract units, from 1-100
Presets for Low (25 shares), Normal (50 shares), High (100 shares), plus Custom
Bandwidth divided between flows based on their relative shares
• Controls apply to output from ESX host
• Shares apply to a given vmnic
• Limits apply across the team
13 Confidential
Configuration from vSphere Client
e.g. VM traffic in this example: - limited to max of 500 Mbps (aggregate of all VMs) - with minimum of 50/400 of pNIC bandwidth (50/(100+100+50+50+50+50)
vDS only feature!
SharesGuaranteed minimum service level
LimitsMaximum bandwidth for traffic class/type
Preconfigured Traffic Classes
14 Confidential
Resource Management
Shares Normal = 50
Low = 25
High = 100
Custom = any values between 1 and 100
• Default values VM traffic = High (100)
All others = Normal (50)
No limit set
15 Confidential
Implementation
• Each host calculates the shares separately or independantly One host might have only 1Gbit/s NICs while another one has already 10Gbit/s ones
So resulting guaranteed bandwidth is different
• Only outgoing traffic is controlled
• Inter-switch traffic is not controlled, only the pNICs are affected
• Limits are still valid even if the pNIC is opted out
• Scheduler uses a static “Packets-In-Flight” window inFlightPackets: Packets that are actually in flight and in transmit process in the pNIC
Window size is 50 kB
No more than 50 kB are in flight (to the wire) at a given moment
16 Confidential
Excluding a physical NIC
• Physical NICs per hosts can be excluded from Network Resource Management
• Host configuration → Advanced Settings → Net → Net.ResMgmtPnicOptOut
• Will exclude specified NICs from shares calculation, not from limits!
17 Confidential
Results
With QoS in place, performance is less impacted
18 Confidential
Load-Based Teaming
19 Confidential
Current Teaming Policy
• In vSphere 4.0 three policies Port ID
IP hash
MAC Hash
• Disadvantages Static mapping
No load balancing
Could cause unbalanced load on pNICs
Did not differ between pNIC bandwidth
20 Confidential
NIC Teaming Enhancements—Load Based Teaming (LBT)
• LBT invoked if saturation detected on Tx or Rx (>75% mean utilization over 30s period)
• 30 sec period—long period avoids MAC address flapping issues with adjacent physical switches
Note: adjacent physical switch configuration is same as other teaming types (except IP-hash). i.e. same L2 domain
21 Confidential
Load Based Teaming
Initial mapping
• Like PortID Balanced mapping between ports and pNICs
Mapping not based on load (as initially no load existed)
Adjusting the mapping
• Based on time frames; the load on a pNIC during a timeframe is taken into account
• In case load is unbalanced one VM (to be precise: the vSwitch port) will get re-assigned to a different pNIC
Parameters
• Time frames and load threshold Default frame 30 seconds, minimum value 10 seconds
Default load threshold 75%, possible values 0-100
• Both Configurable through command line tool (only for debug purpose - not for customer)
22 Confidential
Load Based Teaming
Advantages
• Dynamic adjustments to load
• Different NIC speeds are taken into account as this is based on % load Can have a mix of 1 Gbit, 10 Gbit and even 100 Mbit NICs
Dependencies
• LBT works independent from other algorithms
• Does not take limits or reservation from traffic shaping or Network I/O Management into account
• Algorithm based on the local host only DRS has to take care of cluster wide balancing
• Implemented on vNetwork Distributed Switch only Edit dvPortGroup to change setting
© 2009 VMware Inc. All rights reserved
Confidential
4.1 New Features: Storage
24 Confidential
NFS & HW iSCSI in vSphere 4.1
Improved NFS performance Up to 15% reduction in CPU cost for both read & write
Up to 15% improvement in Throughput cost for both read & write
Broadcom iSCSI HW Offload Support 89% improvement in CPU read cost!
83% improvement in CPU write cost!
25 Confidential
vSphere Client Plug-In- Ability for seamless switch between multiple backup
appliances- Improved usability and user experience
VMware vSphere 4.1- Improved VSS support for Windows 2008 and
Windows 7: application level quiescing
Destination Storage- Expanded support for DAS, NFS, iSCSI or Fibre
Channel storage plus CIFS shares as destination- Improved deduplication performance
Backup and Recovery Appliance- Support for up to 10 appliances per vCenter
instance to allow protection of up to 1000 VMs- File Level Restore client for Linux VMs
VMware vCenter
VMware Data Recovery: New Capabilities
26 Confidential
ParaVirtual SCSI (PVSCSI)
• We will now support PVSCSI when used with these guest OS: Windows XP (32bit and 64bit)
Vista (32bit and 64bit)
Windows 7 (32bit and 64bit)
/vmimages/floppies
Point the VM Floppy Driver at the .FLP file
When installing press F6 key to read the floppy
27 Confidential
ParaVirtual SCSI
• VM configured with a PVSCSI adapter can be part of an Fault Tolerant cluster.
• PVSCSI adapters already support hot-plugging or hot-unplugging of virtual devices, but the guest OS is not notified of any changes on the SCSI bus. Consequently, any addition/removal of devices need to be followed by a manual
rescan of the bus from within the guest.
28 Confidential
Storage IO Control
29 Confidential
The I/O Sharing Problem
What you see
datastore
online store
data mining
MicrosoftExchange
What you want to see
datastore
online store
data mining
MicrosoftExchange
• Low priority VM can limit I/O bandwidth for high priority VMs • Storage I/O allocation should be in line with VM priorities
30 Confidential
Solution: Storage I/O Control
32GHz 16GB
Datastore A
CPU shares: High
Memory shares: Highonline store
MicrosoftExchange
data mining
CPU shares: Low
Memory shares: Low
CPU shares: High
Memory shares: High
I/O shares: High I/O shares: LowI/O shares: High
31 Confidential
Setting I/O Controls
32 Confidential
Enabling Storage I/O Control
33 Confidential
Enabling Storage I/O Control
• Click the Storage I/O Control ‘Enabled’ checkbox to turn the feature on for that volume.
34 Confidential
Enabling Storage I/O Control
•Clicking on the Advanced button allow you to change the congestion threshold.
• If the latency rises above this value, Storage I/O Control will kick in, and prioritize a VM’s I/O based on its shares value.
