(ff Ooo eee C Cee CS VMware vSphere 4: Install, Configure, Manage Student Manual - Volume 2 ESX 4.0, ESXi 4.0, and vCenter Server 4.0 . VMware® Education Services (BD vmware Viva Ine education@[Link]VMware vSphere 4: Install, Configure, Manage ESX 4.0, ESXi 4.0, and vCenler Server 4.0 Part Number EDU-ENG-B-ICM4-LEC2-STU ‘Student Manual — Volume 2 Revision B Copyright/Trademark Copyright © 2009 VMware, Inc. All rights reserved. This manual and its accompanying materials are protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at [Link] patents. VMware is a registered trademark or trademark of VMware. Ino. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. The training material is provided “as is,” and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability fitness for a particular purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the possibility of such claims. This training material is designed to support an instructor-led training course and is intended to be used for reference purposes in conjunction with the instructor-led training course. The training material is not a standalone training fool. Use of the training material for self-study without class attendance is not recommended ‘These materials and the computer programs to which it relates are the property of, and ‘embody trade secrets and confidential information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the express written approval of VMware, Inc. education@[Link] a) oOo 9 5 4 J oj L _] oa a]LI TABLE OF CONTENTS / ~, MODULE 8 Access Control. 357 LJ You Are Here . 358 Importance... 369 - Lesson Objectives .. 360 UJ Access Control Overview Users and Groups . = Roles and Privileges ou Objects. Assigning Permissions. .... : Viewing Roles and Assignments, 366 Ll Applying Permissions: Scenario 367 Applying Permissions: Scenario 2, 368 “ Applying Permissions: Scenario 3.... cee 369 LI Applying Permissions: Scenario 4............ seeeesees 870 Creating # Role an =. Creating a Role: Example . . 2872, U Access Control Using vSphere Web Access . 373 Using vSphere Web Access. 374 - vSphere Web Access Tasks. 375 u Generating Virtual Machine Shortcut . 377 Lab 14... 378 r Key Points 379 MODULE 9 Resource Monitoring. . . 381 4 ‘You Are Here ... 382 Lt Importance. 383 Module Lessons. . . 384 | Lesson I: Virtual CPU and Memory Concepts. 385 Lo Lesson Objectives cee : : 386 Systems for Optimizing VM Resource Use... sss [Link].1. 1.887 7 Virtual CPUs : 388 Li Hardware Execution Contexts. Hyperthreading ........... ‘VMkemel CPU Load Balaneing I Memory Virtualization Overview . Transparent Memory Page Sharing. 9 ymmemetl: Balloon-Driver Mechanism u VMkemel Swap. Ballooning vs, VMkeme! Swapping . 4 Lesson Summary.......... : LI Lesson 2: Monitoring Resource Usage Lesson Objectives 0 Performance-Tuning Methodology VMware vSphere 4: Install, Configure, Manage iMODULE 10 Guest Operating System Monitoring Tools. . ‘Using Perfmon to Monitor VM Resources .. . vCenter Server Performance Charts ..... Interpreting Data from the Tools. .. Is the Virtual Machine CPU-Constrained? . ‘Are Virtual Machines CPU-Constrained?. Isa Virtual Machine Memory-Constrained? Is the Host Memory-Constrained?........ Monitoring Active Memory of a Virtual Machine . ‘Are Virtual Machines Disk-Constrained? Monitoring Disk Latency . Are Virtual Machines Network-Constrained?.. Application Performance Management: AppSpeed Improving Virtual Machine Performance . LabIS...... bees Lesson Summary... Lesson 3: Using Alarms . Lesson Objectives ..... ‘What Is an Alarm?. . Creating an Alarm... Alarm Triggers « Configuring Condition Triggers « Configuring Bvent Triggers. Configuring Reporting Options. Configuring Actions .. Configuring vCenter Server Notifications. . . ‘Viewing and Acknowledging Triggered Alaris Lab 16.0... ccc ceveevsesteseeeeeeeeeer : Lesson Summary. Key Points... Scalability . You Are Here Importance. ceveeereeee Module Lessons... 1.00000 Lesson 1: Scaling CPU and Memory Managemen : Lesson Objectives . : : Resource Management . Virtual Machine CPU Resource Settings Virtual Machine Memory Resource Settings . How Virtual Machines Compete for Resources . What Is a Resource Poo!” . Why Use Resource Pools? VMware vSphere 4: Install, Configure, Manage Ooo Oo oO OO Cl oj} cl CcCc 0 C 1 J OO © (3 tm 1 0 Ci 3 Contents Resource Pool Attributes. Resource Poo! Scenario Resource Pool Example. ... Resource Pools Example: CPU Shares . Resource Pools Example: CPU Contention Expandable Reservation . Example of Expandable Reservation (1). Example of Expandable Reservation (2) Creating a Resource Pool .......... Admission Control for CPU & Memory Reservations . Resource Pool Summary Tab Resource Allocation Tab... - ‘Scheduling Changes to Resource Settings . Lab 17. vovteeeneee 446 452 Lesson Summary . i 457 Lesson 2: Scaling Storage and Network Management 458 Lesson Objectives .. : vieteeteeeees 459 Storage Multipathing Managing Multiple Storage Paths . Configuring Storage Load Balancing Pluggable Storage Architecture. Configuring NIC Teaming Configuring Network Load Balancing . Load-Balancing Method: Port-ID Based. . .. Load-Balancing Method: Source MAC-Based Load-Balancing Method; IP-Based......... Multipathing with iSCSI Storage . . 466 470 Lesson Summary . Lesson 3: VMware VMotion Migration . A Lesson Objectives .. 472 ‘VMotion Migration .. 473 How VMotion Works . ATA Virtual Machine Requirements for VMotion ........[Link] ss. .478 Host Requirements for VMotion, 476 CPU Constraints on VMotion . 4m7 Exposing or Hiding NX/XD Identifying CPU Characteristics Verifying VMotion Layout: Custom Maps... Verifying VMotion Layout: Virtual Machine Map. Performing a VMotion Migration ....... Checking VMotion Errors... . Lab 18. : Lesson Summary . 478 ATSMODULE 11 Lesson 4: VMware Distributed Resource Scheduler. Lesson Objectives . . ‘What Is a DRS Cluster?. DRS Cluster Prerequisites. Creating a DRS Cluster... 02.00.20 DRS Cluster Setting utomation Level . . . DRS Cluster Settings: Migration Threshold . CPU Baselines for an EVC Cluster. EVC Cluster Requirements... DRS Cluster Settings: Swap File Location .. Adding Host to Cluster . Adding Host to Cluster: Resouree Pool Hierarchy . DRS Cluster Settings: Affinity Rules ......... DRS Cluster Settings: VM-Level Automation . . Viewing General Cluster Information... ‘Viewing DRS Cluster Information Viewing DRS Resource Allocation. Viewing DRS Recommendations . Monitoring Cluster Status... . . ‘Maintenance Mode and Standby Mode. Removing a Host from the DRS Cluster. Lab 19 and eLeaming Activity Lesson Summary... Key Points... High Availability and Date Protection . You Are Here .. Importance... . Module Lessons Lesson 1: High Availability and Data Protection Overview Lesson Objectives .. vee High Availability and Fault Tolerance . VMware Availablity and Fault Tolerance Solutions . ‘VMware HA, FT, and MSCS Clustering . MSCS Clustering, . o vCenter Server Availability Data-Protection Solutions . Lesson Summary... Lesson 2: VMware High Availability .... Lesson Objectives . . VMware High Availability . VMware vSphere 4: Insiall, Configure, ManageOF (3 MODULE 12 Contents VMware HA in Action .... ++ 529 Using VMware HA and DRS Together. 530 Detecting a Host Failure .......... +531 Host Isolation. 532 VMware HA Prerequisites . 533 Enabling VMware HA.......... + 534 Configuring VMware HA Settings |. 1 536 Keeping Strict Admission Control Enabled - 536 Admission Control Policy: Host Failures Tolerated . -.. 537 Admission Control Policy: Cluster Resource % . . - 538 Admission Control Policy: Specify Failover Host 539 Configuring Virtual Machine Option: ve ». 540 Configuring Virtual Machine Monitoring. 2 541 Architecture of a VMware HA Cluster . - 542 VMware Fault Tolerance....... ve = 543 Enabling VMware Fault Tolerance 2 54d Lab 20 : «545 Lesson Summary... 546 Lesson 3: Data Protection .. Lesson Objectives ... What to Back Up. Backing Up the ESX Service Console . Backing Up ESXi Configuration Data . 552 Backing Up Virtual Machines. Consolidated Backup. 553 Data Recovery .. 554 Setting Up Data Recovery. = 555 Backup Job cee 556 Backup Job: Source. [Link]. 0 cece eee cece ee eee ee ee! 587 Backup Job: Destination .. Lesson Summary. Key Points... Configuration Management. ‘You Are Here . +568 Importance. 569 Lesson Objectives. 570 Managing Configuration Changes. 871MODULE 13 vi Host Configuration Overview . Host Profiles .. Update Manager : Update Manager Capabilities ... Update Manager Components. Installing Update Manager . Information Needed for Update Manager Installation Installing the Update Manager Client Plug-In. ... Configuring Update Manager Settings ... Creating a Baseline : ‘New Baseline: Name, Type, Patch Options . Finding Specific Fixed Patches ....... Baseline Management . Attaching Baselines. Scanning Virtual Machines for Updates Viewing Complianey. . . Remediating Baselines . Scheduling the Remediation .... Setting Remediation Rollback Options. Scanning Hosts ...... . DRS-Enabled Remediation... Lab 22 Key Points. Installing VMware ESX and ESXi . You Are Here : Importance. Lesson Objectives ...... Choosing Between ESX and ESXi . vee ESXi Installable Hardware Prerequisites . Installing ESXi Installable. ........... ESXi Storage Behavior .. ESX Hardware Prerequisites Installing ESX . ESX Installation Information « ESX Installation: Standard or Advanced Setup... ESX Partitions bene ESX Physical Console After Installation . Lab 23/24. ce cee ee eeeeee Key Points . ‘VMware vSphere 4: Install, Configure, Manage JO MODULE 8 Access Control Slide 8-1 VMware vSphere 4: install, Configure, Manage 357 Jouog sseooyYou Are Here a Slide 8-2 Read Ed ‘Access Conical 358 ‘VMware vSphere 4: Install, Configure, ManageOm oO C 0 Importance Slide 8-3 > When there are multiple users accessing the VMware® vSphere™ environment, it is a best practice to give each of your users only the necessary permissions and nothing more. VMware vCenter™ Server allows flexible assignment of permissions. Module 8 Access Control 359Lesson Objectives Slide 8-4 > Define a permission Tl = Describe the rules for applying permissions > Create a custom role > Create a permission 4 => Describe the benefits of using VMware vSphere Web Access bd > List tasks you can perform in vSphere Web Access “ rn ud 360 ‘VMware vSphere 4: Install, Configure, Manage 5OQ Oo oO a oo eo Oo Access Control Overview Slide 8-5 The access control system allows the vCenter Server administrator to specify which users or groups can perform which actions on which objects. Key concepts: > Privilege — Defines an action that can be performed > Role —A set of privileges > Object — The target of the action > Windows user/group — Indicates who can perform the action Together, a role, a user/group, and an object define a permission. The authorization to perform tasks in VMware@ vCenter™ Server is govemed by an access control system. This system allows the vCenter Server administrator to specify in great detail which users or groups can perform which tasks on which objects. It is defined using the following concepts: *+ Privilege The ability to perform a specific action or read a specific property. Examples include powering on a virtual machine and creating an alarm. + Role~A collection of privileges. Roles provide a way to aggregate all the individual privileges that are required to perform a higher-level task, such as administering a virtual machine. + Object — An entity upon which actions are performed, + Windows user/group ~ A Windows user or Windows group on the vCenter Server system who can perform the action. Together, a role, plus a user/group, plus an object, equals a permission. Module 8 Access Control 361Users and Groups Slide 8-6 vCenter Server users and groups are those defined in the vCenter Server’s Windows domain. vSphere Client ‘Center Server depends upon the users and groups defined in your Active Directory environment or on the local Windows system on which vCenter Server runs. Users and groups indicate who can perform actions in vCenter Server. Akey point: a VMware ESX™/ESXi host can have its own set of users and groups that is independent of the Active Directory users and groups. If you are using vCenter Server, you should avoid defining any users on the ESX/ESXi host beyond those that are created by default. This approach provides better manageability because there is no need to synchronize the two lists if a user or group is added or updated on one of the systems. It also improves security because it makes it possible for all permissions to be managed in one place. 362 VMware vSphere 4: Install, Configure, Manage Ooo g aa] Q Og ) i a] 2)Roles and Privileges Slide 8-7 Roles are collections of privileges. > They allow users to perform tasks. osourte pod ednctt ean). vere Conztdtedecup wer aie) Are Datacenter Detestere Deibd vital ett grt Data i Sch ‘baaitare numer Gone) ator conser ene) = They are grouped in categories. There are system roles, sample roles, and custom-built roles. Dy host orote Ey newer, & Dl ratonmance © CD Peinissins te DT] Resource: 1B sched oie El seseose 18 Dy Storage views & Ei teas & Oaw 1 Weenie A role is a set of one or more privileges. A privilege allows access to a specific task and is grouped with other privileges related to it. For example, the Virtual machine user role consists of several privileges in categories such as Global, Scheduled task, and Virtual machine. A role is assigned to a user or group and determines the level of access of that user or group. To display the list of roles, go to Home > Administration > Roles. To display the privileges associated with an existing role, right-click the role, then choose Edit Role. Roles are not hierarchically organized. In other words, a role is neither superior to nor subordinate to another role. All roles are independent of each other. Module 8 Access Control 363Objects Slide 8-8 Objects are entities upon which actions are performed. > Examples of objects are datacenters, folders, resource pools, clusters, hosts, datastores, networks, and virtual machines. All objects have a Permissions tab. > This tab shows what user/group and role are associated with the selected object. A user or group indicates who can perform the action, and the object is the target of the action. Each combination of user or group, role, and object must be specified, That is, the administrator first selects an object from the overall vCenter Server inventory, then selects a role to be assigned to that object, and then selects the user or group to which this permission pertains, A permission can be assigned to any object in the vCenter Server inventory. 364 VMware vSphere 4: Install, Configure, Manage oo 37 Oa ag oO Oo cl OQ gag oO au Oo Assigning Permissions Slide 8-9 > Toadda permission, go to the object's Permissions tab, right-click the viewing area, then select Add Permission. Select a user and a role, You can also propagate the permission to child objects. (7) Toassign a permission, select the object in the inventory, then click the Permissions tab. Right-click anywhere in the Permissions tab viewing area, then choose Add Permission, For certain objects such as hosts and virtual machines, for example, another way to assign a permission is to right-click the object in the inventory, then choose Add Permission. Either method will display the Assign Permissions dialog box. In the left pane of the dialog box, select a user or group by clicking Add. Then, in the right pane, select a role in the role list. You can also choose to propagate the permission to all child objects. OO Role propagation is the act of passing along permissions. A role can be propagated to its child objects in the inventory. For each permission, you can decide whether the permission propagates down the object hierarchy to all subobjects or if it applies only to that immediate object. For example, you can grant a user very limited permissions (for example, read-only) from the datacenter level on down, then grant more permissive roles on certain subobjects; for example, a folder of virtual machines, Ore Oo Module 8 Access Control 365 CGViewing Roles and Assignments Slide 8-10 = The Roles pane shows what users are assigned the selected role on a particular object. ‘Usage: Administrator EHG2 Datacenters: BG Adtninistrators &y yeadmindia [Reministrator™ cee virtual machine power user (sample) Yirtual machine user (sample) Resource pool administrator (sample) + Vitware Consolidated Backup user (sample) Datastore consumer (sample) Network consumer (sample) “Virtual machine administrator For any role, you can view all of the objects to which that role has been assigned and all of the users or groups who have been granted the role. To view this information, go to Home > Administration > Roles. Select a role in the role list. The information panel displays each object to which the role is assigned and the users and groups who have been granted the role. In the example above, the Administrator role has been granted to the user named veadminO la and the group named Administrators. The user/group-plus-role combination has been applied at the yCenter Server level, which means this permission is allowed on all datacenters in the vCenter Server inventory. 366 ‘VMware vSphere 4: Install, Configure, Manage JaaoO0o0o0dLUcadmUODUmUD LUDoOo c (3 Applying Permissions: Scenario 1 Slide 8-11 = A permission can propagate down the object hierarchy to all subobjects, or it can apply only to an immediate object. a BIRES jeden 5 [E Taining femmes Greg — Administrator 1 Test and Dev i Devor ir Devoz ih. Devos EE Production Eh Procos:s BS Prod03-2. tfmmmmmemes Greg — No Access Prodod-2 Prodo4-3 ProdTemplate In addition to specifying whether permissions propagate downward, you can override permissions set at a higher level by explicitly setting different permissions for a lower-level object. In the example above, user Greg is given the Administrator role at the Training datacenter. This role is propagated to all child objects except one, the virtual machine Prod03-2. For this virtual machine, Greg has No Access, instead. Module 8 Access Control 367ol) Applying Permissions: Scenario 2 Slide 8-12 ol If a user is a member of multiple groups with permissions on the same object: > The user is assigned the union of privileges assigned to the groups for that object. 5 RCo goa Ej Traheg qpemmneennm--=~ Groupt - V_Power_On (custom role) El &@ Test and Dev Group2— Take_Snapshots (custom role) oo E) Production Bi Prodos-1 q BB Prodos-2 . Bi Prodos-2. Ricmibers of Groupt: | [Members of Group: _ Prodig=3 oro, “ 0 ProdTemplate een “ Ifa user is a member of multiple groups, and these groups have permissions on the same object in tl the inventory, then the user is assigned the union of privileges assigned to the groups for that object. In the example above, there are two groups: Group! and Group2. Group] is assigned the VM_Power_On role, a custom role that contains only one privilege, the ability to power on a virtual machine, Group? is assigned the Take_Snapshots role, another custom role that contains the privileges to create and remove snapshots. Both roles propagate to the child objects. Assume that Greg belongs to both Group! and Group2. If this is the case, then Greg gets both VM_Power_On and Take_Snapshots privileges for all objects within the Training datacenter. oO Oo oO © 4 L CJ 368 ‘VMware vSphere 4: Install, Configure, Manage “IGOPreranncndeepva Oe oo Applying Permissions: Scenario 3 Slide 8-13 If a user is a member of multiple groups with permissions on different objects: > For each object on which the group has permissions, the same permissions apply as if granted to the user directly. ae 8 ring Groupt - Administrator 1) ‘Test and Dew: & evar Gh Devo2 Gh Devos fa @ Preduction Gh Prod0s-1 «=-======—= Group2 — Read-Only GS Prodoa-2 &B Proae2 ii | Troup “| Prados-3 see | PredTemplate Susan a ria Ifa user is a member of multiple groups and hes permissions on different objects in the inventory, then for each object on which the group has permissions, the same permissions apply as if they were granted to the user directly, Also, remember that you can override permissions set at a higher-level object by explicitly setting different permissions for a lower-level object. In the example above, there are two groups: Group] and Group2. Group! is assigned the Administrator role at the Training datacenter and Group? is assigned the Read-only role on the virtual machine object, Prod03-1. Both roles propagate to their child objects. Assume that user Greg is a member of both Group! and Group2. If this is the case, then Greg gets Administrator priviteges on the entire Training datacenter (the higher-level object), except for the virtual machine named Prod03-I (the lower-level object). For this particular object, Greg gets Read-only access. Module 8 Access Control 369 lonuod ssasoy a |Applying Permissions: Scenario 4 Slide 8-14 Permissions defined explicitly for the user on an object take precedence over all group permissions on that same object. Groupt — VM_Power_On (custom role) ‘Group2 - Take_Snapshots (custom role) Greg - Read-only B Production i Prodo3-1, & Prodo32. & Prodot:2 [iiiembers of Groupi:) {Members of Groupa: Prodo43 - Greg Greg I Susan anne ProdTemplate Permissions defined explicitly for the user on an object take precedence over a uset’s group permissions on that same object. In the example above, three permissions are assigned to the Training datacenter: Group! is assigned the VM_Power_On role, Group2 is assigned the Take_Snapshots role, and user Greg is assigned the Read-only role. Assume that Greg is a member of both Group! and Group2. Let’s also assume that propagation to child objects is enabled on alll roles. In this case, even though Greg is a member of both Group] and Group2, Greg gets the Read-only privilege to the Training datacenter and all objects under it. This is because explicit user permissions on an object take precedence over all group permissions on that same object. 