Hol-Sdc-1610 PDF en

HOL-SDC-1610
Table of Contents
Lab Overview - HOL-SDC-1610 - Virtualization 101: vSphere with Operations
Management 6.................................................................................................................. 3
Lab Guidance .......................................................................................................... 4
What is Virtualization? ............................................................................................ 6
Module 1: Introduction to vSphere with Operations Management - (60 Minutes) ........... 17
VMware vSphere with Operations Management Overview.................................... 18
Understanding the User Interface - vSphere Web Client ....................................... 21
Understanding the User Interface - vRealize Operations Manager........................ 45
How to Install vSOM .............................................................................................. 64
Additional Information .......................................................................................... 66
Module 2: Build and Manage your Virtual Infrastructure - (90 Minutes) .......................... 67
Virtual Infrastructure - Cluster Management ......................................................... 68
Virtual Infrastructure - Create and Edit a Virtual Machine ..................................... 69
Virtual Infrastructure - Migrate a Virtual Machine ................................................. 88
Virtual Infrastructure - Working with Virtual Machine Snapshots .......................... 93
Virtual Infrastructure - Cloning Virtual Machines and Using Templates ............... 107
Virtual Infrastructure - Virtual Machine Monitoring and Remediation.................. 124
Virtual Infrastructure - Working with the Virtual Standard Switch ...................... 148
Abstraction of Storage for More Efficient Management and Better Control......... 165
Abstraction of Storage - Managing Your Storage................................................. 190
Getting Started with Update Manager ................................................................ 199
Build and Manage your Virtual Infrastructure - Scale Out ................................... 212
Additional Information......................................................................................... 214
Module 3: Manage Capacity Risk and Plan for the Future - (60 Minutes) ...................... 215
Manage Capacity and Risk .................................................................................. 216
Increase Operational Efficiency........................................................................... 237
Ensure Future Capacity Through Capacity Modeling ........................................... 253
Module 4: Optimize Workload Performance while Maintaining Business Priorities - (60
Minutes) ........................................................................................................................ 267
Module Preparation ............................................................................................. 268
Storage DRS........................................................................................................ 284
Storage Policy Based Management (SPBM)......................................................... 287
Right Size ............................................................................................................ 290
Demonstrate automatic load balancing for assuring proper resource allocation 310
Workload Placement (WLP) Rebalance ................................................................ 346
Module 5: Ensure Business Continuity and Availability - (60 Minutes) .......................... 357
Show automatic restart of virtual machines after a host failure ......................... 358
Demonstrate resilience to network component failures...................................... 398
vSphere Data Protection and vSphere Replication .............................................. 411
Module 6: Simplify Security and Compliance - (60 Minutes) ......................................... 412
Introduction to vSphere Hardening ..................................................................... 413
Ensure auditability of administrative actions ...................................................... 432
HOL-SDC-1610
Page 1
HOL-SDC-1610
Demonstrate user authorization capabilities ...................................................... 448

Managing and Tracking Change .......................................................................... 488
Module 7: Log Management with vRealize Log Insight - (60 Minutes)........................... 506
Overview of vRealize Log Insight ........................................................................ 507
Configuring vCenter & vSphere Integration ........................................................ 513
Log Insight Standalone Instance to Log Insight Cluster....................................... 534
Event Forwarding ................................................................................................ 545
Exploring vSphere Log Events............................................................................. 552
Installing Content Packs ...................................................................................... 566
Installing & Managing Log Insight Agents ........................................................... 585
Integrate vRealize Log Insight with vRealize Operations Manager ...................... 599
Conclusion........................................................................................................... 624
Module 8: From Beginner to Advanced Features with PowerCLI - (60 Minutes)............. 625
Module overview ................................................................................................. 626
Getting Started With PowerShell and PowerCLI................................................... 627
Using PowerCLI for reporting............................................................................... 632
Exporting report results to various formats......................................................... 636
Setting up and configuring a cluster ................................................................... 642
Moving hosts to the cluster ................................................................................. 645
Setting up and configuring virtual distributed switch.......................................... 647
Creating a VM and vMotioning it between the hosts ........................................... 650
Creating multiple VMs and tagging them appropriately...................................... 652
Modifying multiple VMs based on their tag ......................................................... 658
Configuring and deploying an OFV template ...................................................... 660
Further Reading................................................................................................... 662
HOL-SDC-1610
Page 2
HOL-SDC-1610
Lab Overview - HOLSDC-1610 - Virtualization

101: vSphere with
Operations Management
6
HOL-SDC-1610
Page 3
HOL-SDC-1610
Lab Guidance
This introductory lab demonstrates the core features and functions of vSphere with
Operations Management (VSOM) and vCenter 6.0. This lab is an ideal place to begin
your journey in Virtualization.
This lab will walk you through the core features of vSphere, vSphere with Operations
Management, and vCenter, including storage and networking. The lab is broken into 8
Modules which can be taken in any order.
Module 1 - Introduction to vSOM (60 Minutes)

Module 2 - Build and Manage your Virtual Infrastructure (90 Minutes)
Module 3 - Manage, Optimize, and Plan Infrastructure Capacity (60 Minutes)
Module 4 - Optimize Workload Performance While Maintaining Business Priorities
(60 Minutes)
Module 5 - Ensure Business Continuity and Availability (60 Minutes)
Module 6 - Simplified Security and Compliance (60 Minutes)
Module 7 - From Beginner to Advanced Features with PowerCLI (60 Minutes)
NOTE: If you are using a device with non-US keyboard layout, you might find it
difficult to enter CLI commands, user names and passwords throughout the
modules in this lab.
Each Module will take approximately 60-90 minutes to complete, but based on your
experience this could take more or less time.
We have included videos throughout the modules of this lab. To get the most out of
these videos, it is recommenced that you have headphones to hear the audio. The
timing of each video is noted next to the title. In some cases, videos are included for
tasks we are unable to show in a lab environment, while others are there to provide
additional information. Some of these videos may contain an earlier edition of vSphere,
however, the steps and concepts are primarily the same.
This Hands-On Lab uses a beta version of vRealize Operations Manager which is still
undergoing development before final release. Product features that are included in this
lab are subject to change and there is no commitment from VMware to deliver them in
any generally available product.
Lab Captains: Phil Balfanz, Paval Dimitrov, Pierre Grothe, Tom Lusk, Carl Olafson
This lab manual can be downloaded from the Hands-on Labs Document site found here:
http://docs.hol.pub/HOL-2016/hol-sdc-1610_pdf_en.pdf
This lab may be available in other languages. To set your language preference and have
a localized manual deployed with your lab, you may utilize this document to help guide
you through the process:
HOL-SDC-1610
Page 4
HOL-SDC-1610
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
Activation Prompt or Watermark

When you first start your lab, you might notice a watermark on the desktop indicating
that Windows is not activated.
One of the major benefits of virtualization is that virtual machines can be moved and
run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the
labs out of multiple datacenters. However, these datacenters may not have identical
processors, which triggers a Microsoft activation check through the Internet.
Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft
licensing requirements. The lab that you are using is a self-contained pod and does not
have full access to the Internet, which is required for Windows to verify the activation.
Without full access to the Internet, this automated process fails and you see this
watermark.
This cosmetic issue has no effect on your lab. If you have any questions or concerns,
please feel free to use the support made available to you either at VMworld in the
Hands-on Labs area, in your Expert-led Workshop, or online via the survey comments as
we are always looking for ways to improve your hands on lab experience.
Disclaimer
This session may contain product features that are currently under
development.
This session/overview of the new technology represents no commitment from
VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts,
purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features discussed or
presented have not been determined.
HOL-SDC-1610
Page 5
HOL-SDC-1610
What is Virtualization?
If you are not familiar with Virtualization, this lesson will give you an introduction to it.
Virtualization:
Today's x86 computer hardware was designed to run a single operating system and a
single application, leaving most machines vastly underutilized. Virtualization lets you
run multiple virtual machines on a single physical machine, with each virtual machine
sharing the resources of that one physical computer across multiple environments.
Different virtual machines can run different operating systems and multiple applications
on the same physical computer.
HOL-SDC-1610
Page 6
HOL-SDC-1610
Virtualization Defined
Virtualization is placing an additional layer of software called a hypervisor on top of your
physical server. The hypervisor enables you to install multiple operating systems and
applications on a single server.
HOL-SDC-1610
Page 7
HOL-SDC-1610
Separation
By isolating the operating system from the hardware, you can create a virtualizationbased x86 platform. VMware's hypervisor based virtualization products and solutions
provide you the fundamental technology for x86 virtualization.
HOL-SDC-1610
Page 8
HOL-SDC-1610
Partitioning
In this screen, you can see how partitioning helps improve utilization.
HOL-SDC-1610
Page 9
HOL-SDC-1610
Isolation
You can isolate a VM to find and fix bugs and faults without affecting other VMs and
operating systems. Once fixed, an entire VM Restore can be performed in minutes.
HOL-SDC-1610
Page 10
HOL-SDC-1610
Encapsulation
Encapsulation simplifies management by helping you copy, move and restore VMs by
treating entire VMs as files.
HOL-SDC-1610
Page 11
HOL-SDC-1610
Hardware Independence
VMs are not dependent on any physical hardware or vendor, making your IT more
flexible and scalable.
HOL-SDC-1610
Page 12
HOL-SDC-1610
Benefits
Virtualization enables you to consolidate servers and contain applications, resulting in
high availability and scalability of critical applications.
HOL-SDC-1610
Page 13
HOL-SDC-1610
Simplify Recovery
Virtualization eliminates the need for any hardware configuration, OS reinstallation and
configuration, or backup agents. A simple restore can recover an entire VM.
HOL-SDC-1610
Page 14
HOL-SDC-1610
Reduce Storage Costs

A technology called thin-provisioning helps you optimize space utilization and reduce
storage costs. It provides storage to VMs when it's needed, and shares space with other
VMs.
HOL-SDC-1610
Page 15
HOL-SDC-1610
Cost Avoidance
HOL-SDC-1610
Page 16
HOL-SDC-1610
Module 1: Introduction to
vSphere with Operations
Management - (60
Minutes)
HOL-SDC-1610
Page 17
HOL-SDC-1610
VMware vSphere with Operations

Management Overview
VMware vSphere with Operations Management (VSOM) delivers an environment
optimized for efficient server virtualization management by pairing VMware vSphere,
the world's leading virtualization platform along with vRealize Operations Manager. This
combination delivers vSphere optimized for efficient server virtualization management
by adding critical capacity management and performance monitoring capabilities. It is
designed for businesses of all sizes to run applications at high service levels and
maximize hardware savings through higher capacity utilization and consolidation ratios.
Simplify IT Management of Virtual Infrastructure

Environments
vSphere with Operations Management offers a more intuitive user interface than
vCenter Server and improves monitoring capabilities by adding predictive analytics to
enable faster problem discovery and remediation as well as more efficient resource
management.
Key Features of VMware vSphere with Operations Management
Unified Command Console displays key performance indicators in easily identifiable
colored badges and provides a comprehensive view into what is driving current and
potential future performance and capacity management issues.
Performance Monitoring and Capacity Management analyzes vCenter Server
performance data and establishes dynamic thresholds that adapt to the environment
and provide smart alerts about health degradations, performance bottlenecks and
capacity shortfalls:
Performance data is abstracted to health, risk and efficiency measures that
provides IT with operations visibility to effectively identify developing
performance. problems with less time and effort.
Capacity management helps identify idle or overprovisioned VMs to reclaim
excess capacity and increase VM density without impacting performance.
Capabilities are equivalent to Standard edition of vRealize Operations Manager
and available as an appliance that is accessible within minutes.
Increased Performance and Availability of Mission-Critical Applications through
new and enhanced functionality to deliver greater agility, efficiency and resiliency at
high service levels for your IT environments:
HOL-SDC-1610
Page 18
HOL-SDC-1610
Increased Host-Level Configuration Maximums (logical CPUs increased to 320)

and Support for 62TB Virtual Machine Disk File (VMDK).
Flash Read Cache leverages server-side caching for enhanced performance of
applications.
VM Latency reduction by reserving memory, dedicating CPU cores and disabling
network features prone to high latency.
App HA works in conjunction with VMware vRealize Hyperic to monitor application
services
running inside the virtual machine and performs restart actions as defined by the
administrator when issues are detected
Big Data Extensions (BDE) plug-in enables administrators to deploy and manage
Hadoop clusters on vSphere
HOL-SDC-1610
Page 19
HOL-SDC-1610
vSphere Hypervisor: Introduction to Virtualization (5:50)
Here is a short video that will explain some of the basic concepts of server virtualization.
Video: vSphere with Operations Management - Overview

(3:13)
Here is a short video that will show you the benefits to using VSOM in your environment.
HOL-SDC-1610
Page 20
HOL-SDC-1610
Understanding the User Interface vSphere Web Client

With the release of VMware vRealize Operations Manager 6.0, the User Interface has
been consolidated into a single interface.
This new Merged User Interface provides a single customizable series of panels which
can be used to access all object types, across the entire environment. This includes
both vSphere and non-vSphere oriented objects. This interface is also highly
customizable, with consolidated alerting and consistent views and features.
Using the vSphere 6.0 Web Client

The vSphere Web Client is the primary method for system administrators and end users
to interact with the virtual data center environment created by VMware vSphere.
vSphere manages a collection of objects that make up the virtual data center, including
hosts, clusters, virtual machines, data storage, and networking resources.
The vSphere Web Client is a Web browser-based application that you can use to
manage, monitor, and administer the objects that make up your virtualized data center.
You can use the vSphere Web Client to observe and modify the vSphere environment in
the following ways.
Viewing health, status, and performance information on vSphere objects
Issuing management and administration commands to vSphere objects
Creating, configuring, provisioning, or deleting vSphere objects
You can extend vSphere in different ways to create a solution for your unique IT
infrastructure. You can extend the vSphere Web Client with additional GUI features to
support these new capabilities, with which you can manage and monitor your unique
vSphere environment.
Log into the vSphere Web Client

Using the Firefox web browser, navigate to the URL for the Web client. For this lab, you
can use the shortcut in the address bar.
1. Click on bookmark for "Site A Web Client"
2. Click on "Use Windows session authentication"
3. Click "Login"
Alternatively, you could use these credentials
1. Enter User name "administrator"
HOL-SDC-1610
Page 21
HOL-SDC-1610
2. Password "VMware1!" (without quotes)

Please Note: All of the user credentials used in this lab are listed in the README.TXT file
on the desktop.
vSphere Web Client User Interface Overview

When you log into the Web Client, you will be taken to the Home Screen.
The vSphere Web Client is broken into 6 main areas also referred to as panes.
1.
2.
3.
4.
5.
6.
Navigation Tree or Navigator

