Skip to content. | Skip to navigation

IT Virtualization Blog

Personal tools

This is SunRain Plone Theme
You are here: Home / Users / lmarzke / talks / Vmug_Esxi / Moving to ESXi Introduction and Best Practices

Moving to ESXi Introduction and Best Practices

by lmarzke last modified Jun 06, 2011 04:01 PM
Lee Marzke 4AERO

Overview

  • I.   Why move to ESXi 4.0
  • II.  Other visible changes related to ESXi 4.0
  • III. Virtual Management Assistant (VMA)
  • IV. VMA Demo
  • Notes
    • This talk covers ESXi 4.0   *=Best Practice
    • Includes some notes on 4.1 ( released 13 July 2010 )
    • NOTE: Last ESX releases from VMware was 4.1

What is ESXi ?

ESXi architecture
  • Remote Console, Remote Logging, In-Memory File system [27]
  • Common Information Model (CIM),  3rd party CIM plugins [27]

I. Why move to ESXi ?

  • No further ESX releases !
  • Simpler patch process
  • Improved security ( smaller attack surface )
  • AD authentication on host (v 4. 1 )

New Patching model

  • Each ESXi patch is cumulative
    • You only need to apply the latest patch to be current.
  • Any installed 3rd party CIM plug-ins are patched automatically

Hypervisor Footprints

  • Attack Surface proportional to in-memory code size
Vmware Blog - Hypervisor Sizes

    Hypervisor Footprints (cont)

    • VMware Blog Aug 2009 [18]
      • "Why would you want your hypervisor to be dependent on the proper functioning and security of tens of millions of lines of code that have nothing to do with supporting your VMs?"
    • Reduce risk of guest breakout
      •  such as exploit published for Vmware Workstation in 2010 [28]

    II. Other ESXi changes

    • ESXi variants Embedded -vs- Installable
    • ESXi interface changes
    • Logging
    • Booting
    • Upgrading ESX to ESXi

    ESXi variants

    • EmbeddedESXi Varients
      • Same features as Installable
    • Installable
      • ~1GB media ( USB / SD ) required.   60MB (X2) Hypervisor + tools + client
      • Special OEM versions for certified hardware

    ESXi interface changes

    ESX vs ESXi services

     

     

    • Service console -> Remote vCLI
    • Local agents, logging -> API's , remote logging

     

     

     

     

     

    Examples of Agents

     

     

    • Management
      • Backup Software agents
      • SAN storage agents
    • Hardware Agents
      • HP Lights Out

    vCLI console

     

    vCLI

     

    • PowerCLI add ons to Windows PowerShell
    • vCLI Linux command line
      • vicfg-authcfg (Active Directory)
      • vicfg-snmp (SNMP)
      • esxcli vms (Terminate unresponding VM)
      • vmware-cmd
      • resxtop

    Hardware Monitoring via CIM

     

    CIM Monitoring

     

    CIM Monitoring

     

    Logging 

    • Log files written to RAM disk and do not survive a reboot !
    • * You should pull them off to a syslog server ( v4.1 writes to scratch )
      • UNIX shops: Use your remote syslog server
      • Win shops: Use VMA
    • You can also download logs from Vcenter server (Admin/Export logs)

    View ESXi Logs via web

    Logs/Config viewer

    • Attach to URL:   https://<FQDN of ESXi Host>/host
    • Login as Root

    DataStore viewer

    • Attach to URL: https://<FQDN of ESXi Host>/folder

    Booting ESXi

    • Typically boots from internal USB or SD slot on MB
      • ~1GB media required
      • Custom HP/Dell/IBM variants available
    • * No local hard disks required / recommended
    • Boot from SAN supported as of ESXi 4.1
    • PXE booting (stateless, experimental) [20]

    ESX boot process

    ESX boot

     

    ESX boot process

    ESX boot 2

     

    ESX boot process

    ESX boot 3

     

    ESX / ESXi Upgrades Notes

    • * check HCL [26]
    • 4.0 requires 64 bit host(s),  4.1 Vcenter server requires 64 bit Windows and 2-CPU
    • ESXi boot from FC SAN requires v4.1
    • Configuration NOT preserved, reinstall required.  Host profiles may help if licensed.
    • However ESXi has a very simple backup/restore method.

    Who is using ESXi

    • Anyone have:
      • ESXi in production
      • ESXi in use
      • Why did you switch ?

    III. VMA Vsphere Management Assistant

    • * Use VMA (Formerly known as VIMA)
    • (free) Virtual Machine comprising:
      • vCLI and other scripting software
      • logging services
      • authentication services

    Vmware Management Assistant - VMA

    • Requirements
    • Installation
    • Logging setup

    VMA Requirements

    •  CPU: 64bit AMD Opteron Rev E+, Intel EMT64 + VT
    • Vsphere 4.0 client required,  ESX 3.5U2+ host
    • 100+ hosts supported per vMA

    IV. VMA DEMO

    • VMA Installation - Adding servers
    • VMA Logging - Enable viLogger
    • Browse Logs
    • Viewing logs in real time
    • Other vCLI commands
    • Note: Laptop running Linux - Vmware Client in Workstation

    VMA Installation / Setup

    • Install OVF with vmware converter
    • Insure NTP time servers are configured/working
      • Host and VMA set to UTC, not local
    • login as: vi-admin
    • sudo vifp addserver <FQDN of ESXi Host>
    • vifp listservers

