Book Image

VMware vCenter Cookbook

By : Kostantin Kuminsky
Book Image

VMware vCenter Cookbook

By: Kostantin Kuminsky

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
VMware vCenter Cookbook
Kostantin Kuminsky
May, 2015 | 302 pages
No titles found
Table of Contents (15 chapters)
VMware vCenter Cookbook
VMware vCenter Cookbook
Credits
Credits
Foreword
Foreword
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
vCenter Basic Tasks and Features
vCenter Basic Tasks and Features
Introduction
Choosing the right vSphere and vCenter editions
Booting a VM from a virtual CD-ROM
Using hosts with different CPUs in one cluster
Fixing VMware tools to autostart after Linux updates
Running vCenter on a VM
Managing several vCenter Servers from one client
Accessing new vCenter features
Accessing hosts via SSH
Securing host management access
Storing host logs on a shared datastore
Configuring remote logging
2
Increasing Environment Availability
Increasing Environment Availability
Introduction
Configuring the HA feature
Prioritizing VMs for recovery
Tuning up vSphere HA
Ensuring 100 percent uptime for critical VMs
Protecting host redundancy for equally sized hosts
Protecting host redundancy for significantly different hosts
Protecting host redundancy with failover hosts
Backing up/restoring .vmdk files
Restoring VM backup without vCenter
Configuring the backup retention policy
Protecting the vCenter VM
3
Increasing Environment Scalability
Increasing Environment Scalability
Introduction
Delivering new VMs faster with templates
Delivering new VMs faster with customizations
Troubleshooting customizations
Keeping templates up to date
Utilizing host local storage
Automating VM deployments
Deploying new hosts faster with scripted installation
Deploying new hosts faster with auto deploy
Keeping host configuration consistent
Increasing a VM's RAM and CPU online
4
Improving Environment Efficiency
Improving Environment Efficiency
Introduction
Meeting higher I/O needs with the VMware Paravirtual controller
Improving network performance with the VMXNET 3 network adapter
Using new virtual hardware
Controlling storage space used by virtual disks
Managing the space used by snapshots
Improving host productivity with Flash Read Cache
Speeding up VMs with Flash Read Cache
Optimizing host power consumption
Considering NUMA when configuring RAM
vCPU versus pCPU and time slots
5
Optimizing Resource Usage
Optimizing Resource Usage
Introduction
Prioritizing VMs with shares
Ensuring VMs have enough resources to run
Limiting resources used by VMs
Grouping VMs by resource usage
Balancing loads between hosts
Balancing loads between datastores
Configuring storage load balancing thresholds
Limiting VM storage I/O consumption
Limiting VM network I/O consumption
6
Basic Administrative Tasks
Basic Administrative Tasks
Introduction
Improving visibility with email alerts
Controlling the space used by snapshots
Controlling datastore space utilization
Automating VM placement with storage profiles
Automating VM placement with VM affinity
Automating VM placement with storage affinity
Automating tasks with a scheduler
Keeping hosts up to date
7
Improving Environment Manageability
Improving Environment Manageability
Introduction
Categorizing objects in the environment
Scheduling the VM clone
Redirecting VMkernel dumps to another server
Gathering network traffic
VDS configuration backup and restore
Management network configuration recovery
Choosing a MAC address prefix
Getting familiar with new CLI
Configuring the firewall from CLI
Bypassing "hostd" when it's unresponsive with CLI
Index
Index

Securing host management access

When it comes to managing ESXi hosts, there are a few interfaces available to perform management tasks:

  • Common Information Model (CIM), which is used for vCenter Server access.

  • Direct Console User Interface (DCUI), which is also known as the ESXi console.

  • Tech Support Mode (TSM)

    • Local—console access to the ESXi command line.

    • Remote—SSH access to the ESXi command line.

  • vSphere Application Programming Interface (API) such as vSphere Client, PowerCLI, vCLI, and so on.

Remote TSM has been covered in the Accessing hosts via SSH recipe in this chapter. Local TSM and DCUI are console options available if you have physical access to the host or remote console access such as iDRAC.

All interfaces except vSphere API can be managed from vCenter under host Configuration | Security Profile | Services:

Both TSM options can also be configured from the DCUI console.

The following table summarizes different management interfaces and where each one can be configured:

Management interface

Description

Configuration from vCenter

Configuration from DCUI

CIM

vCenter access

Host's Services

 

DCUI

ESXi console

Host's Services

 

Local TSM

Console CLI

Host's Services

Troubleshooting menu

Remote TSM

SSH access to CLI

Host's Services

Troubleshooting menu

APIs

vSphere Client, PowerCLI, vCLI

  

VMware offers a way to secure management access to hosts called Lockdown mode.

Lockdown mode is a security feature, which limits the administrator's ability to manage the ESXi host only through vCenter. When a host is in this mode, the administrator cannot use the command line or run scripts. Also, any third-party software cannot get or change any settings on this host.

Note

User root will still be able to access DCUI but not TSM.

The following table summarizes each management interface's behavior in Normal and Lockdown modes:

Management interface

Normal mode

Lockdown mode

CIM

User and group permissions

Only vCenter server

DCUI

User root and users with administrator rights

Only root user

Local TSM

Only root user

None

Remote TSM

Only root user

None

APIs

User and group permissions

Only vCenter vpxuser

Additional security always means inconvenience. If the vCenter VM crashed or didn't come up after the reboot, and access to vCenter has been lost, ESXi has to be reinstalled on hosts that are in Lockdown mode to restore access.

How to do it...

To enable lockdown mode from vCenter, execute the following steps:

  1. Lockdown mode can be enabled per host by going to Configuration | Security Profile:

  2. Click on Edit next to Lockdown Mode, select Enable Lockdown Mode, and click on OK:

Note

All the existing vCenter Client connections to the host will be dropped immediately.

Users that are currently logged in to DCUI or TSM will still have access after Lockdown mode has been enabled until they log off. Logged in users will not be able to switch Lockdown mode off in this case.

All the existing user and group permissions will be restored once Lockdown mode is disabled if it was enabled from vCenter.

To enable Lockdown Mode from Web Client, execute the following steps:

  1. Select a host.

  2. Go to Manage | Settings | Security Profile.

  3. Scroll down to the Lockdown Mode section.

  4. Click on the Edit next to the section.

  5. Check Enable Lockdown Mode.

  6. Click on OK.

Enable Lockdown mode from the ESXi console

To enable Lockdown mode from DCUI, press F2, log in with the root user, move the cursor to the Configure Lockdown Mode item, and press Enter.

Tip

All the existing user and group permissions will be lost once Lockdown mode is enabled from DCUI so the best practice is to use vCenter to enable Lockdown.

Previous Section
End of Section 11
Next Section