VMWare Servervi3!30!20 Server Config

8/9/2019 VMWare Servervi3!30!20 Server Config

1/324

Server Configuration GuideESX Server 3.0 and VirtualCenter 2.0


2/324

You can find the most up-to-date technical documentation at:

http://www.vmware.com/support/pubs

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

2006 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242,6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022,6,961,941, 6,961,806 and 6,944,699; patents pending.

VMware, the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks ortrademarks of VMware, Inc. in the United States and/or other jurisdictions.

All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.3145 Porter DrivePalo Alto, CA 94304www.vmware.com

ii VMware, Inc.

Server Configuration Guide

Revision:20060615

Item:VI-ENG-Q206-215
mailto:[email protected]:[email protected]


3/324


4/324


5/324


6/324


7/324

VMware, Inc. vii

Contents

RawDeviceMappingCharacteristics ...................................147

VirtualCompatibilityModeVersusPhysicalCompatibilityMode ........147

DynamicNameResolution..........................................148

RawDeviceMappingwithVirtualMachineClusters ...................150

ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess .151

ManagingRawDeviceMappings ......................................151

VMwareVirtualInfrastructureClient ................................151

CreatingaRawDeviceMapping ..................................152

ManagingPathsforRawDeviceMappings .........................153

The

vmkfstoolsUtility

.............................................154

FileSystemOperations .............................................154

Security

Chapter9SecurityforESXServerSystems ......................159

ESXServerArchitectureandSecurityFeatures ...........................160SecurityandtheVirtualizationLayer .................................160

SecurityandVirtualMachines .......................................161

SecurityandtheServiceConsole.....................................163

SecurityandtheVirtualNetworkingLayer............................165

SecurityResourcesandInformation ....................................171

Chapter10SecuringanESXServerConfiguration .............173SecuringtheNetworkwithFirewalls ...................................174

FirewallsforConfigurationswithaVirtualCenterServer................176

FirewallsforConfigurationsWithoutaVirtualCenterServer ............179

TCPandUDPPortsforManagementAccess ..........................180

ConnectingtoVirtualCenterServerThroughaFirewall .................182

ConnectingtotheVirtualMachineConsoleThroughaFirewall ..........183

ConnectingESXServerHostsThroughFirewalls.......................184

OpeningFirewallPortsforSupportedServicesandManagementAgents .185

SecuringVirtualMachineswithVLANs .................................188

SecurityConsiderationsforVLANs ..................................191

VirtualSwitchProtectionandVLANs ................................193

SecuringVirtualSwitchPorts ..........................................195


8/324


9/324


10/324


x VMware, Inc.

CreatingaVirtualCompatibilityModeRawDeviceMapping .........285

ListingAttributesofanRDM .....................................286

CreatingaPhysicalCompatibilityModeRawDeviceMapping ........286

CreatingaRawDeviceDescriptorFile .............................287

DisplayingVirtualDiskGeometry .................................287

DeviceOptions ...................................................287

ScanningAdapters ..............................................287

ManagingSCSIReservationsofLUNs..............................288

ExamplesUsingvmkfstools ...........................................289

Create

a

New

VMFS

3

File

System

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

289AddaPartitiontoVMFS3FileSystem .............................289

CreateaNewVirtualDisk ........................................289

CloneaVirtualDisk .............................................289

CreateaRawDeviceMapping ....................................290

ScananAdapterforChanges .....................................290

Index

.................................................................291


11/324

VMware, Inc. xi

Preface

ThisprefacedescribesthecontentsoftheServerConfigurationGuideandprovidespointerstotechnicalandeducationalresources.

Thisprefacecontainsthefollowingtopics:

! AboutThisBookonpage xii

! IntendedAudienceonpage xii

! DocumentFeedbackonpage xii

! VMwareInfrastructureDocumentationonpage xii

!

Conventions

and

Abbreviations

on

page xiii! TechnicalSupportandEducationResourcesonpage xiv


12/324


xii VMware, Inc.

About This BookThismanual,theServerConfigurationGuide,providesinformationonhowtoconfigurenetworking

for

ESX

Server,

including

how

to

create

virtual

switches

and

ports

and

how

tosetupnetworkingforvirtualmachines,VMotion,IPstorage,andtheserviceconsole.

ItalsocoversconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,Fibre

Channel,andsoforth.TohelpyouprotectyourESXServerinstallation,theguide

providesadiscussionofsecurityfeaturesbuiltintoESXServerandthemeasuresyou

cantaketosafeguarditfromattack.Inaddition,itincludesalistofESXServertechnical

supportcommandsalongwiththeirVIClientequivalentsandadescriptionofthe

vmkfstoolsutility.

Intended AudienceTheinformationpresentedinthismanualiswrittenforsystemadministratorswhoare

experiencedWindowsorLinuxsystemadministratorsandwhoarefamiliarwith

virtualmachinetechnologyanddatacenteroperations.

Document FeedbackIfyouhavecommentsaboutthisdocumentation, submityourfeedbackto:

[email protected]

VMware Infrastructure Documentation

TheVMware

Infrastructure

documentation

consists

of

the

combined

VirtualCenter

and

ESXServerdocumentationset.

YoucanaccessthebooksintheVMwareInfrastructuredocumentsetat:

http://www.vmware.com/support/pubs
mailto:[email protected]://www.vmware.com/support/pubsmailto:[email protected]://www.vmware.com/support/pubs


13/324

VMware, Inc. xiii

Preface

Conventions and AbbreviationsThismanualusesthestyleconventionslistedinTable P1.

Abbreviations Used in Graphics

ThegraphicsinthismanualusetheabbreviationslistedinTable P2.

Table P-1. Type Conventions

Style Purpose

Monospace Usedforcommands,filenames,directories,paths.

Monospace bold Usedtoindicateuserinput.

Bold Usedfortheseterms:

!

Interface

objects,

keys,

buttons! Itemsofhighlightedinterest

! Glossaryterms

Italic Usedforbooktitles.

Usedtoindicatevariableandparameternames.

Table P-2. Abbreviations

Abbreviation Description

VC VirtualCenter

VI VirtualInfrastructureClient

server

VirtualCenterserver

database VirtualCenterdatabase

hostn VirtualCentermanagedhosts

VM# virtualmachinesonamanagedhost

user# userwithaccesspermissions

dsk# storagediskforthemanagedhost

datastore storageforthemanagedhost

SAN storageareanetworktypedatastoresharedbetweenmanagedhosts

tmplt template
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


14/324


xiv VMware, Inc.

Technical Support and Education ResourcesThefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou:

! SelfServiceSupport

! OnlineandTelephoneSupport

! SupportOfferings

! VMwareEducationServices

Self-Service SupportUsetheVMwareTechnologyNetworkforselfhelptoolsandtechnicalinformation:

! ProductInformationhttp://www.vmware.com/products/

! TechnologyInformationhttp://www.vmware.com/vcommunity/technology

! Documentationhttp://www.vmware.com/support/pubs

!

KnowledgeBase

http://www.vmware.com/support/kb

! DiscussionForumshttp://www.vmware.com/community

! UserGroupshttp://www.vmware.com/vcommunity/usergroups.html

FormoreinformationabouttheVMwareTechnologyNetwork,goto

http://www.vmtn.net.

Online and Telephone SupportUseonlinesupporttosubmittechnicalsupportrequests,viewyourproductand

contractinformation,andregisteryourproducts.Goto

http://www.vmware.com/support .

Forcustomerswithappropriatesupportcontracts,usetelephonesupportforthefastest

responseonpriority1issues.Goto

http://www.vmware.com/support/phone_support.html .

Support Offerings

FindouthowVMwaressupportofferingscanhelpyoumeetyourbusinessneeds.Go

tohttp://www.vmware.com/support/services.
http://www.vmware.com/products/http://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/support/pubshttp://www.vmware.com/support/kbhttp://www.vmware.com/communityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/vcommunityhttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/vcommunityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/communityhttp://www.vmware.com/support/kbhttp://www.vmware.com/support/pubshttp://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/products/


15/324

VMware, Inc. xv

Preface

VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcourse

materialsdesigned

to

be

used

as

on

the

job

reference

tools.

For

more

information

about

VMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.
http://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfm


16/324


xvi VMware, Inc.


17/324

VMware, Inc. 1

CHAPTER 1 Introduction

TheServerConfigurationGuidedescribesthetasksyouneedtocompletetoconfigureESXServerhostnetworking,storage,andsecurity.Inaddition,itprovidesoverviews,

recommendations,andconceptualdiscussionstohelpyouunderstandthesetasksand

howto

deploy

an

ESX

Server

host

to

meet

your

needs.

Before

using

the

information

in

theServerConfigurationGuide,readtheIntroductiontoVirtualInfrastructureforanoverviewofsystemarchitectureandthephysicalandvirtualdevicesthatmakeupa

VirtualInfrastructuresystem.

Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe

informationyouneed.Thisguidecoversthesesubjects:

! ESXServernetworkconfigurations

! ESXServerstorageconfigurations

! ESXServersecurityfeatures

! ESXcommandreference

! Thevmkfstoolscommand

Networking

TheESXServernetworkingchaptersprovideyouwithaconceptualunderstandingof

physicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedto

completetoconfigureyourESXServerhostsnetworkconnections,andadiscussionof

advancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthefollowing

chapters:

! NetworkingIntroduces

you

to

network

concepts

and

guides

you

through

the

mostcommontasksyouneedtocompletewhensettingupthenetworkfortheESX

Serverhost.

! AdvancedNetworkingCoversadvancednetworkingtaskssuchassettingup

MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,

itprovidestipsonmakingyournetworkconfigurationmoreefficient.

! NetworkingScenariosandTroubleshootingDescribescommonnetworking

configurationandtroubleshootingscenarios.


18/324


2 VMware, Inc.

Storage

TheESXServerstoragechaptersprovideyouwithabasicunderstandingofstorage,a

description

of

the

basic

tasks

you

perform

to

configure

and

manage

your

ESX

Server

hostsstorage,andadiscussionofhowtosetuprawdevicemapping.Thestorage

sectioncontainsthefollowingchapters:

! IntroductiontoStorageIntroducesyoutothetypesofstorageyoucan

configurefortheESXServerhost.

! ConfiguringStorageExplainshowtoconfigurelocalSCSIstorage,Fibre

Channelstorage,andiSCSIstorage.ItalsoaddressesVMFSstorageand

networkattachedstorage.

! ManagingStorageExplainshowtomanageexistingdatastoresandthefile

systemsthatcomprisedatastores.

! RawDeviceMappingDiscussesrawdevicemapping,howtoconfigurethis

typeofstorage,andhowtomanagerawdevicemappingsbysettingup

multipathing,failover,andsoforth.

Security

TheESXServersecuritychaptersdiscusssafeguardsVMwarehasbuiltintoESXServer

andmeasuresyoucantaketoprotectyourESXServerhostfromsecuritythreats.These

measuresincludeusingfirewalls,leveragingthesecurityfeaturesofvirtualswitches,

andsettingupuserauthenticationandpermissions.Thesecuritysectioncontainsthe

followingchapters:

! SecurityforESXServerSystemsIntroducesyoutotheESXServerfeatures

thathelpyouensureasecureenvironmentforyourdataandgivesyouan

overviewofsystemdesignasitrelatestosecurity.

! SecuringanESXServerConfigurationExplainshowtoconfigurefirewall

portsforESXServerhostsandVMwareVirtualCenter,howtousevirtualswitches

andVLANstoensurenetworkisolationforvirtualmachines,andhowtosecure

iSCSIstorage.

! AuthenticationandUserManagementDiscusseshowtosetupusers,groups,

permissions,androlestocontrolaccesstoESXServerhostsandVirtualCenter.It

alsodiscussesencryptionanddelegateusers.

! ServiceConsoleSecurityDiscussesthesecurityfeaturesbuiltintotheservice

consoleandshowsyouhowtoconfigurethesefeatures.


19/324

VMware, Inc. 3

Chapter 1 Introduction

! SecurityDeploymentsandRecommendations Providessomesample

deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhensetting

upyourownESXServerdeployment.Thischapteralsotellsyouaboutactionsyou

cantaketofurthersecurevirtualmachines.

Appendixes

TheServerConfigurationGuideincludesappendixesthatprovidespecializedinformationyoumayfindusefulwhenconfiguringanESXServerhost.

! ESXTechnicalSupportCommandsCoverstheESXServerconfiguration

commandsthat

can

be

issued

through

acommand

line

shell

such

as

SSH.

While

thesecommandsareavailableforyouruse,youshouldnotconsiderthemtobean

APIuponwhichyoucanbuildscripts.Thesecommandsaresubjecttochangeand

VMwaredoesnotsupportapplicationsandscriptsthatrelyonESXServer

configurationcommands.ThisappendixprovidesyouwithVMwareVirtual

InfrastructureClientequivalentsforthesecommands.

! UsingvmkfstoolsCoversthevmkfstoolsutility,whichyoucanusetoperform

managementandmigrationtasksforiSCSIdisks.

Ser er Config ration G ide


20/324


4 VMware, Inc.


21/324

VMware, Inc. 5

Networking



22/324


6 VMware, Inc.


23/324

VMware, Inc. 7

CHAPTER 2 Networking

ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server

environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure

environment.

UsetheVirtualInfrastructure(VI)Clienttoaddnetworkingbasedonthreecategoriesthatreflectthethreetypesofnetworkservices:

! Virtualmachines

! VMkernel

! Serviceconsole

Thischapter

covers

the

following

topics:

! NetworkingConceptsonpage 8

! NetworkServicesonpage 13

! ViewingNetworkingInformationintheVI Clientonpage 13

! NetworkingTasksonpage 15

! VirtualNetworkConfigurationforVirtualMachinesonpage 15

! VMkernelConfigurationonpage 19

! ServiceConsoleConfigurationonpage 23



24/324

8 VMware, Inc.

Networking ConceptsAfewconceptsareessentialtoathoroughunderstandingofvirtualnetworking.Ifyou

arenew

to

ESX

Server

3.0,

VMware

highly

recommends

you

read

this

section.

Concepts Overview

Aphysicalnetworkisanetworkofphysicalmachinesthatareconnectedsothatthey

cansenddatatoandreceivedatafromeachother.VMwareESX Serverrunsona

physicalmachine.

Avirtualnetworkisanetworkofvirtualmachinesrunningonasinglephysical

machinethatareconnectedlogicallytoeachothersothattheycansenddatatoand

receivedatafromeachother.Virtualmachinescanbeconnectedtothevirtualnetworks

thatyoucreateintheproceduretoaddanetwork.Eachvirtualnetworkisservicedby

asinglevirtualswitch.Avirtualnetworkcanbeconnectedtoaphysicalnetworkby

associatingoneormorephysicalEthernetadapters,alsoreferredtoasuplinkadapters,

withthevirtualnetworksvirtualswitch.Ifnouplinkadaptersareassociatedwiththe

virtualswitch,alltrafficonthevirtualnetworkisconfinedwithinthephysicalhost

machine.Ifoneormoreuplinkadaptersareassociatedwiththevirtualswitch,virtualmachinesconnectedtothatvirtualnetworkarealsoabletoaccessthephysical

networksconnectedtotheuplinkadapters.

AphysicalEthernetswitchmanagesnetworktrafficbetweenmachinesonthephysical

network.Aswitchhasmultipleports,eachofwhichcanbeconnectedtoasingleother

machineoranotherswitchonthenetwork.Eachportcanbeconfiguredtobehavein

certainwaysdependingontheneedsofthemachineconnectedtoit.Theswitchlearns

whichhostsareconnectedtowhichofitsportsandusesthatinformationtoforwardtraffictothecorrectphysicalmachines.Switchesarethecoreofaphysicalnetwork.

Multipleswitchescanbeconnectedtogethertoformlargernetworks.

Avirtualswitch,vSwitch,worksmuchlikeaphysicalEthernetswitch.Itdetectswhich

virtualmachinesarelogicallyconnectedtoeachofitsvirtualportsandusesthat

informationtoforwardtraffictothecorrectvirtualmachines.AvSwitchcanbe

connectedtophysicalswitchesusingphysicalEthernetadapters,alsoreferredtoas

uplinkadapters,tojoinvirtualnetworkswithphysicalnetworks.Thistypeof

connectionissimilartoconnectingphysicalswitchestogethertocreatealarger

network.EventhoughavSwitchworksmuchlikeaphysicalswitch,itdoesnothave

someoftheadvancedfunctionalityofaphysicalswitch.Formoreinformationon

vSwitches,seeVirtualSwitchesonpage 9.

Chapter 2 Networking


25/324

VMware, Inc. 9

AportgroupspecifiesportconfigurationoptionssuchasbandwidthlimitationsandVLANtaggingpoliciesforeachmemberport.NetworkservicesconnecttovSwitches

throughportgroups.Portgroupsdefinehowaconnectionismadethroughthe

vSwitchtothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasinglevSwitch.Formoreinformationonportgroups,seePortGroupsonpage 12.

NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasingle

vSwitchtoformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicaland

virtualnetworksamongsomeorallofitsmembersorprovidepassivefailoverinthe

eventofahardwarefailureoranetworkoutage.

VLANs

enable

a

single

physical

LAN

segment

to

be

further

segmented

so

that

groups

ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.

802.1Qisthestandard.

TheVMkernelTCP/IPnetworkingstacksupportsiSCSI,NFS,andVMotion.Virtual

machinesruntheirownsystemsTCP/IPstacks,andconnecttotheVMkernelatthe

Ethernetlevelthroughvirtualswitches.TwonewfeaturesinESX Server3,iSCSIand

NFS,arereferredasIPstorageinthischapter.IPstoragereferstoanyformofstorage

thatuses

TCP/IP

network

communication

as

its

foundation.

iSCSI

can

be

used

as

a

virtualmachinedatastore,andNFScanbeusedasavirtualmachinedatastoreandfor

directmountingof.ISOfiles,whicharepresentedasCDROMstovirtualmachines.

NOTE ThenetworkingchapterscoverhowtosetupnetworkingforiSCSIandNFS.

