VMware vSphere 6.7 Cookbook - Fourth Edition

By : Abhilash G B

VMware vSphere 6.7 Cookbook - Fourth Edition

By: Abhilash G B

Overview of this book

VMware vSphere is the most comprehensive core suite of SDDC solutions on the market. It helps transform data centers into simplified on-premises private cloud infrastructures. This edition of the book focuses on the latest version, vSphere 6.7. The books starts with chapters covering the greenfield deployment of vSphere 6.7 components and the upgrade of existing vSphere components to 6.7. You will then learn how to configure storage and network access for a vSphere environment. Get to grips with optimizing your vSphere environment for resource distribution and utilization using features such as DRS and DPM, along with enabling high availability for vSphere components using vSphere HA, VMware FT, and VCHA. Then, you will learn how to facilitate large-scale deployment of stateless/stateful ESXi hosts using Auto Deploy. Finally, you will explore how to upgrade/patch a vSphere environment using vSphere Update Manager, secure it using SSL certificates, and then monitor its performance with tools such as vSphere Performance Charts and esxtop. By the end of this book, you'll be well versed in the core functionalities of vSphere 6.7 and be able to effectively deploy, manage, secure, and monitor your environment.

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Free Chapter

Deploying a New vSphere 6.7 Infrastructure

Installing ESXi – the interactive method

Configuring the ESXi Management Network

Scripted deployment of ESXi

Deploying the vCenter Server Appliance (VCSA)

Deploying vCenters in a Linked Mode configuration

Configuring Single Sign-On (SSO) identity sources

Configuring vCenter Roles and Permissions

Joining ESXi to an Active Directory domain

Planning and Executing the Upgrade of vSphere

Planning the upgrade of your vSphere infrastructure

Running VMware Migration Assistant

Upgrading Platform Services Controllers (PSCs)

Upgrading vCenter Servers

Using the vCenter Convergence Tool

Upgrading ESXi using the interactive installer

Upgrading ESXi using the command-line interface

Configuring Network Access Using vSphere Standard Switches

Creating vSphere Standard Switches

Creating Virtual Machine Port Groups on vSphere Standard Switches

Creating additional VMkernel interfaces on vSphere Standard Switches

Creating additional VMkernel TCP/IP stacks

Managing the Physical Uplinks of a vSphere Standard Switch

Configuring Security, Traffic Shaping, Teaming and Failover

Configuring Network Access Using vSphere Distributed Switches

Creating a vSphere Distributed Switch (vDS)

Connecting ESXi hosts to a vDS

Creating Distributed Port Groups (dvPortGroup)

Configuring Security, Traffic Shaping, Teaming, and Failover

Configuring VLANs on vDS

Configuring Private VLANs on a vDS

Configuring a Link Aggregation Group (LAG) on a vDS

Configuring user-defined network pools—NIOC

Migrating Virtual Machine Network from vSS to vDS

Migrating VMkernel interfaces from vSS to vDS

Configuring port mirroring on vDS

Configuring NetFlow on vDS

Upgrading a vDS

Backing up and restoring a vDS

Configuring Storage Access for Your vSphere Environment

Connecting ESXi hosts to a Fabric Storage

Connecting ESXi to iSCSI Storage

iSCSI multipathing using Port Binding

Connecting ESXi hosts to NFS Storage

Viewing storage devices and datastores on ESXi hosts

Masking paths to a storage device

Unmasking paths to a storage device

Creating and Managing VMFS Datastores

Creating VMFS datastores

Upgrading VMFS datastores

Managing Storage Multipathing

Expanding or growing a VMFS datastore

Extending a VMFS datastore

Unmounting VMFS datastores and detaching storage devices

Attaching storage devices and remounting VMFS datastores

Managing VMFS snapshots

SIOC, Storage DRS, and Profile-Driven Storage

Configuring Disk Shares on VM storage

Enabling SIOC

Balancing storage utilization using Storage DRS (SDRS)

Defining storage capabilities using vCenter Tags

Creating VM Storage Policies

Configuring vSphere DRS, DPM, and VMware EVC

Enabling vSphere DRS on a cluster

Changing the default DRS behavior

Configuring VM Automation

Creating DRS Groups

Creating DRS VMs to Host Affinity Rules

Creating DRS Inter-VM Affinity Rules

Configuring Predictive DRS

Configuring DPM

Using VMware Enhanced vMotion Compatibility (EVC)

Achieving High Availability in a vSphere Environment

Enabling vSphere High Availability

Configuring vCenter Admission Control

Configuring Heartbeat Datastores

Overriding Restart Priority for Virtual Machines

Creating VM to VM Dependency Rules

Disabling Host Monitoring

Enabling Virtual Machine Monitoring

Enabling Virtual Machine Component Protection (VMCP)

Configuring vSphere Fault Tolerance (FT)

Configuring vCenter Native High Availability (VCHA)