370 VMware vSphere 4: Install, Configure, Manage ] Oj Laa} i) 1 { 2 a] on oOo ia Creating a Role Slide 8-15 To create a role: 1. Give it a descriptive name. 2. Select only the necessary privileges. To add a role, go to Home> Administration > Roles. Click Add Role. The Add New Role dialog box appears. Enter a descriptive name for your new role, then select the privileges to be part of this role. Depending on the privilege you select, you might be prompted with a recommendation to select the privileges listed to ensure accurate operating of the privilege originally selected. In the example above, you want to create a role named Virtual Machine Creator. The purpose of this role is to give a user the ability to create a virtual machine. You setect the privilege named Virtual machine > Inventory > Create new. As a result, you are prompted with a recommendation to also select these privileges: Datastore > Allocate space Network > Assign network Resource > Assign virtual machine to resource pool (not shown above) ‘Virtual machine > Configuration > Add new disk (not shown above) Virtual machine > Configuration > Add or remove device (not shown above). If you click Add all recommended privileges, the recommended privileges will be selected for you. Module 8 Access Control 371Creating a Role: Example Slide 8-16, Create roles that enable only the necessary tasks. > Example: Virtual Machine Creator Use folders to contain the scope of permissions. = For example, assign the Virtual Machine Creator role to user nancy and apply it to the Finance folder. = Resource > Assign Virtual ~ machine (oresource ‘Poo! - Configuration > Bd _ remove device J ] a a oo ot o ‘The Virtual Machine Creator role is one of many examples of roles that can be created. As a best practice, try to define a role using the smallest number of privileges possible so that security and control over your environment can be maximized, Also, try to give the roles names that explicitly indicate what each role allows, to make their purposes clear. Use folders to contain the scope of permissions. For example, if you want to limit the creation of virtual machines, create a folder in the VMs and Templates inventory view, then apply the Virtual oO oO Machine Creator role on this folder for the users. 372 ‘VMware vSphere 4: install, Configure, Manage oO oJa0 On Oo oO Access Control Using vSphere Web Access Slide 8-17. vSphere Web Access is a browser-based application that focuses on managing virtual machines. Administrators can provide end users browser-based access to virtual machines without having to install the VMware vSphere Client on their desktop. > Client devices allow virtual machines to access media on the user's local floppy and CD/DVD drives. Reduces the need to access these drives on the VMware ESX™ host vSphere Web Access (Apache Tomcat service) installed here You use a Web browser to open VMware vSphere™ Web Access and to manage virtual machines stored on an ESX host or on vCenter Server. vSphere Web Access is intended for anyone who performs the following aspects of virtual machine management: + System administrators who need to access virtual machines without a VMware vSphere Client + People who use virtual machines as remote desktops + vSphere administrators who need to interact with virtual machines remotely ‘The system from which you launch vSphere Web Access must be a standard x86-based computer equipped with a 266MHz processor (500MHz or faster recommended), 128MB RAM (256MB or more recommended), and 20MB (for Windows hosts) or 10MB (for Linux hosts) of free disk space to install the VMware Remote Console browser plug-in. vSphere Web Access is supported on certain Windows and Linux operating systems. The supported Web browsers are Intemet Explorer 6.0 and 7.0 or later for Windows, Mozilla Firefox 2.0 and 3.0 or higher for Microsoft Windows, and Mozilla Firefox 2.0 and 3.0 or higher for Linux. For more details on the system and Web browser requirements, see the vSphere Web Access Administrator's Guide ot [Link] Module 8 Access Control 373 JonUOD sseadyUsing vSphere Web Access Slide 8-18 1, Point Web browser to host name (or IP address) of vCenter Server system or ESX host, then click the Log in to Web Access link. @ Sphere Web Access is not available on ESXi hosts. 2. Log in to vSphere Web Access. tou in ane To connect to an ESX host or vCenter Server system with vSphere Web Access, the vSphere Web Access service must be running on the host or system. vSphere Web Access connections are available by default with BSX and vCenter Server, Users must have a valid user name and password to use vSphere Web Access to access BSX hosts and vCenter Server. You can use an administrator account or a normal user account, provided the user account is set up for you. For example, if you use vSphere Web Access to access vCenter Server, you must have a user account on the vCenter Server system with the appropriate vCenter Server permissions. To get to the vSphere Web Access login window, start your Web browser. Enter the URL of your ESX host or your vCenter Server system. For example, if your vCenter Server system name is ve~ go0se06, enter [Link] This takes you to the Welcome page for your ESX host or your vCenter Server system (whichever system you are accessing). Click the Log in to Web Access link. In the Log In window, enter your user name and password and click Log In. 374, ‘VMware vSphere 4: Install, Configure, Manage oa 4 oo) oO J a oj oo 3 oO IOO & Ooo et 2 O vSphere Web Access Tasks Slide 8-19 Jonuog ssexoy Perform select VM ‘tasks. ‘Whereas the vSphere Client can be used to manage hosts and virtual machines, vSphere Web Access is used to manage virtual machines only. From vSphere Web Access, you can display a list of virtual machines, view a virtual machine’s console, view a virtual machine’s status, perform power operations, and edit a virtual machine’s configuration. vSphere Web Access has a set of key features that help you manage virtual machines. You can do the following: + Configure existing virtual machine settings. + Perform power operations (start, stop, reset, suspend, and resume) on virtual machines. * Monitor the operation of virtual machines. + Generate shortcuts for virtual machines. + Create and manage snapshots of virtual machines. + Provide end users with access to virtual machines: + Interact with the guest operating systems running within virtual machines that use the VMware Remote Console, ‘VMware Remote Console is a browser plug-in that you can use with Microsoft Internet Explorer and Mozilla Firefox. VMware Remote Console opens in a separate window. You can Module 8 Access Control 375co) run VMware Remote Console even if you close your browser. You can open more than one console to interact with the operating systems of several virtual machines at the same time. ol ‘You cannot create new virtual machines using vSphere Web Access. Instead, you can re-add existing virtual machines into the inventory. You cannot delete virtual machines from disk, either. Instead, nm you can remove virtual machines from the inventory. Creating virtual machines and deleting virtual | ~ ‘machines from disk must be done using the vSphere Client, 376 ‘VMware vSphere 4: Install, Configure, ManageGenerating Virtual Machine Shortcut Slide 8-20 > Way to provide access to a virtual machine through a URL = Useful for including in an email message Oo Mm © || zeae toga ire ta i case ‘iu chine’ ens orton dskog or eb bowie 6 Wk cherie Zune workspace view tothe console i | ee eon tg roid sizes wr acs vou canoe th ceria Ldn hots | tS ie in eer dts Be eve la fe ec secrangteTwuamasine, —""T"_.||_ | cytimesinn to msn vue acon tres: ocahost samo ytustachineleme | | _Ussihiropion to disable inventory navigation, SEreiveranycomoranasaboeice. i Cobteseate ts ont opt genrie 9 URL hat see ay tion do nak sect seeee onto. To tel aetecet tis etn machine, cist te pormisseags NL 1 Castomica Web Shots |) Desueap stostein ‘este desitop shart to Srliy Secber i ita make [| tistall Desh shoreuttorcadaaie Administrators can generate a Web shortcut to customize the user interface for users. You can generate a Web shortcut that limits the workspace view to the virtual machine’s console and limits the view to a single virtual machine. The Web shortcut is like any Web browser URL, so you can add the shortcut to a list of favorite Web pages, or share the shortcut with one or more users in an email message. To create a virtual machine Web shortcut 41, Select the virtual machine from which to generate a Web shortcut in the Inventory pane. 2. In the Status section of the Summary tab, click Generate Virtual Machine Shorteut. A sample URL is displayed in the Web Shortcut section. 3. (Optional) Expand Customize Web Shorteut to choose the user interface features: + Select Limit workspace view to the console to provide access to virtual machine's Console tab while hiding other details like event logs. + Select Li + Select Obfuscate this -w to a single virtual machine to disable inventory navigation. URL to generate a URL that is difficult to read or modi 4, Copy the Web shorteut for future use, 5, Click OK to return to the Summary tab. Module 8 Access Control 377 oe HERLab 14 Slide 8-21 In this lab, you will create vCenter Server user permissions. > Create a Windows account on the vCenter Server system. Create the Virtual Machine Creator role. Assign the role to a user. Restrict virtual machine creation to the local datastore only. > > > Verify that the user can create a virtual machine. > = (Optional) Create a role named Template Deployer. 