Book Image

VMware vSphere 6.7 Cookbook - Fourth Edition

By : Abhilash G B
Book Image

VMware vSphere 6.7 Cookbook - Fourth Edition

By: Abhilash G B

Overview of this book

VMware vSphere is the most comprehensive core suite of SDDC solutions on the market. It helps transform data centers into simplified on-premises private cloud infrastructures. This edition of the book focuses on the latest version, vSphere 6.7. The books starts with chapters covering the greenfield deployment of vSphere 6.7 components and the upgrade of existing vSphere components to 6.7. You will then learn how to configure storage and network access for a vSphere environment. Get to grips with optimizing your vSphere environment for resource distribution and utilization using features such as DRS and DPM, along with enabling high availability for vSphere components using vSphere HA, VMware FT, and VCHA. Then, you will learn how to facilitate large-scale deployment of stateless/stateful ESXi hosts using Auto Deploy. Finally, you will explore how to upgrade/patch a vSphere environment using vSphere Update Manager, secure it using SSL certificates, and then monitor its performance with tools such as vSphere Performance Charts and esxtop. By the end of this book, you'll be well versed in the core functionalities of vSphere 6.7 and be able to effectively deploy, manage, secure, and monitor your environment.

Related Content you might be interested in

Current Title:

Small book image
VMware vSphere 6.7 Cookbook - Fourth Edition
Abhilash G B
Aug, 2019 | 570 pages
Small book image
Data Center Virtualization Certification: VCP6.5-DCV Exam Guide
Andrea Mauro | Paolo Valsecchi
Aug, 2018 | 598 pages
Small book image
vSphere High Performance Cookbook
Christopher Kusek | Prasenjit Sarkar | Kevin Elder
Jun, 2017 | 338 pages
Small book image
Mastering VMware vSphere 6.7,
Martin Gavanda | Andrea Mauro | Paolo Valsecchi | Karel Novak
Mar, 2019 | 756 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
Deploying a New vSphere 6.7 Infrastructure
Deploying a New vSphere 6.7 Infrastructure
Installing ESXi – the interactive method
Configuring the ESXi Management Network
Scripted deployment of ESXi
Deploying the vCenter Server Appliance (VCSA)
Deploying vCenters in a Linked Mode configuration
Configuring Single Sign-On (SSO) identity sources
Configuring vCenter Roles and Permissions
Joining ESXi to an Active Directory domain
2
Planning and Executing the Upgrade of vSphere
Planning and Executing the Upgrade of vSphere
Planning the upgrade of your vSphere infrastructure
Running VMware Migration Assistant
Upgrading Platform Services Controllers (PSCs)
Upgrading vCenter Servers
Using the vCenter Convergence Tool
Upgrading ESXi using the interactive installer
Upgrading ESXi using the command-line interface
3
Configuring Network Access Using vSphere Standard Switches
Configuring Network Access Using vSphere Standard Switches
Creating vSphere Standard Switches
Creating Virtual Machine Port Groups on vSphere Standard Switches
Creating additional VMkernel interfaces on vSphere Standard Switches
Creating additional VMkernel TCP/IP stacks
Managing the Physical Uplinks of a vSphere Standard Switch
Configuring Security, Traffic Shaping, Teaming and Failover
4
Configuring Network Access Using vSphere Distributed Switches
Configuring Network Access Using vSphere Distributed Switches
Creating a vSphere Distributed Switch (vDS)
Connecting ESXi hosts to a vDS
Creating Distributed Port Groups (dvPortGroup)
Configuring Security, Traffic Shaping, Teaming, and Failover
Configuring VLANs on vDS
Configuring Private VLANs on a vDS
Configuring a Link Aggregation Group (LAG) on a vDS
Configuring user-defined network pools—NIOC
Migrating Virtual Machine Network from vSS to vDS
Migrating VMkernel interfaces from vSS to vDS
Configuring port mirroring on vDS
Configuring NetFlow on vDS
Upgrading a vDS
Backing up and restoring a vDS
5
Configuring Storage Access for Your vSphere Environment
Configuring Storage Access for Your vSphere Environment
Connecting ESXi hosts to a Fabric Storage
Connecting ESXi to iSCSI Storage
iSCSI multipathing using Port Binding
Connecting ESXi hosts to NFS Storage
Viewing storage devices and datastores on ESXi hosts
Masking paths to a storage device
Unmasking paths to a storage device
6
Creating and Managing VMFS Datastores
Creating and Managing VMFS Datastores
Creating VMFS datastores
Upgrading VMFS datastores
Managing Storage Multipathing
Expanding or growing a VMFS datastore
Extending a VMFS datastore
Unmounting VMFS datastores and detaching storage devices
Attaching storage devices and remounting VMFS datastores
Managing VMFS snapshots
7
SIOC, Storage DRS, and Profile-Driven Storage
