Objective 3.6 – Determine Data Center Management Options for a vSphere 5.x Physical Design
1. Differentiate and describe client access options.
- vSphere Client
- vSphere Web Client
Skills and Abilities
2. Based on the service catalog and given functional requirements, for each service:
o Determine the most appropriate datacenter management options for the design.
Management tools will depend on the skills on the operational staff running the infrastructure and will usually be decided on this basis.
o Implement the service based on the required infrastructure qualities.
Not much to say about this, but management tools should be implemented following AMPRS!
3. Analyze cluster availability requirements for HA and FT.
No brainer really. HA should always be enabled, although I have come across a situation where we couldn’t enable it due Cisco contact centre software not supporting HA and VMotion but I would say this is a real exception.
FT will have specific use cases depending on requirements, the current vCPU limit restricts it’s usefulness but as mentioned earlier this will soon be a thing of the past. FT VMs cannot have snapshots, DRS or Storage vMotion.
Analyze cluster performance requirements for DRS and vMotion.
Be aware of VM hardware versions, virtual machines running on hardware version 8 can’t run on prior versions of ESX/ESXi, such virtual machines can be moved using VMware vMotion only to other ESXi 5.0 hosts. Take into account CPU compatibility, try and keep the hardware exactly the same, if not possible then enable EVC on the cluster.
Analyze cluster storage performance requirements for SDRS and Storage vMotion.
Storage vMotion can perform up to four simultaneous disk copies per Storage vMotion operation. Storage vMotion will involve each datastore in no more than one disk copy at any one time, however. This means, for example, that moving four VMDK files from datastore A to datastore B will happen serially, but moving four VMDK files from datastores A, B, C, and D to datastores E, F, G, and H will happen in parallel.
For performance-critical Storage vMotion operations involving virtual machines with multiple VMDK files, you can use anti-affinity rules to spread the VMDK files across multiple datastores, thus ensuring simultaneous disk copies.
During a Storage vMotion operation, the benefits of moving to a faster data store will be seen only when the migration has completed. However, the impact of moving to a slower data store will gradually be felt as the migration progresses.
Storage vMotion will often have significantly better performance on VAAI-capable storage arrays.
VMware Storage vMotion performance depends strongly on the available storage infrastructure bandwidth between the ESXi host where the virtua l machine is running and both the source and destination data stores.
During a Storage vMotion operation the virtual disk to be moved is being read from the source data store and written to the destination data store. At the same time the virtual machine continues to read from and write to the source data store while also writing to the destination data store. This additional traffic takes place on storage that might also have other I/O loads (from other virtual machines on the same ESXi host or from other hosts) that can further reduce the available bandwidth.
Determine the appropriate vCenter Server design and sizing requirements:
o vCenter Server Linked Mode
Using vCenter Server in Linked Mode You can join multiple vCenter Server systems using vCenter Linked Mode to allow them to share information. When a server is connected to other vCenter Server systems using Linked Mode, you can connect to that vCenter Server system and view and manage the inventories of the linked vCenter Server systems.Linked Mode uses Microsoft Active Directory Application Mode (ADAM) to store and synchronize data across multiple vCenter Server systems. ADAM is installed as part of vCenter Server installation. Each ADAM instance stores data from the vCenter Server systems in the group, including information about roles andlicenses. This information is replicated across all of the ADAM instances in the connected group to keep them in sync.
When vCenter Server systems are connected in Linked Mode, you can perform the following actions:
- Log in simultaneously to vCenter Server systems for which you have valid credentials.
- Search the inventories of the vCenter Server systems in the group.
- View the inventories of the vCenter Server systems in the group in a single inventory view. So if you have multiple vCenter instances to manage different sites, for site recovery or just different locations, then vCenter Linked mode will help out with managing of all the different sites under one location
o vCenter Server Virtual Appliance
- vCenter Linked Mode is not supported
- vCenter Heartbeat is not supported
- Some VMware/Third Party Plugins might not support vCSA. Check with your desired plugin vendors if they support the vCenter Appliance.
- Installing update Manager on the vCenter Appliance is not supported, but you can still set it up on a separate Windows VM.
- If using the embedded database you will be limited to 100 hosts and 3000 VMs, but you always can utilize an Oracle Database to be able to scale to the vCenter Maximums of 1000 hosts and 10,000 VMs.
- MS SQL Database is currently not supported by the vCenter Server Appliance, where you can either use the built-in vPostgres (Support up to 100 hosts and 3000VMs) or you will need to use Oracle Database to scale to 1000 hosts and 10,000 VMs. If you are planning to go beyond 100 hosts and 3000VMs and Oracle database is not an option or your cup of tea then you will have to stick with the Windows version of vCenter for now.
- It does not support the Security Support Provider Interface (SSPI), which is a part of SSO, and is a Microsoft Windows API used to perform authentication against NTLM or Kerberos.