378 VMware vSphere 4: Install, Configure, Manage oad 0 IOoOod ob a Oc oo 0 aKey Points Slide 8-22 = A permission is a user/group+role combination that is applied to an object in the inventory. > Apermission can propagate down the object hierarchy to all subobjects, or it can apply only to an immediate object. > Asa best practice, define a role using the smallest number of privileges possible for better security and added control. 2 vSphere Web Access can be used to provide end users with browser-based access to virtual machines without the need to install the vSphere Client on their desktops. Module 8 Access Control 379 lonuag ssecoy‘VMware vSphere 4: Install, Configure, Manage aa oo Od OoMODULE 9 Resource Monitoring Slide 9-1 ‘VMware vSphere 4: Install, Configure, Manage 381You Are Here Slide 9-2 Ree nud Ora) oo 8 8 i] i cl 382 VMware vSphere 4: Install, Configure, Manage olOe Cf a om QB 1 Oo QO Importance Slide 9-3 = Although the VMkernel works proactively to avoid resource contention, maximizing performance requires both analysis and ongoing monitoring. Module 9 Resource Monitoring 383Module Lessons Slide 9-4 Lesson 1: Lesson 2: Lesson 3: Virtual CPU and Memory Concepts Monitoring Resource Usage Using Alarms VMware vSphere 4: Install, Configure, Manageu U a oon a Lesson 1: Virtual CPU and Memory Concepts Slide 9-5 Lesson 1: Virtual CPU and Memory Concepts Module 9 Resource Monitoring 385ol Lesson Objectives Slide 9-6 ‘ i % Understand the different methods used by the VMkerel for optimizing CPU and memory usage q L. a 386 VMware vSphere 4: Install, Configure, Manage chSystems for Optimizing VM Resource Use Slide 9-7 EEL ee La oud + Hyperthreading + Load balancing aes a DEE + Virtual SMP aay Seco Limit Reservation Share allocation "Travenarent page” Shating: iSe of VMkernel swap files for VMs Available memory Disk bandwidth A + Virtual machine file location “> Multipathing + Virtual switch with feamed NICs “Tralfic shaping | ‘These are the different parameters and features that we can use to control a virtual machine’s access to CPU, memory, disk bandwidth, and network bandwidth, We discuss each of these parameters and features in this module and later modules. ‘The mechanisms in the second column are automatically managed by the VMkernel. Those in the third column are used at the discretion of each virtual machine’s owner. Those in the last cotumn are used by the VMware vSphere™ administrator to set virtual machine-wide policies. Module 9 Resource Monitoring 387Virtual CPUs Slide 9-8 pre A virtual machine can have el up to eight virtual CPUs (VCPUs). When a VCPU must be = scheduled, the VMkernel & maps a VCPU to a hardware execution context (HEC). A hardware execution context is a processor’s capability to schedule one thread of execution. Quad VM a A virtual machine can be configured with one to eight virtual CPUs (VCPUs). When a VCPU needs to be scheduled, the VMkernel maps a VCPU to a hardware execution context (HEC). A hardware execution context is a processor’s capability to schedule one thread of execution, A single-CPU virtual machine gets scheduled on one HEC at a time. A two-VCPU virtual machine gets scheduled ‘on two HECs at a time, or none. A four-VCPU virtual machine gets scheduled on four HECs at a time, or none. ‘You can run two-VCPU virtual machines only on physical machines with two or more HECs. Likewise, you can run four-VCPU virtual machines only on physical machines with four or more HECs. 388 ‘VMware vSphere 4: Install, Configure, Manage i oOo Hardware Execution Contexts Slide 9-9 Different systems provide different numbers of hardware execution contexts. Cea single-core, dual-core, quad-core, dual-socket single-socket single-socket system system system | (Hyperthreading Not Enabled) + LJ The number of HECs available for scheduling depends on the type of system being used. For example, a single-core, dual-socket system has two cores and therefore, without hyperthreading enabled, has two HECs. a In general, a socket is another term for the entire physical processor package. A socket contains one or more CPUs in the same package. Each of these CPU equivalents is a core. For example, a single- core, dual-socket system has two sockets with one core in each socket, and a dual-core, single- socket system has one socket containing two cores. a In relation to hardware execution contexts, a dual-core, single-socket system has two cores and, therefore, two HECs (without hyperthreading enabled). A quad-core, single-socket system has four cores and, therefore, four HECs (without hyperthreading enabled). Oo ee oO Module 9_ Resource Monitoring 389 oOHyperthreading Slide 9-10 Enables a core to execute two threads, or sets of instructions, at the same time Provides more hardware execution contexts for VCPUs to be scheduled Pre Ricans accuLu single-core, é aay dual-socket dual-core, single-socket system system oo Oo0o000 oOo Hyperthreading is an Intel-developed technology that enables a core to schedule two threads, or sets or instructions, at the same time. The benefit of hyperthreading is more scheduler throughput. That is, hyperthreading provides more HECs on which VCPUs can be scheduled. Hyperthreading does not double the power of a core. Therefore, if both threads of execution need the same on-chip resources (for example, the floating-point unit) at the same time, one thread will have to wait. For best performance, run two-VCPU virtual machines only on physical machines with more than two HECs, and run four-VCPU virtual machines only on physical machines with more than four HEC. If these virtual machines are CPU- intensive, ignore the fact that hyperthreading is enabled, if it is. For example, assume that you have a dual-core, single-socket system with hyperthreading enabled. This system provides four HECs. If virtual machine is CPU-intensive, the VMkernel dynamically tries to refrain from using the other thread in the core, Therefore, a two-VCPU virtual machine that is CPU-intensive will fare better on this system than a four-VCPU, CPU-intensive virtual machine, Hyperthreading must be enabled in your server’s BIOS. On some server models, the option is called Enable Logical Processors. See the hyperthreading white paper at [Link] pdf. 390 VMware vSphere 4: Install, Configure, Manage i 97 0 4oe C oo cn oO oOnnrre re ao oO oC VMkernel CPU Load Balancing Slide 9-11 The VMkernel dynamically schedules virtual machines and the service console. (VMware ESX™ only) The service console always runs on the irst hardware execution context. The VMkernel avoids scheduling multiple VCPUs on HECs in the same core. Univ ee ‘Elec ‘The VMkernel dynamically schedules virtual machines and the service console (on an ESX host) ‘onto the hardware execution contexts, By default, the VMkernel looks every 20 milliseconds for virtual machines to migrate from one hardware execution context to another. The service console always runs on the first HEC and is never migrated to another one. ‘The VMkemel decides on which HEC a VCPU runs. In general, when mapping VCPUs to HECs, the VMkemel’s main goal is to balance the load. With multiple-VCPU virtual machines, a VMkernel might decide to map the virtual machine’s CPUs to HECs on different sockets, on different cores in the same socket, or on different threads in the same core. The VMkernel tries its best to avoid scheduling the VCPUs of a CPU-intensive, muiti-VCPU virtual machine on threads (HECs) in the same core, However, if necessary, the VMkernel can map two VCPUs from the same virtual machine to threads on the same core. Module 9_ Resource Monitoring 391Memory Virtualization Overview Slide 9-12 The VMkernel manages a machine’s entire memory. => On ESX and ESXi hosts, part of this memory is for the VMkernel. = On ESx hosts only, part of this memory is for the service console. > The rest is available for use by virtual machines. ™@ Each virtual machine can reserve some amount of physical memory. % Each virtual machine also incurs some amount of overhead. Virtual machines can use more memory than the physical machine has available. > This is called memory overcommitment. ‘The VMkerel manages the physical machine’s memory, Memory is used by the VMware ESX™/ ESXi host for its own code and data structures, beyond the memory allocated to the virtual machine. There is a fixed, system-wide overhead for the VMkemel and (for ESX only) the service console, The ESX service console typically uses 300MB, and the VMkemnel uses a smaller amount of memory, The amount depends on the number and size of the device drivers that are being used. For each running virtual machine, the system reserves physical memory for the virtual machine’s reservation (if any) and for its virtualization overhead. The amount of virtualization overhead depends on the total memory size and the number of VCPUS of the virtual machine. For example, a two-VCPU virtual machine with 1GB of memory incurs 176MB of virtualization overhead, and an eight-VCPU virtual machine with 32GB of memory incurs 1647MB of overhead. For more information on virtualization overhead, see the vSphere Resource Management Guide at [Link] Because of the memory management techniques the ESX/ESXi host uses, your virtual machines can use more memory than the physical machine (the host) has available. For example, you can have a host with 2GB memory and run four virtual machines with 1GB memory each. In that case, the memory is overcommitted. Overcommitment makes sense because, typically, some virtual machines are lightly loaded, while others are more heavily loaded, and relative activity levels vary over time. 392 VMware vSphere 4: Install, Configure, Manage cl J Oooo vo oa oOOOF eConnn i) a Transparent Memory Page Sharing Slide 9-13 The VMkernel detects 1 identical pages in virtual VMRAM VMRAM VMRAM machines’ memory and q 1 maps them to the same underlying physical page. > No changes to guest operating system required The VMkernel treats the shared pages as copy-on- write. > Read-only when shared > Private copies after write Hardware RAM Page sharing is always active, unless administratively disabled. The VMkemel detects when different virtual machines have memory pages with identical content and arranges for those pages to be shared. That is, a single physical page is mapped into each virtual machine's address space. If any virtual machine tries to modify a page that is (tunbeknownst to it) shared, the VMkernel creates a new, private copy for that virtual machine and then maps that page into