Failback
of virtual machines is a manual task in vSphere
Replication.
After
performing a successful recovery from the primary site to the secondary site,
you can perform failback.
You manually configure a new replication in the
reverse direction, that is, from the secondary site to the primary site.
You
might want fewer, larger LUNs for
the following reasons:
- More flexibility to create virtual machines
without asking the storage administrator for more space.
- More flexibility for resizing virtual disks,
doing snapshots, and so on.
- Fewer VMFS datastores to manage.
To
enable the VM compatibility upgrade,
you must power off the virtual machine.
In
vSphere 6.5, the vCenter High
Availability feature was introduced. vCenter High Availability (vCenter HA)
protects the vCenter Server Appliance against host and hardware failures. The active-passive architecture of the
solution can also help reduce downtime significantly when the vCenter Server
Appliance is patched. vCenter HA is only available for the vCenter Server
Appliance.
vSphere DRS when set to ‘Fully Automated’ will balance resources for hosts with only shared storage.
Configurable
options available in Boot Options for a virtual machine:
- Firmware
- Boot
Delay
- Force BIOS setup
- Failed
Boot Recovery
Image: Configurable options available in Boot
Options for a vSphere 6 VM
What VMware vCenter Converter Does:
Quickly
converts local and remote physical machines into virtual machines without any
downtime (used to move physical servers
to vSphere)
Microsoft
SQL Database Set to Unsupported
Compatibility Mode Causes vCenter Server Installation or Upgrade to Fail: “The DB User
entered does not have the required permissions needed to install and configure
vCenter Server with the selected DB. Please correct the following error(s): %s”
Using
more than the required number of SAN host paths (4) limits the number of LUNs per host.
Content libraries are container objects for VM templates, vApp
templates, and other types of files. vSphere administrators can use the
templates in the library to deploy virtual machines and vApps in the vSphere
inventory. Sharing templates and
files across multiple vCenter Server instances in same or different locations
brings out consistency, compliance, efficiency, and automation in deploying
workloads at scale.
vSphere Replication: How the 5 Minute Recovery Point Objective (RPO)
Works
You can
use the 5-minute RPO if the target and the source sites use Virtual SAN
storage.
Note: If you select the OS quiescing option while configuring replication, you cannot use
an RPO value lower than 15 minutes.
Multiple
isolation response addresses can be specified using the das.isolationaddress0 through das.isolationaddress9 options.
3 best
practices before upgrading to vSphere
6.5:
- Ensure
that the system hardware complies with ESXi requirements.
- Back
up the host.
- Check
the interoperability of any other software integrated with vSphere.
2
requirements to enable EVC (Enhanced
vMotion Compatibility) in vSphere DRS cluster:
- CPUs
must be from the same vendor (AMD or
Intel)
- EVC
must use the lowest possible baseline supported by the hardware
In
vSphere 6.0, to back up and restore a VM that contains vCenter Server, a
vCenter Server Appliance, or a Platform Services Controller, you must do a full image backup, and the VM must
meet the following requirements:
- The VM
must have VMware Tools installed and running.
- The VM
must use an FQDN with correct DNS resolution, or be configured with a static
IP.
Members
of the SystemConfiguration.Administrators
group can view and manage the system
configuration in the vSphere Web Client.
These users can view, start and restart
services, troubleshoot services, see the available nodes and manage those
nodes.
A minimum of three hosts must contribute
capacity to non-ROBO single site
VMware vSAN cluster.
Duncan Epping “With Virtual SAN we have a
minimum of 3 hosts, well in a ROBO configuration you can have 2 with an
external witness. This means that from a support perspective the bare minimum
of dedicated physical hosts required for VSAN is 2. There you go, 2 is the bare
minimum for ROBO. For non-ROBO 3 is the minimum.”
VMware Flash Read Cache will be unable to claim a disk
(needs to be SSD) if:
- The
disk is not detected as an SSD
- The
disk is not detected as local
- The
disk is in use by VMFS
Boot from SAN supports all 3 SAN storage technologies: FCoE, iSCSI, FC
Two
components of storage I/O multipathing on ESXi:
SATPs and PSPs
are sub plug-ins within the NMP module:
SATP: The specific details of handling
path failover for a given storage array are delegated to a Storage Array Type Plug-In (SATP).