- VMware View Composer can not be installed on the vCenter appliance, but it is no longer required to install it on the same machine as vCenter and it can be installed on a different machine and then it will support vCSA.
o vCenter Server Heartbeat
vCenter Server Heartbeat is a Windows based service specifically designed to provide high availability protection for vCenter Server configurations without requiring any specialized hardware.
vCenter Server Heartbeat provides the following protection levels:
Server Protection – vCenter Server Heartbeat provides continuous availability to end users through a hardware failure scenario or operating system crash.
Additionally, vCenter Server Heartbeat protects the network identity of the production
server, ensuring users are provided with a replica server including server name and IP
address shares on the failure of the production server.
Network Protection –
vCenter Server Heartbeat proactively monitors the network by
polling up to three nodes to ensure that the active server is visible on the network.
Application Protection –
vCenter Server Heartbeat maintains the application environment
ensuring that applications and services stay alive on the network.
Performance Protection –
vCenter Server Heartbeat proactively monitors system
performance attributes to ensure that the system administrator is notified of
problems and can take pre-emptive action to prevent an outage.
Data Protection –
vCenter Server Heartbeat intercepts all data written by users
and applications, and maintains a copy of this data on the passive server that can
be used in the event of a failure.
vCenter Server Heartbeat provides all five protection levels continuously, ensuring
all facets of the user environment are maintained at all times, and that the network
(Principal (Public) network) continues to operate through as many failure scenarios as possible.
vCenter Server Heartbeat software is installed on a Primary server and a Secondary server.
These names refer to the physical hardware (identity) of the servers.
The Secondary server has the same domain name, same file and data structure, same network address, and can run all the same applications an d services as the Primary server.
vCenter Server Heartbeat uses two servers with identical names and IP addresses.
One is an active server that is visible on the Principal (Public) network and the other is a passive server that is hidden from the network but remains as a ready standby server.
Only one server name and IP address can be visible on the Principal (Public) network at any given time.
Determine appropriate access control settings, create roles and assign users to roles.
Covered on objective 2.7
Based on the logical design, identify and implement asset and configuration management technologies.
I would say that VMware are filling this space with vCAC or now referred to as vRealize Automation, it’s a huge subject way beyond the scope of my study notes. Other products are VMware GO, VMware service manager and VMware configuration manager.
Determine appropriate host and virtual machine deployment options.
Auto Deploy more suited to larger environments that require a more agile method of host deployment. Full install methods include boot from SAN, boot from ISCSI and scripted installs using powercli or linux kickstart(basically what auto-deploy uses), use image builder to customise ESXi images.
For virtual machines they can be created from templates, P2V, V2V or you can PXE boot the VM.
Based on the logical design, identify and implement release management technologies, such as Update Manager.
Taken from the Update Manager performance and best practice document
VMware vCenter™ Update Manager (also known as VUM) provides a patch management framework for VMware vSphere®. IT administrators can use it to patch and upgrade:
- VMware ESX and VMware ESXi™ hosts
- VMware Tools and virtual hardware for virtual machines
- Virtual appliances.
Update Manager Server Host Deployment There are three Update Manager server host deployment models where:
- Model 1 – vCenter Server and the Update Manager server share both a host and a database instance.
- Model 2 – Recommended for data centers with more than 300 virtual machines or 30 ESX/ESXi hosts. In this model, the vCenter server and the Update Manager server still share a host, but use separate database instances.
- Model 3 – Recommended for data centers with more than 1,000 virtual machines or 100 ESX/ESXi hosts. In this model, the vCenter server and the Update Manager server run on different hosts, each with its own database instance.
- Separate the Update Manager database from the vCenter database when there are 300+ virtual machines or 30+ hosts.
- Separate both the Update Manager server and the Update Manager database from the vCenter Server system and the vCenter Server database when there are 1000+ virtual machines or 100+ hosts.
- Make sure the Update Manager server host has at least 2GB of RAM to cache frequently used patch files in memory.
- Allocate separate physical disks for the Update Manager patch store and the Update Manager database.
Based on the logical design identify and implement event, incident and problem management technologies.
Borrowed from BrownBag notes.
Traditionally, approaches to each have been reactive, being proactive allows for: efficiency, agility, reliability
Need automation tools, intelligent analytics
Tools -VMware Service Manager; vCenter Orchestrator;
Based on the logical design, identify and implement logging, monitoring and reporting technologies.
Most widely used ‘system’ is Alarms within vCenter, be aware if vCenter fails then you have no alerting, so also use SNMP.
Events – record of user or system actions in vCenter
Alarms – notifcations activated in response to events
Monitoring – can be done using SNMP traps, SNMP agent is embedded in ‘hostd’
Logging– best to setup a logging server; product called “Syslog Collector” can be used
Install with vCenter Server media; point to log server