the address space of that virtual machine only. The other virtual machines continue to share the original copy. ‘Transparent page sharing is enabled by default, The system dynamically sans memory to look for duplicate pages. This mechanism is a way in which an ESX/ESXi host tries proactively to conserve physical memory so that it will not have to resort to any of the other techniques. ‘When a virtual machine has been suspended and gets resumed, it does not participate right away in the memory-sharing system. Its pages become shared over time. So if you plan to suspend and resume large batches of virtual machines, don’t scrimp on memory. Module 9 Resource Monitoring 393 GupoyuoyW eounosay lg |vmmemcet!: Balloon-Driver Mechanism Slide 9-14 Deallocate memory from selected virtual machines when RAM is scarce. Ample memory. Balloon remains uninflated, Guest is forced to page out Inflate balloon. to its own paging area. (Driver demands The Vidkernel reclaims memory from guest os.) (= Guest can page in. ESX grants memory. Deflate balloon. (Driver relinquishes memory.) When a virtual machine needs to yield memory, it is in everyone’s best interest to let the guest operating system in that virtual machine pick which pages of memory to give up. It knows which pages have been least recently used and which pages can easily be refieshed from some backing store on disk. This is what vmmemct 1 achieves: a balloon driver is installed in the guest operating system when you install VMware Tools ‘The balloon driver installs as a device driver, but its only function is to demand memory from the guest operating system and later to relinquish it, under the control of the VMkernel. ‘The guest operating system inside the virtual machine is not aware (at any level) of the communication taking place between the balloon driver and the VMkernel. The guest operating system is aware that the balloon driver is installed but is not aware of its purpose. When a system is not under memory pressure, no virtual machine’s balloon is inflated. But when memory becomes scarce, the VMkernel chooses a virtual machine and inflates its balloon. That is, it tells the balloon driver in that virtual machine to demand memory from the guest operating system. ‘The guest operating system complies by yielding memory, according to its own algorithms, The relinquished pages can be assigned by the VMkernel to other virtual machines. ‘The term balloon driver is an informal way of referring to the vmmemct:1 device driver, which is used to perform memory deallocation/reallocation. 394 \Mware vSphere 4: Install, Configure, ManageC oO Ooo wot fm CC Oo 0 VMkernel Swap Slide 9-15 Each powered-on virtual machine needs its own VMkernel swap file. = Created when the VM is powered on, deleted when the VM is powered off = Default location: same VMware vStorage VMFS volume as virtual machine's boot disk > Size equal to the difference between the memory guaranteed to it, if any, and the maximum it can use > Allows the VMkernel to swap out the virtual machine entirely if memory is vers scarce E Use of VMkernel swap is a last resort. => Performance will be noticeably slow. YMFS volume When a virtual machine is powered on, the system allocates a VMkernel swap file for it. The \VMkernel swap file serves as backing store for the virtual machine’s RAM contents. In the event that the VMkernel needs to reclaim some or all of this virtual machine’s memory—and if the balloon driver cannot free enough memory—the VMkemel will copy the contents of the pages to the VMkerel swap file before giving the pages to other virtual machines. ‘The size of the VMkernel swap file is determined by the difference between how much memory the virtual machine can use (the virtual machine’s maximum configured memory or its memory limit) and how much RAM is reserved for it (its reservation). Whenever VMkemel swap is being actively used, performance is not optimal. Configure your server systems so that all normal running memory needs of the virtual machines (as determined by monitoring under load) can be accommodated using physical memory. When the virtual machine is powered off, the VMkernel swap file of the virtual machine is deleted. When the virtual machine is powered back on, the VMkernel swap file for the virtual machine is recreated. Module 9. Resource Monitoring 395 Bupoyuoy eounosey is |Ballooning vs. VMkernel Swapping Slide 9-16 Limit MB Balloon'Limit* Reservation MB ome & Up to 859hor reservation, whichever comes first By default, up to 65 percent of a virtual machine's memory can be taken away during the ballooning process, subject of course to the memory reservation setting, An advanced VMkemel setting called Mem, Ct1MaxPercent controls this value. By default, it is 65 percent, but it can be set between 0 and 75 percent. In the example above, the virtual machine’s memory reservation is set equal to 30 percent of the virtual machine’s memory. Under heavy contention, the VMkernel could request up to 70 percent of this virtual machine’s memory to be reclaimed and given to other virtual machines. But only 65 percent could be ballooned away, which means the last 5 percent would have to be ‘VMkernel-swapped. Swapping is less desirable than ballooning. The drawing illustrates that by default a maximum of 65 percent of the virtual machine can be paged out via the baliooning mechanism, If 65 percent of the virtual machine's memory was ballooned out, that would leave 35 percent of virtual machine memory in physical memory. If the reservation is set to anything under that 35 pereent, then VMkemel swapping would have to remove the rest to the swap file, One of the main points is that the administrator should not set the reservation too low, because that might force VMkernel swapping during periods of contention. 396 VMware vSphere 4: Install, Configure, Manage } Ooo oO 8 cl J L oj oJ oO} Oeenre Lesson Summary Slide 9-17 = The VMkerel uses hyperthreading and load balancing to manage CPU allocated across virtual machines. > The VMkernel uses transparent page sharing, the balloon driver mechanism, and VMkernel swap files to manage memory allocation across virtual machines. Module 9 Resource Monitoring 397Lesson 2: Monitoring Resource Usage Slide 9-18 Lesson 2: Monitoring Resource Usage 398 VMware vSphere 4: insiall, Configure, Manage Oo Pood oO ao aaa od oJeo 1 Lesson Objectives Slide 9-19 Monitor a virtual machine's resource usage = CPU ® Memory ® Disk ® Network bandwidth Module 9 Resource Monitoring 399Performance-Tuning Methodology Slide 9-20 Assess performance. > Use appropriate monitoring tools. » Record a numerical benchmark before changes. Identify the limiting resource. Make more resource available. > Allocate more. = Reduce competition. Do not make casual ! > Log your changes! de Uealetsronlen sigeis siete) e3 Benchmark again. RSET eh ‘The best practice for performance tuning is to take @ logical, step-by-step approach, especially when working on production systems: + Assess performance ~ Using monitoring tools both within the guest operating system and within ‘VMware vCenter™ Server gives you a complete view of the performance situation of a virtual machine. Record benchmarks before you make changes. + Identify the limiting resource ~ Identify the resource that the virtual machine relies on the most because that resource is most likely to affect the virtual machine’s performance if the virtual machine is constrained by it, + Make more resource available ~‘There are several techniques that we will discuss later on that allow you to give a virtual machine more resources; for example, increasing the CPU or memory shares of a virtual machine, or decreasing the CPU or memory shares of other virtual machines. + Benchmark again ~ After making more of the limiting resource available to the virtual machine, take another benchmark and record any changes. Whatever you do, take extra caution when making changes to production systems because a change could have a negative impact on the performance of the virtual machines. 400 VMware vSphere 4: Install, Configure, Manage a Sy] clco Guest Operating System Monitoring Tools Slide 9-21 lometer Task Manager (71 To tmoniter performance within the guest operating system, use tools that you are familiar wth. For example, Windows guest operating systems include a tool called ‘Task Manager to help you measure 1 performance utilization within the guest operating system, Another example is a free tool called LJ Tometer. fometer can help you measure performance utilization within the guest operating system. Keep in mind that the measurements you take using tools within the guest operating system reflect resource utilization of the guest operating system, not necessarily of the virtual machine itself, Module 9 Resource Monitoring 401Using Perfmon to Monitor VM Resources a Slide 9-22 a Ftc noe Lisiecsstecat tl ] VMware Tools includes a library of functions called the Perfmon DLL. This DLL allows you to access key host statistics inside a guest virtual machine. The new Performance objects—VM Processor and VM Memory—allow you to view actual CPU and memory utilization alongside observed CPU and memory utilization of the guest operating system. a For example, using the VM Processor object, you can view the counter called % Processor Time, which monitors the current load of the virtual machine’s virtual processor. At the same time, you can use the Processor object and view a counter called % Processor Time (not shown above), which basically monitors the total utilization of the processor by all running processes. J Additionally, third-party developers can instrument their management agents to access these J counters using Windows Management Instrumentation (WMI). To use the Perfmon DLL, start the Microsoft Management Console (Start > Programs > Administrative Tools > Performance). Click the Add icon (the plus sign). Select the VM Memory or VM Processor performance object, then select the appropriate counter from the resulting list. The Explain button provides a description of the selected counter. 