PSP: The specific details for
determining which physical path is used to issue an I/O request to a storage
device are handled by a Path Selection
Plug-In (PSP).
vSphere
6.5 and later supports PVRDMA (Paravirtual
RDMA) only in environments with specific configuration. Including: Guest OS: Linux (64-bit)
In many
production situations, a highly
available Auto Deploy infrastructure is required to prevent data loss. Such an infrastructure is also a prerequisite for using Auto Deploy with
stateless caching.
Manage
the vCenter HA Configuration > Set
Up Your Environment to Use Custom
Certificates
1) Edit
the cluster configuration and select Remove.
2) Delete
the Passive node and the Witness node.
3) On
the Active node - which is now a standalone vCenter Server Appliance - replace
the machine SSL Certificate with a custom certificate.
4) Reconfigure the cluster.
The virtual machine log rotation size can
be changed for all VMs by editing the VMX files and line log.keepold, or
using the vSphere Web Client or PowerCLI.
Two
configuration options to exclude virtual
disks from snapshot operations:
- Use virtual disks in independent
(persistent mode)
- Use RDM in physical mode for virtual disk
vSphere Data Protection performance analysis:
Possible results are:
Passed, Failed, Conditionally Passed
- Passed
if the seek test is selected (Excluded by Default). If all tests succeed, the
result is Passed.
- If the
write or read tests are unsuccessful, the result is Failed.
- If the
seek test is selected and if the write and read tests are successful but
the seek test fails, the result is Conditionally
Passed.
Illustration:
If the virtual machine system traffic has 0.5 Gbps
reserved on each 10 GbE uplink
on a distributed switch that has 10
uplinks, then the total aggregated bandwidth available for VM reservation
on this switch is 5 Gbps. Each
network resource pool can reserve a quota of this 5 Gbps capacity.
Illustration:
The
cluster requires different permissions for contractors
and non-contractors. To exclude the
contractor group from some of the critical VMs:
- Apply
permission for both contractors and non-contractors on the cluster level.
- Remove
permission on the critical VMs for contractors.
VMware Converter does not support source server storage on:
- Software RAID
- GPT/MBR hybrid disks
- ESXi 5.5 or later is required.
- vCenter
Server 6.5 is required.
- vCenter HA is supported and tested with VMFS, NFS, and vSAN datastores.
- vCenter
HA network latency between Active, Passive, and Witness nodes must be less than
10 ms.
Delete NFS datastore on an ESXi host returns the error:
Sysinfo error on operation returned
the following status: Busy
The busy
status indicated that either:
- Storage I/O control is enabled on NFS datastore
- NFS
datastore has powered on and registered VMs
Best practices (recommendations) for vSphere HA
Admission Control (1 of 4):
- Select the Percentage of Cluster Resources
Reserved admission control policy. This policy offers the most flexibility in terms of host and virtual
machine sizing. When configuring this policy, choose a percentage for CPU and
memory that reflects the number of host failures you want to support. For example, if you want vSphere HA to set
aside resources for two host failures and have ten hosts of equal capacity in
the cluster, then specify 20% (2/10).
Troubleshoot
VMkernel network connectivity problems with the vmkping command.
Using TSO and LRO on physical and virtual machine NICs improves the performance
of ESX/ESXi hosts by reducing the CPU overhead for TCP/IP network operations.
The host uses more CPU cycles to run applications (in-guest can help to decrease latency.)
TSO =
TCP Segmentation Offload
LRO =
Large Receive Offload
ESXi supports the following iSCSI Adapters (vmhba):
Software (VMKernel Networking Required)
Independent
Hardware (VMkernel Networking Not Required)
Dependent Hardware (VMKernel Networking
Required)
vmmemctl counter = Amount of memory allocated by the
virtual machine memory control driver (vmmemctl), which is installed with
VMware Tools. It’s a VMware exclusive memory-management driver that controls ballooning.
NFS v4.1 Firewall Behavior:
When you
mount the first NFS v4.1 datastore, ESXi enables the nfs41client rule set and
sets its allowedAll flag to TRUE.
This action opens port 2049 for all IP
addresses. Unmounting an NFS v4.1
datastore does not affect the firewall state. That is, the first NFS v4.1 mount
opens port 2049 and that port remains enabled unless you close it explicitly.
By
default, vCenter Server generates a new
vpxuser password every 30 days using OpenSSL crypto libraries as a source
of randomness.