35 Confidential
Viewing Configuration Settings
36 Confidential
Allocate I/O Resources
Shares translate into ESX I/O queue slots
• VMs with more shares are allowed to send more I/O’s at a time
• Slot assignment is dynamic, based on VM shares and current load
• Total # of slots available is dynamic, based on level of congestion
I/O’s in flight
STORAGE ARRAY
data mining
online store
MicrosoftExchange
37 Confidential
VMs Host CPU Memory (GB)
Disk Shares
# of DS2 Users
1 1 2 8 500 36
2 1 2 8 500 36
3 2 2 8 750 36
4 2 2 8 750 36
5 3 4 8 4000 50
Experimental Setup
38 Confidential
Without Storage I/O Control (Default)
14%
21%
15%
42%
Performance without Storage IO Control
39 Confidential
With Storage I/O Control (Congestion Threshold: 25ms)
14%8%
22%
500 shares500 shares750 shares750 shares4000 shares
Performance with Storage IO Control
40 Confidential
Storage I/O Control in Action: Example #2
Two Windows VMs running SQL Server on two hosts
• 250 GB data disk, 50 GB log disk
VM1: 500 shares
VM2: 2000 shares
Result: VM2 with higher shares gets more orders/min & lower latency!
Without Storage I/O Control With Storage I/O Control
Orders/ Minute
Processing Time (ms)
Orders/Minute
Processing Time (ms)
VM1(500 Shares)
8800 213 7000 275
VM2(2000 Shares)
8500 220 12400 150
Aggregate 17300 19400
41 Confidential
Step 1: Detect Congestion
Congestion signal: ESX-array response time > threshold
• Default threshold: 35ms
• We will likely recommend different defaults for SSD and SATA
Changing default threshold (not usually recommended)
• Low latency goal: set lower if latency is critical for some VMs
• High throughput goal: set close to IOPS maximization point
Thr
ough
put
(IO
PS
or
MB
/s)
Total Datastore Load (# of IO’s in flight)
No benefit beyond certain load
42 Confidential
Storage I/O Control Internals
•There are two I/O schedulers involved in Storage I/O Control.• The first is the local VM I/O scheduler. This is called SFQ, the start-time fair
queuing scheduler. This scheduler ensures share-based allocation of I/O resources between VMs on a per host basis.
• The second is the distributed I/O scheduler for ESX hosts. This is called PARDA, the Proportional Allocation of Resources for Distributed Storage Access.
•PARDA • carves out the array queue amongst all the VMs which are sending I/O to the
datastore on the array.
• adjusts the per host per datastore queue size (aka LUN queue/device queue) depending on the sum of the per VM shares on the host.
• communicates this adjustment to each ESX via VSI nodes.
•ESX servers also share cluster wide statistics between each other via a stats file
43 Confidential
New VSI Nodes for Storage I/O Control
•ESX 4.1 introduces a number of new VSI nodes for Storage I/O Control purposes:
• A new VSI node per datastore to get/set the latency threshold.
• A new VSI node per datastore to enable/disable PARDA.
• A new maxQueueDepth VSI nodes for /storage/scsifw/devices/* has been introduced which means that each device has a logical queue depth/ slot size parameter that the PARDA scheduler enforces.
44 Confidential
Storage I/O Control Architecture
SFQ
SFQ
SFQ
Host-LevelIssue Queues
Storage Array
Array Queue
Queue lengths varied dynamically
PARDA
PARDA
PARDA
45 Confidential
Requirements
Storage I/O Control
• supported on FC or iSCSI storage. NFS datastores are not supported.
• not supported on datastores with multiple extents.
Array with Automated Storage Tiering capability
• Automated storage tiering is the ability of an array (or group of arrays) to automatically migrate LUNs/volumes or parts of LUNs/volumes to different types of storage media (SSD, FC, SAS, SATA) based on user-set policies and current I/O patterns.
• Before using Storage I/O Control on datastores that are backed by arrays with automated storage tiering capabilities, check the VMware Storage/SAN Compatibility Guide to verify whether your automated tiered storage array has been certified to be compatible with Storage I/O Control
• No special certification is required for arrays that do not have any such automatic migration/tiering feature, including those that provide the ability to manually migrate data between different types of storage media
46 Confidential
Hardware-Assist Storage Operation Formally known as vStorage API for Array Integration
47 Confidential
vStorage APIs for Array Integration (VAAI)
Improves performance by leveraging efficient array-based operations as an alternative to host-based solutions
Three Primitives include: Full Copy – Xcopy like function to offload work to the array
Write Same -Speeds up zeroing out of blocks or writing repeated content
Atomic Test and Set – Alternate means to locking the entire LUN
Helping function such as: Storage vMotion
Provisioning VMs from Template
Improves thin provisioning disk performance
VMFS share storage pool scalability
Notes:
• Requires firmware from Storage Vendors (6 participating)
• supports block based storage only. NFS not yet supported in 4.1
48 Confidential
Array Integration Primitives: Introduction
• Atomic Test & Set (ATS) A mechanism to modify a disk sector to improve the performance of
the ESX when doing metadata updates.
• Clone Blocks/Full Copy/XCOPY Full copy of blocks and ESX is guaranteed to have full space access
to the blocks. Default offloaded clone size is 4MB.
• Zero Blocks/Write Same Write Zeroes. This will address the issue of time falling behind in a
VM when the guest operating system writes to previously unwritten regions of its virtual disk: http://kb.vmware.com/kb/1008284
This primitive will improve MSCS in virtualization environment solutions where we need to zero out the virtual disk.
Default zeroing size is 1MB.
49 Confidential
Hardware Acceleration
All vStorage support will be grouped into one attribute, called "Hardware
Acceleration".
• Not Supported implies one or more Hardware Acceleration primitives failed.
• Unknown implies Hardware Acceleration primitives have not yet been attempted.
50 Confidential
VM Provisioning from Template with Full Copy
• Benefits Reduce installation time
Standardize to ensure efficient management, protection & control
• Challenges Requires a full data copy
100 GB template (10 GB to copy): 5-20 minutes
FT requires additional zeroing of blocks
• Improved Solution Use array’s native copy/clone & zeroing functions
Up to 10-20x speedup in provisioning time
51 Confidential
Storage vMotion with Array Full Copy Function
• Benefits Zero-downtime migration
Eases array maintenance, tiering, load balancing, upgrades, space mgmt
• Challenges Performance impact on host, array, network
Long migration time (0.5 - 2.5 hrs for 100GB VM)
Best practice: use infrequently
• Improved solution Use array’s native copy/clone functionality
52 Confidential
VAAI Speeds Up Storage vMotion - Example
42:27 - 39:12 = 2 Min 21 sec w/out(141 seconds)
33:04 - 32:37 =27 Sec with VAAI
141 sec vs. 27 sec
53 Confidential
Copying Data – Optimized Cloning with VAAI
VMFS directs storage to move data directly• Much less time!