ToconfigurethestorageportionofiSCSIandNFS,seethestoragechapters.

MigrationwithVMotionenablesapoweredonvirtualmachinetobetransferredfrom

oneESX Serverhosttoanotherwithoutshuttingdownthevirtualmachine.The

optionalVMotionfeaturerequiresitsownlicensekey.

Virtual Switches

VirtualInfrastructure(VI)Clientletsyoucreateabstractednetworkdevicescalled

virtualswitches(vSwitches).AvSwitchcanroutetrafficinternallybetweenvirtual

machinesand

link

to

external

networks.

NOTE Youcancreateamaximumof248vSwitchesonasinglehost.

Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand

balancecommunicationstrafficamongthem.Theycanalsobeconfiguredtohandle

physicalNICfailover.


26/324


27/324



28/324

12 VMware, Inc.

ApopupwindowdisplaysdetailedpropertiesasshowninFigure 23.

Figure 2-3. Virtual Switch Detailed Properties

Port Groups

Portgroupsaggregatemultipleportsunderacommonconfigurationandprovidea

stableanchorpointforvirtualmachinesconnectingtolabelednetworks.Eachport

groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.AVLANID,

whichrestrictsportgrouptraffictoalogicalEthernetsegmentwithinthephysical

network,isoptional.

NOTE Youcancreateamaximumof512portgroupsonasinglehost.

Labelednetworksareproperlyconfiguredonlywhenallportgroupsusingthesame

networklabelareabletoseethesamebroadcasttraffic.BecauseaVLANcanrestrict

visibilityonaphysicalnetwork,itmightbenecessarytosynchronizethenetworklabel

andVLANIDcontrolswhenoneofthemischanged.MorethanoneportgroupcanusethesameVLANID.



29/324

VMware, Inc. 13

Network ServicesYouneedtoenabletwotypesofnetworkservicesinESX Server:

! Connectingvirtualmachinestothephysicalnetwork

! ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical

network

Theserviceconsole,whichrunsthemanagementservices,issetupbydefaultduring

theinstallationofESX Server.

Viewing Networking Information in the VI ClientTheVIClientdisplaysbothgeneralnetworkinginformationandinformationspecific

tonetworkadapters.

To view general networking information in the VI Client

1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.

Thehardware

configuration

page

for

this

server

appears.

2 ClicktheConfigurationtab,andclickNetworking.

ThenetworkingpaneldisplaysthefollowinginformationasshowninFigure

Figure 24:

! Virtualswitches

! Adapterinformationforeachadapter

! Linkstatus

! Apparentspeedandduplex

! ServiceconsoleandVMkernelTCP/IPservices

! IPaddress

! Serviceconsole

! Virtualdevicename

! Virtualmachines

! Powerstatus

! Connectionstatus

http://-/?-http://-/?-http://-/?-http://-/?-


30/324

14 VMware, Inc.

! Portgroup

! Networklabelcommontoallthreeportconfigurationtypes

! Numberof

configured

virtual

machines

! VLANID,ifanycommontoallthreeportconfigurationtypes

Figure 2-4. General Networking Information

To view network adapter information in the VI Client

1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.

Thehardwareconfigurationpageforthisserverappears.

2 ClicktheConfigurationtab,andclickNetworkAdapters.

Thenetworkadapterspaneldisplaysthefollowinginformation:

! DeviceNameofthenetworkadapter

! SpeedActualspeedandduplexofthenetworkadapter

IP address vSwitch

VM network properties pop-up network adapter

port groupREVISEDSee Updates

at the end

of this book.


31/324


32/324



33/324

VMware, Inc. 17

6 ClickNext.

TheNetworkAccessscreenappears.

Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchis

abletotransferdataonlytoexternalnetworkswhenoneormorenetworkadapters

areattachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,they

aretransparentlyteamed.

7 SelectCreateavirtualswitch.

YoucancreateanewvSwitchwithorwithoutEthernetadapters.

IfyoucreateavSwitchwithoutphysicalnetworkadapters,thenalltrafficonthat

vSwitchwillbeconfinedtothatvSwitch.Nootherhostsonthephysicalnetwork

orvirtualmachinesonothervSwitcheswillbeabletosendorreceivetrafficover

thisvSwitch.Youmightdothisifyouwantagroupofvirtualmachinestobeable

tocommunicatewitheachother,butnotwithotherhostsorwithvirtualmachines

outsidethegroup.

Changesappear

in

the

Preview

pane.

8 ClickNext.

TheConnectionSettingsscreenappears.



34/324

18 VMware, Inc.

9 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup

thatyouarecreating.

Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwoormorehosts.

10 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween1and

4094.

Ifyouareunsurewhattoenter,leavethisblankoraskyournetwork

administrator.

Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLAN

whileleavingtheVLANtagsintact.



35/324

VMware, Inc. 19

11 ClickNext.

TheReadytoCompletescreenappears.

12 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.

NOTE Toenablefailover(NICteaming),bindtwoormoreadapterstothesame

switch.Ifoneuplinkadapterisnotoperational,networktrafficisroutedto

anotheradapterattachedtotheswitch.NICteamingrequiresbothEthernet

devicestobeonthesameEthernetbroadcastdomain.

VMkernel ConfigurationMovingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga

poweredonvirtualmachineiscalledVMotion.MigrationwithVMotion,designedto

beusedbetweenhighlycompatiblesystems,letsyoumigratevirtualmachineswithno

downtime.YourVMkernelnetworkingstackmustbesetupproperlytoaccommodate

VMotion.

IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasits

foundation,whichincludesiSCSIandNASforESX Server.Becausebothofthese

storagetypesarenetworkbased,bothtypescanusethesameportgroup.

ThenetworkservicesprovidedbytheVMkernel(iSCSI,NFS,andVMotion)usea

TCP/IPstackintheVMkernel.ThisTCP/IPstackiscompletelyseparatefromthe

TCP/IPstackusedintheserviceconsole.EachoftheseTCP/IPstacksaccessesvarious

networksby

attaching

to

one

or

more

port

groups

on

one

or

more

vSwitches.



36/324

20 VMware, Inc.

TCP/IP Stack at the Virtual Machine Monitor Level

TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,

NFS,andVMotioninthefollowingways:

! iSCSIasavirtualmachinedatastore.

! iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines.

! NFSasavirtualmachinedatastore.

! NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines.

! MigrationwithVMotion.

NOTE ESXsupportsonlyNFSversion3overTCP/IP.

Implications and Guidelines

RefertothefollowingguidelineswhenconfiguringVMkernelnetworking:

! TheIPaddressthatyouassigntotheserviceconsoleduringinstallationmustbe

differentfromtheIPaddressthatyouassigntoVMkernelsTCP/IPstackfromthe

Configuration>NetworkingtaboftheVirtualInfrastructureClient.

! BeforeconfiguringsoftwareiSCSIfortheESX Serverhost,openafirewallportby

enablingtheiSCSIsoftwareclientservice.Formoreinformation,seeOpening

FirewallPorts

for

Supported

Services

and

Management

Agents

on

page 185.

! UnlikeotherVMkernelservices,iSCSIhasaserviceconsolecomponent,so

networksthatareusedtoreachiSCSItargetsmustbeaccessibletobothservice

consoleandVMkernelTCP/IPstacks.

To set up the VMkernel

1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.



3 ClicktheAddNetworkinglink.

TheAddNetworkWizardappears.


4 S l VMk l d li kN t


37/324

VMware, Inc. 21

4 SelectVMkernelandclickNext.

SelectingVMotionandIPStorageletsyouconnecttheVMkernel,whichruns

servicesforVMotionandIPstorage(NFSoriSCSI),tothephysicalnetwork.

TheNetworkAccesspageappears.

5 SelectthevSwitchyouwouldliketouse,orselecttheCreateavirtualswitchradio

buttontocreateanewvSwitch.

6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.

YourchoicesappearinthePreviewpane.

Selectadapters

for

each

vSwitch

so

that

virtual

machines

or

other

services

that

connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters

appearunderCreateanewvirtualswitch,allthenetworkadaptersinthesystem

arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout

anetworkadapterorselectanetworkadapterusedbyanexistingvSwitch.

ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd

uplinkadaptersonpage 36.


38/324


10 Under IP Settings clickEdit to set theVMkernel Default Gateway for VMkernel


39/324

VMware, Inc. 23

10 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel

services,suchasVMotion,NAS,andiSCSI.

NOTE Makesure

that

you

set

adefault

gateway

for

the

port

that

you

created.

VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.You

mustuseavalidIPaddresstoconfiguretheVMkernelIPstack,nota

dummyaddress.

TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS

Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.

TheDNSserveraddressesthatwerespecifiedduringinstallationarealso

preselectedasisthedomain.

UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown

gatewayinformation.Agatewayisforneededifconnectivitytomachinesnoton

thesameIPsubnetastheserviceconsoleorVMkernel.

StaticIPsettingsisthedefault.

11 ClickOK

to

save

your

changes

and

close

the

DNS

Configuration

and

Routing

dialogbox.