Main Content area
Search Bar
Alarms list
Work in Progress list
Recent Tasks list
HOL-SDC-1610
Page 22
HOL-SDC-1610
The layout of these panes can be customized. Click the push pin icon in the Navigator,
Recent Tasks, Work in Progress, or Alarms panes to minimize them. This can create more
room for the main area if you are working on a small monitor or one with low resolution.
You can also change where each of those panes are shown by dragging the title bar of
the pane to one of the edges of the screen.
Please Note: In this lab, since our screen size is limited, we have set all the panes to be
minimized by default to give you the most screen real estate possible. You can open
any of the panes at your convenience and click on the push pin in any pane to allow it to
stay on the screen.
HOL-SDC-1610
Page 23
HOL-SDC-1610
vCenter 6.0 Inventory

From the Home screen, you can click on "vCenter Inventory Lists" either in the Navigator
pane, or the Main content area. Clicking vCenter Inventory Lists will take you to the
Inventory page where you will find all the objects associated with the vCenter Server
systems, such as datacenters, hosts, clusters, networking, storage, and virtual
machines.
Navigating to the Inventory Items

Inventory lists allow you to view aggregated lists of objects across vCenter Server
systems.
For this example, we will navigate to Virtual Machines Inventory.
1. Click on "Virtual Machines" inventory item.
You can view objects of other types by navigating to those object categories in the
Inventory list.
HOL-SDC-1610
Page 24
HOL-SDC-1610
Please Note: There are "Getting Started" pages to help familiarize users with navigating
the vSphere Web Client. Once you are familiar with the Web Client, you can hide these
pages. Simply click on the "Help" dropdown and select the option to "Hide All Getting
Started Pages".
HOL-SDC-1610
Page 25
HOL-SDC-1610
Virtual Machine Inventory List

The Virtual Machine inventory page will show you the list of virtual machines associated
with the vCenter server system.
For a given virtual machine, the "Summary" page will detail relevant information about
that machine.
1. Click the "linux-base-01a" virtual machine.
2. Click the "Summary" Tab for that virtual machine.
HOL-SDC-1610
Page 26
HOL-SDC-1610
Virtual Machine Summary

On this page you are able to see all the details regarding the virtual machine. We can
view details of the virtual machine, as well as change them.
The purpose of this exercise was to familiarize you with navigating through the vCenter
Inventory List. We will explore the virtual machine further in Module 2.
Using the Tag and Search Features to Find Objects Quickly

The vSphere 6.0 Web Client now provides some powerful search options. This lesson will
guide you through the different search options to find the inventory of interest quickly.
Also, a new feature of vCenter Inventory Service enables users to create custom defined
tags that can be categorized and added to any inventory objects in the environment.
These tags are searchable metadata and reduce the time to find inventory object
information. This lab will cover how to create tags and search using those tags.
Search Options
We have different search options, "New Search", "Saved Searches" and "Quick Search".
Let's first take a look at "New Search"
HOL-SDC-1610
Page 27
HOL-SDC-1610
1. From anywhere in the web client, click the "Home" icon to show the Home Menu.
2. Click "New Search"
HOL-SDC-1610
Page 28
HOL-SDC-1610
Search for Virtual Machines

For this lesson, we will search for a virtual machine.
1. Let's do a simple search by entering "vm" in the search box.
2. Click "Search"
3. In the inventory pane search results are returned that have been grouped by
object type.
4. The inventory list for the object type selected will be displayed.
HOL-SDC-1610
Page 29
HOL-SDC-1610
Virtual Machines That Exist in the Environment

The search has also created tabs that group by object type.
1. Select the "Virtual Machines" tab, a list of VM's that exist in the environment is
returned.
2. Now let's search for a specific tag. Click the "Advanced Search" link.
HOL-SDC-1610
Page 30
HOL-SDC-1610
Advanced Search
Using advanced search allows you to search for managed objects that meet multiple
criteria.
For example, you can search for virtual machines matching a search string. The virtual
machines reside on hosts whose names match a second search string. Let's do a search
for virtual machines to check VMware Tools status.
1.
2.
3.
4.
5.
6.
Change the field shown to "Virtual Machine".

For the property Field click "Virtual Machine Name"
Click the drop down menu to select the "Current" criteria.
Click the "Search" button.
The results are displayed in the results screen.
This search can be used in the future so let's save the search. Click "Save..."
HOL-SDC-1610
Page 31
HOL-SDC-1610
Name the Search

1. There will be a default Name, but let's enter "Application VMs" for the name of
the search.
2. Click "OK"
View Saved Searches

1. Click on the "Home" icon at the top of the screen
2. Click on "Saved Searches"
HOL-SDC-1610
Page 32
HOL-SDC-1610
Saved Search Results

1. Click the saved search "Application VMs"
2. A list of the VM's with "App" in their name is returned in the results window.
Quick Search
1. In the upper right hand corner, enter "vm" in the Quick Search field. A pop-up
window is displayed that shows filtered items which match.
2. Click "VM Network" next to the "Distributed Port Group" heading.
List of Virtual Machines

1. Select "Virtual Machines" on the left side of the screen.
HOL-SDC-1610
Page 33
HOL-SDC-1610
2. Select "Related Objects" on the right. An expanded list of virtual machines is

shown.
Recent Objects Navigator

A very useful tool that is part of the Navigator screen is the Recent Objects Navigator.
Simply click on the icon and recently visited objects will populate the list.
Recent History Navigator

The Recent History Navigator feature allows you to navigate backwards as well as
forwards through items that you have recently worked on.
HOL-SDC-1610
Page 34
HOL-SDC-1610
To view your current history, Right-click or hold on the Navigator bar.

Click the arrows to navigate forward and backwards through your history.
HOL-SDC-1610
Page 35
HOL-SDC-1610
Tags, User Defined Labels

Tags allow you to add metadata to inventory objects. You can record information about
your inventory objects in tags and use the tags in searches.
1. Click the "Home" Menu
2. Select "Tags" to create tag categories and tags.
HOL-SDC-1610
Page 36
HOL-SDC-1610
Create Tag Categories

You use categories to group tags together and define how tags can be applied to
objects.
Every tag must belong to one and only one category. You must create at least one
category before creating any tags.
1. Click "New Category"
HOL-SDC-1610
Page 37
HOL-SDC-1610
New Tag Category

Associable Object Types: We will use the default which states that the new tag in this
category can be assigned to all objects. The other option is you can specify a specific
object, such as virtual machines or datastores.
1. Enter "web tier" for the Category Name.
2. Keep the default "One tag per object"
3. Click "OK"
HOL-SDC-1610
Page 38
HOL-SDC-1610
Create a New Tag

Click "New Tag" to create a new tag.
HOL-SDC-1610
Page 39
HOL-SDC-1610
Tag Creation and Assign to a Category

1. To create a new tag, enter "Web Server version 2"
2. Click the tag category "web tier" in the drop down box.
3. Select "OK"
To review the category and tags you created, select the "Items" tab. In this screen, you
can review and edit the categories and tags. New categories and tags also can be
created in this screen.
List Created Tags

1. When the "Items" tab is selected, a list of the created tags is returned. Notice
there is also a Categories tab, which would list the categories which have been
created.
HOL-SDC-1610
Page 40
HOL-SDC-1610
Assign Tags to a Virtual Machine

1. Click the "Home" Menu
2. Click "VMs and Templates"
HOL-SDC-1610
Page 41
HOL-SDC-1610
Select a Virtual Machine

1. Right-click the virtual machine "linux-base-01a". You may need to expand the
navigation tree on the left side to expose the VMs.
2. Find "Tags & Custom Attributes"
3. Click "Assign Tag"
HOL-SDC-1610
Page 42
HOL-SDC-1610
Assign Tag to Virtual Machine

1. Click the "Web Server Version 2" tag
2. Click "Assign". A task is created and the tag is assigned.
Search Using Tags

1. In the Quick Search field enter "we"
2. Select the tag "Web Server Version 2"
HOL-SDC-1610
Page 43
HOL-SDC-1610
Search Results
1. Click on the "Related Objects" tab to find the list of objects which have been
assigned the "Web Server Version 2" tag
HOL-SDC-1610
Page 44
HOL-SDC-1610
Understanding the User Interface vRealize Operations Manager

User Interface Overview
One of the major advantages to the new User Interface in VMware vRealize Operations
Manager is that the content panels are extremely consistent while also being
contextually relevant. In this section we will highlight a few of the major interface
components, so that you can easily understand how to navigate to the objects of
interest.
HOL-SDC-1610
Page 45
HOL-SDC-1610
Logging into vRealize Operations Manager

To log into vRealize Operations Manager (vROPs), open up the Firefox Browser on your
desktop,
1. Click on the Bookmark "vROPs-01a"
2. Enter User name "admin"
HOL-SDC-1610
Page 46
HOL-SDC-1610
Navigation Panel
When you log in, you will be at the Home Page. On the left of the screen we can always
see the Navigation Panel. This panel can be used to quickly navigate whatever
information is currently on screen, and will allow you to focus down to different levels
very quickly.
HOL-SDC-1610
Page 47
HOL-SDC-1610
Content Panel
On the right hand side of the screen we can see the Content Panel, which will show
whatever contextual information is currently selected in the Navigation Panel. This
panel will automatically change to show you the most up to date and relevant
information.
HOL-SDC-1610
Page 48
HOL-SDC-1610
Quick Links
By default, the Navigation Panel will show us key links to access the various content
pages, which can also be found in a handy Quick Link format at the top. These five
links take us to the various control panels in vRealize Operations Manager 6.0.
Also of note, the Back Button will return you to previous working pages, in an intelligent
way. This can be very time saving when you are navigating through the interface
troubleshooting a performance problem in your environment!
HOL-SDC-1610
Page 49
HOL-SDC-1610
Home Page
The Home Page is the landing page for vRealize Operations Manager 6.0. This is the
primary view where an administrator can browse and view the available Dashboards.
Any 3rd party or add-on Solution which create a Dashboard will make it visible here, so
this screen is a great way to get quick overviews of your environment.
Dashboards can be quickly accessed using the appropriate tab if visible, or selected
directly using the handy Dashboard List dropdown selector.
HOL-SDC-1610
Page 50
HOL-SDC-1610
Alerts Page
The Alerts Page shows a chronologically sorted list of recent Alerts in your environment
that need attention. Alerts are categorized based on their criticality, status, and impact
on health, risk, or efficiency.
You can quickly filter Alerts by Badge type by selecting the appropriate Badge Category
from the Navigation Pane, or by typing in a search term in the Quick Filter box.
Environments Page
The Environment Page helps us view our environment through a series of metrics and
object relationships by using Inventory Trees.
There are different types of Inventory Trees, which can be added by Adapters.
Inventory Trees can have different types (ie. Storage, Hosts & Clusters, Networking, etc),
and also Instances (ie. Each vCenter would create an instance of Hosts & Clusters).
Each Inventory Tree shows us a series of Objects and Relationships between those
Objects. Individual Objects can be part of many different Inventory Trees.
InventoryTrees will quickly help you navigate your environment and visualize
relationships between parent and child relationships.
The Environment Page is divided up into a series of sub tabs:
Summary: Shows concerns about the currently selected object and its child
objects.
Alerts: Shows all Alerts which have been raised for the currently selected object
only.
HOL-SDC-1610
Page 51
HOL-SDC-1610
Analysis: Shows us Badge scores for the current object (Workload, Anomalies,
Faults, etc)
Troubleshooting: Shows detailed metrics for this object, including the extremely
powerful All Metrics tab.
Details: Shows Views and Heatmaps for the currently selected object.
Environment: Shows a visualization view which can be used to quickly assess
problem relationships.
Projects: Capacity Planning view.
Reports: Reporting tools.
Each sub-tab can be used to quickly access the information you are interested in, to
help troubleshoot the issue at hand faster and more accurately.
HOL-SDC-1610
Page 52
HOL-SDC-1610
Content Page
This page is an extremely powerful tool which administrators can leverage to build
content for vRealize Operations Manager 6.0, including Dashboards and Alerts.
We will cover the creation of these tools in detail in upcoming modules.
HOL-SDC-1610
Page 53
HOL-SDC-1610
Reports
From the Environment Page, we can access the reports in vRealize Operations Manager.
Reports are a scheduled snapshot of views. You can create a report to represent
objects and metrics.
With vRealize Operations Manager reporting functions, you can generate a report to
capture details related to current or predicted resource needs. You can download the
report in PDF or CSV file format for future and offline needs. Reports can also be
scheduled to run at a user defined interval and emailed to recipients.
1. Click on the "Environment" Quick Link
2. Scroll down in the Navigation Panel and select "vSphere Hosts and Clusters"
Navigate to an Object to Run a Report

We run reports from the Report Templates Tab. On the Report Templates tab, you can
create, edit, delete, clone, run, schedule, export, and import templates.
The Report Templates icon is available when you select an object from the
Environment tab in the left pane.
HOL-SDC-1610
Page 54
HOL-SDC-1610
All templates that are applicable for the selected object are listed on the Report
Templates tab. You can order them by report name, subject, date they were modified,
last run, or owner.
Click on the "Reports" tab
1. Click on the Small Triangle next to "vSphere World" to expand the vSphere Hosts
and Clusters view. Notice the reports available in the Content Panel.
2. Expand the tree to view Cluster Site A
Use The Report Filter and Run a Report

You can filter the templates list by adding a filter from the right side of the panel.
1. Click on "Cluster Site A" - Notice that the reports available in the Content Panel
change to reports that are applicable to this object.
2. In the Filter Box, type "Stressed", this will filter our view to report templates that
contain the search text.
3. Highlight the "Stressed VMs Report" (Do not click on "Generated reports" or
"Schedules")
4. Click on the "Run Template" icon
HOL-SDC-1610
Page 55
HOL-SDC-1610
When you run the report, you will notice the Generated Reports field change from "0" to
"1" indicating the report is running.
View Completed Reports

The report will be shown in the Generated Reports list.
1. Click on the "Generated Reports" tab
2. The status should show as In queue or Completed, if it shows as In queue,
click on the "Refresh" icon periodically until the status changes to Completed
3. Click on the "PDF" icon to open the report.
HOL-SDC-1610
Page 56
HOL-SDC-1610
Open the Report

1. Select "Google Chrome"
2. Click "OK"
You can now view the report you just generated in the Google Chrome Browser.
HOL-SDC-1610
Page 57
HOL-SDC-1610
Viewing the Report

The Report will open up in Google Chrome and we can view the contents.
The Title page will show pertinent information regarding the report including the object
it was run against, when it was run, and who ran the report.
Understanding the Report