9 Co) 402 VMware vSphere 4: Install, Configure, Manage a 'vCenter Server Performance Charts Slide 9-23 The Performance tab displays two kinds of charts for hosts and virtual machines: 2 Overview charts ® Display the most common metrics for an object > Advanced charts ® Display data counters not shown in the Tanpu ha ease mi 9AM BIO MY Gan AML NIaBaM RID AAO Pd Overview charts 1 vine ns Center Server provides performance charts for hosts and virtual machines. The Performance tab allows you to view a host or virtual machine's performance using graphs. To display the Performance tab, select the host or virtual machine in the inventory and click the Performance tab. ‘There are two pages in this tab: Overview and Advanced. ‘The Overview page displays charts for the most common data counters for CPU, disk, memory, and network metrics. Overview charts provide a quick summary view of resource usage in the datacenter without navigating through multiple charts, Overview charts are displayed side by side, so you can quickly identify bottlenecks and problems associated with related metries—for example, CPU and memory. To get help with a chart or to understand the meaning of a counter, click the blue question mark. A Web page provides information explaining how to analyze the chart and things to consider, The Advanced charts allow you to view data counters not supported in the Overview performance charts, to export chart data, and to print charts. Performance charts for both hosts and virtual machines can help you determine if a virtual machine is constrained by a resource. Module 9 Resource Monitoring 403Interpreting Data from the Tools Slide 9-24 VMware vCenter™ Server monitoring tools and guest operating system monitoring tools provide different points of view. Task Manager in guest operating system CPU Usage chart for host PU useas erage The key to successfully interpreting performance data is to understand that you must collectively observe the data from the guest operating system, the virtual machine, and the host's perspective. Only viewing the CPU usage statistics in the Windows ‘Task Manager, for example, does not give you the complete picture. You should also view CPU usage for the virtual machine and the host on which the virtual machine is located, To do this, use the performance charts available in vCenter Server. 404 ‘VMware vSphere 4: Install, Configure, ManageO (a on (3 Oo Is the Virtual Machine CPU-Constrained? Slide 9-25 Check the virtual machine’s CPU utilization. If CPU utilization is continuously high, then the virtual machine is constrained by CPU. However, the host might have enough CPU for other virtual machines to run. ‘To check if'a virtual machine is being constrained by CPU resources, check CPU usage within the guest operating system using, for example, Windows Task Manager, as shown above, If CPU usage is high, check the virtual machine’s CPU utilization. To do this, in the vSphere Client, select the virtual machine in the inventory and click the Performance tab. Use either the Overview charts or the Advanced charts to view CPU usage. In the example above, an advanced chart tracking a virtual machine’s CPU usage is displayed. Ifa virtual machine’s CPU utilization remains high over a period of time, then the virtual machine is constrained by CPU. On the other hand, other virtual machines on the host might have enough CPU resources to satisfy their needs. Module 9 Resource Monitoring 405Are Virtual Machines CPU-Constrained? Slide 9-26 CPU Ready graph of sveral VMs Ne AIO, Fa ee COU Multiple virtual machines are constrained by CPU if: > There is high CPU utilization in the guest operating system. > There are relatively high CPU ready values for the virtual machines. If more than one virtual machine is constrained by CPU, the key indicator is CPU ready time, Ready time refers to the interval when a virtual machine is ready to execute instructions but cannot, because it cannot get scheduled onto a CPU. Several factors affect the amount of ready time seen: * Overall CPU utilization — You are more likely to see ready time when utilization is high because the CPU is more likely to be busy when another virtual machine becomes ready to run, + Number of resource consumers (in this case, guest operating systems) — When a host is running @ larger number of virtual machines, the scheduler is more likely to need to queue a virtual machine behind one or more that are already running or queued. + Number of virtual CPUs in a virtual machine ~ When coscheduling for an 7-way virtual SMP is required, the virtual CPUs can be scheduled only when n physical CPUs are available to be preempted. ‘A good ready time value varies from workload to workload. To find a good ready time value for your workload, collect ready time data over time for each virtual machine. Once you have this ready time data for each virtual machine, estimate how much of the observed response time is ready time. Ifthe shortfalls in meeting response time targets for the applications appear largely due to the ready time, then take steps to address the excessive ready time (to be discussed later). For more information, see the technical paper “VMware ESX Server 3 Ready Time Observations” at hitp:/[Link]/pdffesx3_ready_time.pdf. 406 \VMware vSphere 4: Install, Configure, ManageOF Is a Virtual Machine Memory-Constrained? Slide 9-27 _# vM ballooning activity | | | | aizezt ae Task Manager inside VM tire ben ron Check the virtual machine’s ballooning activity: > If ballooning activity is high, this might not be a problem if all virtual machines have sufficient memory. > If ballooning activity is high and the guest operating system is swapping, then the virtual machine is constrained for memory. When a virtual machine experiences balloon activity, this means that some amount of the guest operating system’s physical memory is being reclaimed from the virtual machine by the balloon driver. Ifa virtual machine experiences high ballooning values, this might not be a problem if the virtual machine continues to have the memory that it needs. However, if a virtual machine experiences high ballooning activity over time and its guest operating system starts to page, then that is an indication that the virtual machine is constrained for memory. To view a virtual machine’s ballooning activity, select the virtual machine in the inventory and click the Performance tab. In the Overview chart panel, view the memory chart that tracks the Memory balloon (average) counter. Module 9 Resource Monitoring 407ls the Host Memory-Constrained? Slide 9-28 | ‘swap-Ins/swap-outs ates allege onbah Snaea sjeas aancsanb00 Sans 1 Syap nate B Swap otra If the virtual machines are being swapped in and out, then the host memory is probably overcommitted. If multiple virtual machines are being constrained for memory, then not only will you see high ballooning activity and the guest operating systems paging. You will also see the virtual machine itself being swapped in and out by the VMkemel. This is a serious situation, which indicates that the host memory is overcommitted, The amount of memory on the host needs to be increased. To view a host’s swap-in and swap-out rates, select the host in the inventory and click the Performance tab, In the Overview chart panel, view the memory chart thet tracks the counters, ‘Swap in rate and Swap out rate. 408 ‘VMware vSphere 4: Install, Configure, Manage oo oo fam gag ooo Ooo 0 oOGm 8 Monitoring Active Memory of a Virtual Machine Slide 9-29 ee Monitor for increases in active memory on the host: > Host active memory refers to active physical memory used by virtual machines and the VMkernel. > Ifamount of active memory is high, this could fead to virtual machines that are memory-constrained. A general memory counter to monitor over time is a host's active memory counter, Host active memory refers to the amount of physical memory actively being used by virtual machines and the VMkernel, If you find that the active memory of certain virtual machines is continuously high, then this could lead to those virtual machines being constrained by memory. To view active memory, select your host in the inventory and click the Performance tab. Go to the Advanced pane and click Chart Options. In the Chart Options pane, seleet Memory > Real- time. In the Chart Type pane, select Stacked Graph (per VM). In the Objects pane, select all your virtual machines and the host. In the Counters pane, select the Memory active (Average) check box. Module 9 Resource Monitoring 409Are Virtual Machines Disk-Constrained? Slide 9-30 Disk-intensive applications can saturate the storage or the path. If you suspect that a virtual machine is constrained by disk access: =» Measure the effective bandwidth between virtual machine and the storage. =» Measure the resource consumption using performance graphs. Disk performance problems are commonly caused by saturating the underlying physical storage hardware. You can use a tool like lometer (shown) to measure the maximum throughput via the current path to the storage, You can also use the vCenter Server performance charts to measure a virtual machine’s disk utilization. The virtual machine disk usage (%) and V/O data counters, such as disk read rate and disk write rate, provide information about average disk usage on a virtual machine. Use these counters to monitor trends in disk usage. To view a virtual machine’s disk usage, select the virtual machine in the inventory and click the Performance tab. In the Overview pane, view the disk chart that tracks the Disk Usage (average) counter. 