12 ClickNext.

13 UsetheBackbuttontomakeanychanges.

14 ReviewyourchangesontheReadytoCompletepageandclickFinish.

Service Console ConfigurationBoththeserviceconsoleandtheVMkernelusevirtualEthernetadapterstoconnectto

avSwitchandtoreachnetworksservicedbythevSwitch.

Basic Service Console Configuration Tasks

Therearetwocommonserviceconsoleconfigurationchanges:changingNICsand

changingthe

settings

for

an

existing

NIC

that

is

in

use.

Whenonlyoneserviceconsoleconnectionispresent,changingtheserviceconsole

configurationisnotallowed.Ifyouwantanewconnection,youmustchangethe

networksettingstouseanadditionalNIC.Afterverifyingthatthenewconnectionis

functioningproperly,removetheoldconnection.Youareswitchingovertothenew

NIC.


To configure service console networking


40/324

24 VMware, Inc.

To configure service console networking


Thehardware

configuration

page

for

this

server

appears.




4 SelectServiceConsoleontheConnectionTypesscreen,andclickNext.

TheService

Console

Network

Access

page

appears.

5 SelectthevSwitchyouwanttousefornetworkaccess,orselectCreateanew

vSwitchandclickNext.

IfnoadaptersappearunderCreateanewvirtualswitch,allthenetworkadapters

inthe

system

are

being

used

by

existing

vSwitches.

For

information

on

moving

networkadaptersbetweenvSwitches,seeToadduplinkadaptersonpage 36.


41/324


42/324


6 Tocontinuewiththeserviceconsoleconfiguration,clickContinuemodifyingthis


43/324

VMware, Inc. 27

connection.

TheServiceConsolePropertiesdialogboxappears.

7 Editportproperties,IPsettings,andeffectivepoliciesasnecessary.

8 ClickOK.

OnlyonedefaultgatewaycanbeconfiguredperTCP/IPstack.


44/324


45/324



46/324

30 VMware, Inc.

CHAPTER 3 Advanced Networking


47/324

VMware, Inc. 31

g

ThischapterguidesyouthroughadvancednetworkingtopicsinanESX Server

environmentandhowtosetupandchangeadvancednetworkingconfiguration

options.

Thischapter

covers

the

following

topics:

! AdvancedNetworkingTasksonpage 32

! VirtualSwitchConfigurationonpage 32

! PortGroupConfigurationonpage 46

! DNSandRoutingonpage 48

! SettingUp

MAC

Addresses

on

page 50

! NetworkingTipsandBestPracticesonpage 53


Advanced Networking Tasks


48/324

32 VMware, Inc.

Thischapteroutlineshowtoperformthefollowingadvancednetworkingtasks:

!

Toedit

the

number

of

ports

for

avSwitch

on

page 32

! Toconfiguretheuplinknetworkadapterbychangingitsspeedonpage 35

! Toadduplinkadaptersonpage 36

! ToedittheLayer2Securitypolicyonpage 39

! ToedittheTrafficShapingpolicyonpage 41

! Toedit

the

failover

and

load

balancing

policy

on

page 43

! Toeditportgrouppropertiesonpage 46

! Tooverridelabelednetworkpoliciesonpage 47

! TochangetheDNSandRoutingconfigurationonpage 48

! TosetupaMACaddressonpage 52

Virtual Switch ConfigurationThissectioncontainsthefollowinginformation:

! VirtualSwitchPropertiesonpage 32

! VirtualSwitchPoliciesonpage 39

Virtual Switch Properties

VirtualswitchsettingscontrolvSwitchwidedefaultsforports,whichcanbe

overriddenbyportgroupsettingsforeachvSwitch.

Editing Virtual Switch Properties

EditingvSwitchpropertiesconsistsof:

! Configuringports

! Configuringtheuplinknetworkadapters

To edit the number of ports for a vSwitch

1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.



Chapter 3 Advanced Networking

3 Ontherightsideofthewindow,findthevSwitchthatyouwanttoedit.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


49/324

VMware, Inc. 33


50/324


To configure the uplink network adapter by changing its speed

1 Log into the VMware VI Client and select the server from the inventory panel


51/324

VMware, Inc. 35




3 SelectavSwitchandclickProperties.

4 InthevSwitchPropertiesdialogbox,clicktheNetworkAdapterstab.

5 Tochangetheconfiguredspeed,duplexvalueofanetworkadapter,selectthe

networkadapterandclickEdit.

TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe

correctchoice.


6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe

dropdownmenu.


52/324

36 VMware, Inc.

ChoosetheconnectionspeedmanuallyiftheNICandaphysicalswitchmightfail

tonegotiatetheproperconnectionspeed.Symptomsofmismatchedspeedandduplexincludelowbandwidthornolinkconnectivityatall.

Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame

value,thatis,auto/autoorND/NDwhereNDissomespeedandduplex,butnot

auto/ND.

7 ClickOK.

To add uplink adapters





4 InthePropertiesdialogboxforthevSwitch,clicktheNetworkAdapterstab.


5 ClickAddtolaunchtheAddAdapterWizard.

YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.


53/324

VMware, Inc. 37

p p g p g

Suchateamcansharetrafficandprovidefailover.

CAUTION MisconfigurationcanresultinthelossoftheVIClientabilityto

connecttothehost.

6 Selectoneormoreadaptersfromthelist,andclickNext.

7 ToordertheNICs,selectaNICandclickthebuttonstomoveitupordowninto

thecategory(ActiveorStandby)thatyouwant.

! ActiveAdaptersAdapterscurrentlyusedbythevSwitch.


! StandbyAdaptersAdaptersthatbecomeactiveintheeventthatoneor

moreoftheactiveadaptersshouldfail.


54/324

38 VMware, Inc.

8 ClickNext.

TheAdapterSummarypageappears.

9 Reviewtheinformationonthispage,usetheBackbuttontochangeanyentries,

andclickFinishtoleavetheAddAdapterWizard.

Thelistofnetworkadaptersreappears,showingthoseadaptersnowclaimedby

thevSwitch.

10 ClickClose

to

exit

the

vSwitch

Propertiesdialog

box.

TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin

theirdesignatedorderandcategories.


Virtual Switch Policies

You can apply a set of vSwitch wide policies by selecting the vSwitch at the top of the


55/324

VMware, Inc. 39

YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe

Ports

tab

and

clicking

Edit.

Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.

AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups

onthatvSwitchexceptforthoseconfigurationoptionsthathavebeenoverriddenby

theportgroup.

ThevSwitchpoliciesconsistof:

!

Layer2Security

policy

! TrafficShapingpolicy

! LoadBalancingandFailoverpolicy

Layer 2 Security Policy

Layer2isthedatalinklayer.ThethreeelementsoftheLayer2Securitypolicyare

promiscuousmode,

MAC

address

changes,

and

forged

transmits.

Innonpromiscuousmode,aguestadapterlistenstotrafficonlyonitsownMAC

address.Inpromiscuousmode,itcanlistentoallthepackets.Bydefault,guestadapters

aresettononpromiscuousmode.

Forfurtherinformationonsecurity,seeSecuringVirtualSwitchPortsonpage 195.

To edit the Layer 2 Security policy




3 ClickPropertiesforthevSwitchwhoseLayer2Securitypolicyyouwanttoedit.

4 InthePropertiesdialogboxforthevSwitch,clickthePortstab.

5 SelectthevSwitchitemandclickEdit.


56/324


! ForgedTransmits

! RejectAnyoutboundframewithasourceMACaddressthatis

diff t f th tl t th d t ill b d d


57/324

VMware, Inc. 41

differentfromtheonecurrentlysetontheadapterwillbedropped.

! AcceptNofilteringisperformedandalloutboundframesarepassed.

8 ClickOK.

Traffic Shaping Policy

ESX Servershapestrafficbyestablishingparametersforthreeoutboundtraffic

characteristics:averagebandwidth,burstsize,andpeakbandwidth.Youcansetvalues

forthesecharacteristicsthroughtheVI Client,establishingatrafficshapingpolicyfor

eachuplinkadapter.

! AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe

vSwitchaveragedovertimetheallowedaverageload.

! BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst

exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.

Ifthequeueisfull,thepacketsaredropped.Whenyouspecifyvaluesforthesetwocharacteristics,youindicatewhatyouexpectthevSwitchtohandleduringnormal

operation.

! PeakBandwidthisthemaximumbandwidththevSwitchcanabsorbwithout

droppingpackets.Iftrafficexceedsthepeakbandwidthyouestablish,excess

packetsarequeuedforlatertransmissionaftertrafficontheconnectionhas

returnedtotheaverageandthereareenoughsparecyclestohandlethequeued

packets.Ifthequeueisfull,thepacketsaredropped.Evenifyouhavesparebandwidthbecausetheconnectionhasbeenidle,thepeakbandwidthparameter

limitstransmissiontonomorethanpeakuntiltrafficreturnstotheallowed

averageload.

To edit the Traffic Shaping policy





4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 SelectthevSwitchandclickEdit.

ThePropertiesdialogboxfortheselectedvSwitchappears.