The Stressed VMs Report will show which virtual machines in our environment are under
stress, and what resources are stressed.
In our lab, we have provisioned the virtual machines to be as small as possible to
minimize the resources we use in the HOL environment.
Effective Capacity is the current resource capacity for the VM
Recommended Size is the vROPs recommendation based on how stressed the VM
is for that resource.
HOL-SDC-1610
Page 58
HOL-SDC-1610
Please Note: You can also export a report in CSV format, which depending on the report
content may be a more useful format.
Administration Page
The Administration Page contains all administration options including Solutions
(Adapters), User Management and Support tools.
Solutions - vRealize Operations Manager includes a page where you can add and
manage solutions, which include the adapters that connect you to the data to
monitor and manage. Solutions are delivered as management packs that include
content and adapters. Adapters are how vRealize Operations Manager manages
communication and integration with other products, applications, and functions
Policies - The Active Policies tab displays the policies associated with groups of
objects. You can manage the active policies for the objects in your environment
so that you can have vRealize Operations Manager analyze and display specific
data about those objects in dashboards, views, and reports.
Inventory Explorer - vRealize Operations Manager discovers objects in your
environment for each adapter instance and lists them. From the complete list of
all the objects in your environment, you can quickly access and configure any
object. For example, you can check if a datastore is connected or providing data,
or you can power on a virtual machine.
Access Control - Each user must have a unique account with one or more roles
assigned to enforce role-based security when they use vRealize Operations
Manager. You create a user account, and assign the account to be a member of
one or more user groups to allow the user to inherit the roles associated with the
user group and to access the objects associated with the user group. You assign
individual role types to the user to set their privileges, and select the objects in
your environment that the user can access.
Object Relationships - Objects in an enterprise environment are related to
other objects in that environment. Objects are either part of a larger object, or
they contain smaller component objects, or both. When you select a parent
HOL-SDC-1610
Page 59
HOL-SDC-1610
object, vRealize Operations Manager shows any related child objects. You can
delete a child object or add more child objects from the list of objects in your
environment.
HOL-SDC-1610
Page 60
HOL-SDC-1610
Dashboards
vRealize Operations Dashboards present a visual overview of the performance and state
of objects in your virtual infrastructure. You use dashboards to determine the nature
and timeframe of existing and potential issues with your environment.
When you first log in to vRealize Operations Manager, you will land on the Home page.
From here, you can go to the Content pane and view the dashboards that provide a
unified view of operations across the entire infrastructure.
To access the available dashboards
1. Navigate to the "Home" page
2. Click on the dashboards listed in the content pane
3. Click on the navigation arrows at the corners of the content pane to access the
additional dashboards
Enabling and Disabling Dashboards

When we add a management pack, the management pack will generally include
dashboards, you can select which of these dashboards are visible.
For this lab, we have already installed the Management Pack for Storage Devices. This
Management Pack comes with preconfigured dashboards that will be useful in
monitoring your environment.
HOL-SDC-1610
Page 61
HOL-SDC-1610
This Management Pack can connect to any storage device that has a VASA provider, and
SAN/NAS Switches from Brocade or Cisco using SMI-S. Performance Data is collected
from host HBA's, NIC, VMs, and SAN/NAS Switches.
To enable the dashboards for MPSD
1.
2.
3.
4.
Click on the "Home" icon

Click on the Dashboard List dropdown
Hover your cursor over "MPSD"
Select the "NFS" protocol and you can see the dashboards that will be displayed
HOL-SDC-1610
Page 62
HOL-SDC-1610
View the NFS Dashboards

The NFS Dashboards are now visible
1. Click on the icons to navigate to the NFS Dashboards
2. Click on the NFS Dashboards and review the information.
For a more in-depth look at vRealize Operations Interface, including Dashboards, Views,
and Reports, please take lab HOL-SDC-1601 Module 2.
HOL-SDC-1610
Page 63
HOL-SDC-1610
How to Install vSOM

Due to the environment the Hands on Labs are running in and the high I/O it would
cause, we are not able to install software. Please use the following videos to walk
through the process.
Video: Installing ESXi using the Installer (4:35)
The following video will walk through the process of installing and configuring vSphere.
HOL-SDC-1610
Page 64
HOL-SDC-1610
Video: Overview of the ESXi Direct Console User Interface

(4:58)
This video will walk you through the Direct Console User Interface (DCUI)
Video: Express Installation and Getting Started -vRealize

Operations Manager 6 (6:40)
This video walks you through the express installation of vRealize Operations Manager
(vROPs)
HOL-SDC-1610
Page 65
HOL-SDC-1610
Additional Information
We hope you have enjoyed taking this module and have a better understanding of the
basics of using vSphere with Operations Management. Be sure to take the survey at the
end.
For more information on vRealize Operations Management, here is a list of additional
online resources you can use:
vRealize Operations Manager Video Repository https://www.vmware.com/support/
vrealize-operations-Manager-6-video.html
VMware Feature Walkthrough vSphere with Operations Management Page
http://featurewalkthrough.vmware.com/#!/vsphere-with-operationsmanagement-6
If you have time remaining, here is a list of all the Modules that are part of this lab,
along with an estimated time to complete each one. Click on the 'Table of Contents'
button to quickly jump to that Module in the manual.
The complete listing of all eight modules are:
Module 3 - Manage Capacity Risk and Plan for the Future - (60 Minutes)
Module 4 - Optimize Workload Performance While Maintaining Business Priorities (60
Minutes)
Module 7 - Log Management with vRealize Log Insight - (60 Minutes)
Module 8 - Power CLI (60 Minutes)
HOL-SDC-1610
Page 66
HOL-SDC-1610
Module 2: Build and

Manage your Virtual
Infrastructure - (90
Minutes)
HOL-SDC-1610
Page 67
HOL-SDC-1610
Virtual Infrastructure - Cluster

Management
A vSphere cluster lets you aggregate the hardware resources of individual vSphere ESXi
hosts but manage the resources as if they resided on a single host. Now, when you
power on a virtual machine, it can be given resources from anywhere in the cluster,
rather than be tied to a specific vSphere ESXi host. When a host is added to a cluster,
the host's resources become part of the cluster's resources. Clusters enable vSphere
High Availability (HA) and vSphere Distributed Resource Scheduler (DRS) solutions.
Video: Create vCenter Inventory (Datacenter, Cluster,

Hosts) for VMware vSphere (2:51)
The following video will show the basics to getting started creating your VMware
vCenter Server Inventory using the vSphere Web Client.
HOL-SDC-1610
Page 68
HOL-SDC-1610
Virtual Infrastructure - Create and Edit

a Virtual Machine
In this lesson, you will walk through creating a virtual machine and editing its settings.
Create a Virtual Machine

There are several ways to create a new VM using the vSphere Web Client. We will be
using the top of the hierarchy which is the vCenter Server.
1. Navigate to the "Home" icon at the top of the screen. Note that you do not need
to click on the icon.
2. Select "VMs and Templates"
HOL-SDC-1610
Page 69
HOL-SDC-1610
Create a Virtual Machine

1.
2.
3.
4.
Click on the arrow to expand the vcsa-01a.corp.local tree

Click on "DataCenter Site A"
If necessary, scroll down in the Window.
Click on "Create a new virtual machine"
HOL-SDC-1610
Page 70
HOL-SDC-1610
Start the New Virtual Machine Wizard

Notice the many options for deploying a new virtual machine. For this lesson, we will
use the "Create a New Virtual Machine" option.
1. Click "Next"
HOL-SDC-1610
Page 71
HOL-SDC-1610
Name the Virtual Machine

Enter a name for the new virtual machine
1. Type in "linux-Web-01a"
2. Click "Next"
HOL-SDC-1610
Page 72
HOL-SDC-1610
Virtual Machine Placement

Expand "DataCenter Site A"
Since Distributed Resource Scheduling {DRS} is not enabled, you need to select the
host to place the new virtual machine.
1. Expand the tree and select host "esx-01a"
2. Click "Next"
HOL-SDC-1610
Page 73
HOL-SDC-1610
Select the Datastore

We need to select a datastore to place the new virtual machine.
1. Select the Datastore "ds-site-a-nfs01"
2. Click "Next"
HOL-SDC-1610
Page 74
HOL-SDC-1610
Select Hardware Compatibility

The version of virtual hardware that your virtual machine is built on will determine which
hosts it can run on. If you have older hosts (ESXi 5.x) in your environment, you would
need to select the corresponding version of virtual hardware. For our environment, our
hosts are ESXi 6.0, so we can use the latest virtual hardware version 11.
1. Select "ESXi 6.0 and later" from the dropdown box.
Click "Next".
HOL-SDC-1610
Page 75
HOL-SDC-1610
Select Guest Operating System

We need to identify which guest OS will be installed on the new virtual machine. This
will allow the wizard to provide appropriate default installation parameters.
1. From the Guest OS Family dropdown select "Linux"
2. From the Guest OS Version dropdown select "Other Linux (64-bit)"
3. Click "Next"
HOL-SDC-1610
Page 76
HOL-SDC-1610
Customize Virtual Machine Hardware

We can now verify the virtual hardware for our new virtual machine and make
modifications if necessary.
1. We can easily add or modify hardware for the virtual machine including CPU.
Memory, or Hard drive space if necessary from the corresponding dropdown
boxes on this page.
2. Click "Next"
HOL-SDC-1610
Page 77
HOL-SDC-1610
Review New Virtual Machine Settings

Review the settings for the new virtual machine, if you are satisfied, click "Finish" to
start the creation task.
HOL-SDC-1610
Page 78
HOL-SDC-1610
Power On linux-Web-01a
Once the virtual machine has been created, we can now power it on.
1.
2.
3.
4.
5.
Click on "Hosts and Clusters"

Expand vcsa-01a.corp.local, DataCenter Site A, and Cluster Site A
Right-click on "linux-Web-01a"
Expand the menu by hovering over "Power"
Click on "Power On"
HOL-SDC-1610
Page 79
HOL-SDC-1610
Power Off linux-Web-01a

Let's power off our virtual machine now.
1. Right-Click on "linux-Web-01a"
2. Click on "Power"
3. Click on "Power Off" and select "Yes" in the pop-up box.
HOL-SDC-1610
Page 80
HOL-SDC-1610
Delete linux-Web-01a
Let's delete linux-Web-01a now.
1. Right-Click on "linux-Web-01a"
2. Click on "Delete from Disk" and select "Yes" when prompted from the pop-up box.
HOL-SDC-1610
Page 81
HOL-SDC-1610
Video: Create VM, Install Guest OS and Install VMware

Tools (4:09)
We have just completed creating our virtual machine, but at this point, there is no
operating system installed. The Hands-on Lab Environment does not have sufficient
resources to allow us to complete the process of installing the guest OS and VMware
tools. The following video will show the remainder of the process.
HOL-SDC-1610
Page 82
HOL-SDC-1610
Edit the Settings of a Virtual Machine

Once we have created a virtual machine, we can change the hardware that is associated
with it, just like a physical machine.
1. Right-Click on "linux-Base-01a"
2. Click "Edit Settings" to add additional physical resources to the virtual machine.
HOL-SDC-1610
Page 83
HOL-SDC-1610
Add a New Device to the Virtual Machine

We now see the hardware associated with the VM. From this screen we can add
additional hardware to the VM. For this example, we will add a second network adapter.
1. Click the drop down list for "New Device"
2. Click the "Add" button to add the new network adapter.
Configure the New Hardware

We have added the new network adapter, now we need to configure it.
1. Click the arrow next to the "New Network" Adapter to expand and view its
settings. At this time, you will also select which network to connect the NIC to as
well as what type of Adapter you would like to use. Notice that the MAC Address
is blank at this point. A new MAC address will be generated once this NIC is
added or we are to specify (with some rules) our own MAC address.
2. Deselect "Connect At Power On"
HOL-SDC-1610
Page 84
HOL-SDC-1610
3. Click "OK" to add the device to the VM. When you select "OK" a new task to
create the network adapter is started.
HOL-SDC-1610
Page 85
HOL-SDC-1610
Clean-Up linux-Base-01a
Let's power off our virtual machine now.
2. Click on "Power"
3. Click on "Power Off" and select "Yes" in the pop-up box.
Prepare to Delete the New Hardware

We will can also delete resources from our virtual machine.
2. Click "Edit Settings"
HOL-SDC-1610
Page 86
HOL-SDC-1610
Delete the Network Adapter

Now that we are done with this portion of the lab, let's remove the new network adapter
since we're not going to use it.
1. Hover your cursor over "Network Adapter 2"
2. Click on the "X" that appears on the right side of the window. The device name
will change and will show as "Device will be removed"
3. Click "OK"
HOL-SDC-1610
Page 87
HOL-SDC-1610
Virtual Infrastructure - Migrate a

Virtual Machine
VMware vMotion enables the live migration of running virtual machines from one
physical server to another with no perceivable impact to the end user. vMotion is a key
technology for creating a dynamic, fully automated datacenter.
With vMotion you can:
Perform scheduled maintenance without scheduled downtime by moving powered
on virtual machines from one host to another
Proactively migrate virtual machines away from failing or underperforming
servers.
Automatically optimize and allocate entire pools of resources for optimal
hardware utilization and alignment with business priorities.
HOL-SDC-1610
Page 88
HOL-SDC-1610
Migrate Powered-On Virtual Machine with vMotion

You can use the Migration wizard to migrate a powered-on virtual machine from one
host to another using vMotion technology. To relocate the disks of a powered-on virtual
machine, migrate the virtual machine using Storage vMotion.
Before migrating a virtual machine with vMotion, ensure that your hosts and virtual
machines meet the requirements for migration with vMotion.
1.
2.
3.
4.
In the vSphere Web Client, Click on the "Home" icon

Click on the "VMs and Templates" icon
Right-click on the virtual machine "linux-App-01a".
Select "Migrate" from the pop-up menu.
HOL-SDC-1610
Page 89
HOL-SDC-1610
Select the Migration Type

The Wizard will prompt you to select the type of migration you wish to perform:
compute resource, storage, or both. For our lab, we will migrate to the other host in
Cluster Site A.
1. Select "Change compute resource only"
2. Click "Next"
Select the Destination

Currently, the virtual machine is running on host esx-01a.corp.local. Let's migrate it to
the other host in the cluster.
1. Select host "esx-02a.corp.local"
2. Click "Next"
HOL-SDC-1610
Page 90
HOL-SDC-1610
Select Network
Select the destination network from the dropdown box to provide network connectivity
for the virtual machine.
1. Select "VM Network" from dropdown menu
2. Click "Next"
Select vMotion Priority

Select the priority for the vMotion operation to protect the performance of virtual
machines that are running in your environment.
1. Select "Schedule vMotion with high priority"
2. Click "Next"
HOL-SDC-1610
Page 91
HOL-SDC-1610
Complete the Migration