SIOC, Storage DRS, and Profile-Driven Storage
Configuring Disk Shares on VM storage
Enabling SIOC
Balancing storage utilization using Storage DRS (SDRS)
Defining storage capabilities using vCenter Tags
Creating VM Storage Policies
8
Configuring vSphere DRS, DPM, and VMware EVC
Configuring vSphere DRS, DPM, and VMware EVC
Enabling vSphere DRS on a cluster
Changing the default DRS behavior
Configuring VM Automation
Creating DRS Groups
Creating DRS VMs to Host Affinity Rules
Creating DRS Inter-VM Affinity Rules
Configuring Predictive DRS
Configuring DPM
Using VMware Enhanced vMotion Compatibility (EVC)
9
Achieving High Availability in a vSphere Environment
Achieving High Availability in a vSphere Environment
Enabling vSphere High Availability
Configuring vCenter Admission Control
Configuring Heartbeat Datastores
Overriding Restart Priority for Virtual Machines
Creating VM to VM Dependency Rules
Disabling Host Monitoring
Enabling Virtual Machine Monitoring
Enabling Virtual Machine Component Protection (VMCP)
Configuring vSphere Fault Tolerance (FT)
Configuring vCenter Native High Availability (VCHA)
10
Achieving Configuration Compliance Using vSphere Host Profiles
Achieving Configuration Compliance Using vSphere Host Profiles
Creating Host Profiles
Associating Host Profiles with ESXi hosts or clusters
Checking Host Profile Compliance
Scheduling Host Profile Compliance Checks
Performing Host Customizations
Remediating non-compliant Hosts
Using Host Profiles to push a configuration change
Copying settings between Host Profiles
Exporting Host Profiles
Importing Host Profiles
Duplicating Host Profiles
11
Building Custom ESXi Images Using Image Builder
Building Custom ESXi Images Using Image Builder
Enabling ESXi Image Builder
Importing a Software Depot
Creating an Online Software Depot
Creating a Custom Software Depot
Cloning Image Profiles
Creating Image Profiles using Software Packages
Comparing Image Profiles
Moving Image Profiles between Software Depots
Exporting Image Profiles
12
Auto-Deploying Stateless and Stateful ESXi Hosts
Auto-Deploying Stateless and Stateful ESXi Hosts
Enabling vSphere Auto Deploy
Configuring the Trivial File Transfer Protocol (TFTP) server for an ESXi PXE boot environment
Configuring the DHCP server for a PXE boot
Creating vSphere Auto Deploy rules
Configuring Stateless Caching
Deploying Stateful ESXi hosts
13
Creating and Managing Virtual Machines
Creating and Managing Virtual Machines
Creating a Virtual Machine
Creating Virtual Machine Snapshots
Deleting Virtual Machine Snapshots
Reverting to the current Virtual Machine Snapshot
Switching to an Arbitrary Virtual Machine Snapshot
Consolidating Snapshots
Exporting a Virtual Machine
14
Upgrading and Patching Using vSphere Update Manager
Upgrading and Patching Using vSphere Update Manager
Downloading Patch Definitions
Creating Patch Baselines
Creating Host Upgrade Baselines
Creating Baseline Groups
Configuring Update Manager's Remediation Settings
Patching/upgrading ESXi hosts using Update Manager
Upgrading VMware Tools and virtual hardware using Update Manager
Installing the Update Manager Download Service on Linux
Configuring UMDS to download patches
Configuring a Web Server on UMDS (Linux)
15
Securing vSphere Using SSL Certificates
Securing vSphere Using SSL Certificates
Using VMCA as a Subordinate or Intermediary CA
Certificate management using the Hybrid approach
Renewing ESXi certificates
Trusting root certificates to stop browser security warnings
16
Monitoring the vSphere Infrastructure
Monitoring the vSphere Infrastructure
Using esxtop to monitor performance
Exporting/importing esxtop configurations
Running esxtop in batch mode
Gathering VM I/O statistics using vscsiStats
Using vCenter Performance Charts
17
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Certificate management using the Hybrid approach

One of the risks involved in making a VMCA the subordinate CA is the fact that anyone with access to the PSC can regenerate Machine SSL certificates for the PSC(s) and vCenter Server(s). In other words, VMCA completely relies on the operating system it is running on, such as Windows/PhotonOS, to secure the key stores. Anyone with root access to the node that's running VMCA can easily read the certificate authorities' root certificate.

Therefore, VMware allows for a much more secure approach, which is commonly referred to as the Hybrid method. In this approach, the Machine SSL of vCenter and PSC are replaced with custom certificates from the Enterprise CA. VCMA is only used to issue certificates for the solution users and ESXi hosts.

The following diagram depicts the Hybrid approach:

The Hybrid approach is the VMware...
Previous Section
End of Section 3
Next Section