Up to 95% reduction
• Dramatic reduction in load on: Servers Network Storage
Time Server CPU & Memory %
Network Bandwidth
Gb/sec
Storage Load MB/sec
Before VAAIWith VAAI
54 Confidential
Scalable Lock Management
• A number of VMFS operations cause the LUN to temporarily become locked for exclusive write use by one of the ESX nodes, including:
Moving a VM with vMotion
Creating a new VM or deploying a VM from a template
Powering a VM on or off
Creating a template
Creating or deleting a file, including snapshots
• A new VAAI feature, atomic_test_and_set allows the ESX Server to offload the management of the required locks to the storage and avoids locking the entire VMFS file system.
55 Confidential
Atomic Test & Set
Original file locking technique
1. Acquire SCSI reservation
2. Acquire file lock
3. Release SCSI reservation
4. Do work on VMFS file/metadata
5. Release file lock
New file locking technique
1. Acquire ATS lock
2. Acquire file lock
3. Release ATS lock
4. Do work on VMFS file/metadata
5. Release file lock
The main difference with using the ATS lock is that it does not affect the other ESX hosts sharing the datastore
56 Confidential
VMFS Scalability with Atomic Test and Set (ATS)
Makes VMFS more scalable overall, by offloading block locking mechanism
Using Atomic Test and Set (ATS) capability provides an alternate option to use of SCSI reservations to protect the VMFS metadata from being written to by two separate ESX Servers at one time.
Normal VMware Locking (No ATS)
Enhanced VMware Locking (With ATS)
57 Confidential
For more details on VAAI
vSphere 4.1 Documentation also describes use of this features in the ESX Configuration Guide Chapter 9 (pages 124 - 125)
Listed in TOC as “Storage Hardware Acceleration”
Three setting under advanced settings: DataMover.HardwareAcceratedMove - Full Copy
DataMover.HardwareAcceratedInit - Write Same
VMFS3.HarwareAccerated Locking - Atomic Test Set
Additional Collateral planned for release after GA Frequently Asked Questions
Datasheet or webpage content
Partners include: Dell/EQL, EMC, HDS, HP, IBM and NetApp
58 Confidential
Requirements
• The VMFS data mover will not leverage hardware offloads, and will use software data movement instead, in the following cases: If the source and destination VMFS volumes have different block size; in such
situations data movement will fall back to the generic FSDM layer, which will only do software data movement.
If the source file type is RDM and the destination file type is non-RDM (regular file)
If the source VMDK type is eagerzeroedthick and the destination VMDK type is thin.
If either source or destination VMDK is any sort of sparse or hosted format.
If the logical address and/or transfer length in the requested operation are not aligned to the minimum alignment required by the storage device.
59 Confidential
VMFS Data Movement Caveats
VMware supports VAAI primitives on VMFS with multiple LUNs/extents, if they are all on the same array and the array supports offloading.
VMware does not support VAAI primitives on VMFS with multiple LUNs/extents, if they are all on different arrays, but all arrays support offloading.
• HW cloning between arrays (even if it's within the same VMFS volume) won't work, so that would fall back to Software data movement.
© 2009 VMware Inc. All rights reserved
Confidential
vSphere 4.1 New Features: Management
Management related features
61 Confidential
Management – New Features Summary
vCenter
• 32-bit to 64-bit data migration
• Enhanced Scalability
• Faster response time
Update Manager
Host Profile Enhancements
Orchestrator
Active Directory Support (Host and vMA)
VMware Converter
• Hyper-V Import.
• Win08 R2 and Win7 convert
Virtual Serial Port Concentrator
62 Confidential
Scripting & Automation Host Profiles, Orchestrator, vMA, CLI, PowerCLI
63 Confidential
Summary
Host Profiles
VMware Orchestrator
VMware vMA
PowerShell
esxtop
vscsiStats
VMware Tools
64 Confidential
Host Profiles Enhancements
Host Profiles
• Cisco support
• PCI device ordering (support for selecting NICs)
• iSCSI support
• Admin password (setting root password)
Logging on the host
• File is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs\PyVmomiServer.log
Config not covered by Host Profiles are:
• Licensing
• vDS policy configuration (however you can do non-policy vDS stuff)
• iSCSI
• Multipathing
65 Confidential
Host Profiles Enhancements
• Lbtd
• Lsassd (Part of AD. See the AD preso)
• Lwiod (Part of AD)
• Netlogond (part of AD)
vSphere 4.0
vSphere 4.1
66 Confidential
Orchestrator Enhancements
• provides a client and server for 64-bit installations, with an optional 32-bit client.
• performance enhancements due to 64-bit installation
67 Confidential
VMware Tools Command Line Utility
• This feature provides an alternative to the VMware Tools control panel (the GUI dialog box)
• The command line based toolbox will allow for administrators to automate the use of the toolbox functionalities by writing their own scripts
68 Confidential
vSphere Management Assistant (vMA)
A convenient place to perform administration
• Virtual Appliance packaged as an OVF Distributed, maintained and supported by VMware
Not included with ESXi – must be downloaded separately
• The environment has the following pre-installed: 64-bit Enterprise Linux OS
VMware Tools
Perl Toolkit
vSphere Command Line Interface (VCLI)
JRE (to run applications built with the vSphere SDK)
VI Fast Pass (authentication service for scripts)
VI Logger (log aggregator)
69 Confidential
vMA
Improvements in 4.1
• Improved authentication capability – Active Directory support
• Transition from RHEL to CentOS
• Security The security hole that exposed clear text passwords on ESX(i) or vCenter hosts when
using vifpinit (vi-fastpass) is fixed
vMA as netdump server
• You can configure ESXi host to get the netcoredump onto a remote server in case of crash or panic.
• Each ESXi must be configured to write the core dump.
70 Confidential
For Tech Partner: VMware CIM API
What it is:
• for developers building management applications. With the VMware CIM APIs, developers can use standards-based CIM-compliant applications to manage ESX/ESXi hosts.
The VMware Common Information Model (CIM) APIs allow you to:
• view VMs and resources using profiles defined by the Storage Management Initiative Specification (SMI-S)
• manage hosts using the System Management Architecture for Server Hardware (SMASH) standard. SMASH profiles allow CIM clients to monitor system health of a managed server.