Review the information in the wizard to make sure it is correct.
1. Click "Finish"
The migration task is now complete. You can view the migration task in the Recent
Tasks pane of the vSphere Web Client. The running virtual machine has been migrated
to the other host in our cluster.
You have now accomplished moving a running workload between physical hardware
without interruption.
HOL-SDC-1610
Page 92
HOL-SDC-1610
Virtual Infrastructure - Working with

Virtual Machine Snapshots
Working with Virtual Machine Snapshots
Snapshots preserve the state and data of a virtual machine at the time you take the
snapshot. Snapshots are useful when you must revert repeatedly to the same virtual
machine state, but you do not want to create multiple virtual machines. You can also
take multiple snapshots of a virtual machine to create restoration positions in a linear
process. With multiple snapshots, you can save many positions to accommodate many
kinds of work processes. The Snapshot Manager in the vSphere Web Client provides
several operations for creating and managing virtual machine snapshots and snapshot
trees. These operations let you create snapshots, restore any snapshot in the snapshot
hierarchy, delete snapshots, and more.
A Virtual Machine snapshot preserves the following information:
Virtual machine settings - The virtual machine directory, which includes disks that
were added or changed after you took the snapshot.
Power state - The virtual machine can be powered on, powered off, or suspended.
Disk state - State of all the virtual machine's virtual disks.
Memory state (optional) - The contents of the virtual machine's memory.
In this lesson, you will create a Virtual Machine snapshot, make changes to the Virtual
Machine's hardware and configuration state, and then revert back to the original state
of the Virtual Machine by leveraging the vSphere Web Client Snapshot Manager.
HOL-SDC-1610
Page 93
HOL-SDC-1610
Navigate to the VMs and Templates Management Pane

This step will take you to the VMs and Templates management pane.
1. Navigate to the Home Screen of the vSphere Web Client.
2. Select "VMs and Templates"
HOL-SDC-1610
Page 94
HOL-SDC-1610
Expand the Inventory Tree

Expand the Inventory Tree under Datacenter Site A to view the VM inventory. From this
view, we can see that there are several existing Virtual Machines in our vSphere
environment.
To start the VM Snapshot Wizard.
1. Select VM "linux-Base-01a"
2. Click on "Snapshots"
3. Select "Take Snapshot"
HOL-SDC-1610
Page 95
HOL-SDC-1610
Complete the VM Snapshot Wizard

1. In the VM Snapshot Wizard, provide a name for the Snapshot, enter "Snapshot 1"
2. Provide a meaningful description for the Snapshot - "Snapshot prior to settings
change"
3. Click "OK"
The snapshot creation will be visible in the "Recent Tasks" pane.
HOL-SDC-1610
Page 96
HOL-SDC-1610
View the VM Snapshots

We can view the snapshot history of a virtual machine.
3. Select "Manage Snapshots.."
HOL-SDC-1610
Page 97
HOL-SDC-1610
View VM Snapshot Details

Note the operational state of the VM relative to the snapshot timeline. We can see the
current state of the virtual machine as well as the snapshots that are present. For our
example, we will just look at our snapshot tree.
1. View details of the snapshot.
2. Click "Close"
HOL-SDC-1610
Page 98
HOL-SDC-1610
Edit the Virtual Machines Settings

In this step, we will adjust the Memory Configuration for the Virtual Machine
2. Click on "Edit Settings..."
HOL-SDC-1610
Page 99
HOL-SDC-1610
Change the Virtual Machines Settings

1. Select the drop down menu for the CPU Settings
2. Select "2" CPU
3. Select "OK"
HOL-SDC-1610
Page 100
HOL-SDC-1610
Revert Virtual Machine Settings using the Snapshot

Manager
In this step, you will revert the VM's CPU configuration back to the original state using
the Snapshot Manager
HOL-SDC-1610
Page 101
HOL-SDC-1610
Select Snapshot to Revert To

1.
2.
3.
4.
In the Manage VM Snapshots Wizard, select "Snapshot 1" from the Snapshot tree
Click "Revert to" and Click "Yes" to confirm action.
Click "Yes" to Confirm Revert to Snapshot
Click "Close"
HOL-SDC-1610
Page 102
HOL-SDC-1610
Monitor Task Progress

Reverting to the Snapshot will take the VM back to the state it was in before we added
the additional CPU
1. Expand the "VM Hardware" details tab
2. Note the CPU Configuration
HOL-SDC-1610
Page 103
HOL-SDC-1610
Delete the Snapshot

HOL-SDC-1610
Page 104
HOL-SDC-1610
Delete Snapshots
1.
2.
3.
4.
Select the top-level linux-Base-01a state.

Click the "Delete All" button
Select "Yes" to confirm the deletion at the pop-up message prompt
Click the "Close" button.
It is a best practice to delete virtual machine snapshots when they are no longer
needed. Over time the snapshot delta can grow to be quite large which could result in
issues consolidating the virtual machine files.
HOL-SDC-1610
Page 105
HOL-SDC-1610
Video: Virtual Machine Snapshots for VMware vSphere

(2:33)
For our lab, the snapshot was used to revert our virtual machine to a previous hardware
state. A typical use case can be to take a snapshot of a virtual machine before the
installation of a software package. If something goes wrong, you can revert to a
previous state and retry the installation. The following video will provide additional
insight into the value of virtual machine snapshots.
HOL-SDC-1610
Page 106
HOL-SDC-1610
Virtual Infrastructure - Cloning Virtual

Machines and Using Templates
VMware provides several ways to provision vSphere virtual machines. One method is to
create a single virtual machine and install an operating system on it, and then use that
virtual machine as a base image from which to clone other virtual machines. Cloning a
virtual machine can save time if you are deploying many similar virtual machines. You
can create, configure, and install software on a single virtual machine. You can clone it
multiple times, rather than creating and configuring each virtual machine individually.
Another provisioning method is to clone a virtual machine to a template. A template is a
master copy of a virtual machine that you can use to create and provision virtual
machines. Creating a template can be useful when you need to deploy multiple virtual
machines from a single baseline, but want to customize each system independently of
the next. A common value point for using templates is to save time. If you have a virtual
machine that you will clone frequently, make that virtual machine a template and
deploy your virtual machines from that template.
In this lesson, you will clone an existing Virtual Machine to a Template, and deploy a new
Virtual Machine from that Template.
Navigate to the VMs and Templates Management Pane

From the Home Screen
1. Navigate to VMs and Templates
HOL-SDC-1610
Page 107
HOL-SDC-1610
Open the Inventory Tree

1.
2.
3.
4.
Click the drop down arrows to expand the inventory tree.

Select the VM "linux-Base-01a"
Select "Clone"
Select "Clone to Template..."
HOL-SDC-1610
Page 108
HOL-SDC-1610
Select a Name and Folder

1. In the Clone Virtual Machine to Template wizard, provide a name for the Template
- "TinyLinux Template"
2. Leave the location as "Datacenter Site A" for this lab.
3. Click "Next"
HOL-SDC-1610
Page 109
HOL-SDC-1610
Select Compute Resource

1. Expand "Cluster Site A"
2. Choose "esx-02a.corp.local"
3. Click "Next"
HOL-SDC-1610
Page 110
HOL-SDC-1610
Select Storage
The datastore with the most free space is automatically chosen.
1. Keep the default"ds-site-a-nfs01"
2. Press the "Next" button.
HOL-SDC-1610
Page 111
HOL-SDC-1610
Review the VM Template Settings

Review the VM Template Settings and click on "Finish"
HOL-SDC-1610
Page 112
HOL-SDC-1610
Monitor Task Progress

Note the progress in the Recent Tasks pane
1. The new "TinyLinux Template" Template object will appear in the inventory pane.
HOL-SDC-1610
Page 113
HOL-SDC-1610
Deploy a Virtual Machine from a Template

1. Select the Template, "TinyLinux Template"
2. Select the "Getting Started" tab
3. Under Basic Tasks in the action pane, click "Deploy to a new virtual machine"
HOL-SDC-1610
Page 114
HOL-SDC-1610
Select a Name and Folder

1. Enter "TinyLinux-VM" for the name of the new virtual machine
2. Leave the default location "Datacenter Site A"
3. Click "Next"
HOL-SDC-1610
Page 115
HOL-SDC-1610
Select Compute Resource

1. Expand "Cluster Site A"
2. Select host "esx-02a.corp.local"
3. Click "Next"
HOL-SDC-1610
Page 116
HOL-SDC-1610
Select Storage
1. Leave the default datastore "ds-site-a-nfs01"
2. Click "Next"
HOL-SDC-1610
Page 117
HOL-SDC-1610
Select the Clone Options

1. Check the "Power on virtual machine after creation" box
2. Click "Next"
In order to manage the time to complete this module, the "TinyLinux-01 Template" OS
installed cannot be customized, and so it will not be possible to customize the guest
settings.
HOL-SDC-1610
Page 118
HOL-SDC-1610
Ready to Complete
Review the deployment options for your new VM and click "Finish"
HOL-SDC-1610
Page 119
HOL-SDC-1610
Monitor the Task Progress

1. Note the new VM "TinyLinux-VM" in the Inventory Pane
HOL-SDC-1610
Page 120
HOL-SDC-1610
Power Off TinyLinux-VM

We need to remove the VM we just created to keep our lab running smoothly.
1. Click on "TinyLinux-VM"
2. Click on "Power"
3. Click on "Power Off"
HOL-SDC-1610
Page 121
HOL-SDC-1610
Delete TinyLInux-VM
Let's delete this Virtual machine from our environment now.
1. Click on "TinyLinux-VM
2. Click on "Delete from Disk" and select "Yes" when prompted from the pop-up box.
HOL-SDC-1610
Page 122
HOL-SDC-1610
Video: Virtual Machine Cloning and Templates for VMware

vSphere (4:03)
For additional features of cloning and templates for vSphere, please watch the following
video.
HOL-SDC-1610
Page 123
HOL-SDC-1610
Virtual Infrastructure - Virtual Machine

Monitoring and Remediation
Introduction and Environment Overview
In this lab we will review some of the features around managing vSphere environments
using vRealize Operations Manager. We will generate a "problem" in our environment
and quickly resolve that issue using the Remediation features that are built into vRealize
Operations.
One Touch Task Remediation in vRealize Operations

Manager
For this lesson, we are simulating an issue with an application server that is causing
high CPU utilization. Generally, in this situation, we are alerted to the problem by
performance impacts. With vROPs, we are able to identify that there is a CPU utilization
issue and remediate the problem quickly.
HOL-SDC-1610
Page 124
HOL-SDC-1610
Start CPU Load simulation on the Virtual Machines (VMs)

Minimize Firefox. There is no need to close the Web Client, since we will be using it
again. Next load PuTTY from the Desktop or from the Launch bar
HOL-SDC-1610
Page 125
HOL-SDC-1610
PuTTY to linux-App-01a VM
1. Select linux-App-01a.
2. Click Load.
3. Click Open.
HOL-SDC-1610
Page 126
HOL-SDC-1610
Start CPU Load simulation for linux-App-01a

1. At the login as: prompt, type root and press enter. No password will be required.
2. At the linux prompt, type /opt/CPULoad.sh 1 and press enter.
3. The CPU load simulation is working if you see Starting CPU load.
CPU load will begin to ramp up as soon as the script starts running.
NOTE: Make sure you type the linux command exactly as shown as it is case sensitive.
HOL-SDC-1610
Page 127
HOL-SDC-1610
Confirm Virtual Machine CPU Usage

Open the vSphere Web Client in the Firefox session that was minimized at the beginning
of this lesson.
1. In the Search Box, type "App"
2. Select "linux-App-01a" from the search results
HOL-SDC-1610
Page 128
HOL-SDC-1610
Confirm VM CPU Usage

1. Highlight linux-App-01a.
2. Click the "Refresh" icon occasionally to update the screen more quickly.
3. Confirm the CPU USAGE is above 2 GHz.
Please Note: Depending on how fast you went through the last few steps, the value
may be zero or very low until the screen refreshes.
HOL-SDC-1610
Page 129
HOL-SDC-1610
Log in to vRealize Operations Manager

Log into vRealize Operations Manager (vROPs), open up a second tab in the Firefox
Browser.
HOL-SDC-1610
Page 130
HOL-SDC-1610
Monitor Application on Cluster Site A in vRealize

Operations Manager
As our Application VM's are running on Cluster Site A, let's navigate to that object in
vRealize Operations Manager
Open vROPs in your Firefox browser using the "vROPs-01a" bookmark.
1. Locate the search bar at the top right corner of the vRealize Operations Manager
UI and type "Site A"
2. Select "Cluster Site A"
HOL-SDC-1610
Page 131
HOL-SDC-1610
Check Alerts on Cluster Site A

1. You are brought to the Cluster Site A object and the Summary page is displayed,
you can see there already some alerts for this cluster resource object.
2. Under the Health Tab review the alerts, you can see there are alerts for various
problems.
3. Click on the arrows to minimize the Top Alerts windows since there are no alerts
for Cluster Site A.
HOL-SDC-1610
Page 132
HOL-SDC-1610
Check CPU Alert

In the Health Tab, you can see that we have alerts for "Top Health Alerts For
Descendants"
1. If you do not see the Top Health Alerts for Descendants "Virtual machine has
unexpected high CPU workload" click the "Refresh" icon occasionally to update
the screen more quickly.
2. Click on the Alert "Virtual machine has unexpected high CPU workload".
Select CPU Alert for linux-App-01a

We can see all the objects that correspond to the Alert issued. In this instance, since
linux-App-01a is the only virtual machines that has triggered this alert we are brought
directly to that virtual machine.
1. We can see the details for the triggered Alert, such as the resource that triggered
the Alert, what Alert type it is and what impact it has on the object.
HOL-SDC-1610
Page 133
HOL-SDC-1610
2. Here we can see the metrics that would have triggered the alert, this can help us
see the possible causes. In this case, you can see the Virtual Machine Workload
is at 100%.
3. Here we can see Recommendations that can help us resolve the problem with the
Virtual Machine.
4. Click on the icon next to "Other Recommendations" to view additional
recommendations to resolve our issue.
HOL-SDC-1610
Page 134
HOL-SDC-1610
Add CPU to the Virtual Machine

Let's follow the Recommended Action and add CPU resources to this Virtual Machine
1. Click on "Set CPU Count for VM"
2. The Set CPU Count for VM Wizard will open. You can see that the current CPU
count is "1" in the New CPU Count box, set the CPU Count for the VM to have 2
CPU.
3. Click "Begin Action"
HOL-SDC-1610
Page 135
HOL-SDC-1610
Review the Task

Once we begin the remediation, we get confirmation that the task has been created.
Click on "Recent Tasks" to review the action.
HOL-SDC-1610
Page 136
HOL-SDC-1610
Review Recent Tasks