410 VMware vSphere 4: Install, Configure, Manage J co) oO Oo LdCI oOo fF Cc a Creo Monitoring Disk Latency Slide 9-31 To determine disk performance problems, monitor two disk latency data counters: > Kernel disk command latency & The average time spent in the VMkernel per SCSI command ® High numbers (greater than 2~3ms) represent either an overworked array or an overworked host. > Physical device command latency ® The average time the physical device takes to complete a SCSI command % High numbers (greater than 15-20ms) represent a slow or overworked array. The best way to determine if your vSphere environment is experiencing disk problems is to monitor the disk latency data counters. You use the Advanced performance charts to view these statistics. In particular, monitor the following counters: * Kernel disk command latency ~ This data counter measures the average amount of time, in milliseconds, that the VMkernel spends processing each SCSI command. For best performance, the value should be 0-1 milliseconds. If the value is greater than 4 milliseconds, the virtual machines on the ESX/ESXi host are trying to send more throughput to the storage system than the configuration supports. + Physical device command latency ~ This data counter measures the average amount of time, in milliseconds, for the physical device to complete a SCSI command. Depending on your hardware, a number greater than 15 milliseconds indicates that the storage array might be slow or overworked. ‘To monitor a host’s disk latency counters, select the host in the inventory and click the Performance tab, Go to the Advanced pane and click Chart Options. In the Chart Options pane, select Disk > Real-time. In the Objects pane, select the check box next to each storage device that you are interested in, In the Counters pane, select the Physical device command lateney and Kernel disk command latency check boxes. Module 9 Resource Monitoring 4aAre Virtual Machines Network-Constrained? Slide 9-32 Network-intensive applications often bottleneck ‘on path segments outside the ESX host. > Example: WAN links between server and client oOo 0 co] If you suspect that a virtual machine is constrained by the network: > Confirm that VMware Tools is installed. j@ Enhanced network drivers are available. > Measure the effective bandwidth between the virtual machine and its peer system. Like disk performance problems, network performance problems are commonly caused by saturating some network link between client and server. Use a tool like lometer, or a large file transfer, to measure the effective bandwidth, Network performance is dependent on application workload and network configuration. Dropped network packets indicate a bottleneck in the network. To determine whether packets are being dropped, use the advanced performance charts to examine the droppedTx and droppedRx network counter values of a virtual machine. In general, the larger the network packets, the faster the network speed. When the packet size is large, fewer packets are transferred, which reduces the amount of CPU required to process the data, In some instances, large packets can result in high network latency. When network packets are small, more packets are transferred, but the network speed is slower because more CPU is required to process the data. a2 VMware vSphere 4: Install, Configure, ManageApplication Performance Management: AppSpeed Slide 9-33 vwwaRe A virtual appliance VENTER AFPSPEED for proactive application performance management Provides visibility into the performance of multitier applications running in virtual machines ‘VMware vCenter AppSpeed provides proactive performance management and service-level reporting for applications running within virtual machines. AppSpeed allows you to do the following: + Create end-to-end logical to physical discovery and mapping ~ With self-leaming technology, AppSpeed discovers virtual and physical infrastructure elements and ties them in a logical application flow map from virtual machines down to database tables. * Monitor performance and service-level agreement achievement AppSpeed monitors real-time end-user experience forall transaction requests, breaking down performance from tier to tier. Real-time metrics are compared to service-level targets (baselines are automatically established based on application behavior), * Identify root causes of performance issues — AppSpeed enables users to quickly identify which component is responsible for a performance issue and identifies the likely solution. AppSpeed. correlates application behavior data collected from traffic flowing from and to virtual machines with vConter Server infrastructure instrumentation. + Remediate performance issues and automate common solutions — AppSpeed can take automatic corrective actions when problems (such as application slowdowns, database errors, or excessive request volumes) occur, Go to hitp:/[Link] for information on the version of AppSpeed that is compatible with vSphere. Module 8 Resource Monitoring 413Improving Virtual Machine Performance Slide 9-34 Methods for improving virtual machine performance: Use a VMware Distributed Resource Scheduler cluster. Use storage multipathing. Use NIC teaming. Modify resource pool’s CPU and memory limits and reservations. Modify virtual machine's CPU and memory and reservations. Use network traffic shaping. To improve a virtual machine’s performance, here are a few methods, These methods are listed from broad methods, which affect a number of entities, to specific methods, which affect a particular virtual machine: + Place hosts into a VMware Distributed Resource Scheduler cluster and allow DRS to balance the virtual machine load across hosts in the cluster. + Use storage multipathing to balance the disk I/O load across multiple paths to a datastore. + Use NIC teaming to balance the network load across multiple physical network adapters. + Ifa virtual machine is constrained by CPU or memory, increase the limits or reservations of the resource pool that the virtual machine belongs to. + Ifa virtual machine is constrained by CPU, add CPU shares or increase the virtual machine’s CPU reservation. + Ifa virtual machine is constrained by memory, add memory shares or inerease the virtual machine’s memory reservation. + Ifa virtual machine is network-constrained, use network traffic shaping to give a virtual machine more network bandwidth during its peak hours. These methods, if not already discussed, will be discussed in later modules. 44 VMware vSphere 4: Install, Configure, Manage J ,ooa > Og oa 4 | oJ J Lu Q Lab 15 Slide 9-35 In this lab, you will see how CPU workload is reflected by system-monitoring tools. 1, Monitor CPU utilization using vCenter Server. 2. Runa CPU-intensive application. 3. Undo changes made to your virtual machines for this lab. Module 9 Resource Moritoring 415Lesson Summary Slide 9-36 = VMware Tool's Perfmon DLL provides a way to get CPU and memory statistics inside a Windows virtual machine. > Use the Performance tab for real-time graphs showing a virtual machine's resource usage. > Virtual machine performance can be improved by using shares and reservations, balancing the load with DRS, and storage and network multipathing. a6 VMware vSphere 4: Instalf, Configure, Manage J J oOoc oOo oO mLesson 3: Using Alarms Slide 9-37, FE Resource Monitoring n £ - oS ect ° oD n=” on aD aT Module 8 Resource Monitoring f OooLesson Objectives Slide 9-38 > Create alarms with condition-based triggers > Create alarms with event-based triggers = View and acknowledge triggered alarms 418 VMware vSphere 4: Install, Configure, Manage ooo 3 oo oa ne ee oO IO 0000u C} eo i What Is an Alarm? Slide 9-39 An alarm is a notification that ‘simensres sate occurs in response to selected & wmraran eros, events or conditions that occur with = @ msseiem an object in the inventory. easooe Default alarms exist for various ‘eutinadheere inventory objects. $F eat Default > Many default alarms for hosts and $ Siete. Alarms virtual machines $B icosmcrn (partial list) You can create custom alarms for a § smarsnsrs rata wide range of inventory objects. e Sen > Virtual machines, hosts, clusters, Sneerdoonr datacenters, datastores, networks, cares distributed switches, and distributed geet die cir port groups fF meamcroniin Alarms are notifications that occur in response to selected events or conditions that occur with an object in the inventory. Most objects have default alarms set on them and you can define custom alarms. ‘VMware provides a set of default alarms for most objects in the vSphere Client inventory, For example, alarms exist for host, virtual machine, and resource pool memory and CPU usage. You can also define custom alarms for virtual machines, hosts, clusters, datacenters, datastores, networks, vNetwork distributed switches, and distributed port groups. The default alarms are not configurable. You can only associate actions with them. For example, you cannot change the triggers, names, or descriptions of default alarms. If your environment requires such changes, create custom alarms. Module 9 Resource Monitoring 419Creating an Alarm Slide 9-40 Right-click inventory object, then choose Alarm > Add Alarm. i cd Jo oO fc oJ o og To create an alarm, right-click an object in the inventory, then choose Alarm > Add Alarm. The Alarm Settings dialog box appears. There are four tabs: General, Triggers, Reporting, and Actions. ‘The General tab is shown above. In this tab, you name the alarm, give it a description, and give it an alarm type. ‘You also choose what to monitor: + Monitor for specific conditions or state — This is a condition-based alarm. Condition-based alarms can be created for virtual machines, hosts, and datastores. + Monitor for specific events occurring on this object — This is an event-based alarm. Event- based alarms can be created for virtual machines, hosts, clusters, datacenters, datastores, networks, distributed virtual switches, and distributed virtual port groups. ‘The General tab also allows you to enable or disable the alarm (by selecting or deselecting the check box). 420 VMware vSphere 4: install, Configure, Manage. Cjcc C rn Alarm Triggers Slide 9-41 An alarm is comprised of a trigger. There are two types: = Condition, or state, trigger — Monitors the current condition or state; for example: ® A virtual machine's current snapshot is above 2GB in size. ® A host is using 90 percent of its total memory. ® A datastore has been disconnected from ail hosts. 2» Event — Monitors events; for example: # The health of a host's hardware has changed. = There are insufficient licenses in the datacenter. 