What’s new in 4.1
• www.vmware.com/support/developer/cim-sdk/4.1/cim_410_releasenotes.html
71 Confidential
vCLI and PowerCLI: primary scripting interfaces
vCLI and PowerCLI built on same API as vSphere Client
• Same authentication (e.g. Active Directory), roles and privileges, event logging
• API is secure, optimized for remote environments, firewall-friendly, standards-based
vSphere Web Service API
vSphere SDK
Otherlanguages
vCLI Other utility
scripts
vSphere Client
vSpherePowerCLI
72 Confidential
vCLI for Administrative and Troubleshooting Tasks
Areas of functionality
• Host Configuration: NTP, SNMP, Remote syslog, ESX conf, Kernel modules, local users
• Storage Configuration: NAS, SAN, iSCSI, vmkfstools, storage pathing, VMFS volume management
• Network Configuration: vSwitches (standard and distributed), physical NICs, Vmkernel NICs, DNS, Routing
• Miscellaneous: Monitoring, File management, VM Management, host backup, restore, and update
vCLI can point to an ESXi host or to vCenter
vMA is a convenient way for accessing vCLI
Remote CLI now run faster in 4.1 relative to 4.0
73 Confidential
Anatomy of a vCLI command
vicfg-nics --server hostname --user username --password mypassword options
Hostname of ESXi host
User defined locally on ESXi host
Run directly on ESXi Host
vicfg-nics --server hostname --user username --password mypassword --vihost hostname options
Hostname of vCenter host
User defined in vCenter (AD)
Run through vCenter
Target ESXi host
74 Confidential
Additional vCLI configuration commands in 4.1
Storage
• esxcli swiscsi session: Manage iSCSI sessions
• esxcli swiscsi nic: Manage iSCSI NICs
• esxcli swiscsi vmknic: List VMkernel NICs available for binding to particular iSCSI adapter
• esxcli swiscsi vmnic: List available uplink adapters for use with a specified iSCSI adapter
• esxcli vaai device: Display information about devices claimed by the VMware VAAI (vStorage APIs for Array Integration) Filter Plugin.
• esxcli corestorage device: List devices or plugins. Used in conjunction with hardware acceleration.
75 Confidential
Additional vCLI commands
Network
• esxcli network: List active connections or list active ARP table entries.
• vicfg-authconfig --server=<ESXi_IP_Adress> --username=root --password '' --authscheme AD --joindomain <ad_domain_name> --adusername=<ad_user_name> --adpassword=<ad_user_password>
Storage
• NFS statistics available in resxtop
VM
• esxcli vms: Forcibly stop VMs that do not respond to normal stop operations, by using kill commands. # esxcli vms vm kill --type <kill_type> --world-id <ID>
• Note: designed to kill VMs in a reliable way (not dependent upon well-behaving system)
• Eliminating one of the most common reasons for wanting to use TSM.
76 Confidential
esxcli - New Namespaces
esxcli has got 3 new namespaces – network, vaai and vms
[root@cs-tse-i132 ~]# esxcli Usage: esxcli [disp options] <namespace> <object> <command> For esxcli help please run esxcli –help Available namespaces: corestorage VMware core storage commands. network VMware networking commands. nmp VMware Native Multipath Plugin (NMP). This is the VMware default implementation of the Pluggable Storage Architecture. swiscsi VMware iSCSI commands. vaai Vaai Namespace containing vaai code. vms Limited Operations on VMs.
77 Confidential
Control VM Operations
# esxcli vms vm Usage: esxcli [disp options] vms vm <command> For esxcli help please run esxcli –help Available commands: kill Used to forcibly kill VMs that are stuck and not responding to normal stop operations.
list List the VMs on this system. This command currently will only list running VMs on the system.
[root@cs-tse-i132 ~]# esxcli vms vm list vSphere Management Assistant (vMA) World ID: 5588 Process ID: 27253 VMX Cartel ID: 5587 UUID: 42 01 a1 98 d6 65 6b e8-79 3b 2a 7c 9d 88 70 05 Display Name: vSphere Management Assistant (vMA) Config File: /vmfs/volumes/4b1e10ed-8ce9ce16-f692-00215e364468/vSphere Management Assistant (vM/vSphere Management Assistant (vM.vmx
78 Confidential
esxtop – Disk Devices View
• Use the ‘u’ option to display ‘Disk Devices’.
• NFS statistics can now be observed.
• Here we are looking at throughput and latency stats for the devices.
79 Confidential
New VAAI Statistics in esxtop (1 of 2)
•There are new fields in esxtop which look at VAAI statistics.
•Each of the three primitives has their own unique set of statistics.
•Toggle VAAI fields (‘O’ and ‘P’) to on for VAAI specific statistics.
80 Confidential
New VAAI Statistics in esxtop (2 of 2)
•The way to track failures is via esxtop or resxtop. Here you'll see CLONE_F, which is clone failures. Similarly, you'll see ATS_F, ZERO_F and so on.
Clone (Move) Ops VMFSLockOps
Zeroing (Init) Ops
Latencies
81 Confidential
esxtop – VM View
• esxtop also provides a mechanism to view VM I/O & latency statistics, even if they reside on NFS.
• The VM with GID 65 (SmallVMOnNAS) above resides on an NFS datastore.
82 Confidential
VSI
# vsish /> cat /vmkModules/nfsclient/mnt/isos/properties mount point information { server name:rhtraining.vmware.com server IP:10.21.64.206 server volume:/mnt/repo/isos UUID:4f125ca5-de4ee74d socketSendSize:270336 socketReceiveSize:131072 reads:7 writes:0 readBytes:92160 writeBytes:0 readTime:404366 writeTime:0 aborts:0 active:0 readOnly:1 isMounted:1 isAccessible:1 unstableWrites:0 unstableNoCommit:0 }
NFS I/O statistics are also available via the VSI nodes
83 Confidential
vm-support enhancements
vm-support now enables user to run 3rd party scripts.
• To make vm-support run such scripts, add the scripts to "/etc/vmware/vm-support/command-files.d" directory and run vm-support.
• The results will be added to the vm-support archive.
Each script that is run will have its own directory which contain output and log files for that script in the vm-support archive.
• These directories are stored in top-level directory "vm-support-commands-output".
84 Confidential
Power CLI
Feature Highlights:
• Easier to customize and extend PowerCLI, especially for reporting Output objects can be customized by adding extra properties
Better readability and less typing in scripts based on Get-View. Each output object has its associated view as nested property. Less typing is required to call Get-View and convert between PowerCLI object IDs and managed object IDs.
• Basic vDS support – moving VMs from/to vDS, adding/removing hosts from/to vDS
• More reporting: new getter cmdlets, new properties added to existing output objects, improvements in Get-Stat.
• Cmdlets for host HBAs
• PowerCLI Cmdlet Reference now documents all output types
• Cmdlets to control host routing tables
• Faster Datastore provider
http://blogs.vmware.com/vipowershell/2010/07/powercli-41-is-out.html
85 Confidential
If you are really really curious….