Here we can see the details of the action taken (NOTE - it can take up to 2 min to
complete)
1. Click on the task at the top of the list.
2. In the "Details of Task Selected" pane we can see the task to add more CPU to the
Virtual Machine has completed. Click on "linux-App-01a"
Note: If you get to this stage and the task shows as "Failed" this could be due to the
load that is present in the Hands-On-Lab Environment. Since we are running this lab in
an environment with a host with 2 CPU, if the Lights-Out Remediation task tries to add
more than 2 vCPU to the VM this task will fail.
HOL-SDC-1610
Page 137
HOL-SDC-1610
Check CPU Load on linux-App-01a

1. Click on the "Analysis" tab
2. If the workload is still showing as a "Warning" or "Critical", click on the "Refresh"
icon
3. Looking at the virtual machine, we can see that it now has 6 GHz of CPU Capacity
and the workload has stabilized.
Our virtual machine now has sufficient CPU resources to run at an acceptable workload.
HOL-SDC-1610
Page 138
HOL-SDC-1610
Clean-Up linux-App-01a
Now that we are done with this portion of the lab, let's stop the CPU load on linuxApp-01a
1. Bring the Putty session for linux-App-01a back up and press "Enter" to stop the
CPULoad.sh script.
2. Close Putty session for linux-App-01a.
Lights-Out Automated Task Remediation in vRealize

Operations Manager
We just completed a lesson showing you how to manually resolve an issue and
executing a guided remediation action within vROPs using One Touch Remediation.
While this is a very simple task to complete, there may be instances where you want
complete Lights-Out remediation. When it comes to operationalizing your environment,
you may want to automate some of these types of operations. Let's walk through how
vROPs can help you by automating these tasks.
Introduction and Environment Overview

In this lab module, we will review a new feature in vRealize Operations, Automated Task
Remediation. In our environment, we have a virtual machine that we will create a CPU
load on. We will create an automated task that will recognize this CPU load, and this
CPU load will trigger an automated remediation task that will resolve the issue by
adding CPU resources to the virtual machine.
HOL-SDC-1610
Page 139
HOL-SDC-1610
Access Custom Group

To perform automated tasks in vRealize Operations Manager we need to create a group
that we can have our actions act upon. In this instance, we have a custom group
created whose configuration is nearly complete.
1.
2.
3.
4.
In vRealize Operations Manager, navigate to the "Environments" page

Click on "Custom Groups"
Highlight "linux-App-02a" custom group
Click on the "Edit" icon
Configure Custom Group

The "Edit Group" Wizard will open
1. Select "linux-App-02a" from the Policy dropdown.
2. Enter "Virtual Machine" as the Object Type.
3. Select "Properties" from the first dropdown.
HOL-SDC-1610
Page 140
HOL-SDC-1610
4.
5.
6.
7.
Select "Configuration | Name" from the second dropdown.

Select "is" as the condition for the third dropdown.
Type "linux-App-02a" in the fourth dropdown.
Click "OK"
Please Note: We have done some of the tasks for you in this lab. We have already
created a policy that will trigger on the CPU workload alert. When we finish this group
configuration, the group members high CPU workload alert will cause the policy to start
the automated remediation action.
HOL-SDC-1610
Page 141
HOL-SDC-1610
Open PuTTY Session to linux-App-02a VM

Virtual machine linux-App-02a will be the application server that is having an issue. We
need to log into the virtual machine and generate the CPU load which will trigger the
alert in vROPs.
Click on PuTTY from the shortcut on the bottom of the screen.
1. Select linux-App-02a.
2. Click Load.
3. Click Open.
HOL-SDC-1610
Page 142
HOL-SDC-1610
Start CPU Load for linux-App-02a

Log into linux-App-02a
CPU load will begin to ramp up as soon as the script starts running.
Please Note: Make sure you type the linux command exactly as shown as it is case
sensitive.
HOL-SDC-1610
Page 143
HOL-SDC-1610
Navigate to Recent Tasks Pane

With the CPU load started on linux-App-02a, we may have to wait for a few minutes for
the load to reach the alerting threshold. Once this happens, the Automated
Remediation process will recognize that the virtual machine is experiencing a high CPU
workload and will add additional CPU resources to our virtual machine automatically.
1. Click on the "Administration" icon
2. Click on "Recent Tasks"
Review the Task

Review that the task has completed. You may have to refresh the screen to see if the
task has completed.
1. Highlight the task
2. Click on the object name "linux-App-02a"
This will take us to the linux-App-02a object.
HOL-SDC-1610
Page 144
HOL-SDC-1610
Please Note: If you receive a task status of "Failed" this is due to the fact that the fully
automated remediation action is asking for more resources than are allocated in the
HOL Lab environment. Since our ESXi hosts only have two physical CPU's, and the
automated remediation action is asking for more than 2 CPU's, the action fails. This is
an artifact of the lab environment, and not the functionality of the automated
remediation action.
HOL-SDC-1610
Page 145
HOL-SDC-1610
Check CPU Load on Linux-App-02a

1. Click on the "Analysis" tab
2. If the workload is still showing as a "Warning" or "Critical", click on the "Refresh"
icon
3. Looking at the virtual machine, we can see that it now has 6 GHz of CPU Capacity
and the workload has stabilized.
Our virtual machine now has sufficient CPU resources to run at an acceptable workload.
With this automated remediation task created, we could apply it to other virtual
machines as necessary.
HOL-SDC-1610
Page 146
HOL-SDC-1610
Clean-Up linux-App-02a
Now that we are done with this portion of the lab, let's stop the CPU load on linuxApp-02a
1. Bring the Putty session for linux-App-02a back up and press "Enter" to stop the
CPULoad.sh script.
2. Close Putty session for linux-App-02a.
HOL-SDC-1610
Page 147
HOL-SDC-1610
Virtual Infrastructure - Working with

the Virtual Standard Switch
The following lesson will walk you through the process of creating and configuring the
vSphere Standard Switch
Adding a Virtual Machine Port Group with the vSphere

Web Client
If you are not already logged in, launch the Firefox browser from the desktop and log
into the vSphere Web Client. Select "Site A Web Client" from the Bookmarks Toolbar.
1. Click the "Use Windows session authentication" check box.
2. Click "Login".
HOL-SDC-1610
Page 148
HOL-SDC-1610
Select Hosts and Clusters

In the left-hand pane, click the "Hosts and Clusters" Object.
Add Networking
We will now add the Virtual Standard Switch to host esx-02a.corp.local.
1. Under vcsa-01.corp.local, expand "Datacenter Site A" and then "Cluster Site A".
2. Right-click on host esx-02a.corp.local in the Navigator and select "Add
Networking"
Connection Type
Select a connection type to create.
HOL-SDC-1610
Page 149
HOL-SDC-1610
1. Select "Virtual Machine Port Group for a Standard Switch".

2. Click "Next".
Target Device
You will now select the target device for the new connection.
1. Select "New Standard Switch".
2. Click "Next".
Create a Standard Switch

You will now assign a physical network adapter to the Standard Switch you are creating.
1. Select "Unused Adapters".
HOL-SDC-1610
Page 150
HOL-SDC-1610
2. Click the Green "+" button.
Add Physical Adapter

You will now add a physical adapter to the Standard Switch.
1. Select "vmnic3".
2. Click "OK".
Add Physical Adapter

You can see that physical adapter vmnic3 has been added to the Standard Switch.
HOL-SDC-1610
Page 151
HOL-SDC-1610
Click "Next".
Connection Settings
You can now label your Standard Switch with an easily identifiable name. For our
example, change the name to VM Network 2.
Do not change the VLAN ID: leave this set to None (0).
Click "Next".
HOL-SDC-1610
Page 152
HOL-SDC-1610
Complete the Wizard

The Standard Switch configuration is now complete.
Review the port group settings and click "Finish".
Optional Video - How to Configure a vSphere Standard

Switch (VSS) (time mm:ss)
HOL-SDC-1610
Page 153
HOL-SDC-1610
Edit a Standard Virtual Switch in the vSphere Web Client

In this lesson, we'll modify the Standard Switch we created on host esx-02a. vSphere
standard switch settings control switch-wide defaults and switch properties such as the
uplink configuration.
For this lesson, we will modify the Standard Switch on host esxi-02a.corp.local.
1.
2.
3.
4.
5.
6.
Browse to esx-02a.corp.local in the vSphere Web Client object Navigator.

Click on the "Manage" Tab.
Select "Networking".
Select "Virtual switches".
Select "vSwitch0" from the list.
Click on the pencil icon to edit vSwitch0.
Change the MTU Setting for vSwitch0

If you are using jumbo frames in your environment and want to leverage this on a
vSphere Standard Switch, you can change the MTU setting here.
You can change the size of the maximum transmission unit (MTU) on a vSphere
Standard Switch to increase the amount of payload data transmitted with a single
packet, that is, enabling jumbo frames. Be sure to check with your Networking team
prior to making any modifications here. To realize the benefit of this setting and prevent
performance issues, compatible MTU settings are required across all virtual and physical
switches and end devices such as hosts and storage arrays. You will also notice the
Security, Traffic shaping, and Teaming and Failover options. This is where the default
settings for the virtual switch are set. As you will see later, these defaults may be
overridden at the port group level as required.
HOL-SDC-1610
Page 154
HOL-SDC-1610
Click "Cancel" to continue.
Change the Speed of an Uplink Adapter in the vSphere

Web Client
An uplink adapter can become a bottleneck for network traffic if the speed of the uplink
adapter is not compatible with the network traffic speed. You can change the connection
speed and duplex setting of an uplink adapter to match the speed configured on the
attached physical switch port.
1. Click on "Physical adapters".
2. Select "vmnic2".
3. click on the pencil icon to edit vmnic2 properties.
Configured Speed and Duplex

The available speed and duplex settings are listed here. You can change the configured
speed and/or duplex to the appropriate settings.
HOL-SDC-1610
Page 155
HOL-SDC-1610
Click "Cancel" to continue.
Add Uplink Adapters in the vSphere Web Client

You can associate multiple physical network adapters to a single vSphere standard
switch to increase throughput and to provide redundancy should a link fail. This is
known as "NIC Teaming".
To add a physical uplink to vSwitch0.
1.
2.
3.
4.
Click on the "Networking" Tab.

Select "Virtual switches".
Select "vSwitch0".
Click on the Manage physical adapters icon.
HOL-SDC-1610
Page 156
HOL-SDC-1610
Adapters Assigned to vSwitch0

You will see the Adapters that are assigned to vSwitch0.
To add an additional adapter, click on the Green Plus sign.
Add Adapter to vSwitch0

The list of available vmnics will be listed in the Network Adapters box.
1. Click on "vmnic2".
2. in the Failover order group, select "Active Adapters".
3. Click "OK".
View Adapters
The selected adapter appears as an Active Adapter under the Assigned Adapters List.
HOL-SDC-1610
Page 157
HOL-SDC-1610
Click "OK" to save the changes.
HOL-SDC-1610
Page 158
HOL-SDC-1610
Editing a Standard Switch Port Group

Once the vSwitch has been configured and its defaults have been set, the port group
can be configured. The port group is the construct that is connected to virtual machine
NICs and generally represents a VLAN or physical network partition, such as Production,
Development, Staging, or DMZ.
To edit the portgroup on a Standard Switch.
1. Select "Virtual switches".
2. Select "vSwitch0".
3. Click on the pencil icon to edit the portgroup.
HOL-SDC-1610
Page 159
HOL-SDC-1610
Port Group Properties

The Properties setting is where the name or VLAN ID (if applicable) of the port group
can be modified.
No changes are needed here and you may proceed to the next step.
Port Group Security

Click Security in the left pane. By ticking the Override box, you can override the default
setting of the virtual switch for just this port group.
In this section, you can configure the following:
Promiscuous Mode
Reject Placing a guest adapter in promiscuous mode has no effect on which
frames are received by the adapter.
Accept Placing a guest adapter in promiscuous mode causes it to detect all
frames passed on the vSphere standard switch that are allowed under the VLAN
policy for the port group that the adapter is connected to.
MAC Address Changes
Reject If you set the MAC Address Changes to Reject and the guest operating
system changes the MAC address of the adapter to anything other than what is in
the .vmx configuration file, all inbound frames are dropped. If the Guest OS
changes the MAC address back to match the MAC address in the .vmx
configuration file, inbound frames are passed again.
Accept Changing the MAC address from the Guest OS has the intended effect:
frames sent to the altered MAC address are received by the virtual machine.
HOL-SDC-1610
Page 160
HOL-SDC-1610
Forged Transmits
Reject Any outbound frame with a source MAC address that is different from the
one currently set on the adapter are dropped.
Accept No filtering is performed and all outbound frames are passed.
No changes are needed here and you mayproceed to the next step.
Traffic Shaping
Click Traffic shaping in the left pane. by ticking the override box, you can override the
default policy set at the switch level to apply to just this port group. A traffic shaping
policy is defined by average bandwidth, peak bandwidth, and burst size. You can
establish a traffic shaping policy for each port group. ESXi shapes outbound network
traffic on standard switches. Traffic shaping restricts the network bandwidth available on
a port, but can also be configured to allow bursts of traffic to flow through at higher
speeds.
Average Bandwidth
Establishes the number of bits per second to allow across a port, averaged over
time. This number is the allowed average load.
Peak Bandwidth
Maximum number of bits per second to allow across a port when it is sending or
receiving a burst of traffic. This number limits the bandwidth that a port uses
when it is using its burst bonus.
Burst Size
Maximum number of bytes to allow in a burst. If this parameter is set, a port
might gain a burst bonus if it does not use all its allocated bandwidth. When the
HOL-SDC-1610
Page 161
HOL-SDC-1610
port needs more bandwidth than specified by the average bandwidth, it might be
allowed to temporarily transmit data at a higher speed if a burst bonus is
available. This parameter limits the number of bytes that have accumulated in
the burst bonus and transfers traffic at a higher speed.
Teaming and Failover