6 ClicktheTrafficShapingtab.

ThePolicyExceptionspaneappears.Whentrafficshapingisdisabled,thetunable

features are dimmed You can selectively override all traffic shaping features at the


58/324

42 VMware, Inc.

featuresaredimmed.Youcanselectivelyoverridealltrafficshapingfeaturesatthe

portgroup

level

if

traffic

shaping

is

enabled.

Thesearethepoliciestowhichtheperportgroupexceptionsareapplied.

Thepolicyhereisappliedtoeachvirtualadapterattachedtotheportgroup,nottothevSwitchasawhole.

! StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting

limitsontheamountofnetworkingbandwidthallocationeachvirtualadapter

associatedwiththisparticularportgroup.Ifyoudisablethepolicy,services

willhaveafree,clearconnectiontothephysicalnetworkbydefault.

Theremaining

fields

define

network

traffic

parameters:

! AverageBandwidthAvaluemeasuredoveraparticularperiodoftime.

! PeakBandwidthAvaluethatisthemaximumbandwidthallowedandthat

canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe

maximumbandwidthduringaburst.

! BurstSizeAvaluespecifyinghowlargeaburstcanbeinkilobytes(K).This

parametercontrolstheamountofdatathatcanbesentinoneburstwhileexceedingtheaveragerate.


Load Balancing and Failover Policy

LoadBalancingandFailoverpoliciesallowyoutodeterminehownetworktrafficis

distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter


59/324

VMware, Inc. 43

i i u e e ee a ap e a o o e ou e a i i e e e o a a ap e

failureby

configuring

the

following

parameters:

! LoadBalancingpolicy

TheLoadBalancingpolicydetermineshowincomingandoutgoingtrafficis

distributedamongthenetworkadaptersassignedtoavSwitch.

! FailoverDetection:LinkStatus/BeaconProbing

! NetworkAdapterOrder(Active/Standby)

To edit the failover and load balancing policy




3 SelectavSwitchandclickEdit.

4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 ToedittheFailoverandLoadBalancingvaluesforthevSwitch,selectthevSwitch

itemandclickProperties.

ThePropertiesdialogboxforthevSwitchappears.


6 ClicktheNICTeamingtab.

ThePolicyExceptionsareaappears.Youcanoverridethefailoverorderattheport

group level. By default, new adapters are active for all policies. New adapters carry


60/324

44 VMware, Inc.

grouplevel.Bydefault,newadaptersareactiveforallpolicies.Newadapterscarry

trafficfor

the

vSwitch

and

its

port

group

unless

you

specify

otherwise.

7 InthePolicyExceptionspane:

! LoadBalancingSpecifyhowtochooseanuplink.

! RoutebasedontheoriginatingportIDChooseanuplinkbasedonthe

virtualportwherethetrafficenteredthevirtualswitch.

! RoutebasedoniphashChooseanuplinkbasedonahashofthe

sourceanddestinationIPaddressesofeachpacket.FornonIPpackets,

whateverisatthoseoffsetsisusedtocomputethehash.


! RoutebasedonsourceMAChashChooseanuplinkbasedonahash

ofthesourceEthernet.

! UseexplicitfailoverorderAlwaysusethehighestorderuplinkfrom


61/324

VMware, Inc. 45

p y g p

thelist

of

Active

adapters

which

passes

failover

detection

criteria.

! NetworkFailoverDetectionSpecifythemethodtouseforfailover

detection.

! LinkStatusonlyReliessolelyonthelinkstatusprovidedbythe

networkadapter.Thisdetectsfailures,suchascablepullsandphysical

switchpowerfailures,butnotconfigurationerrors,suchasaphysical

switchportbeingblockedbyspanningtreeormisconfiguredtothe

wrongVLANorcablepullsontheothersideofaphysicalswitch.

! BeaconProbingSendsoutandlistensforbeaconprobesonallNICsin

theteamandusesthisinformation,inadditiontolinkstatus,to

determinelinkfailure.Thisdetectsmanyofthefailuresmentionedabove

thatarenotdetectedbylinkstatusalone.

! NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.

IfyouselectYes,wheneveravirtualNICisconnectedtothevSwitchor

wheneverthatvirtualNICstrafficwouldberoutedoveradifferentphysical

NICintheteamduetoafailoverevent,anotificationissentoutoverthe

networktoupdatethelookuptablesonphysicalswitches.Inalmostallcases,

thisisdesirableforthelowestlatencyoffailoveroccurrencesandmigrations

withVMotion.

NOTE Donotusethisoptionwhenthevirtualmachinesusingtheport

groupareusingMicrosoftNetworkLoadBalancinginunicastmode.

NosuchissueexistswithNLBrunninginmulticastmode.

! RollingFailoverSelectYesorNotodisableorenablerolling.

Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter

recoveringfromafailure.IfrollingissettoNo,theadapterisreturnedto

activedutyimmediatelyuponrecovery,displacingthestandbyadapterthat

tookoveritsslot,ifany.IfrollingissettoYes,afailedadapterisleftinactive

evenafterrecoveryuntilanothercurrentlyactiveadapterfails,requiringits

replacement.


! FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Ifyou

wanttousesomeadaptersbutreserveothersforemergenciesincasetheones

inusefail,youcansetthisconditionusingthedropdownmenutoplacethem

into the two groups:


62/324

46 VMware, Inc.

intothetwogroups:

! ActiveAdaptersContinuetouseitwhenthenetworkadapter

connectivityisupandactive.

! StandbyAdaptersUsethisadapterifoneoftheactiveadapters

connectivityisdown.

! UnusedAdaptersNottobeused.

Port Group ConfigurationYoucanchangethefollowingportgroupconfigurations:

! Portgroupproperties

! Labellednetworkpolicies

To edit port group properties




3 Ontherightsideofthewindow,clickPropertiesforanetwork.

ThevSwitchPropertiesdialogboxappears.

4 ClickthePortstab.

5 SelecttheportgroupandclickEdit.

6 InthePropertiesdialogboxfortheportgroup,clicktheGeneraltabtochange:

! NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis

labelwhenconfiguringavirtualadaptertobeattachedtothisportgroup,

eitherwhenconfiguringvirtualmachinesorVMkernelservices,suchasVMotionandIPstorage.

! VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

7 ClickOKtoexitthevSwitchPropertiesdialogbox.


To override labeled network policies

1 Tooverrideanyofthesesettingsforaparticularlabelednetwork,selectthe

network.


63/324

VMware, Inc. 47

2 ClickEdit.

3 ClicktheSecuritytab.

4 Selectthecheckboxforthelabelednetworkpolicythatyouwanttooverride.

Forinformationonthesesettings,seeLayer2SecurityPolicyonpage 39.

5 ClicktheTrafficShapingtab.

6 SelectthecheckboxtooverridetheenabledordisabledStatus.Forinformationon

theStatussettings,seeTrafficShapingPolicyonpage 41.

7 ClicktheNICTeamingtab.


8 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder

policies.

Forinformationonthesesettings,seeLoadBalancingandFailoverPolicyon


64/324

48 VMware, Inc.

page 43.

9 ClickOKtoexitthelabeledVMNetworkPropertiesdialogbox.

DNS and RoutingConfigureDNSandroutingthroughtheVI Client.

To change the DNS and Routing configuration



2 ClicktheConfigurationtab,andclickDNSand

Routing.


3 Ontherightofthewindow,clickProperties.

4 IntheDNSConfigurationtab,entervaluesfortheNameandDomainfields.

5 ChoosetoeitherobtaintheDNSserveraddressautomaticallyoruseaDNSserver


65/324

VMware, Inc. 49

y

address.

NOTE DHCPissupportedonlyiftheDHCPserverisaccessibletotheservice

console.Inotherwords,theserviceconsolemusthaveavirtualinterface

(vswif)configuredandattachedtothenetworkwheretheDHCPserver

resides.

6 Specifythedomainsinwhichtolookforhosts.


7 IntheRoutingtab,changedefaultgatewayinformationasneeded.

Youneedtoselectagatewaydeviceonlyifyouhaveconfiguredtheservice

consoletoconnecttomorethanonesubnet.


66/324

50 VMware, Inc.

8 ClickOKtoclosetheDNSConfigurationdialogbox.

Setting Up MAC AddressesMACaddressesaregeneratedforvirtualnetworkadaptersusedbytheserviceconsole,

theVMkernalandvirtualmachines.Inmostcases,theseMACaddressesare

appropriate.However,youmightneedtosetaMACaddressforavirtualnetwork

adapterasinthefollowingcases:

! Virtualnetworkadaptersondifferentphysicalserverssharethesamesubnetand

areassigned

the

same

MAC

address,

causing

aconflict.

! YouwanttoensurethatavirtualnetworkadapteralwayshasthesameMAC

address.

ThefollowingsectionsdescribehowMACaddressesaregeneratedandhowyoucan

settheMACaddressforavirtualnetworkadapter.


67/324


Setting MAC Addresses

Tocircumventthelimitof256virtualnetworkadaptersperphysicalmachineand

possibleMACaddressconflictsbetweenvirtualmachines,systemadministratorscan


68/324

52 VMware, Inc.

manually assign MAC addresses. VMware uses this OUI for manually generatedaddresses:00:50:56.