Additional commands (not supported)
• http://www.petri.co.il/vmware-esxi4-console-secret-commands.htm
86 Confidential
vCenter specific
87 Confidential
vCenter improvement
Better load balancing with improved DRS/DPM algorithm effectiveness
Improved performance at higher vCenter inventory limits – up to 7x higher throughput and up to 75% reduced latency
Improved performance at higher cluster inventory limits – up to 3x higher throughput and up to 60% reduced latency
Faster vCenter startup – around 5 minutes for maximum vCenter inventory size
Better vSphere Client responsiveness, quicker user interaction, and faster user login
Faster host operations and VM operations on standalone hosts – up to 60% reduction in latency
Lower resource usage by vCenter agents by up to 40%
Reduced VM group power-on latency by up to 25%
Faster VM recovery with HA – up to 60% reduction in total recovery time for 1.6x more VMs
88 Confidential
88
Enhanced vCenter Scalability
vSphere 4 vSphere 4.1 RatioVMs per host 320 320 1x
Hosts per cluster 32 32 1x
VMs per cluster 1280 3000 3x
Hosts per VC 300 1000 3x
Registered VMs per VC 4500 15000 3x+
Powered-On VMs per VC 3000 10000 3x
Concurrent VI Clients 30 120 4x
Hosts per DC 100 500 5x
VMs per DC 2500 5000 2x
89 Confidential
vCenter 4.1 install
New option: Managing the RAM of JVM
90 Confidential
vCenter Server: Changing JVM Sizing
• The same change should be visible by launching "Configure Tomcat" from the program menu (Start->Programs->VMware->VMware Tomcat).
91 Confidential
vCenter: Services in Windows
The following are not shown as services
• Licence Reporting manager
92 Confidential
New Alarms
Name Descriptions
Health status monitoringDefault alarm to monitor changes in overall health status. See vCenter Service Status on the Home view for more details.
Host Baseboard Management Controller status
Monitors the status of the Baseboard Management Controller. See the host's Hardware Status Tab for more details.
Host IPMI System Event Log statusMonitors the fullness of the IPMI System Event Log. See the host's Hardware Status Tab for more details.
License user threshold monitoring Default alarm to monitor if a user-defined license threshold is exceeded
Non-VI workload detected on the datastore Default alarm that triggers if a non-VI workload is detected on a datastore
93 Confidential
Predefined Alarms
94 Confidential
Remote Console to VM Formally known as Virtual Serial Port Concentrator
95 Confidential
Overview
• Many customers rely on managing physical hosts by connecting to the target machine over the serial port.
• Physical serial port concentrators are used by such admins to multiplex connections to multiple hosts. Provides a suitable way to remote a VM’s serial port(s) over a network connection,
and supporting a “virtual serial port concentrator” utility.
• Using VMs you lose this functionality and the ability to do remote management using scripted installs and management.
• Virtual Serial Port Concentrator Communicate between VMs and IP-enabled serial devices.
Connect to VM's serial port over the network, using telnet /ssh.
Have this connection uninterrupted during vmotion and other similar events.
96 Confidential
Virtual Serial Port Concentrator
What it is
• Redirect VM serial ports over a
standard network link
• vSPC aggregates traffic from
multiple serial ports onto
one management console.
It behaves similarly as
physical serial port concentrators.
Benefits
• Using a vSPC also allows
network connections to
a VM's serial ports to migrate
seamlessly when the VM is migrated using vMotion
• Management efficiencies
• Lower costs for multi-host management
• Enables 3rd party concentrator integration if required
97 Confidential
Example (using Avocent)
• ACS 6000 Advanced Console Server running as a vSPC.
• There is not a serial port or virtual serial port in the ACS6000 console server.
• ACS6000 console server has a telnet daemon (server) listen to connections coming from ESX.
• ESX will make one telnet connection for each virtual serial port configured to send data to ACS6000 console server.
• The serial daemon will implement the telnet server with support to all telnet extensions implemented by VMware.
98 Confidential
99 Confidential
Configuring Virtual Ports on a VM
100 Confidential
Configuring Virtual Ports on a VM
vSPC, which will act as proxy.
Enables two VMs or a VM and a process on the host tocommunicate as if they were physical machines connected by a serial cable. For example, this can be used for remote debugging on a VM
101 Confidential
Configuring Virtual Ports on a VM
Example (for Avocent):
• Type ACSID://ttySxx in the Port URI, where xx is between 1 to 48. It defines which virtual
serial port from the ACS6000 console server this serial port will connect to.
1 VM 1 port.
ACS6000 has 48 ports only
Type telnet://<IP of Avocent VM>:8801
102 Confidential
Configuring Virtual Ports on a VM
103 Confidential
Configure VM to redirect Console Login
Check your system's serial support
• Check operating system recognizes serial ports in your hardware
• Configure your /etc/inittab to support serial console logins Add the following lines to the /etc/inittab
# Run agetty on COM1/ttyS0
s0:2345:respawn:/sbin/agetty -L -f /etc/issueserial 9600 ttyS0 vt100
104 Confidential
Configure VM to redirect Console Login
• Activate the changes that you made in /etc/inittab# init q
• If you want to be able to login via serial console as the root user, you will need to edit the /etc/securetty configuration file. Add ttyS0 as an entry in the /etc/securetty
consolettyS0 vc/1 vc/2
105 Confidential
Configure serial port as the system console
• Use options in /etc/grub.conf to redirect console output to one of your serial ports Enables you to see all of the bootup and shutdown messages from your terminal.
• The text to add to the config file is highlighted :
106 Confidential
Accessing the Serial Port of the Virtual Machine
• Open a Web connection to the Avocent ACS6000
• Click on the Ports folder and click Serial Ports
• Based on the Serial Port connection configured in the Virtual Machine, you should see Signals of CTS|DSR|CD|RI
107 Confidential
Accessing the Serial Port of the Virtual Machine
•Click in the Serial Viewer link and a console will open
•Enter password of avocent and hit the Enter key to establish the connection
108 Confidential
Performance Monitoring
109 Confidential
UI > Performance > Advanced
• Additional Chart Options in vSphere 4.1 around storage performance statistics: Datastore, Power, Storage adapter & Storage path.
vSphere 4.0 vSphere 4.1
110 Confidential
110
Performance Graphs
• Additional Performance Graph Views added to vSphere 4.1 Host – Datastore, Management Agent, Power, Storage Adapter, Storage Path
VM – Datastore, Power, Virtual Disk
110
111 Confidential
Storage Statistics: vCenter & esxtop
Inventory object
Per Component
Statistic FC/NFS/
iSCSI
vCenter? Esxtop?