Image: Storage Stack Components in a vSphere
environment
GAVG
(Guest Average Latency) total latency as seen from vSphere
KAVG
(Kernel Average Latency) time an I/O request spent waiting inside the vSphere
storage stack.
QAVG
(Queue Average latency) time spent waiting in a queue inside the vSphere
Storage Stack.
DAVG (Device Average
Latency) latency coming from the physical hardware, HBA and Storage device.
VM Monitoring Settings
Setting | Failure Interval | Reset Period
--------+------------------+-------------
High | 30
secs | 1 hour
Medium | 60
secs | 24 hours
Low | 120 secs
| 7 days
When enabling VMware FT and the primary is powered on,
VMware FT automatically attempts to start the fault tolerant secondary.
Starting the secondary fails after a brief delay and produces the following
error message:
“Secondary virtual machine could not be powered on as there
are no compatible hosts that can accommodate it.”
- If the other hosts do not have HV (Hardware Virtualization) enabled but the primary does, the
primary virtual machine is still powered on but produces the error message.
- You will also see this error if the other ESXi host(s)
are in Maintenance Mode.
Host profiles
is not available on vSphere Standard
license, you will need Enterprise
Plus license to use Host Profile.
The purpose of the consolidate
action is if the snapshot deletion process was not successful. With the
consolidation option, when you initiate a snapshot deletion, if the snapshot
fails to delete, the VM will then generate a warning letting you know that a
consolidation is required. You would then run consolidate and the redundant delta disks will be combined and
deleted.
SplitRX mode feature
can help achieve a high packet rate with
lower CPU consumption.
“SplitRx mode uses
multiple physical CPUs in an ESXi host to process network packets received in a
single network queue. As it does not transfer the same copy of the network
packet, it provides a scalable and efficient platform for multicast receivers.
SplitRx mode improves throughput and CPU efficiency for multicast traffic
workloads.”
Storage
capabilities can be populated via
- Administrator
uses tags to describe capabilities
- Datastores
can advertise their capabilities
through VASA
Fibre Channel
Zoning:
With ESXi hosts the preferred zoning practice is to use a
single-initiator-single-target zoning.
A VM-VM affinity
rule specifies whether selected individual virtual machines should run on the same host or be kept on separate
hosts. This type of rule is used to create affinity or anti-affinity
between individual virtual machines that you select.
ESXi provides CDP and LLDP to help identity the
upstream switch.
CDP = Cisco
Discovery Protocol
LLDP = Link Layer
Discovery Protocol
You can use the vCenter
Server Appliance Management Interface to backup the vCenter Server (Appliance) instance.
You can also perform a restore operation by deploying a new vCenter Server Appliance and
using the vCenter Server Appliance
management interface to copy the data from the file-based backup to the new
appliance.
Virtual Volumes
supports such vSphere features as vMotion,
Storage vMotion, snapshots, linked
clones, Flash Read Cache, and DRS.
The pktcap-uw
tool is an enhanced packet capture and
analysis tool.
Note: The new
pktcap-uw tool allows traffic to be captured at all points within the hypervisor for greater flexibility and
improved troubleshooting (including: at
the uplinks, vSwitch, or virtual port levels).
Vsphere DRS
uses CPU, RAM and physical NIC saturation of an ESXi host
to load balance virtual machines with available resources.
To enable RAID-6
objects in a VMware vSAN cluster, the following requirements must be met:
- vSAN Advanced
license or higher
- Requires a minimum
of 6 hosts in the VSAN cluster
- RAID 5 or RAID 6 erasure coding is available only on all-flash disk groups
Hardware
Acceleration for NAS Devices requires the use of third-party software on ESXi.
The hardware
acceleration uses vSphere APIs for Array Integration (VAAI) to facilitate communications between the hosts and storage
devices.
When configuring iSCSI
Software Adapter network port binding - with multiple NICs in one vSwitch -
ensure each vmkernel port has a unique
active adapter.
Backup
verification jobs can be created in vSphere Data Protection. These jobs automate the process of restoring a virtual
machine: powering it on;
verifying the guest OS booted, by detection of VMware Tools “heartbeats”; and, optionally, confirming an
application started successfully by means of a custom script.
RAID 5 or RAID 6 Design
Considerations for Virtual SAN:
- RAID 5 or RAID 6 erasure coding is available only on all-flash disk groups.
- On-disk format
version 3.0 or later is required to support RAID 5 or RAID 6.
- Need valid license
(Advanced or higher) to enable RAID 5/6 on a cluster.