TheMACaddressrangeis

00:50:56:00:00:00-00:50:56:3F:FF:FF

Youcansettheaddressesbyaddingthefollowinglinetoavirtualmachines

configurationfile:

ethernet .address = 00:50:56:XX:YY:ZZ

wherereferstothenumberoftheEthernetadapter,XX isavalidhexadecimal

numberbetween00and3F,andYYandZZarevalidhexadecimalnumbersbetween00

andFF.ThevalueforXXmustnotbegreaterthan3FtoavoidconflictwithMAC

addressesthataregeneratedbytheVMwareWorkstationandVMwareGSXServer

products.ThemaximumvalueforamanuallygeneratedMACaddressis

ethernet.address = 00:50:56:3F:FF:FF

Youmustalsosettheoptioninavirtualmachinesconfigurationfile:

ethernet.addressType="static"

BecauseVMwareESX ServervirtualmachinesdonotsupportarbitraryMAC

addresses,theaboveformatmustbeused.Aslongasyouchooseauniquevaluefor

XX:YY:ZZ amongyourhardcodedaddresses,conflictsbetweentheautomatically

assignedMACaddressesandthemanuallyassignedonesshouldneveroccur.

Using MAC Addresses

TheeasiestwaytofamiliarizeyourselfwithMACaddressesistosetupaMACaddress.

To set up a MAC address

1 SettheMACaddressstatically.

2 Removethevirtualmachineconfigurationfileoptions:

ethernet.address, ethernet.addressType

and

ethernet.generatedAddressOffset


3 VerifythatthevirtualmachinereceivesageneratedMACaddress.

VMwareguarantees,however,thattheMACaddresswillneverconflictwithany

physicalhostbyusingtheVMwareOUIs(00:0C:29and00:50:56),whichareuniqueto

l

h


69/324

VMware, Inc. 53

virtual machines.

Networking Tips and Best PracticesThissectionprovidesinformationabout:

! Networkingbestpractices

! Networkhints

Networking Best Practices

Considerthesebestpracticesforconfiguringyournetwork:

! Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter

performance.

Ifyouwantaparticularsetofvirtualmachinestofunctionatthehighest

performancelevels,putthemonaseparatephysicalNIC.Thisseparationallows

foraportionofthetotalnetworkingworkloadtobemoreevenlysharedacross

multipleCPUs.Theisolatedvirtualmachinesarethenmoreabletoservetraffic

fromaWebclient,forinstance.

! TherecommendationsbelowcanbesatisfiedeitherbyusingVLANstosegmenta

singlephysicalnetworkorbyusingseparatephysicalnetworks(thelatteris

preferable).

! Keepingtheserviceconsoleonitsownnetworkisanimportantpartof

securingtheESXsystem.Considertheserviceconsolenetworkconnectivity

inthesamelightasanyremoteaccessdeviceinaserverbecausecompromise

oftheserviceconsolegivesanattackerfullcontrolofallvirtualmachines

runningonthesystem.

!Keeping

the

VMotion

connection

on

aseparate

network

devoted

to

this

purposeisimportantbecausewhenmigrationwithVMotionoccurs,the

contentsoftheguestoperatingsystemsmemoryaretransmittedoverthe

network.


Mounting NFS Volumes

InESX Server3.0,themodelofhowESXaccessesNFSstorageofISOimagesthatare

usedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelusedin

ESX Server2.x.


70/324

54 VMware, Inc.

ESX Server3.0hassupportforVMkernelbasedNFSmounts.Thenewmodelisto

mountyourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.

AllNFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual

machineconfigurationeditorallowsyoutobrowsetheserviceconsolefilesystemfor

ISOimagestobeusedasvirtualCDROMdevices.

Networking TipsConsiderthefollowingnetworkhints:

! Theeasiestwaytophysicallyseparatenetworkservicesandtodedicatea

particularsetofNICstoaspecificnetworkserviceistocreateavSwitchforeach

service.Ifthisisnotpossible,theycanbeseparatedfromeachotheronasingle

vSwitchbyattachingthemtoportgroupswithdifferentVLANIDs.Ineithercase,

confirmwithyournetworkadministratorthatthenetworksorVLANsyouchoose

areisolatedintherestofyourenvironment,thatis,noroutersconnectthem.

! YoucanaddandremoveNICsfromthevSwitchwithoutaffectingthevirtual

machinesorthenetworkservicethatisrunningbehindthatvSwitch.Ifyou

removedalltherunninghardware,thevirtualmachineswouldstillbeableto

communicateamongstthemselves,asiftheyweregoingouttothenetworkand

back.Moreover,ifyouleftoneNICintact,allofthevirtualmachineswouldstillbe

abletoconnectwiththephysicalnetwork.

! Useportgroupswithdifferentsetsofactiveadaptersintheirteamingpolicyto

separatevirtualmachinesintogroups.Thesecanuseseparateadaptersaslongas

alladaptersareupbutstillfallbacktosharingintheeventofanetworkor

hardwarefailure.

! Deployfirewallsinvirtualmachinesthatroutebetweenvirtualnetworkswith

uplinkstophysicalnetworksandpurevirtualnetworkswithnouplinkstoprotect

yourmostsensitivevirtualmachines.

CHAPTER 4 Networking Scenarios and

Troubleshooting


71/324

VMware, Inc. 55

Thischapterdescribescommonnetworkingconfigurationandtroubleshooting

scenarios.

Thischaptercoversthefollowingtopics:

! NetworkingConfigurationforSoftwareiSCSIStorageonpage 56

! ConfiguringNetworkingonBladeServersonpage 62

! Troubleshootingonpage 67


Networking Configuration for Software iSCSI StorageThestorageyouconfigureforanESX Serverhostmightincludeoneormorestorage

areanetworks(SANs)thatuseiSCSI,whichisameansofaccessingSCSIdevicesand

exchangingdata

records

using

TCP/IP

protocol

over

anetwork

port

rather

than


72/324

56 VMware, Inc.

exchanging data records using TCP/IP protocol over a network port rather thanthroughadirectconnectiontoaSCSIdevice.IniSCSItransactions,blocksofrawSCSI

dataareencapsulatediniSCSIrecordsandtransmittedtotherequestingdeviceoruser.

BeforeyoucanconfigureiSCSIstorage,youmustcreateaVMkernelporttohandle

iSCSInetworkingandaserviceconsoleconnectiontotheiSCSInetwork.

To create a VMkernel port for software iSCSI

1 Loginto

the

VMware

VI Client,

and

select

the

server

from

the

inventory

panel.






ThisletsyouconnecttheVMkernel,whichrunsservicesforiSCSIstorage,tothe

physicalnetwork.

TheNetworkAccesspageappears.

5 SelectthevSwitchyouwanttouseortheCreateavirtualswitchradiobutton.


73/324


8 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.

! NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.

Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe

attachedtothisportgroup,whenconfiguringiSCSIstorage.


74/324

58 VMware, Inc.

! VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

Chapter 4 Networking Scenarios and Troubleshooting

9 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforiSCSI.




preselected as is the domain.


75/324

VMware, Inc. 59

preselectedasisthedomain.



gatewayinformation.Agatewayisneededforconnectivitytomachinesnotonthe

sameIPsubnetastheserviceconsoleorVMkernel.


76/324

60 VMware, Inc.

NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.

YoumustuseavalidstaticIPaddresstoconfiguretheVMkernelstack.

10 ClickOKtosaveyourchanges,andclosetheDNSand

Routing

Configuration

dialogbox.

11 ClickNext.



Afteryou

create

aVMkernel

port

for

iSCSI,

you

must

create

aservice

console

connectiononthesamevSwitchastheVMkernelport.

To configure a service console connection for software iSCSI storage





77/324


7 EntertheIPAddressandSubnetMask,orselecttheDHCPoptionObtainIP

settingautomaticallyfortheIPaddressandsubnetmask.

8 ClicktheEditbuttontosettheServiceConsoleDefaultGateway.

SeeTosetthedefaultgatewayonpage 28.


78/324

62 VMware, Inc.

9 ClickNext.

TheReadytoCompletescreenappears.

10 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.

AfteryoucreateaVMkernelportandserviceconsoleconnection,youareabletoenable

andconfiguresoftwareiSCSIstorage.ForinformationonconfiguringiSCSIadapters

andstorage,seeiSCSIStorageonpage 96.

Configuring Networking on Blade ServersBecausebladeserversmayhavealimitednumberofnetworkadapters,itwilllikelybe

necessarytouseVLANstoseparatetrafficfortheserviceconsole,VMotion,IPstorage,

andvariousgroupsofVMs. VMwarebestpracticesrecommendthattheservice

consoleandVMotionhavetheirownnetworksforsecurityreasons. Ifyoudedicate

physicaladapterstoseparatevSwitchesforthispurpose,youwilllikelyhavetogive

upredundant(teamed)connectionsorgiveupisolatingthevariousnetworkingclients,

orboth.

VLANs

allow

you

to

achieve

network

ostentation

without

having

to

use

multiplephysicaladapters.

ForthenetworkbladeofabladeservertosupportanESX Serverportgroupwith

VLANtaggedtraffic,youmustconfigurethebladetosupport802.1Qandconfigurethe

portasataggedport.