Host datastore Throughput, latency
All
Storage adapter
Throughput, latency
FC* Available today
Storage path Throughput, latency
FC* Available today
LUN Throughput, latency
FC, iSCSI** Available today
Available today
VM Datastore Throughput, latency
All
VMDK Throughput, latency
All
Not available in this timeframe: Aggregation at cluster level in vCenter (possible through APIs)
*Network-based storage (NFS, iSCSI) I/O breakdown still being researched
** Not applicable to NFS; datastore is the equivalent
ESXTOP publishes throughput and latency for LUN, if datastore has only one LUN then LUN will be equal datastore
112 Confidential
Volume Stats for NFS Device
113 Confidential
Datastore Activity Per Host
114 Confidential
Other Host Stats
115 Confidential
Datastore Activity per VM
116 Confidential
Virtual Disk Activity per VM
117 Confidential
VMware Update Manager
118 Confidential
Update Manager
Central automated, actionable VI patch compliance management solution
Define, track, and enforce software update compliance for ESX hosts/clusters, 3rd party ESX extensions, Virtual Appliances, VMTools/VM Hardware, online*/offline VMs, templates
Patch notification and recall Cluster level pre-remediation check
analysis and report Framework to support 3rd party IHV/ISV
updates, customizations: mass install, /update of EMC’s PowerPath module
Enhanced compatibility with DPM for cluster level patch operations
Performance and scalability enhancements to match vCenter
119 Confidential
Overview
•vCenter Update Manager enables centralized, automated patch and version management .
•Define, track, and enforce software update compliance and support for :
• ESX/ESXi hosts
• VMs
• Virtual Appliances
• 3rd Party ESX Modules
• Online/Offline VMs, Templates
• Automate and Generate Reports using Update Manager Database Views
ESX/ESXi
VM
Virtual
Applianc
e
VMTool
s
VM
H/W Online/offline ; Templates
VMToolsVM H/W
3rd party extensions
vCenter Update Manager
120 Confidential
Deployment Components
Confidential
VI Client
vCenterServer
UpdateManagerServer
Update Manager Components:1. Update Manager Server + DB2. Update Manager VI Client Plug-in 3. Update Manager Download Service
VirtualizedInfrastructureExternal
Patch Feeds
121 Confidential
New Features in 4.1
Update Manager now provides management of host upgrade packages.
Provisioning, patching, and upgrade support for third-party modules.
Offline bundles.
Recalled patches
Enhanced cluster operation.
Better handling of low bandwidth and high latency network
PowerCLI
Better support for virtual vCenter
122 Confidential
Notifications
• As we have already seen with the notification Schedule, Update Manager 4.1 contacts VMware at regular intervals to download notifications about patch recalls, new fixes and alerts.
• If patches with problems/potential issues are released, these patches are recalled in the metadata and VUM marks them as recalled.
• If you try to install a recalled patch, Update Manager notifies you that the patch is recalled and does not install it on the host.
• If you have already installed such a patch, VUM notifies you that the recalled patch is installed on certain hosts, but does not remove the recalled patch from the host.
• Update Manager also deletes all the recalled patches from the Update Manager patch repository.
• When a patch fixing the problem is released, Update Manager 4.1 downloads the new patch and prompts you to install it.
123 Confidential
Notifications
• Notifications which Update Manager downloads are displayed on the Notifications tab of the Update Manager Administration view.
• An Alarm is Generated and an email sent if the Notification Check Schedule is configured
• Update Manager shows the patch as recalled
124 Confidential
Notifications - Patch Recall Details
125 Confidential
Notifications
• Alarms posted for recalled and fixed Patches
• Recalled Patches are represented by a Flag
126 Confidential
VUM 4.1 Feature - Notification Check Schedule
• By default Update Manager checks for notifications about patch recalls, patch fixes and alerts at certain time intervals.
• Edit Notifications to define the Frequency (hourly, daily, weekly, Monthly) and the Start time ( minutes after hour ), the Interval and the email address of who to Notify for recalled Patches
127 Confidential
VUM 4.1 Feature - ESX Host/Cluster Settings
• When Remediating objects in a cluster with Distributed Power Management (DPM), High Availability (HA), and Fault Tolerance (FT) you should temporarily disable these features for the entire cluster. VUM does not remediate hosts on which these features are enabled.
• When the update completes, VUM restores these features
• These settings become the default failure response. You can specify different settings when you configure individual remediation tasks.
128 Confidential
VUM 4.1 Feature - ESX Host/Cluster Settings
• Update Manager can not remediate hosts where VMs have connected CD/DVD drives.
• CD/DVD drives that are connected to the VMs on a host might prevent the host from entering maintenance mode and interrupt remediation.
• Select Temporarily disable any CD-ROMs that may prevent a host from entering maintenance mode.
129 Confidential
Baselines and Groups
• Baselines might be upgrade, extension or patch baselines. Baselines contain a collection of one or more patches, service packs and bug fixes, extensions or upgrades.
• Baseline groups are assembled from existing baselines and might contain one upgrade baseline per type and one or more patch and extension baselines, or a combination of multiple patch and extension baselines.
• Preconfigured Baselines Hosts – 2 Baselines
VM/VA – 6 Baselines
130 Confidential
Baselines and Groups
• Update Manager 4.1 introduces a new Host Extension Baseline
• Host Extension baselines contain additional software for ESX/ESXi hosts. This additional software might be VMware software or third-party software.
131 Confidential
Patch Download Settings
• Update Manager can download patches and extensions either from the Internet ( vmware.com ) or from a shared repository.
• A new feature of Update Manager 4.1 allows you to import both VMware and Third-party patches manually from a ZIP file, called an Offline Bundle. You download these patches from the Internet or copy them from a media
drive, and then save them as offline bundle ZIP files on a local drive.
• Use the Import Patches to upload to the Update Manager Repository
132 Confidential
Patch Download Settings
• Click Import Patches at the bottom of the Patch Download Sources pane.
• Browse to locate the ZIP file containing the patches you want to import in the Update Manager patch repository.
133 Confidential
Patch Download Settings
• The patches are successfully imported into the Update Manager Patch Repository.
• Use the Search box to filter e.g. ThirdParty
Right Mouse Click Patch and select Show Patch Detail
134 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• You can upgrade the hosts in your environment using Host Upgrade Release Baselines which is a new feature of Update Manager 4.1.
• This feature facilitates faster remediation of hosts by having the Upgrade Release media already uploaded to the VUM Repository. Previously, the media had to be uploaded for each remediation.
• To create a Host Upgrade Release Baseline, download the host upgrade files from vmware.com and then upload them to the Update Manager Repository.
• Each upgrade file that you upload contains information about the target version to which it will upgrade the host.
• Update Manager distinguishes the target release versions and combines the uploaded Host Upgrade files into Host Upgrade Releases.
• A host upgrade release is a combination of host upgrade files, which allows you to upgrade hosts to a particular release.
135 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• You cannot delete an Host Upgrade Release if it is included in a baseline. First delete any Baselines that have the Host Upgrade Release included.
• Update Manager 4.1 supports upgrades from versions ESX 3.0.x and later as well as ESXi 3.5 and later to versions ESX 4.0.x and ESX 4.1.
