Category Archives: Virtualisation

VCAP-DCA Study notes – 6.1 vSphere Log Files

VCAP, Virtualisation, VMware, , , ,
Print Friendly, PDF & Email

Knowledge

  • Identify vCenter Server log file names and locations
  • Identify ESX/ESXi log files names and locations
  • Identify tools used to view vSphere log files

Skills and Abilities

  • Generate vCenter Server and ESX/ESXi log bundles
  • Use vicfg?syslog to configure centralized logging on ESX/ESXi Hosts
  • Test centralized logging configuration
  • Configure the vMA appliance as a log host
  • Use vilogger to enable/disable log collection on the vMA appliance
  • Use vilogger to configure log rotation and retention
  • Analyze log entries to obtain configuration information
  • Analyze log entries to identify and resolve issues

Tools & learning resources

I’m covering the troubleshooting objectives last while preparing for the VCAP-DCA – it seems like the logical thing to do. Learn all the material then play with it, break it, fix it, recreate it etc. Practice makes perfect! I’ve been using the Trainsignal’s Troubleshooting for vSphere course but the official VMware Troubleshooting course has been getting good feedback.

vCenter log files

Located in;

  • %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\Logs (W2k3)
  • C:\ProgramData\VMware\VMware VirtualCenter\Logs (W2k8)

Available logs;

  • sms.log                                   Storage Management Service
  • vpxd-xxxx.log                        vCenter logs
    • vpxd-xxxx.log.gz are archived logs. You have to unzip them to see contents.

You can change the logging level (which defaults to ‘normal’) by going to vCenter Server Settings -> Logging Options. This VMwareKB describes how to enable trivia logging in vCenter (even if vCenter isn’t running) although this may have a performance impact and should only be used temporarily while diagnosing issues.

There are numerous ways to do this; Continue reading VCAP-DCA Study notes – 6.1 vSphere Log Files

VCAP-DCA Study notes – 1.2 Manage Storage Capacity

VCAP, Virtualisation, VMware, , , , , , ,
Print Friendly, PDF & Email

Managing storage capacity is another potentially huge topic, even for a midsized company. The storage management functionality within vSphere is fairly comprehensive and a significant improvement over VI3.

Knowledge

  • Identify storage provisioning methods
  • Identify available storage monitoring tools, metrics and alarms

Skills and Abilities

  • Apply space utilization data to manage storage resources
  • Provision and manage storage resources according to Virtual Machine requirements
  • Understand interactions between virtual storage provisioning and physical storage provisioning
  • Apply VMware storage best practices
  • Configure datastore alarms
  • Analyze datastore alarms and errors to determine space availability

Tools & learning resources

Storage provisioning methods

There are three main protocols you can use to provision storage;

  • Fibre channel
    • Block protocol
    • Uses multipathing (PSA framework)
    • Configured via vicfg-mpath, vicfg-scsidevs
  • iSCSI
    • block protocol
    • Uses multipathing (PSA framework)
    • hardware or software (boot from SAN is h/w initiator only)
    • configured via vicfg-iscsi, esxcfg-swiscsi and esxcfg-hwiscsi, vicfg-mpath, esxcli
  • NFS
    • File level (not block)
    • No multipathing (uses underlying Ethernet network resilience)
    • Thin by default
    • no RDM, MSCS,
    • configured via vicfg-nas

I won’t go into much detail on each, just make sure you’re happy provisioning storage for each protocol both in the VI client and the CLI.

Know the various options for provisioning storage;

  • VI  client. Can be used to create/extend/delete all types of storage. VMFS volumes created via the VI client are automatically aligned.
  • CLI – vmkfstools.
    • NOTE: When creating a VMFS datastore via CLI you need to align it. Check VMFS alignment using ‘fdisk –lu’. Read more in Duncan Epping’s blogpost.
  • PowerCLI. Managing storage with PowerCLI – VMwareKB1028368
  • Vendor plugins (Netapp RCU for example). I’m not going to cover this here as I doubt the VCAP-DCA exam environment will include (or assume any knowledge of) these!

When provisioning storage there are various considerations;

  • Thin vs thick
  • Extents vs true extension
  • Local vs FC/iSCSI vs NFS
  • VMFS vs RDM

Continue reading VCAP-DCA Study notes – 1.2 Manage Storage Capacity

VCAP-DCA Study notes – 1.1 Implement and manage complex storage

VCAP, Virtualisation, VMware, , , , ,
Print Friendly, PDF & Email

Storage is an area where you can never know too much. For many infrastructures storage is the most likely cause of performance issues and a source of complexity and misconfiguration – especially given that many VI admins come from a server background (not storage) due to VMware’s server consolidation roots.

Knowledge

  • Identify RAID levels
  • Identify supported HBA types
  • Identify virtual disk format types

Skills and Abilities

  • Determine use cases for and configure VMware DirectPath I/O
  • Determine requirements for and configure NPIV
  • Determine appropriate RAID level for various Virtual Machine workloads
  • Apply VMware storage best practices
  • Understand use cases for Raw Device Mapping
  • Configure vCenter Server storage filters
  • Understand and apply VMFS resignaturing
  • Understand and apply LUN masking using PSA?related commands
  • Analyze I/O workloads to determine storage performance requirements

Tools & learning resources

Identify RAID levels

Common RAID types: 0, 1, 5, 6, 10. Wikipedia do a good summary of the basic RAID types if you’re not familiar with them. Scott Lowe has a good article about RAID in storage arrays, as does Josh Townsend over at VMtoday.