Click Teaming and failover in the left pane. Again we have the option to override the
default virtual switch settings.
Load Balancing Policy - The Load Balancing policy determines how network traffic is
distributed between the network adapters in a NIC team. vSphere virtual switches load
balance only the outgoing traffic. Incoming traffic is controlled by the load balancing
policy on the physical switch.
Route based on the originating virtual port - Select an uplink based on the virtual
port IDs on the switch. After the virtual switch selects an uplink for a
virtualmachine or a VMkernel adapter, it always forwards traffic through the same
uplink for this virtual machine or VMkernel adapter.
Route based on IP hash - Select an uplink based on a hash of the source and
destination IP addresses of each packet. For non-IP packets, the switch uses the
data in those fields to compute the hash. IP-based teaming requires that the
physical switch is configured with EtherChannel.
Route based on source MAC hash - Select an uplink based on a hash of the source
Ethernet.
Route based on physical NIC load - Available for distributed port groups or
distributed ports. Select an uplink based on the current load of the physical
network adapters connected to the port group or port. If an uplink remains busy
at 75 percent or higher for 30 seconds, the host proxy switch moves a part of the
virtual machine traffic to a physical adapter that has free capacity.
HOL-SDC-1610
Page 162
HOL-SDC-1610
Use explicit failover order - From the list of active adapters, always use the
highest order uplink that passes failover detection criteria. No actual load
balancing is performed with this option
Network Failure Detection - The method the virtual switch will use for failover detection.
Link Status only - Relies only on the link status that the network adapter provides.
This option detects failures such as removed cables and physical switch power
failures.
Beacon Probing - Sends out and listens for beacon probes on all NICs in the team,
and uses this information, in addition to link status, to determine link failure.
ESXi sends beacon packets every second. The NICs must be in an active/active
or active/standby configuration because the NICs in an unused state do not
participate in beacon probing.
Notify Switches - specifies whether the virtual switch notifies the physical switch in case
of a failover.
Failover - specifies whether a physical adapter is returned to active status after
recovering from a failure.
If failback is set to Yes, the default selection, the adapter is returned to active
duty immediately upon recovery, displacing the standby adapter that took over
its slot, if any.
If failback is set to No for a standard port, a failed adapter is left inactive after
recovery until another currently active adapter fails and must be replaced. You
can also override the default virtual switch setting for the Failover order of the
physical adapters.
HOL-SDC-1610
Page 163
HOL-SDC-1610
Cancel Changes to Port Group

Since we don't want to make any changes to the port group, click the Cancel button.
The vSphere Standard Switch is a simple virtual switch configured and managed at the
host level. This switch provides access, traffic aggregation and fault tolerance by
allowing multiple physical adapters to be bound to each virtual switch. The VMware
vSphere Distributed Switch builds on the capabilities of the vSS and simplifies
management in large deployments by appearing as a single switch spanning multiple
associated hosts. This allows changes to be made once and propagated to every host
that is a member of the switch.
HOL-SDC-1610
Page 164
HOL-SDC-1610
Abstraction of Storage for More

Efficient Management and Better
Control
vSphere Storage Overview
The following lesson provides an overview of the different types of storage available in
vSphere. The vSphere Hypervisor, ESXi, provides host-level storage virtualization, which
logically abstracts the physical storage layer from virtual machines.
A vSphere virtual machine uses a virtual disk to store its operating system, program
files, and other data associated with its activities. A virtual disk is a large physical file, or
a set of files, that can be copied, moved, archived, and backed up as easily as any other
file. You can configure virtual machines with multiple virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual
controllers include BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS, and VMware
Paravirtual. These controllers are the only types of SCSI controllers that a virtual
machine can see and access.
Each virtual disk resides on a vSphere Virtual Machine File System (VMFS) datastore or
an NFS-based datastore that are deployed on physical storage. From the standpoint of
the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a
SCSI controller. Whether the actual physical storage device is being accessed through
parallel SCSI, iSCSI, network, Fibre Channel, or FCoE adapters on the host is transparent
to the guest operating system and to applications running on the virtual machine.
The vSphere storage management process starts with storage space that your storage
administrator allocates on different storage systems prior to vSphere ESXi assignment.
vSphere supports two types of storage - Local and Networked. Each type is detailed in
the following lesson steps.
HOL-SDC-1610
Page 165
HOL-SDC-1610
Local Storage
The illustration below depicts virtual machines using Local VMFS storage directly
attached to a single ESXi host.
Local storage can be internal hard disks located inside your ESXi host, or it can be
external storage systems located outside and connected to the host directly through
protocols such as SAS or SATA.
HOL-SDC-1610
Page 166
HOL-SDC-1610
Networked Storage
The illustration below depicts virtual machines using networked VMFS storage presented
to multiple ESXi hosts.
Networked storage consists of external storage systems that your ESXi host uses to
store virtual machine files remotely. Typically, the host accesses these systems over a
high-speed storage network. Networked storage devices are typically shared. Datastores
on networked storage devices can be accessed by multiple hosts concurrently, and as a
result, enable additional vSphere technologies such as High Availability host clustering,
Distributed Resource Scheduling, vMotion and Virtual Machines configured with Fault
Tolerance. ESXi supports several networked storage technologies - Fiber Channel, iSCSI,
NFS, and Shared SAS.
Virtual Machine Disks

The illustration below depicts virtual machines using different types of virtual disk
formats against a shared VMFS Datastore.
When you perform certain virtual machine management operations, such as creating a
virtual disk, cloning a virtual machine to a template, or migrating a virtual machine, you
can specify a provisioning policy for the virtual disk file format. There are three types of
virtual disk formats:
Thin Provision
Use this format to save storage space. For the thin disk, you provision as much
datastore space as the disk would require based on the value that you enter for the disk
size. However, the thin disk starts small and at first, uses only as much datastore space
as the disk needs for its initial operations.
HOL-SDC-1610
Page 167
HOL-SDC-1610
Thick Provision Lazy Zeroed

Creates a virtual disk in a default thick format. Space required for the virtual disk is
allocated when the virtual disk is created. Data remaining on the physical device is not
erased during creation, but is zeroed out on demand at a later time on first write from
the virtual machine. Using the thick-provision, lazy-zeroed format does not zero out or
eliminate the possibility of recovering deleted files or restoring old data that might be
present on this allocated space. You cannot convert a thick-provisioned, lazy-zeroed disk
to a thin disk.
Thick Provision Eager Zeroed
A type of thick virtual disk that supports clustering features such as Fault Tolerance.
Space required for the virtual disk is allocated at creation time. In contrast to the thick
provision, lazy-zeroed format, the data remaining on the physical device is zeroed out
when the virtual disk is created. In general, it takes much longer to create disks in this
format than to create other types of disks.
Creating and Configuring vSphere Datastores

This lab will walk you through creating and configuring an NFS datastore for use by your
vSphere hosts.
HOL-SDC-1610
Page 168
HOL-SDC-1610
Login to the vSphere Web Client

If you are not already logged into the vSphere Web Client, launch the Mozilla Firefox
Web Browser and navigate to the "Site A Web Client" bookmark
1. Click the "Use Windows session authentication" check box
2. Click "Login"
HOL-SDC-1610
Page 169
HOL-SDC-1610
From the Home Screen

1. Select "Storage" from the inventories pane
Storage Details
You will now see the datastores that are provisioned in your environment.
1. Select the "ds-site-a-nfs01" datastore
2. Click on the "Summary" tab for additional information about the datastore
Create a vSphere NFS Datastore

We will now create a new vSphere NFS Datastore using a pre-provisioned NFS mount.
HOL-SDC-1610
Page 170
HOL-SDC-1610
To provision the new datastore, we just need to complete the wizard.

1.
2.
3.
4.
Select "Datacenter Site A"

Click on the "Actions" dropdown
Select "Storage"
Select "New Datastore"
HOL-SDC-1610
Page 171
HOL-SDC-1610
New Datastore - Type

The wizard will display the location of the new datastore. Select "Next" to advance the
wizard to the "Type" step.
1. Select "NFS" as the type
2. Click on "Next"
Please Note: You can use only one NFS version to access a given datastore. Mounting
one or more hosts to the same datastore using different NFS versions can include data
corruption.
HOL-SDC-1610
Page 172
HOL-SDC-1610
New Datastore - NFS Version

1. Verify that "NFS 3" is selected
2. Click on "Next"
HOL-SDC-1610
Page 173
HOL-SDC-1610
New Datastore - Name and Configuration

1.
2.
3.
4.
In the Datastore name field enter "ds-site-a-nfs02"

In the Folder field enter "/mnt/NFSA2"
In the Server field enter "10.10.20.60"
Click "Next"
HOL-SDC-1610
Page 174
HOL-SDC-1610
New Datastore - Host Accessibility

1. Select the checkbox to include all hosts
2. Click on "Next"
New Datastore - Ready to Complete

The datastore is nearly ready to use. Review the settings on this page to make sure
they are accurate. When you are satisfied, click on "Finish"
HOL-SDC-1610
Page 175
HOL-SDC-1610
Monitor Datastore Creation Progress

You can now view the task that is creating the datastore.
1.
2.
3.
4.
The Recent Tasks pane will show the datastore creation

Click on the "Refresh" icon to update the display
Select "ds-site-a-nfs02"
Select "Summary" to view the details of the datastore you just created
Storage vMotion
Planned downtime typically accounts for over 80% of datacenter downtime. Hardware
maintenance, server migration, and firmware updates all require downtime for physical
servers. To minimize the impact of this downtime, organizations are forced to delay
maintenance until inconvenient and difficult-to-schedule downtime windows.
The vMotion. and Storage vMotion functionality in vSphere makes it possible for
organizations to reduce planned downtime because workloads in a VMware environment
can be dynamically moved to different physical servers or to different underlying
storage without service interruption. Administrators can perform faster and completely
HOL-SDC-1610
Page 176
HOL-SDC-1610
transparent maintenance operations, without being forced to schedule inconvenient

maintenance windows. With vSphere vMotion and Storage vMotion, organizations can:
Eliminate downtime for common maintenance operations.
Eliminate planned maintenance windows.
Perform maintenance at any time without disrupting users and services.
In this lab, you will learn how to work with vMotion and move virtual machines to
different hosts within the cluster.
Storage View
If you are not already logged into the vSphere Web Client:
Click the "Mozilla Firefox" icon from the Control Center desktop
Click the "Use Windows session authentication" check box
Click "Login"
1. Go the home screen of the vSphere Web Client by clicking the "Home" icon.
2. Click the "Storage" icon.
List Virtual Machines on a Specified Datastore

1. Navigate to and click on the ds-site-a-nfs01 datastore object in the Datacenter
Site A datacenter managed by the vcsa-01a.corp.local vCenter.
2. Click "Related Objects"
HOL-SDC-1610
Page 177
HOL-SDC-1610
3. Click the "Virtual Machines" tab. You should now have a list of all virtual machines
on the selected datastore.
Please Note: Depending on which lessons you have completed, the available datastores
and virtual machines may be different than the images shown above.
Drag and Drop Storage vMotion

The VM linux-App-01a is located on ds-site-a-nfs01 and needs to be moved to ds-site-anfs02.
1. Click the linux-App-01a VM and continue to hold the left mouse button while
dragging the VM to the ds-site-a-nfs02 datastore object. A green + will appear near
the mouse cursor (see picture) when it is pointing at objects which are suitable targets
for the object being moved. Let go of the mouse button to drop the linux-App-01a VM
onto the ds-site-a-nfs02 object. The Migrate wizard will launch to complete the
process.
HOL-SDC-1610
Page 178
HOL-SDC-1610
Migrate Datastore
1. Select the radio button to "Change storage only".
2. Click "Next"
Note that in vSphere 6.0 we do have the ability to change compute, network, and
storage in the same vMotion operation.
HOL-SDC-1610
Page 179
HOL-SDC-1610
Select Storage
1. Note that the ds-site-a-nfs02 datastore is already selected because that's
where we dropped the VM prior to starting the wizard.
2. Click "Next" to accept the settings for the storage move.
Click "Finish" on the next screen to start the move.
This operation will take a few minutes. Feel free to monitor the operation within the
Recent Tasks pane or move on to the next step.
HOL-SDC-1610
Page 180
HOL-SDC-1610
Confirm Storage vMotion

The Storage vMotion progress can be monitored in the Recent Tasks panel
1. Once complete, click on the "ds-site-a-nfs02" datastore and notice that the
Linux-micro-01a virtual machine is listed under its Related Objects.
The virtual machine's storage has been migrated from ds-site-a-nfs01 to ds-site-a-nfs02
storage without the need to take the virtual machine offline.
Datastore Cluster
A vSphere Datastore Cluster balances I/O and storage capacity across a group of
vSphere datastores. Depending on the level of automation desired, Storage Dynamic
Resource Scheduler will place and migrate virtual machines in order to balance out
datastore utilization across the Datastore Cluster.
HOL-SDC-1610
Page 181
HOL-SDC-1610
New Datastore Cluster

1. Navigate to "Datacenter Site A"
2. Select "Storage"
3. Select "New Datastore Cluster"
New Datastore Cluster - Name and Location

1. Enter "DatastoreCluster-01" for the name
2. Click "Next"
HOL-SDC-1610
Page 182
HOL-SDC-1610
New Datastore Cluster - Storage DRS Automation

We disable Storage DRS due to the I/O characteristics of the VMware Hands-On Lab
Environment.
1. Leave default settings and click "Next"
HOL-SDC-1610
Page 183
HOL-SDC-1610
New Datastore Cluster - Storage DRS Runtime Settings

Storage DRS provides multiple options for tuning the sensitivity of storage cluster
balancing.
1. Leave the defaults and select "Next".
HOL-SDC-1610
Page 184
HOL-SDC-1610
New Datastore Cluster - Select Clusters and Hosts

1. Select "Cluster Site A
2. Click on "Next"
HOL-SDC-1610
Page 185
HOL-SDC-1610
New Datastore Cluster - Select Datastores

Select the datastores to be included in the cluster.
1. Select "ds-site-a-nfs01"and "ds-site-a-nfs02"
2. Click "Next"
Please Note: If you did not create datastore "ds-site-a-nfs02" in this module, you will
only see datastore "ds-site-a-nfs01" on your screen.
New Datastore Cluster - Ready to Complete

Review the storage DRS settings and click "Finish"
HOL-SDC-1610
Page 186
HOL-SDC-1610
vSphere Replication Overview

VMware vSphere Replication, the VMware proprietary replication engine, provides data
protection and disaster recovery for the vSphere platform by replicating virtual
machines within the same site and across sites. It is tightly integrated with vSphere and
is managed using vSphere Web Client. It is included with vSphere Essentials Plus Kit and
higher editions of vSphere. Multiple points in time recovery can be enabled to provide as
many as 24 recovery points for a replicated virtual machine. vSphere Replication is used
as a standalone solution and as a replication engine for VMware vCenter Site Recovery
Manager and VMware vCloud Air Disaster Recovery.
The recovery point objective (RPO) can be set on a pervirtual machine basis and can
range from 15 minutes to 24 hours. After initial synchronization between the source and
the target locations, only changes to the virtual machines are replicated, enabling
vSphere Replication to minimize network bandwidth consumption. New to vSphere
Replication in vSphere 6.0 to further improve efficiency is the option to compress
replicated data as it is sent across the network. It is now possible to easily isolate
network traffic associated with vSphere Replication. This enables vSphere
administrators to control bandwidth by configuring more than one network interface
card in a vSphere Replication virtual appliance and by using vSphere Network I/O
Control to separate network traffic. The result is improved performance and security.
Enhancements have been made to the way vSphere Replication performs a full
synchronization. Previous versions of vSphere Replication requested and compared
remote checksums with local checksums to determine the regions of a virtual disk that
had to be replicated. With some storage platforms and vSphere 6.0, vSphere Replication
can query vSphere for storage allocation information, to reduce the amount of time and
network bandwidth required to perform a full synchronization.
vSphere Replication is fully compatible with VMware vSphere Storage vMotion. at both
the source and target locations. Prior to vSphere 6.0, moving a replica at the target
location required vSphere Replication to perform a full synchronization. With vSphere
6.0, migrating a replica with vSphere Storage vMotion no longer requires this. That
makes it much easier to balance storage utilization with vSphere Storage vMotion and
VMware vSphere Storage DRS while avoiding RPO violations. Improvements have also
been made to VMware Tools for Linux virtual machines. With some Linux OSs, VMware
Tools features the ability to quiesce the guest OS during replication and backup
operations. vSphere Replication can utilize this new functionality to enable file
systemconsistent recovery of Linux virtual machines.
Virtual Volumes Overview