Themethodforconfiguringaportasataggedportdiffersfromservertoserver.The

followinglistdescribeshowtoconfigureataggedportonthreeofthemostcommonly

usedbladeservers:

! HPBladeSettheportsVLANTaggingtoenabled.

! Dell PowerEdge Set the port to Tagged.


79/324

VMware, Inc. 63

! DellPowerEdge SettheporttoTagged.

! IBMeServerBladeCenterSelectTagintheportsconfiguration.

To configure a virtual machine port group with VLAN on a blade server


The

hardware

configuration

page

for

this

server

appears.2 ClicktheConfigurationtab,andclickNetworking.

3 Ontherightsideofthescreen,clickPropertiesforvSwitchassociatedwiththe

serviceconsole.

4 OnthePortstab,clickAdd.


5 Asaconnectiontype,selectVirtualMachines,whichisthedefault.

6 ClickNext.

TheConnectionSettingspageappears.


80/324



ThisletsyouconnecttheVMkernel,whichrunsservicesforVMotionandIP

storage(NFSoriSCSI),tothephysicalnetwork.

TheConnection

Settings

page

appears.

6 Under Port Group Properties select or enter a network label and a VLAN ID


81/324

VMware, Inc. 65

6 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.

! NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.

Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe

attachedtothisportgroup,whenconfiguringVMkernelservices,suchas

VMotionandIPstorage.

! VLANID

IdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

7 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto

advertiseitselftoanotherESX ServerasthenetworkconnectionwhereVMotion

trafficshouldbesent.

YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor

eachESX Server

host.

If

this

property

is

not

enabled

for

any

port

group,

migration

withVMotiontothishostisnotpossible.


8 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel

services,suchasVMotion,NAS,andiSCSI

NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.

VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.YoumustuseavalidIPaddresstoconfiguretheVMkernelIPstack,nota


82/324

66 VMware, Inc.

dummyaddress.




preselectedas

is

the

domain.


gatewayinformation.Agatewayisneededifconnectivitytomachinesnotonthe

sameIPsubnetastheserviceconsoleorVMkernel.

StaticIPsettingsisthedefault.

9 ClickOKtosaveyourchanges,andclosetheDNSConfigurationandRouting

dialogbox.

10 ClickNext.




TroubleshootingThefollowingsectionguidesyouthroughtroubleshootingcommonnetworkingissues.

Thissectioncoversthefollowingtopics:

! TroubleshootingServiceConsoleNetworkingonpage 67


83/324

VMware, Inc. 67

! TroubleshootingNetworkAdapterConfigurationonpage 68

! TroubleshootingPhysicalSwitchConfigurationonpage 69

! TroubleshootingPortGroupConfigurationonpage 69

Troubleshooting Service Console NetworkingIfcertainpartsoftheserviceconsolesnetworkingaremisconfigured,youwilllose

yourabilitytoaccessyourESXServerhostwiththeVIClient.Intheeventthatthis

happens,youcanreconfigurenetworkingbyconnectingdirectlytoserviceconsoleand

usingthefollowingserviceconsolecommands:

! esxcfg-vswif -l

Providesalistoftheserviceconsolescurrentnetworkinterfaces.

Checkthatvswif0ispresentandthatthecurrentIPaddressandNetmaskare

correct.

! esxcfg-vswitch -l

Providesalistofcurrentvirtualswitchconfigurations.

Check

that

the

uplink

adapter

configured

for

the

service

console

is

connected

to

the

appropriatephysicalnetwork.

! exscfg-nics -l

Providesalistofcurrentnetworkadapters.

Checkthattheuplinkadapterconfiguredfortheserviceconsoleisupandthatthe

speedandduplexarebothcorrect.

! esxcfg-nics -s

Changesthespeedofanetworkadapter.

! esxcfg-nics -d

Changestheduplexofanetworkadapter.


! esxcfg-vswif -i vswifX

ChangestheserviceconsolesIPaddress.

! esxcfg-vswif -n vswifX

Changestheserviceconsolesnetmask.

! f it h U ld i i l it h


84/324

68 VMware, Inc.

! esxcfg-vswitch -U

Removestheuplinkfortheserviceconsole

! esxcfg-vswitch -L

Changestheuplinkfortheserviceconsole.

Ifyouencounterlongwaitswhenusingesxcfg-*commands,itispossiblethatDNSis

misconfigured.Theesxcfg-*commandsrequirethatDNSbeconfiguredsothat

localhostnameresolutionworksproperly.Thisrequiresthatthe/etc/hostsfile

containanentryfortheconfiguredIPaddressandthe127.0.0.1localhostaddress.

Troubleshooting Network Adapter Configuration

Addinganew

network

adapter,

in

certain

cases,

can

cause

loss

of

service

console

connectivityandmanageabilityusingtheVI Clientduetonetworkadaptersgetting

renamed.

Ifthishappens,youmustrenametheaffectednetworkadaptersusingtheservice

console.

To rename network adapters using the service console

1 Login

directly

to

your

ESX

Server

sconsole.

2 Usethecommandesxcfg-nics -ltoseewhichnameshavebeenassignedtoyour

networkadapters.

3 Usethecommandesxcfg-vswitch -ltoseewhichvSwitches,ifany,arenow

associatedwithdevicenamesnolongershownbyesxcfgnics.

4 Usethecommandesxcfg-vswitch -U toremoveany

networkadaptersthathavebeenrenamed.

5 Usethecommandesxcfg-vswitch -L toreaddthe

networkadapters,givingthemthecorrectnames.


85/324



86/324

70 VMware, Inc.


87/324

VMware, Inc. 71

Storage



88/324

72 VMware, Inc.

CHAPTER 5 Introduction to Storage


89/324

VMware, Inc. 73

ThischaptercontainsoverviewinformationabouttheavailablestorageoptionsforESX

Server.

ForinformationaboutconfiguringSANs,seetheSANConfigurationGuide.Forinformationaboutconfiguringvirtualmachines,seetheVirtualMachineManagementGuide.

Thischaptercoversthefollowingtopics:

! StorageConceptsonpage 74

! StorageOverviewonpage 75

! ViewingStorageInformationintheVirtualInfrastructureClientonpage 79

! VMwareFileSystemonpage 82

! ConfiguringandManagingStorageonpage 86


90/324

Chapter 5 Introduction to Storage

! NFS(networkfilesystem)FilesharingprotocolESXServersupportsto

communicatewithaNASdevice.

! RawdeviceDiskuseddirectlybyavirtualmachine.

!

Raw

device

mapping

(RDM)Special

file

in

aVMFS

volume

that

acts

as

aproxy

forarawdeviceandmapsSANLUNsdirectlytoavirtualmachine.

! Spanned volume Dynamic volume that uses disk space on more than one


91/324

VMware, Inc. 75

Spannedvolume Dynamicvolumethatusesdiskspaceonmorethanone

physicaldisk,yetappearsasasinglelogicalvolume.

! StoragedevicePhysicaldiskorstoragearraythatcaneitherbeinternalorlocated

outsideofyoursystemandconnectedtothesystemeitherdirectlyorthroughan

adapter.

! VMFS(VMwareFileSystem)Highperformanceclusterfilesystemthat

providesstoragevirtualizationoptimizedforvirtualmachines.

! VolumeLogicalstorageunit,whichcanusediskspaceononephysicaldevice,

oritspart,orspanseveralphysicaldevices.

Storage OverviewInthemostcommonconfiguration,avirtualmachineusesavirtualharddisktostore

itsoperatingsystem,programfiles,andotherdataassociatedwithitsactivities.A

virtualdiskisalargephysicalfilethatcanbecopied,moved,archived,andbackedup

aseasyasanyotherfile.

Virtualdiskfilesresideonspeciallyformattedvolumescalleddatastores.Adatastore

canbedeployedonthehostmachinesinternaldirectattachedstoragedevicesoron

networkedstoragedevices.Anetworkedstoragedevicerepresentsanexternalsharedstoragedeviceorarraythatislocatedoutsideofyoursystemandistypicallyaccessed

overanetworkthroughanadapter.

Storingvirtualdisksandotheressentialpiecesofyourvirtualmachineonasingle

datastoresharedbetweenphysicalhostsletsyou:

! UsesuchfeaturesasVMwareDRS(DistributedResourceScheduling)and

VMware

HA

(High

Availability

Options).! UseVMotiontomoverunningvirtualmachinesfromoneESXServertoanother

withoutserviceinterruption.

! UseConsolidatedBackuptoperformbackupsmoreefficiently.

! Havebetterprotectionfromplannedorunplannedserveroutages.

! Havemorecontroloverloadbalancing.


92/324


FormoreinformationonVMFS,seeVMwareFileSystemonpage 82.

AsanalternativetousingtheVMFSbaseddatastore,yourvirtualmachinecan

havedirectaccesstorawdevicesusingaRawDeviceMapping(RDM)asaproxy.

FormoreinformationonRawDeviceMapping,seeRawDeviceMappingon

page 141.