• The remediation from ESX 4.0 to ESX 4.0.x is a patching operation, while the remediation from ESX 4.0.x to ESX 4.1 is considered an upgrade.
136 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• The Upgrade files that you upload are ISO or ZIP files.
• The file type depends on the host type, host version and on the upgrade that you want to perform.
• The following Table represents the types of the upgrade files that you must upload for upgrading the ESX/ESXi hosts in your environment.
Target ESX/ESXi
Host Version
Source ESX/ESXi Host Version
ESX 4.0.x ESXi 4.0.x ESX 3.x ESXi 3.x
4.0.x N/A N/A ISO Zip
4.1 Zip Zip ISO Zip
137 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• Depending on the files that you upload, host upgrade releases can be partial or complete. Partial upgrade releases are host upgrade releases that do not contain
all of the upgrade files required for an upgrade of both the ESX and ESXi hosts.
Complete upgrade releases are host upgrade releases that contain all of the upgrade files required for an upgrade of both the ESX and ESXi hosts.
• To upgrade all of the ESX/ESXi hosts in your vSphere environment to version 4.1, you must upload all of the files required for this upgrade (three ZIP files and one ISO file): esx-DVD-4.1.0-build_number.iso for ESX 3.x hosts
upgrade-from-ESXi3.5-to-4.1.0.build_number.zip for ESXi 3.x hosts
upgrade-from-ESX-4.0-to-4.1.0-0.0.build_number-release.zip for ESX 4.0.x hosts
upgrade-from-ESXi4.0-to-4.1.0-0.0.build_number-release.zip for ESXi 4.0.x hosts
138 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• You can upgrade multiple ESX/ESXi hosts of different versions simultaneously if you import a complete release bundle.
• You import and manage host upgrade files from the Host Upgrade Releases tab of the Update Manager Administration view.
139 Confidential
VUM 4.1 Feature - Host Upgrade Releases
•Wait until the file upload completes.
• The uploaded Host Upgrade Release files appear in the Imported Upgrade Releases pane as an upgrade release.
139
140 Confidential
VUM 4.1 Feature - Host Upgrade Releases
• Host Upgrade Releases are stored in the <patchStore> location specified in the vci-integrity.xml file in the host_upgrade_packages folder.
• We can use the Update Manager Database View called VUMV_HOST_UPGRADES to locate them.
141 Confidential
Patch Repository
• Patch and extension metadata is kept in the Update Manager Patch Repository.
• You can use the repository to manage patches and extensions, check on new patches and extensions, view patch and extension details, view in which baseline a patch or an extension is included, view the recalled patches and import patches.
141
142 Confidential
Import Offline Patch to Repository
• From the Patch Repository you can include available, recently downloaded patches and extensions in a baseline you select.
• Instead of using a shared repository or the Internet as a patch download source, you can import patches manually by using an offline bundle.
143 Confidential
Notifications
• As we have already seen with the notification Schedule, Update Manager 4.1 contacts VMware at regular intervals to download notifications about patch recalls, new fixes and alerts.
• If patches with problems/potential issues are released, these patches are recalled in the metadata and VUM marks them as recalled.
• If you try to install a recalled patch, Update Manager notifies you that the patch is recalled and does not install it on the host.
• If you have already installed such a patch, VUM notifies you that the recalled patch is installed on certain hosts, but does not remove the recalled patch from the host.
• Update Manager also deletes all the recalled patches from the Update Manager patch repository.
• When a patch fixing the problem is released, Update Manager 4.1 downloads the new patch and prompts you to install it.
144 Confidential
Notifications
• Notifications which Update Manager downloads are displayed on the Notifications tab of the Update Manager Administration view.
• An Alarm is Generated and an email sent if the Notification Check Schedule is configured
• Update Manager shows the patch as recalled
145 Confidential
Notifications - Patch Recall Details
146 Confidential
Notifications
• Alarms posted for recalled and fixed Patches
• Recalled Patches are represented by a Flag
147 Confidential
VMware Converter
148 Confidential
Converter 4.2 (not 4.1)
Physical to VM conversion support for Linux sources including:
• Red Hat Enterprise Linux 2.1, 3.0, 4.0, and 5.0
• SUSE Linux Enterprise Server 8.0, 9.0, 10.0, and 11.0
• Ubuntu 5.x, 6.x, 7.x, and 8.x
Hot cloning improvements to clone any incremental changes to physical machine during the P2V conversion process
Support for converting new third-party image formats including Parallels Desktop VMs, newer versions of Symantec, Acronis, and StorageCraft
Workflow automation enhancements:
• automatic source shutdown, automatic start-up of the destination VM as well as shutting down one or more services at the source and starting up selected services at the destination
Destination disk selection and the ability to specify how the volumes are laid out in the new destination VM
Destination VM configuration, including CPU, memory, and disk controller type
Support for importing powered-off Microsoft Hyper-V R1 and Hyper-V R2 VMs
Support for importing Windows 7 sources
Ability to throttle the data transfer from source to destination based on network bandwidth or CPU
149 Confidential
Converter – Hyper-V Import
Microsoft Hyper-V Import
• Hyper-V can be compared to VMware Server Runs on top of operating system
By default only manageable locally
Up to now import went through P2V inside of the VM
• Converter imports VMs from Hyper-V now as V2V Collects information from the Hyper-V server re VMs
Does not go through Hyper-V administration tools
Uses default Windows methods to access the VM
• Requirements Converter needs administrator credentials to import a VM
Hyper-V must be able to create a network connection to destination ESX host
VM to be imported must be powered off
VM OS must be supported guestOS by vSphere
© 2009 VMware Inc. All rights reserved
Confidential
Implementation Services
Upgrading, Next Steps, etc
151 Confidential
Support Info
VMware Converter plug-in.
• vSphere 4.1 and its updates/patches are the last releases for the VMware Converter plug-in for vSphere Client.
• We will continue to update and support the free Converter Standalone product
VMware Guided Consolidation.
• vSphere 4.1 and its update/patch are the last major releases for VMware Guided Consolidation.
VMware Update Manager: Guest OS patching
• Update Manager 4.1 and its update are the last releases to support scanning and remediation of patches for Windows and Linux guest OS.
• The ability to perform VM operations such as upgrade of VMware Tools and VM hardware will continue to be supported and enhanced.
VMware Consolidated Backup 1.5 U2
• VMware has extended the end of availability timeline for VCB and added VCB support for vSphere 4.1. VMware supports VCB 1.5 U2 for vSphere 4.1 and its update/patch through the end of their lifecycles.
VMware Host Update utility
• No longer used. Use Update Manager or CLI to patch ESX
vSphere Client no longer bundled with ESX/ESXi
• Reduced size by around 160 MB.
152 Confidential
Support Info
VMI Paravirtualized Guest OS support.