- RAID 5/6 is not supported on stretched VSAN clusters.
vSphere Distributed
Switch Health Check:
vSphere Distributed Switch MTU supported status Alarm: Not Supported if: MTU
health check status of an uplink port is changed, and in the latest MTU health
check, not all the VLAN MTU setting on physical
switch allows vSphere Distributed Switch max MTU size packets passing.
Lost access to volume ... (example datastore) due to connectivity issues. Recovery attempt is in progress and outcome will be reported
shortly.
To determine why
the heartbeat I/O operations never complete:
- Note the date/time when the lost access to volume
message was reported and check the ESXi host logs for related information.
- Verify that there are no connectivity (i.e. network
failure) issues between the ESXi
host and the storage device (i.e. disk array failure).
Subset of (ESXi) Host
Profile Subprofile Configurations:
Component Category = Security
Configuration Settings = Firewall, Security Settings, Service
DCUI = Host Direct Console User Interface
If you are unable
to administer your ESXi host via the DCUI, two possible causes:
- Strict lockdown
mode is enabled on the host
- The DCUI service
is disabled on the host
General vCenter
Server logs on a vCenter Server
Appliance are located at /var/log/vmware/vpxd/
Image: vCenter
Server logs are grouped by component and purpose in these sub-directories:
These permissions are required to perform Storage vMotion from the Remote Command
Line Interface (RCLI):
- Resource > Migrate
- Resource >
Relocate
- Datastore >
Allocate Space
Note: These
permissions must be assigned at the virtual machine level.
Depending on the
type of port mirroring session being
edited, different options are available for configuration, including:
Option = Encapsulation VLAN ID
Description = Enter
a valid VLAN ID in the field. This information is required for Remote
Mirroring Source port mirroring
sessions.
Networking
Requirements for vSAN
Host Bandwidth:
- Each host must have minimum bandwidth dedicated to
vSAN:
-- Dedicated 1 Gbps for hybrid configurations.
-- Dedicated or
shared 10 Gbps for all-flash configurations.
Connection between
hosts:
- Each host in the vSAN cluster must have a VMkernel
network adapter for vSAN traffic.
Host network:
- All hosts in your vSAN cluster must be connected to a
vSAN Layer 2 or Layer 3 network.
IPv4 and IPv6
support:
- The vSAN network supports both IPv4 and IPv6
Multicast:
- Allow
multicast traffic on the VSAN network between the ESXi hosts
participating in the VSAN Cluster.
esxcli network nic list
= This command will list the Physical NICs (vmnic) currently installed and loaded
on the system (includes physical uplink
status.)
Prerequisites for enabling
secure boot for a virtual machine:
Verify that the virtual machine operating system and
firmware support UEFI boot.
- EFI firmware
- Virtual hardware
version 13 or later.
- Operating system that supports UEFI secure boot.
Note: Additionally
you need VirtualMachine.Config.Settings
privileges to reconfigure the Virtual Machine.
ESXi host
Storage Maximum: LUNs per server = 512
Virtual Machine
User (sample) role: A set of privileges to allow the user to interact with
a virtual machine’s console, configure
CD media, and perform power
operations (includes reset). Does
not grant privileges to make virtual hardware changes to the virtual machine.
Upgrading to vCenter Server 6.5:
The
vCenter Server 6.0 embedded Microsoft
SQL Server Express database is replaced with an embedded PostgreSQL database during the upgrade to vCenter Server 6.5. The
maximum inventory size that applied for Microsoft SQL Server Express still
applies for PostgreSQL.
Overview of the ESXi Host Upgrade Process
Choose your ESXi host upgrade method:
- using
the GUI, script, or CLI
- using Auto Deploy
- using Update Manager
When you
enable Storage DRS, you enable these
functions:
- Space load balancing among datastores
within a datastore cluster
- I/O load balancing among datastores within
a datastore cluster
- Initial placement for virtual disks based
on space and I/O workload
Datastores that are Storage
I/O Control-enabled must be managed
by a single vCenter Server system.
Version 3 of the Network
I/O Control feature offers improved network resource reservation and
allocation across the entire switch:
- Bandwidth Resource Reservation (per
traffic type)
- Bandwidth Guarantee to Virtual Machines
You can create a content library in the vSphere
Web Client, and populate it with templates, which you can use to deploy virtual
machines or vApps in your virtual environment.