8 A distributed virtual port group has been reconfigured. You configure alarm triggers to generate warnings and alerts when the specified criteria is met, ‘Alarms have two types of triggers: condition or state triggers, and event triggers. * Condition, or state, triggers — These triggers monitor the current condition or state of virtual machines, hosts, and datastores. This includes power states, connection states, and performance metrics such as CPU and disk usage. + Event triggers — These triggers monitor events that occur in response to operations occurring with any managed object in the inventory, the vCenter Server system, or the license server, For example, an event is recorded each time 2 virtual machine is cloned, created, deleted, deployed, and migrated. Module 3 Resource Monitoring 421Configuring Condition Triggers Slide 9-42 Condition triggers for a virtual machine Teabove Notlearbiat Condition, or state, triggers monitor mettics for a host, virtual machine, or datastore, State triggers monitor the current state of a host, virtual machine, or datastore, In the example above, you can configure a condition trigger so that a virtual machine’s CPU usage must be above 75 percent for more than 5 minutes to generate a warning, and above 90 percent for more than 5 minutes to generate an alert. Time periods are used to ensure that the metric conditions are valid and not caused by incidental spikes. Also in the example above, you can configure a state trigger to generate an alert if virtual machine has no heartbeat. Ifyou add multiple triggers, you can choose to trigger the alarm if any one of the conditions are satisfied or if all of the conditions are satisfied. To add a trigger, click Add. To remove a trigger, select the trigger, then click Remove (not shown above), 422 \Mware vSphere 4: install, Configure, Manage co) Cc} 1] OO ce CJ 2 a oo oO cI + Oo 4a Ooenounck & Configuring Event Triggers Slide 9-43 Event trigger for a host Event triggers do not rely on thresholds or durations. They use arguments, operators, and values to identify the triggering condition, When the triggering conditions are no longer true, a triggered alarm resets automatically and no longer triggers. In the example above, the event trigger monitors if the health of a host’s hardware has changed. If there is a change in the health of the hardware, an alert is triggered. A trigger condition has also been configured to trigger the alert only if the host is in a datacenter named Training, Module 9 Resource Monitoring 423Configuring Reporting Options Slide 9-44 Use the Reporting pane to avoid needless re-alarms. Avoid small fluctuations. In the Alarm Settings dialog box, use the Reporting tab to define a tolerance range and trigger frequency for condition or state triggers. (The Reporting tab is dimmed for event triggers.) Reporting further restricts when the condition or state trigger occurs. You can specify a range or a frequency: + Range ~The triggered alarm is repeated when the condition exceeds the range, which is a percentage above or below the limit. A zero value triggers and clears the alarm at the threshold point you configured. A nonzero value triggers the alarm only after the condition reaches an additional percentage above or below the threshold point, For example, if a virtual machine’s CPU usage is above 75 percent for 5 minutes, a warning is generated, If a range of 20 percent is set, the warning is repeated if the virtual machine's CPU usage reaches 90 percent (75 + (20% x 75): condition length + reporting range = trigger alarm). + Frequency — The triggered alarm is repeated every so often (in minutes). The frequency sets the time period during which a triggered alarm is not reported again, When the time period has elapsed, the alarm will report again if the condition or state is still true. For example, if virtual machine’s heartbeat is equal to No Heartheat, an alert is generated. If the frequency is set to 10 minutes, the alert is repeated if the virtual machine still has no heartbeat after 10 minutes have passed. 424, VMware vSphere 4: Install, Configure, Manage ao oO a] a0 “J a oO 0booed oD Configuring Actions Slide 9-45 Every alarm type has the following actions: % Send a notification email, send a notification trap, or run a command. Virtual machine alarms and host alarms. have additional actions available. Alarms ate comprised of a trigger and an action, An action is the operation that ocours in response to the trigger. For example, you can have an email notification sent to one or more administrators when an alarm is triggered. In the Alarm Settings dialog box, use the Actions tab to specify actions to take when the alarm is triggered. Colors and shapes are used to denote the alarm’s severity: a green circle is normal, a yellow triangle is a warning, and a red diamond is an alert, You can set alarms to trigger when the state changes from green circle to yellow triangle, from yellow triangle to red diamond, from red diamond to yellow triangle, and from yellow triangle to green circle. For every action you can specify one of three options for each color transition: Empty, Once, or Repeat. + Empty indicates no interest in the transition, + Once instructs vCenter Server to fire the action only one time, + Repeat instructs vCenter Server to repeat the action until another color change occurs, The default is five minutes; the maximum is two days. Every alarm type has the following actions: send a notification e-mail; send a notification trap; run a command. Virtual machine alarms and host alarms have additional actions, such as power on a virtual machine, power off a virtual machine, suspend a virtual machine, reboot host, and shut down host. Module 9 Resource Monitoring 425Configuring vCenter Server Notifications Slide 9-46 In the menu bar, choose Administration > vCenter Server Settings. Stet al Sender settings ‘he tng dd Centr er ein nee Click Mail to set SMTP parameters. Click SNMP to specify trap destinations. You must configure the email address of the sender account in order to enable vCenter Server operations like sending email notifications as alarm actions. You can configure up to four receivers of SNMP traps. They must be configured in numerical order. Each SNMP trap requires a corresponding host name, port, and community. To display the vCenter Server Settings dialog box, in the menu bar of the vSphere Client, choose Administration > vCenter Server Settings. Modify the Mail and SNMP settings. 426 VMware vSphere 4: Install, Configure, Manage OOo uo 3 ag oo OO oO oO oO fo 4 010 ee C Of CC a Viewing and Acknowledging Triggered Alarms Slide 9-47 The: ekauledgaltont Alarm feature i | tack when triggered alarms ate addres You can explicitly acknowledge event triggered alarms once the problem has been resolved. Acknowledging a triggered alarm suppresses the alarm actions from occurring. It does not reset the alarm to a normal state, You can acknowledge one or multiple triggered alarms at a time. The Acknowledged and Acknowledged By columns show when and by whom the alarm was acknowledged. To view a list of triggered alarms, select an object in the inventory and click the Alarms tab. The Tiggered Alarms view is displayed. The Definitions view shows alist of al alarms that are enabled for this object. In addition, an alarm triggered by an event might not reset to a normal state if vCenter Server does not retrieve the event that identifies the normal condition. In such cases, you can reset the alarm manually to return it to a normal state, You do this by right-clicking the event triggered alarm, then choosing Reset Alarm to Green. Module 9 Resource Monitoring 427Lab 16 4 Slide 9-48 In this lab, you will demonstrate the vCenter Server alarm feature. 1. Create a virtual machine alarm. 2. Trigger the virtual machine alarm, then acknowledge it. 3. Disable the alarms. Oo oO 428 VMware vSphere 4: Install, Configure, Manage |Lesson Summary Slide 9-49 » Condition-based alarms monitor the current condition or state of virtual machines, hosts, and datastores. > Event-based alarms monitor events that occur in response to operations occurring with an inventory object. > The Acknowledgement Alarm feature is used to track when triggered alarms have been addressed. Module 9. Resource Monitoring 429 BuyoyuoW saunosey eeKey Points Slide 9-50 2 The VMkernel has built-in mechanisms (such as CPU load balancing and transparent page sharing) for managing the CPU and memory allocation on an ESX/ESXi host. =» The Performance tab allows you to monitor a host or virtual machine's performance in real time or over a period of time. = Monitor your vCenter Server inventory using alarms, which notify you when selected events or conditions have occurred. 430 VMware vSphere 4: Install, Configure, Manage Ooo ooo Ooo ooo Oo oOCone fF ooo oO oO MODULE 10 Scalability Slide 10-1 VMware vSphere 4: install, Configure, Manage 431 Ayigejeog on |You Are Here Slide 10-2 RST Mead 432 ears VMware vSphere 4: Install, Configure, Manage 4 LCo ooo g 3 Ooo 8 Importance Slide 10-3 => Resource pools allow CPU and memory resources to be hierarchically assigned. Clusters enabled for VMware® Distributed Resource Scheduler (DRS) provide automated resource management for multiple VMware ESX™/ESXi hosts. Module 10 Scalability 433 Auqereog ot |Module Lessons Slide 10-4 Lesson 1: Scaling CPU and Memory Management Lesson 2: Scaling Storage and Network Management Lesson 3: VMware VMotion Migration Lesson 4: VMware Distributed Resource Scheduler Ooo Oo of 434 VMware vSphere 4: Install, Configure, ManageOOF on 1 Lesson 1: Scaling CPU and Memory Management Slide 10-5 Lesson 1: Scaling CPU and Memory _ Management Module 10 Scalability 435 Auqereos ot |Lesson Objectives — Slide 10-6 ~ =» Describe the CPU and memory resource allocation settings ® Describe a resource pool = Create a resource pool > View resource allocation Q Oo oO oO a aa 436 VMware vSphere 4: Install, Configure, Manage oOConeer eo not Ono o Con Resource Management Slide 10-7 Resource management is the allocation of resources from providers (hosts and clusters) to consumers (virtual machines). = Resources include CPU, memory, storage, and network. Resource management: > Resolves resource overcommitment. > Prevents virtual machines from monopolizing resources > Exploits undercommitted resources = Controls the relative importance of virtual machines Resource allocation settings — shares, reservation, and limit - are used to determine the amount of CPU and memory resources provided for a virtual machine. Resource management is the allocation of resources from resource providers to resource consumers, Resources include CPU, memory, power, storage, and network. Resource providers are hosts and clusters, Resource consumers are virtual machines, ‘The need for resource management arises from the overcommitment of resources—that is, more demand than capacity and from the fact that demand and capacity vary over time. Resource management allows you to dynamically reallocate resources, so that you can more efficiently use available capacity. In addition to resolving resource overcommitment, resource management can help you accomplish the following: + Performance isolation — Prevent virtual machines from monopolizing resources and guarantee predictable service rates. + Efficient utilization - Exploit undercommitted resources and overcommit with graceful degradation. + Easy administration — Control the relative importance of virtual machines, provide flexible dynamic partitioning, and meet absolute service-level agreements. ‘When virtual machines are not getting their resource demands met, an administrator mi change the amount of resources allocated to the virtual machines by using shares, reservations, and limits. Module 10 Scalability 437 os 2