• vSphere 4.1 is the last release to support the VMI guest OS paravirtualization interface. For information about migrating VMs that are enabled for VMI so that they can run on future vSphere releases, see Knowledge Base article 1013842.
vSphere Web Access.
• Support is now on best effort basis.
Linux Guest OS Customization.
• vSphere 4.1 is the last release to support customization for these Linux guest OS: RedHat Enterprise Linux (AS/ES) 2.1, RedHat Desktop 3, RedHat Enterprise Linux
(AS/ES) 3.0,
SUSE Linux Enterprise Server 8
Ubuntu 8.04, Ubuntu 8.10, Debian 4.0, Debian 5.0
Microsoft Clustering with Windows 2000 is not supported in vSphere 4.1.
• See the Microsoft Website for additional information.
• Likely due to MSCS with Win2K EOL. Need to double confirm.
153 Confidential
vCenter MUST be hosted on 64-bit Windows OS
• 32-bit OS NOT supported as a host OS with vCenter vSphere 4.1
Why the change?
• Scalability is restricted by the x86 32 bit virtual address space and moving to 64 bit will eliminate this problem
• Reduces dev and QA cycles and resources (faster time to market)
Two Options
1. vCenter in a VM running 64-bit Windows OS
2. vCenter install on a 64-bit Windows OS
Best Practice – Use Option 1
http://kb.vmware.com/kb/1021635
vCenter – Migration to 64-bit
154 Confidential
Data Migration Tool - What is backed up ?
• vCenter LDAP data
Configuration
Port settings
HTTP/S ports
Heartbeat port
Web services HTTP/S ports
LDAP / LDAP SSL ports
Certificates
SSL folder
Database
Bundled SQL Server Express only
Install Data
License folder
155 Confidential
Data Migration Tool - Steps to Backup the Configuration
• Example of the start of the backup.bat command running
156 Confidential
Compatibility
vSphere Client compatibility
• Can use the “same” client to access 4.1, 4.0 and 3.5
vCenter LinkedMode
• vCenter 4.1 and 4.0 can co-exist in Linked Mode
• After both versions of vSphere Client are installed, you can access vCenter linked objects with either client.
• For Linked Mode environments with vCenter 4.0 and vCenter 4.1, you must have vSphere Client 4.0 Update 1 and vSphere Client 4.1.
MS SQL Server
• Unchanged. 4.1, 4.0 U2, 4.0 U1 and 4.0 have identical support
• 32 bit DB is also supported.
157 Confidential
Compatibility
vCenter 4.0 does not support ESX 4.1
• Upgrade vCenter before upgrading ESX
vCenter 4.1 does not support ESX 2.5
• ESX 2.5 has reached the limited/non support status
vCenter 4.1 adds support for ESX 3.0.3 U1
Storage:
• No change in VMFS format
Network
• Distributed Switch 4.1 needs ESX 4.1
• Quiz: how to upgrade?
158 Confidential
Upgrading Distributed Switch
Source:
• Manual. ESX Configuration Guide, see “Upgrade a vDS to a Newer Version”
159 Confidential
Compatibility
View
• Need to upgrade to 4.5
• View 4.0 composer is a 32-bit application, while vCenter 4.1 is 64 bit.
SRM
• need to upgrade to SRM 4.1
• SRM 4.1 supports vSphere 4.0 U1, 4.0 U2 and 3.5 U5
• SRM 4.1 needs vCenter 4.1
• SRM 4.1 needs 64 bit OS. SRM 4.1 adds support for Win08 R2
CapacityIQ
• CapacityIQ 1.0.3 (the current shipping release) is not known to have any issues with VC 4.1 but you need to use a “–NoVersionCheck” flag when registering CIQ with it.
• CapacityIQ 1.0.4 will be released soon to address that.
160 Confidential
Compatibility: Win08 R2
This is for R2, not R1
This is to run the VMware products on Windows, not to host Win08 as Guest OS
• Win08 as guest is supported on 4.0
Minimum vSphere products version to run on Windows 2008 R2:
• vSphere Client 4.1
• vCenter 4.1
• Guest OS Customization for 4.0 and 4.1
• vCenter Update Manager as its server. It is not yet supported for patching Win08 R2. Update Manager also does not patch Win7
• vCenter Converter
• Vmware Orchestrator vCO: Client and Server 4.1
• SRM 4.1
161 Confidential
Known Issues
Full list: https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_vc41_rel_notes.html#sdk
IPv6 Disabled by Default when installing ESXi 4.1.
Hardware iSCSI.
• Broadcom Hardware iSCSI does not support Jumbo Frames or IPv6. Dependent hardware iSCSI does not support iSCSI access to the same LUN when a host uses dependent and independent hardware iSCSI adapters simultaneously.
VM MAC address conflicts
• Each vCenter system has a vCenter instance ID. This ID is a number between 0 and 63 that is randomly generated at installation time but can be reconfigured after installation.
• vCenter uses the vCenter instance ID to generate MAC addresses and UUIDs for VMs. If two vCenter systems have the same vCenter instance ID, they might generate identical MAC addresses for VMs. This can cause conflicts if the VMs are on the same network, leading to packet loss and other problems.
© 2009 VMware Inc. All rights reserved
Confidential
Thank You
I’m sure you are tired too
163 Confidential
Useful references
• http://vsphere-land.com/news/tidbits-on-the-new-vsphere-41-release.html
• ]http://www.petri.co.il/virtualization.htm
• http://www.petri.co.il/vmware-esxi4-console-secret-commands.htm
• http://www.petri.co.il/vmware-data-recovery-backup-and-restore.htm
• http://www.delltechcenter.com/page/VMware+Tech
• http://www.kendrickcoleman.com/index.php?/Tech-Blog/vm-advanced-iso-free-tools-for-advanced-tasks.html
• http://www.ntpro.nl/blog/archives/1461-Storage-Protocol-Choices-Storage-Best-Practices-for-vSphere.html
• http://www.ntpro.nl/blog/archives/1539-vSphere-4.1-Virtual-Serial-Port-Concentrator.html
• http://www.virtuallyghetto.com/2010/07/vsphere-41-is-gift-that-keeps-on-giving.html
• http://www.virtuallyghetto.com/2010/07/script-automate-vaai-configurations-in.html
• http://searchvmware.techtarget.com/tip/0,289483,sid179_gci1516821,00.html
• http://vmware-land.com/esxcfg-help.html
• http://virtualizationreview.com/blogs/everyday-virtualization/2010/07/esxi-hosts-ad-integrated-security-gotcha.aspx
• http://www.MS.com/licensing/about-licensing/client-access-license.aspx#tab=2
• http://www.MSvolumelicensing.com/userights/ProductPage.aspx?pid=348