Achieving Configuration Compliance Using vSphere Host Profiles

Creating Host Profiles

Associating Host Profiles with ESXi hosts or clusters

Checking Host Profile Compliance

Scheduling Host Profile Compliance Checks

Performing Host Customizations

Remediating non-compliant Hosts

Using Host Profiles to push a configuration change

Copying settings between Host Profiles

Exporting Host Profiles

Importing Host Profiles

Duplicating Host Profiles

Building Custom ESXi Images Using Image Builder

Enabling ESXi Image Builder

Importing a Software Depot

Creating an Online Software Depot

Creating a Custom Software Depot

Cloning Image Profiles

Creating Image Profiles using Software Packages

Comparing Image Profiles

Moving Image Profiles between Software Depots

Exporting Image Profiles

Auto-Deploying Stateless and Stateful ESXi Hosts

Enabling vSphere Auto Deploy

Configuring the Trivial File Transfer Protocol (TFTP) server for an ESXi PXE boot environment

Configuring the DHCP server for a PXE boot

Creating vSphere Auto Deploy rules

Configuring Stateless Caching

Deploying Stateful ESXi hosts

Creating and Managing Virtual Machines

Creating a Virtual Machine

Creating Virtual Machine Snapshots

Deleting Virtual Machine Snapshots

Reverting to the current Virtual Machine Snapshot

Switching to an Arbitrary Virtual Machine Snapshot

Consolidating Snapshots

Exporting a Virtual Machine

Upgrading and Patching Using vSphere Update Manager

Downloading Patch Definitions

Creating Patch Baselines

Creating Host Upgrade Baselines

Creating Baseline Groups

Configuring Update Manager's Remediation Settings

Patching/upgrading ESXi hosts using Update Manager

Upgrading VMware Tools and virtual hardware using Update Manager

Installing the Update Manager Download Service on Linux

Configuring UMDS to download patches

Configuring a Web Server on UMDS (Linux)

Securing vSphere Using SSL Certificates

Using VMCA as a Subordinate or Intermediary CA

Certificate management using the Hybrid approach

Renewing ESXi certificates

Trusting root certificates to stop browser security warnings

Monitoring the vSphere Infrastructure

Using esxtop to monitor performance

Exporting/importing esxtop configurations

Running esxtop in batch mode

Gathering VM I/O statistics using vscsiStats

Using vCenter Performance Charts

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Configuring Single Sign-On (SSO) identity sources

An SSO identity source is a repository of users or groups. It can be a repository of local OS users, Active Directory or OpenLDAP and VMDir. Adding an identity source allows you to assign vCenter permissions to users from such a repository.

The VCSA Photon OS (local OS) and SSO domain (vsphere.local) are pre-recognized identity sources. However, when you try to add identity sources, you are allowed to add three different types:

Active Directory (Windows Integrated Authentication)
Active Directory over LDAP
Open LDAP

In this recipe, we will learn how to add an Active Directory identity source.

How to do it...

The following two-part procedure will allow you to join the PSC to Active Directory and add an Active Directory identity source.

Part 1 – Joining the PSC to Active Directory

Joining the PSC to Active Directory needs to be done only once during the life cycle of the PSC.

Log in to the vCenter Server/PSC as the SSO administrator ([email protected]).
Use the Menu to navigate to Administration:

Menu | Administration

On the Administration page, navigate to Single Sign On | Configuration | Active Directory Domain and click on JOIN AD:

On the Join Active Directory Domain window, specify the name of the domain, OU (optional), and the credentials of a domain user that has permission to join the machine to the domain. Click Join.
Once done, the host has to be rebooted for the changes to take effect.
Once the reboot is complete, it should show the vCenter/PSC as joined to the domain:

Part 2 – Adding the identity source

Use the following process to add an identity source:

Go to the Administration page, navigate to Single Sign On | Configuration | Identity Sources, and click on ADD IDENTITY SOURCE:

On the Add Identity Source window, set the Identity Source Type to Active Directory (Windows Integrated Authentication). The Domain name will be prepopulated with the FQDN of the domain the PSC is joined to. Use the machine account to authenticate:

Once done, the Active Directory domain will be listed among the other identity sources:

This completes the process of configuring SSO identity sources on a vCenter Server.

How it works...

VMware SSO is an authentication server that was made available starting with vSphere 5.1. With version 5.5, it has been rearchitected so that it is simple to plan and deploy, as well as easier to manage. With vSphere 6.0 and 6.5, it is now embedded into the PSC.

SSO acts as an authentication gateway, which takes the authentication requests from various registered components and validates the credential pair against the identity sources that are added to the SSO server. The components are registered to the SSO server during their installation.

Once authenticated, the SSO clients are provided with a token for further exchanges. The advantage here is that the user or administrator of the client service is not prompted for a credential pair (username and password) every time it needs to authenticate.

SSO supports authenticating against the following identity sources:

Active Directory
Active Directory as an LDAP server
Open LDAP
Local OS

Here are some of the components that can be registered with the VMware SSO and leverage its functionality. These components, in SSO terms, are referred to as SSO clients:

VMware vCenter Server
VMware vCenter Orchestrator
VMware NSX
VMware vCloud Director
VMware vRealize Automation
VMware vSphere Web Client
VMware vSphere Data Protection
VMware log browser

VMware vSphere 6.7 Cookbook - Fourth Edition

By : Abhilash G B

VMware vSphere 6.7 Cookbook - Fourth Edition

By: Abhilash G B

Overview of this book

Related Content you might be interested in

Current Title:

VMware vSphere 6.7 Cookbook - Fourth Edition

Data Center Virtualization Certification: VCP6.5-DCV Exam Guide

vSphere High Performance Cookbook

Mastering VMware vSphere 6.7,