    VMA - Setting up viLogger

    • Enable vilogger
    • vilogger enable –server <FQDN of ESXi Host>  –numrotation 20 –maxfilesize 10 –collectionperiod 10
    • logs stored in /var/log/vmware/<servername>
    • vilogger list
    • View logs in real time
      tail -f /var/log/vmware/<FQDN of Host>/vpxa.log

    Other vCLI commands

    vCLI v4

    • vmkfstools
    • vmware-cmd
    • resxtop

    vCLI 4.1

    • vicfg-hostops  ( Reboot host, enter/leave maintenance mode)
    • vicfg-authcfg  ( configure active directory for host )
    • vicfg-ipsec
    • force terminate a non-responding VM

    Other vCLI commands

    Scratch Config

    • See [19] page 34
    • View Scratch config:
    vifpinit servername
    vicfg-advcfg -g /ScratchConfig/CurrentScratchLocation
    • Get location of Scratch:
    vicfg-advcfg -g /ScratchConfig.ConfiguredScratchLocation

    Backup

    • see [19] page 41
    • Backup host config after any change.
    • Restore host from Install media, then restore backup.
    vicfg-cfgbackup

     

     

    V.  About 4AERO

    • IT Consulting since 2003
      • Cross-platform Linux and Windows installation/administration
      • Custom Vmware / NetApp / PHDD solutions
      • Open Source tools integration,
    • Software AppDev process and tools
      • SCM: Perforce, Subversion (SVN), PVCS, CVS, Teamware
      • Issue Tracking: JIRA, GreenHopper, Bugzilla, Jtrac
      • Content Management: Plone, Alfresco Share
      • Network: Endian UTM, Postfix MTA, Mailman,

    VI.  Links

    • Note this presentation available at:  http://plone.4aero.com/
    1. VEEM free monitor: http://www.veeam.com/esxi-monitoring-free.html
    2. Nagios with CIM: http://www.virtuallifestyle.nl/2009/01/enabling-cim-on-esxi/
    3. UPS shutdown: http://communities.vmware.com/docs/DOC-11902
    4. ESXi chronicles: http://blogs.vmware.com/esxi/
    5. ESX/ESXi comparison: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1023990
    6. Resxtop: http://www.simonlong.co.uk/blog/2010/03/24/using-esxtop-with-vmware-esxi/
    7. CLI community: http://communities.vmware.com/community/vmtn/vsphere/automationtools/vsphere_cli
    8. Ghetto Scripts:  http://www.virtuallyghetto.com/
    9. Killing unresponsive VM ESXi 4.0 http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014165
    10. Killing unresponsive VM ESXi 4.1 
    11. Using VMA as syslog server: http://www.simonlong.co.uk/blog/2010/05/28/using-vma-as-your-esxi-syslog-server/
    12. ESXi rapid deployment system: http://www.simonlong.co.uk/blog/2010/02/23/a-simple-vmware-esxi-rapid-deployment-system-part-1/
    13. 60MB size of ESXi 4 http://www.vcritical.com/2009/08/if-vmware-esxi-4-is-so-small-why-is-it-so-big/
    14. USB flash drive from Workstation: http://www.vcritical.com/2009/08/create-esxi-4-usb-flash-drives-with-workstation/
    15. Jumbo Frames: http://www.vladan.fr/enable-jumbo-frames-in-esxi-4/
    16. Running ESX  in Workstation: http://www.vmwarevideos.com/running-vmware-esxi-4-vsphere-in-vmware-workstation-video
    17. Finding thin provisioned disks with Powershell: http://www.vcritical.com/2009/01/finding-thin-provisioned-virtual-disks-with-powershell/
    18. VMware hypervisor footprints BLOG: http://blogs.vmware.com/virtualreality/2009/08/our-position-on-hypervisor-footprints-patching-vulnerabilities-and-whatever-else-microsoft-wants-to-throw-into-a-blog-post.html
    19. ESXi installable and Vcenter Setup Guide: http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxi_i_vc_setup_guide.pdf
    20. PXE booting ESXi 4.0: http://www.vmware.com/pdf/vsp_4_pxe_boot_esxi.pdf
    21. NetApp mbrscan/mbralign: http://blogs.netapp.com/storage_nuts_n_bolts/2009/01/mbrscanmbralign.html
    22. NetApp using mbrscan/mbralign with ESXi: http://blogs.netapp.com/storage_nuts_n_bolts/2009/10/esxi---mbrscanmbralign.html
    23. Data Alignment (VMdamentals): http://www.vmdamentals.com/?p=328
    24. VMA 4.0 docuementation: http://www.vmware.com/support/developer/vima/vma40/doc/vma_40_guide.pdf
    25. Google Trends esx, esxi : http://www.google.com/trends?q=esx%2C+esxi&ctab=0&geo=all&date=all&sort=0
    26. VMware Hardware Compatibility List: http://www.vmware.com/go/hcl/
    27. The architecture of ESXi: http://www.vmware.com/files/pdf/vmware_esxi_architecture_wp.pdf
    28. Cloudburst Hacking tool allow guest breakout in Vmware Workstation: http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=217701908
    29. Enable CIM on ESXi: http://www.virtuallifestyle.nl/2009/01/enabling-cim-on-esxi/
    30. Add VIM and ESX to AD domain: http://www.mcgeown.co.uk/2010/10/21/managing-esxi-4-1-with-vma-4-1-on-vmware-workstation/

     

     

    Document Actions