Virtual Volumes (VVOL) is a new integration and management framework that virtualizes
SAN/NAS arrays, enabling a more efficient operational model that is optimized for
virtualized environments and is centered on the application instead of the storage
infrastructure. Currently, storage management is generally LUN-centric, or volume-
HOL-SDC-1610
Page 187
HOL-SDC-1610
centric. With VVOL's, we can manage our storage based on the requirements of the
application.
Virtual Volumes simplifies operations through policy-driven automation that enables
more agile storage consumption for VMs and dynamic adjustments in real time. It
simplifies the delivery of storage service levels to individual applications by providing
finer control of hardware resources and native array-based data services that can be
instantiated with per VM granularity.
Simplifies Storage Operations

Virtual Volumes simplifies storage operations by automating manual tasks and
eliminating operational dependencies between the VI Admin and the Storage Admin that
have traditionally added complexity. Provisioning is faster and change management is
simpler as the new operational model is built upon policy-driven automation.
Simplifies the Delivery of Storage Service Levels
Virtual Volumes simplifies the delivery of storage service levels to applications by
providing administrators with finer control of storage resources and data services at the
VM level that can be dynamically instantiated and controlled in real-time.
Improves Resource Utilization
Virtual Volumes improves resource utilization by enabling more flexible consumption of
storage resources, when needed and with greater granularity. The precise consumption
of storage resources eliminates overprovisioning.
HOL-SDC-1610
Page 188
HOL-SDC-1610
HOL-SDC-1610
Page 189
HOL-SDC-1610
Abstraction of Storage - Managing

Your Storage
vRealize Operations Manager has various tools that will assist you in managing your
storage. Alerts that will identify when there are problems in the environment,
dashboards that will allow you to monitor your environment proactively, and out of the
box reports that can be fully customized.
HOL-SDC-1610
Page 190
HOL-SDC-1610

If you are not already logged in to vRealize Operations Manager (vROPs), open up a
second tab in the Firefox Browser.
HOL-SDC-1610
Page 191
HOL-SDC-1610
Navigate to Home
Make sure you are on the Home screen. If not, click the Home icon.
HOL-SDC-1610
Page 192
HOL-SDC-1610
VM Running Out of Disk Space

Looking at the Top Health Alerts for Descendants, we see that we have a VM running low
on disk space.
1. Navigate to the "Recommendations" dashboard
2. Scroll down if necessary to view the Alerts.
3. Click on the "One or more virtual machine guest file systems are running out of
disk space" Alert.
View the Recommendation

You will be taken to the summary page of the affected virtual machine.
1. We can see the details for the triggered alert.
2. We can see the metrics that triggered the alert.
HOL-SDC-1610
Page 193
HOL-SDC-1610
3. Here we see the recommendations that can help us resolve the problem with the
Virtual Machine. In this case, we are prompted to add a new virtual hard disk, or
expand the existing disk of the virtual machine.
Please Note: To expand or add an additional virtual hard disk, we would follow the same
steps employed in the lab section "Virtual Infrastructure - Create and Edit a Virtual
Machine"
HOL-SDC-1610
Page 194
HOL-SDC-1610
vSphere Datastore Dashboard

vRealize Operations has several dashboards that we can use to help manage our
storage.
1. Click on the "Dashboard List" dropdown
2. Make sure "vSphere Dashboards" is selected
3. Click on "vSphere Datastores"
HOL-SDC-1610
Page 195
HOL-SDC-1610
Explore vSphere Datastore Dashboard

When we open the vSphere Datastore Dashboard, we will see several different views of
the Datastore data.
This Dashboard has two different heatmaps
1. Datastore Heatmap where size indicates total disk space and color indicates
workload
2. Datastore Heatmap where size indicates IOPS and color indicates latency
3. Historical Views - If you click on the datastore objects in the heatmap, a historical
view graph will be generated below.
4. Top 25 Graphs - Top 25 Datastores by IOPs utilization
5. Top 25 Graph - Top 25 Datastores by Average Latency
vRealize Operations Management Pack for Storage

Devices
For additional visibility into your storage environment, the vRealize Operations
Management Pack for Storage Devices (MPSD) can be installed on any Advanced, or
Enterprise edition vRealize Operations Manager. The Management Pack can connect to
any storage device that has a VASA provider, and SAN/NAS Switches from Brocade or
HOL-SDC-1610
Page 196
HOL-SDC-1610
Cisco using SMI-S. Performance Data is collected from Host HBAs, NIC, VMs, and SAN/
NAS switches.
MPSD 6.0.1 provides visibility into your storage environment. Using Common Protocols
you can collect performance and health data from the storage devices. Pre-defined
dashboards allow you to follow the path from a VM to the storage volume and identify
any problem that may exist along that path.
End to End view of the data path through the SAN and NAS; from VM to Storage
Volume
Support for both NFS/iSCSI and FC/FCoE protocols
Access to Storage devices leveraging standardized protocols; CIM, SMI-S, & VASA
Ready to use dashboards for Health and Performance
Analytics for common APD and PDL storage conditions
HOL-SDC-1610
Page 197
HOL-SDC-1610
vSphere VMs Disk (and Network) Dashboard

Using the Dashboard Dropdown menu, navigate to the "vSphere VMs Disk (and Network)
Dashboard.
1. VM Heatmap where size indicates IOPs and color indicates latency.
2. VM Heatmap where size indicates Network usage and color indicates percentage
of Packets dropped.
3. VM Heatmap where size indicates VM provisioned and color indicates Snapshot
usage.
4. Top 25 Graph - VMs by Disk IOPs
5. Top 25 Graph - Percentage of Packets dropped
6. Top 25 Graph - VMs by Network Usage Rate
HOL-SDC-1610
Page 198
HOL-SDC-1610
Getting Started with Update Manager

VMware vSphere Update Manager is a tool that simplifies and centralizes automated
patch and version management for VMware vSphere and offers support for VMware ESXi
hosts, virtual machines, and virtual appliances.
With Update Manager, you can perform the following tasks:
1. Upgrade and Patch ESXi hosts.
2. Install and update third-party software on hosts.
3. Upgrade virtual machine hardware, VMware Tools, and Virtual Appliances.
Update Manager requires network connectivity with VMware vCenter Server. Each
installation of Update Manager must be associated (registered) with a single vCenter
Server instance. If you have multiple vCenter Server systems, and you wish to use
Update Manager with each system, you must install and register an Update Manager
instance with each vCenter Server system.
You can deploy Update Manager in a secured network without Internet access. In such a
case, you can use the VMware vSphere Update Manager Download Service (UMDS) to
download updates.
The Update Manager module consists of a server component, which can be installed on
the same computer as the vCenter Server system (for Windows based vCenter) or on a
different computer, and client components which run in the two different vSphere
clients.
Update Manager client components:
1. Update Manager Client plug-in for the vSphere Client - Perform patch and version
management of the vSphere inventory.
2. Update Manager Web Client for the vSphere Web Client - View scan results and
compliance states for vSphere Inventory.
This lesson will show you the basics of using VMware Update Manager after it is
installed.

Using the Firefox web browser, navigate to the URL for the Web client. For this lab, you
can use the shortcut in the address bar.
1. Click on bookmark for "Site A Web Client"
2. Click on "Use Windows session authentication"
3. Click "Login"
HOL-SDC-1610
Page 199
HOL-SDC-1610
Alternatively, you could use these credentials

1. Enter User name "administrator"
Please Note: All of the user credentials used in this lab are listed in the README.TXT file
on the desktop.
HOL-SDC-1610
Page 200
HOL-SDC-1610
Navigate to Update Manager

Now we need to navigate to the Update Manager icon.
1. Scroll down in the Main content area until you the Update Manager icon.
2. Click on the Update Manager icon.
Navigate to Update Manager Server

1. Select updatemgr.corp.local in the Navigator pane.
HOL-SDC-1610
Page 201
HOL-SDC-1610
Baselines and Baseline Groups

Baselines can be upgrade, extension, or patch baselines. Baselines contain a collection
of one or more patches, extensions, or upgrades.
Baseline groups are assembled from existing baselines, and might contain one upgrade
baseline per type of upgrade baseline, and one or more patch and extension baselines.
When you scan hosts, virtual machines, and virtual appliances, you evaluate them
against baselines and baseline groups to determine their level of compliance.
By default, Update Manager contains two predefined dynamic patch baselines and three
predefined upgrade baselines.
Critical Host Patches - Checks ESXi hosts for compliance with all critical
patches
Non-Critical Host Patches - Checks ESXi hosts for compliance with all optional
patches
VMware Tools Upgrade to Match Host - Checks virtual machines for
compliance with the latest VMware Tools version on the host.
VM Hardware Upgrade to Match Host - Checks the virtual hardware of a
virtual machine for compliance with the latest version supported by the host.
VA Upgrade to Latest - Checks virtual appliance compliance with the latest
released virtual appliance version.
Create a Patch Baseline

We will now create a patch baseline to apply to our ESXi hosts.
1. Make sure the "Manage" tab is selected.
HOL-SDC-1610
Page 202
HOL-SDC-1610
2. Under "Host Baselines", click on the Green Plus sign to create a new Baseline.
HOL-SDC-1610
Page 203
HOL-SDC-1610
New Baseline
1. Type the name "HOL Host Baseline", and a description of the baseline.
2. Under Baseline type, select "Host Patch"
3. Click "Next"
HOL-SDC-1610
Page 204
HOL-SDC-1610
Baseline Type
Select baseline type, fixed or dynamic.
Fixed Baseline - A specific set of patches that do not change as patch
availability changes.
Dynamic Baseline - A set of patches that meet certain criteria. The contents of
a dynamic baseline varies as the available patches change. You can also exclude
or add specific patches. Patches you select to add or exclude do not change with
new patch downloads.
1. For our example, we will select a Fixed Baseline
2. Click "Next"
Select Patches
Add patches to the Baseline
1. In the Filter box, type in "5.5
2. Select the patch "Updates esx-base"
3. Click "Next"
HOL-SDC-1610
Page 205
HOL-SDC-1610
If we were creating a Dynamic Patch Baseline, we would specify criteria to define the
patches to include.
HOL-SDC-1610
Page 206
HOL-SDC-1610
Complete Patch Baseline

Review the settings of the patch baseline you created before finishing the wizard
1. Click "Finish" to complete the Patch Baseline
HOL-SDC-1610
Page 207
HOL-SDC-1610
Attach Patch Baseline to Host

To attach the Baseline to a Host
1.
2.
3.
4.
Make sure that host esx-01a.corp.local is selected.

Select "Attach Baseline"
A new window will open, click on "HOL Baseline"
Click on "OK"
HOL-SDC-1610
Page 208
HOL-SDC-1610
Select the object to scan in the vSphere Web Client

Before remediation, a scan should be initiated on an object against the attached
baselines and baseline groups. For the purposes of this lab, we have chosen to scan a
single host. We could also scan a datacenter or a cluster as well.
1. Select "Home/Hosts and Clusters"
2. From the inventory object navigator, expand the tree and select the host
esx-01a.corp.local
HOL-SDC-1610
Page 209
HOL-SDC-1610
Scan the Host in the vSphere Web Client

To initiate the scan on our Host
1. Select "Update Manager"
2. Select "Scan for Updates"
3. A popup box will appear, choose to scan for Patches and Extensions, or Upgrades
(or both).
4. Click "OK"
5. The scan will begin, which you can follow in the Recent Tasks pane.
Remediate Host
The host has now been scanned against the patch baseline we had previously attached.
We can now remediate the host. With the host esx-01a.corp.local highlighted
1. Click on "Remediate", note that the "HOL Host Baseline" baseline group is
attached.
A wizard will open up, and you will notice the "HOL Baseline" patch baseline available.
To complete patching, you would follow the wizard to complete this process and apply
the patch.
HOL-SDC-1610
Page 210
HOL-SDC-1610
Please note that for the purposes of this lab, we do not want to patch our ESXi hosts
(which is why selected a patch earlier that does not apply to our host!).
Video: Upgrading VMware Tools Using vSphere Update

Manager (5:14)
vSphere Update Manager can also be used to update the VMware tools on a virtual
machine. The following video outlines the process.
HOL-SDC-1610
Page 211
HOL-SDC-1610
Build and Manage your Virtual

Infrastructure - Scale Out
vSphere with Operations Manager is suitable for small environment and scales up to
meet the demands of large enterprises. With a scale up and scale out architecture vSOM
can grow with your environment. The flexible architecture allows for geographical
deployments.
vCenter Server
vCenter Server - architected to provide larger than ever scale for the biggest
virtual environments
Hosts per vCenter Server System: 1,000
Powered-on Virtual Machines per vCenter Server System: 10,000
Hosts per Cluster: 64
Virtual Machines per Cluster: 8,000
vRealize Operations - Architecture Overview - Video
HOL-SDC-1610
Page 212
HOL-SDC-1610

vR Ops - vR Ops provides a scalable cluster/node architecture that can scale to
the largest environments.
Max 64,000 Objects - 5 times better than 5.8.x!!! (12,000 objects in 5.8.x)
Max 8 node cluster (1 master and 7 data)
HA requires DOUBLE the nodes needed (Still a max of 8!)
Max Certified 30 Remote Collectors per cluster
Max 30 Adapter Instances per cluster
4 concurrent users per node (or better!)
vRealize Operations - Scalability
vRealize Operations Manager Installation

vRealize Operations Manager is made up of a virtual appliance that is deployed.
Additional nodes can be deployed to provide high availability and to scale out the
environment. Due to time restraints in the lab we have produced a video showing how
to build out the vRealize Operations Manager cluster. This video will walk you through
the basics of deploying vRealize Operations Manager.
HOL-SDC-1610
Page 213
HOL-SDC-1610
Additional Information
We hope you have enjoyed taking this module and have a better understanding of the
basics of using vSphere with Operations Management. Be sure to take the survey at the
end.
For more information on vRealize Operations Management, here is a list of additional
online resources you can use:
vRealize Operations Manager Video Repository https://www.vmware.com/support/
vrealize-operations-Manager-6-video.html
VMware Feature Walkthrough vSphere with Operations Management Page
http://featurewalkthrough.vmware.com/#!/vsphere-with-operationsmanagement-6
If you have time remaining, here is a list of all the Modules that are part of this lab,
along with an estimated time to complete each one. Click on the 'Table of Contents'
button to quickly jump to that Module in the manual.
The complete listing of all eight modules are:
Module 3 - Manage, Optimize, and Plan Infrastructure Capacity (60 Minutes)
Module 4 - Optimize Workload Performance While Maintaining Business Priorities (60
Minutes)
Module 7 - Log Management with vRealize Log Insight - (60 Minutes)
Module 8 - Power CLI (60 Minutes)
HOL-SDC-1610
Page 214
HOL-SDC-1610
Module 3: Manage
Capacity Risk and Plan for
the Future - (60 Minutes)
HOL-SDC-1610
Page 215
HOL-SDC-1610
Manage Capacity and Risk