Option = Optimized
published content library
Description = Select Optimize
for syncing over HTTP to create an optimized published library. This
library is optimized to ensure lower CPU usage and faster streaming of the
content over HTTP. Use this library as a main content depot for your subscribed
libraries. You cannot deploy virtual
machines from an optimized library. Use optimized published content library
when the subscribed libraries reside on a remote vCenter Server system and
enhanced linked mode is not used.
Prevent a VM User or Process from Disconnecting Devices in the vSphere Web Client (VM advanced
configuration parameters):
isolation.device.connectable.disable = true
isolation.device.edit.disable = true
Requirements and Considerations when Booting
from Fibre Channel SAN:
- Follow vendor recommendations for boot from
SAN
- Configure HBA so it can access the boot LUN
- Each host must have access to its own boot
LUN only
- Multipathing to a boot LUN on
active-passive arrays is not supported (because the BIOS does not support
multipathing and is unable to activate a standby path)
- Boot
from SAN is supported for both switched topology and direct connect topology
Note: ESXi
hosts do not require local storage.
Only one vSphere
Replication appliance is deployed on each
vCenter Server.
Set
device’s max queue depth
esxcli storage core
device set
-m|--max-queue-depth={long}
Datastore Cluster Requirements:
- Datastore
clusters must contain similar or interchangeable datastores
- Datastores
shared across multiple datacenters cannot be included in a datastore cluster.
- As a best practice, datastores - in the
datastore cluster - should have equal
hardware acceleration capability (i.e. all enabled or all disabled).
If the vmkernel log reports VMFS metadata errors:
- Check the device with VOMA
-
Contact VMware technical support
To check metadata consistency, run vSphere On-disk
Metadata Analyser (VOMA) from the CLI of an ESXi host. VOMA can be used to
check and fix metadata inconsistency issues for a VMFS datastore or a virtual
flash resource. To resolve errors reported by VOMA, consult VMware Support.
For the vCenter server account used for vSphere data protection (VDP), the user
account must have administrator role
and the password for the user
account should not contain spaces.
Virtual
Volumes (VVOLs) supports NFS version 3
and 4.1, iSCSI, Fibre Channel,
and FCoE.
Causes
of CPU spikes on web servers in a
vSphere environment:
- Disk latency is present on the
datastore (more latency more queuing)
-
Network packet size is too small (larger packets require less CPU processing)
Storage DRS dynamically balance the Storage DRS cluster
imbalance based on Space and IO threshold set. Default space threshold per datastore is 80% and default IO latency threshold is 15ms.
A
correct sequence to upgrade a vSphere Infrastructure:
(1st) vCenter Server > (2nd) ESXi Host > (3rd) VMware Tools > (4th) VM compatibility (VM hardware)
Boot from SAN with host profiles:
When
applying the host profile to the target host, the boot device settings for the
remote boot LUN device are copied from the reference host into the target host
-
Select Storage configuration > Pluggable
Storage Architecture configuration > Host boot device configuration
- verify that the boot LUN is correctly identified
as the boot device in the host profile
Configure
the Conversion Job:
- Set
the Startup Mode for Destination Services
- Stop
Services Running on the Source Machine
- Synchronize the Destination Machine with
Changes Made to the Source Machine
- Power
Off the Source Machine After Conversion
- Power
On the Destination Virtual Machine After Conversion
- Limit
the Amount of Resources Used by the Conversion Job
- Uninstall
Converter Standalone Agent from the Source Machine
If you
try to migrate a VM to another host in the same cluster, but the destination host does not share the same
datastore, you will receive an error “Select a valid compute resource”.
VMFS Metadata Updates
A VMFS
datastore holds VM files, directories, symbolic links, RDM descriptor files,
and so on. The datastore also maintains a consistent view of all the mapping
information for these objects - this is called metadata. Metadata is updated
each time you perform datastore or VM management operations - examples:
- Creating,
growing, or locking a VM file
- Changing
a file's attributes
- Powering a VM on or off
- Creating
or deleting a VMFS datastore
- Expanding a VMFS datastore
- Creating
a template
- Deploying
a VM from a template
- Migrating a VM with vMotion
Two
services that run on the active and passive node in a vCenter Server HA
cluster:
- VMware PostgreSQL (vmware-vpostgres)
- VMware
vCenter High Availability (vmware-vcha)
Note: VMware VirtualCenter service (vpxd) only
runs on the active node.
Comments
Post a Comment