The impact of RAID types will vary depending on your storage vendor and how they implement RAID. Netapp (which I’m most familiar with) using a proprietary RAID-DP which is like RAID-6 but without the performance penalties (so Netapp say).

Scott Lowe has a good article about RAID in storage arrays, as does Josh Townsend over at VMtoday.

Supported HBA types

This is a slightly odd exam topic – presumably we won’t be buying HBAs as part of the exam so what’s there to know? The best (only!) place to look for real world info is VMware’s HCL (which is now an online, searchable repository). Essentially it comes down to Fibre Channel or iSCSI HBAs.

Remember you can have a maximum of 8 HBAs or 16 HBA ports per ESX/ESXi server.You should not mix HBAs from different vendors in a single server. It can work but isn’t officially supported.

Continue reading VCAP-DCA Study notes – 1.1 Implement and manage complex storage

VCAP-DCA Study notes–7.3 vShield Zones

VCAP, Virtualisation, VMware, ,
Print Friendly, PDF & Email

vShield Zones is basically a firewall framework to protect your VMs without requiring external or hardware based firewalls. It requires Advanced or higher licencing. For study I’d suggest going through Eric Siebert’s blogposts (part one, two, and three) to start with (they cover real world issues) and then getting stuck into the official docs – they cover everything on the blueprint. There’s quite a bit to learn making this is one of the larger objectives on the VCAP-DCA blueprint.

NOTE: vShield Zones is NOT the same as vShield App, Edge, and Endpoint so make sure you download the right version. The VCAP-DCA exam only covers v1.0 of vShield Zones (not the most recent v4.1) and doesn’t cover the more feature rich vShield App Suite. See VMware’s product page for more details.

Knowledge

  • Identify vShield Zones components
  • Identify the four CLI command modes

Skills and Abilities

  • Configure vShield Zones
  • Backup and restore vShield Manager Data
  • Backup CLI Configuration
  • Create/Delete Layer 2/3/4 firewall rules using VM Wall
  • Install/Uninstall a vShield manually and from template
  • Configure vShield Manager plug?in capability
  • Configure VM Flow charts
  • Update vShield Zones
  • Add/Edit/Delete User Accounts
  • Assign rights to a user
  • Add/Delete Application?Port Pair mapping
  • Execute/Schedule Execution of virtual machine discovery
  • Utilize vShield Zones CLI commands to configure and monitor vShield Zones
  • Analyze traffic using VM Flow to determine root cause of network related issues

Installing vShield Zones

Deployed as an appliance with two components;

  • Setup the vShield Manager appliance
    • Deploy the vShield Manager from OVF
    • Create a port group on the vSwitch which hosts your VM traffic, named vsmgmt and amend the vNIC on the vShield Manager VM to use this network.
    • Power up the VM, login with ‘admin’ and ‘default’, then run ‘setup’ to configure the server.
    • Allocate IP details
    • Upgrade VMtools (you can use the ‘Automatic’ option – being Linux based no reboot is required)
  • Initial install of the vShield Agent
    • Deploy from OVF and then convert to a template. This simply gets the agent ready for deployment.

If you’re wondering whether VMtools make a significant difference to this customised Linux appliance see (the pointless) VMwareKB1011501! You can also find out what’s new in vShield Zones 1.0 Update 1.

Continue reading VCAP-DCA Study notes–7.3 vShield Zones

VCAP-DCA Study notes 7.2– Configure and Maintain the ESX Firewall

VCAP, Virtualisation, VMware, ,
Print Friendly, PDF & Email

A blessedly quick objective this one! Quite why the ESXi Configuration Guide is listed in the blueprint is anyone’s idea as ESXi doesn’t contain a firewall! The blueprint also lists vicfg-firewall which is a typo – they mean esxcfg-firewall, as vicfg-firewall doesn’t exist!

Knowledge

  • Identify vicfg-firewall commands
  • Explain the three firewall security levels
  • Identify ESX firewall architecture with/without vCenter Server

Skills and Abilities

  • Enable/Disable pre?configured services
  • Configure service behavior automation
  • Open/Close ports in the firewall
  • Create a custom service
  • Set firewall security level

Firewall architecture

The ESX Configuration Guide talks very generally about where to put firewalls to protect traffic. In reality I can’t see much difference in architecture whether you have a vCenter server or not.  These two diagrams are from the ESX Configuration Guide – minimal differences!

The firewall is ESX only (there’s no ESXi firewall as no service console).

imageimage
Firewall security levels

Three firewall security levels (high is default);

  1. High (outbound blocked, limited inbound allowed (902, 443,22,123 and a few other including ICMP).
  2. Medium (outbound allowed, inbound blocked apart from allowed services)
  3. Off

Continue reading VCAP-DCA Study notes 7.2– Configure and Maintain the ESX Firewall