! NFSESXServercanuseadesignatedNFSvolumelocatedonanNFSserver.ESX

Server mounts the NFS volume creating one directory for each virtual machine


93/324

VMware, Inc. 77

ServermountstheNFSvolumecreatingonedirectoryforeachvirtualmachine.

Fromtheviewpointoftheuseronaclientcomputer,themountedfilesare

indistinguishablefromlocalfiles.

Types of StorageDatastorescanresideonavarietyofstoragedevices.Youcandeployadatastoreon

yoursystemsdirectattachedstoragedeviceoronanetworkedstoragedevice.

ESXServersupportsthefollowingtypesofstoragedevices:

! LocalStoresfileslocallyonaninternalorexternalSCSIdevice.

! FibreChannelStoresfilesremotelyonaStorageAreaNetwork(SAN).Requires

FibreChanneladapters.

! iSCSI(hardwareinitiated)StoresfilesonremoteiSCSIstoragedevices.Filesare

accessedoverTCP/IPnetworkusinghardwarebasediSCSIHBAs(hostbus

adapters).

! iSCSI(softwareinitiated)StoresfilesonremoteiSCSIstoragedevices.Filesare

accessedoverTCP/IPnetworkusingsoftwarebasediSCSIcodeintheVMkernel.

Requiresastandard

network

adapter

for

network

connectivity.

! Networkfilesystem(NFS)Storesfilesonremotefileservers.Filesareaccessed

overTCP/IPnetworkusingtheNFSprotocol.Requiresastandardnetwork

adapterfornetworkconnectivity.

NOTE ESXServerdoesntcurrentlysupportstoringvirtualmachinefilesonSAS,

SATA,IDE,orEIDEdrives.

YouusetheVIClienttoaccessstoragedevicesmappedtoyourESXServersystemand

deploydatastoresonthem.Formoreinformation,refertoConfiguringStorageon

page 89.

REVISEDSee Updates

at the end

of this book.


Supported Storage Adapters

Toaccessdifferenttypesofstorage,yourESXServersystemneedsdifferentadapters

thatprovideconnectivitytothestoragedevice.ESXServersupportsPCIbasedSCSI

andiSCSI,RAID,FibreChannel,andEthernetadaptersandaccessesthemdirectly

throughdevicedriversintheVMkernel.

How Virtual Machines Access Storage


94/324

78 VMware, Inc.

g

Whenavirtualmachinecommunicateswithitsvirtualdiskstoredonadatastore,it

issuesSCSIcommands.Becausedatastorescanexistonvarioustypesofphysical

storage,thesecommandsareencapsulatedintootherformsdependingontheprotocol

theESXServersystemusestoconnecttoastoragedevice.ESXServersupportsFibre

Channel(FC),InternetSCSI(iSCSI),andNFSprotocols.

ThediagraminFigure 51depictsfivevirtualmachinesusingdifferenttypesofstorage

toillustratethedifferencesbetweeneachtype.

Figure 5-1. Types of storage

NOTE Thisdiagramisforconceptualpurposesonly.Itisnotarecommended

configuration.

Youcanconfigureavirtualmachinetoaccessthevirtualdisksonthephysicalstorage

devices.Toconfigureavirtualmachine,refertotheVirtualMachineManagementGuide.

iSCSI array NAS appliancefibre array

ESX Server

VMFS

localethernet

SCSI

VMFS VMFS NFS

virtualmachine

virtualmachine

virtualmachine

virtualmachine

virtualmachine

SAN LAN LAN LAN

iSCSIhardware

initiator

fbre

channel

HBA

ethernet

NIC

ethernet

NIC

software initiator

requires TCP/IP connectivity

Key

physicaldisk

datastore

virtualdisk


95/324


InFigure 52,thedatastoresymm07isselectedfromthelistofavailabledatastores.

TheDetailsviewprovidesinformationabouttheselecteddatastore.

configured datastores datastore details


96/324

80 VMware, Inc.

Figure 5-2. Datastore information

Youcaneditorremoveanyoftheexistingdatastores.Whenyoueditadatastore,you

canchangeitslabel,addextents,ormodifypathsforstoragedevices.Youcanalso

upgradethedatastore.Formoreinformation,seeManagingStorageonpage 125.

Viewing Storage Adapters

TheVIClientdisplaysanystorageadaptersavailabletoyoursystem.

Todisplaystorageadapters,onthehostConfigurationtab,clicktheStorageAdapters

link.

Youcanviewthefollowinginformationaboutthestorageadapters:

! Existingstorageadapters.

! Typeofstorageadapter,suchasFibreChannelSCSIoriSCSI.

! Detailsforeachadapter,suchasthestoragedeviceitconnectstoandtargetID.

Toviewconfigurationpropertiesforaspecificadapter,selecttheadapterfromthe

StorageAdapterslist.


97/324


TheabbreviationvmhbareferstodifferentphysicalHBAsontheESXServersystem.It

canalsorefertothevirtualiSCSIinitiatorthatESXServerimplementsusingthe

VMkernelnetworkstack.TheforthnumberindicatesapartitiononadiskorLUN.

WhenadatastoreoccupiestheentirediskorLUN,theforthnumberisntpresent.

Thevmhba1:1:3:1examplereferstothefirstpartitiononSCSILUN3,SCSItarget1,whichisaccessedthroughHBA1.

Whilethethirdandtheforthnumbersneverchange,thefirsttwonumberscanchange.


98/324

82 VMware, Inc.

Forexample,afterrebootingtheESXServersystem,vmhba1:1:3:1canchangeto

vmhba3:2:3:1,however,thenamestillreferstothesamephysicaldevice.Thefirstand

thesecondnumberscanchangeforthefollowingreasons:

!

Thefirst

number,

the

HBA,

changes

when

an

outage

on

the

Fibre

Channel

or

iSCSI

networkoccurs.Inthiscase,theESXServersystemhastouseadifferentHBAto

accessthestoragedevice.

! Thesecondnumber,theSCSItarget,changesincaseofanymodificationsinthe

mappingsoftheFibreChanneloriSCSItargetsvisibletotheESXServerhost.

VMware File SystemAfilesystemisamethodforstoring,organizing,accessing,navigating,andretrieving

computerfilesandthedatatheycontain.Filesystemscomeindifferentformats,

includingFAT,NTFS,HPFS,UFS,andEXT3.VMwareoffersaspecialhigh

performancefilesystem,VMwarefilesystem(VMFS),optimizedforstoringESXServer

virtualmachines.

VMFS VersionsESXServeroffersthefollowingversionsofthisfilesystem:

! VMFS2ThisfilesystemiscreatedwithESXServerversion2.x.

! VMFS3ThisfilesystemiscreatedwithESXServerversion3.VMFS3

enhancementsincludemultidirectorysupport.Avirtualmachinemustresideon

aVMFS3filesystembeforeanESXServerversion3hostcanpoweriton.

Table 5-1. Host Access to VMFS File Systems

Host VMFS2 Datastore VMFS3 Datastore

ESXServerversion2host Read/Write(RunsVMs) Noaccess

ESXServerversion3host ReadOnly(CopiesVMs) Read/Write(RunsVMs)


Creating and Growing VMFS

VMFScanbedeployedonavarietyofSCSIbasedstoragedevices,includingFibre

ChannelandiSCSISANequipment.AvirtualdiskstoredonVMFSalwaysappearsto

thevirtualmachineasamountedSCSIdevice.Thevirtualdiskhidesaphysicalstorage

layerfromthevirtualmachinesoperatingsystem.ThisallowsyoutorunevenoperatingsystemsnotcertifiedforSANinsidethevirtualmachine.

Fortheoperatingsysteminsidethevirtualmachine,VMFSpreservestheinternalfile

i hi h li i b h i d d i i f


99/324

VMware, Inc. 83

systemsemantics,whichensurescorrectapplicationbehavioranddataintegrityfor

applicationsrunninginvirtualmachines.

YoucansetupVMFSbaseddatastoresinadvanceonanystoragedevicethatyourESX

Serverdiscovers.

Select

alarge

LUN

if

you

plan

to

create

multiple

virtual

machines

on

it.Youcanthenaddvirtualmachinesdynamicallywithouthavingtorequest

additionaldiskspace.

However,ifmorespaceisneeded,youcanincreasetheVMFSvolumeatanytimeup

to64TB.

Considerations when Creating VMFS

YouneedtoplanhowtosetupstorageforyourESXServersystemsbeforeyouformatstoragedeviceswithVMFS.YoushouldalwayshaveonlyoneVMFSvolumeperLUN.

Youcan,however,decidetouseonelargeVMFSvolumeormultiplesmallerVMFS

volumes.ESXServerletsyouhaveupto256VMFSvolumespersystemwiththe

minimumvolumesize1.2GB.

Youmightwantfewer,largerVMFSvolumesforthefollowingreasons:

!More

flexibility

to

create

virtual

machines

without

going

back

to

the

storage

administratorformorespace.

! Moreflexibilityforresizingvirtualdisks,doingsnapshots,andsoon.

! FewerVMFSbaseddatastorestomanage.

Youmightwantmore,smallerVMFSvolumesforthefollowingreasons:

! LesscontentiononeachVMFSduetolockingandSC

Documents

VMWare Servervi3!30!20 Server Config