With virtualization visibility into the capacity of the virtual infrastructure can be difficult
to determine. Furthermore, with things like over commitment, Transparent Page Sharing
(TPS) and Thin Provisioning understanding the true capacity of the environment is near
impossible. vCenter provides some tools to help determine this but in environments
larger than a few virtual machines this can be a difficult time consuming task to
manage.
vRealize Operations Manager tracks the capacity usage of the environment using data
provided through solutions. As it collects the raw data on virtual machines, hosts,
networks and storage it will determine trends in the environment. Capacity Remaining
badge is calculated as the percentage of capacity remaining compared to the total
capacity of a selected object. Through forecasting and based on the policy that is
defined by the vRealize Operations Manager administrator users can be notified of
capacity shortfalls that may turn into health or performance problems. This allows
administrators to identify issues before they become a problem. As capacity levels falls
risk is introduced.
The Risk badge is determined by alerts from Capacity Remaining, Time Remaining and
Stress. Risk identifies things that may become a health problem if not addressed in the
near future.
Before we get started with the lab it is good to have a basic understanding of the terms
for capacity planning in vRealize Operations Manager. This video will provide a quick
overview.
vRealize Operations - Capacity Planning Basics
HOL-SDC-1610
Page 216
HOL-SDC-1610
Capacity Management Policies

Understanding capacity and having the ability to quickly assess capacity and capacity
risk in any environment is critical in todays software defined data center. vRealize
Operations Manager helps you apply demand & allocation capacity planning principles
while managing the capacity of your virtual and cloud environments across any object
type.
The great thing is vRealize Operations Manager allows you to leverage both of these
capacity models via policies that you assign to workload containers or groups of
resources. You can set up the policy to best manage the environment for performance
(e.g. production), or for higher density and utilization (e.g. test/dev), or BOTH.
Heres a video on how this all works in vRealize Operations Manager.
Capacity Planning Terms
HOL-SDC-1610
Page 217
HOL-SDC-1610
Login to vRealize Operations Manager Console

1. Launch Firefox from the tool bar
2. Click on the shortcut for vROPs-HVM
3. Login using the administrator credentials
Authentication Source: "Local User" User Name: "admin"
Password: "VMware1!"
4. Click "Login"
NOTE: vROPs-HVM has been placed in historical view mode (HVM) to show how an
environment that has been running for some time with actual data looks and can be
viewed.
Navigate to vSphere World

1. Click the globe icon to take you to the environment screen in the left pane
2. Scroll down and select "vSphere Hosts and Clusters" section
HOL-SDC-1610
Page 218
HOL-SDC-1610
This section represents all of the vCenters, Hosts and Clusters within the environment
that are connected to the vRealize Operations instance.
View the vSphere World Capacity Remaining

1. Select the "Analysis" tab across the top.
2. Select the "Capacity Remaining" tab.
HOL-SDC-1610
Page 219
HOL-SDC-1610
The right pane will load the capacity remaining badge. The badge number is the
percentage of usable capacity within the object, in this case vSphere World. The badge
color is determined by the policy. The default policy is set to 0, 25, 50, 75. Where 0 is
red and anything above 75 is green. This can be adjusted for each object. We are also
presented with a graph to the right of the badge. This graph is the capacity trend for the
object over 30 days by default. This can also be adjusted for the environment.
Related Objects Capacity

Scroll down and you will see the Capacity Remaining in Related Objects view. This can
be used to identify if there are related objects in the environment that may also have
low capacity.
HOL-SDC-1610
Page 220
HOL-SDC-1610
View Cluster Capacity Remaining Badge and Trend

1. Drill down to east-mgmt.
vRealize Operations Manager will keep you on the Capacity Remaining Badge as you
drill down. Here we see the Capacity Remaining badge for the cluster. Note that the
shape is the same. The Capacity Remaining badge will always be a hexagon. We can
also see the Capacity Remaining Trend for the last 30 days. Again this is set in policy.
Each object type can have its own data range policy.
HOL-SDC-1610
Page 221
HOL-SDC-1610
View Cluster Capacity Remaining

Capacity Remaining Breakdown: This section will identify how many more virtual
machines will fit within the cluster. There are four categories of VM's Small, Medium
Large and Average. Average is based off of the average size of the VM's deployed within
the environment. You may also select With or Without committed projects. This allows
you to take into account any projects in the pipeline that have resources reserved.
These numbers also take into account the use of HA and the settings determined there,
in addition to the reservation buffers defined in vRealize Operations policy settings.
HOL-SDC-1610
Page 222
HOL-SDC-1610
Understand Growth Trends and Burn Rates

1.
2.
3.
4.
5.
Select the "Details" tab

Select "Views"
Enter "trend" and click "Enter" on the keyboard
Select "Cluster CPU Demand Forecast Trend"
Click the arrow on pane border to shrink the left pane.
HOL-SDC-1610
Page 223
HOL-SDC-1610
Cluster CPU Demand Forecast Trend

From this graph we can identify using the solid line, the CPU Demand on the cluster. The
dotted line is the CPU Demand forecast. From this we can identify the if we will need
additional hosts for future demand.
1. Adjust the data range using the calendar icon to see more historical data.
2. Adjust the forecast time by click the clock icon. This can be used to forecast
further out into the future than the default 30 days.
Select other trend graphs:
Cluster
Cluster
Cluster
Cluster
Cluster
Cluster
Cluster
Cluster
Badge Analysis Forecast Trend

IOPs Trend View
Memory Usage and Demand (%) Trend View
Networking Usage (KBps) Trend View
VM Growth Trend View
Average Latency (ms) Trend View
CPU Demand (%) Trend View
Disk I/O Demand Forecast Trend
(When finished reviewing, click the small arrow on pane border from point 5 in the
previous step, to bring back the navigator windows on the left)
vSphere Risk Dashboard

1. Click the Home icon
2. Select the "Recommendations" tab
3. View the Risk Panel
Risk is likelihood of a negative consequence based on the current, stress, capacity and
time remaining of an object. For example, if a datastore is filling up at a pace of 100 GB
HOL-SDC-1610
Page 224
HOL-SDC-1610
per week we know that the risk of it running out of space in x days is likely. We can
trigger an alert on this and proactively fixing a potential problem. In the past we may
have waited for a vCenter alert to show 95% used or for an administrator to notice and
resolve the issue. More than likely an issue such as this would go without notice until the
datastore was full and all the VM's stopped causing an outage.
The risk panel displays alerts on the environment and decedents of the selected object
in the hierarchy.
HOL-SDC-1610
Page 225
HOL-SDC-1610
Virtual Machine has continuous high CPU usage

1. Scroll to the bottom of the Top Risk Alerts for Descendants and select "Virtual
machine has continuous high CPU usage causing stress".
Here we see all the Risk alerts for the entire environment. Clicking on any alert will take
you to the alert and give you more information.
HOL-SDC-1610
Page 226
HOL-SDC-1610
Risk Issues
Here we can see a summary of all the VMs that are exhibiting this issue.
1. Click on the 'View Details' link next for the bna-west entry.
HOL-SDC-1610
Page 227
HOL-SDC-1610
Oversubscribed Storage Pool Alert

This lets us see:
1. More details on the alert. We are able to see an explanation and why it occurs.
2. A recommendation, with the option of a simple click to fix button.
3. What is causing the issue and in our case a recommendation on how many CPU
to add.
vSphere World Details

1. Select the Environment icon
2. In the left pane select "vSphere Hosts and Clusters"
HOL-SDC-1610
Page 228
HOL-SDC-1610
This view will show us the Health, Risk and Efficiency for the vSphere World. vSphere
World is a grouping of all vCenters and their clusters.
HOL-SDC-1610
Page 229
HOL-SDC-1610
Cluster Capacity and Risk

1. Click "Details" tab
2. Enter "Cluster" into the search bar and click "Enter"
3. Select the "Cluster Capacity Risk Forecast" view
This report will give a list of the clusters, number of running virtual machines, and
capacity remaining for the next 30, 60 and 90 days. This list can be used to easily
determine if the cluster is running low on resources.
HOL-SDC-1610
Page 230
HOL-SDC-1610
Datastore disk I/O Diagnose List

1. Clear the "Cluster" filter
2. Enter "Datastore" and click "Enter" on the keyboard
3. Select the "Datastore Disk I/O Diagnose List" view
This view provides a list of datastores with their Workload, Stress and I/O information.
This report can be used to determine if a datastore is being over utilized or having
potential performance problems.
Health Alerts Panel

Navigate to the recommendations dashboard
2. Select the "Recommendations" dashboard
Here we see the Health column. The health score is the "Health" for the entire
environment. The Health badge color will change depending on the alerts. If an alert is
triggered that is set to affect the overall environment health the color will change.
Health alerts are alerts that may currently be causing a performance impact or outage.
HOL-SDC-1610
Page 231
HOL-SDC-1610
Such as Virtual Machine guest file systems out of disk space. This could cause an
immediate outage if not remedied.
HOL-SDC-1610
Page 232
HOL-SDC-1610
Top Health Alerts

Select the "One or more virtual machine guest file systems are running out of
disk space" alert under the health badge.
HOL-SDC-1610
Page 233
HOL-SDC-1610
Guest File System Health Alert

Click "View Details" next to "vrbe-01a"
HOL-SDC-1610
Page 234
HOL-SDC-1610
Virtual Machine Guest File System Health Alerts

1. Expand out the What is Causing this Issue section
Here we see the alert page for this specific virtual machine. The alert page is made up
of a set of symptoms and recommendations. There can be more than one
recommendation for an alert and they can be customized for your organizations specific
needs. The symptom section includes all of the symptoms that make up this alert. The
Guest File System warning alert is triggered when the operating system has a drive that
has greater than 85% of its capacity used.
2. When you are finished reviewing the alert, click the "Home" icon.
vSphere Datastore Dashboard

1. Click the drop-drown arrow for the Dashboard List
2. Select vSphere Dashboards
3. vSphere Datastores.
HOL-SDC-1610
Page 235
HOL-SDC-1610
From here we can quickly get a heatmap displaying the datastores. Heatmaps
graphically display information to allow the user to quickly identify points of interest.
This dashboard displays the datastores by capacity using the size of the boxes to display
the total capacity of the datastore. The color is represented by datastore workload. As
the datastore workload is increased the color will change from green to red.
Conclusion
Capacity Remaining provides administrators with a view of the available capacity of the
environment. This information which traditional took many hours to compile and track
can now be monitored in near real time allowing administrators to quickly provide data
to management on capacity trends, and future capacity shortfalls. Capacity Remaining
can be tracked at many levels to provide granularity. Understanding of object
relationship can provide further detail to scope of capacity short falls. Risk alerts can be
used to see potential capacity shortfalls in capacity. Health alerts can provide
information on immediate issues that could cause performance or availability issues.
HOL-SDC-1610
Page 236
HOL-SDC-1610
Increase Operational Efficiency

In a virtual environment the ability to quickly instantiate a virtual machine or expand a
virtual machines resources is very simple and convenient. This could lead to virtual
machines that are over provisioned and under others that utilized. This is not efficient
and can have large costs associated with it in the form of CapEx for additional hardware
and OpEx in managing that hardware. Reclaiming these over-committed resources can
reduce operational costs through differing or avoiding purchases of additional hardware.
By understanding potential density ratios, we can identify opportunities to consolidate
clusters.
HOL-SDC-1610
Page 237
HOL-SDC-1610
Efficiency Alerts
1. Select the "Recommendations" dashboard
The Efficiency panel shows at a glance how the environment is using available
resources. Efficiency allows administrators to get the most out of the resources they
have already purchased. This can result in delaying hardware purchases. Efficiency
alerts do not require immediate attention; these alerts will just help improve the
environment.
HOL-SDC-1610
Page 238
HOL-SDC-1610
Environment - vSphere Hosts and Clusters

1. Click on the Environment tab (the globe).
2. Select 'vSphere Hosts and Clusters' from the left hand navigation pane.
HOL-SDC-1610
Page 239
HOL-SDC-1610
Reports
Reports are a great way to consume efficiency information since this information
generally does not need to be reacted on right away. Reports may be generated at any
level. Depending on the object type selected different reports will become available
under the reports tab.
1. Select the "Reports" tab.
Oversize VM Report
1.
2.
3.
4.
Search for "oversized" in filter box

Select the Oversized VMs Report
Click "Run Template" button
The Generated reports number will update to 1.
View Reports
1. Select the "Generated Reports" section
2. You will see the report you just generated listed
Reports can be viewed either as a PDF or a CSV.
Other reports relating to Efficiency:
HOL-SDC-1610
Page 240
HOL-SDC-1610
Idle VMs Report

Oversized VMs Report
Power Off VMs Report
Open PDF
1. Once the status shows 'Completed', click the PDF icon next to the report
2. Select "Open with Google Chrome"
3. Click OK
The report will open in Google Chrome. Reports are a great way to share the information
with vRealize Operations with another team or a manager. Reports are generated from
the object level where the report template is run. For example, if you have a vCenter
Folder of all the finance VMs. A report could be generated for just those objects. Making
the report relevant to that specific group.
Close the report when you finish reviewing it.
HOL-SDC-1610
Page 241
HOL-SDC-1610
Reclaimable Capacity at vSphere World

1. Select the "Analysis" tab
2. Select the "Reclaimable Capacity" section. (May have to scroll to the right)
The reclaimable capacity badge indicates if there are resources that may be recovered.
The top level badge is for the whole environment and indicates how well resources are
being utilized as a whole. By reclaiming capacity resources can be redistributed to other
virtual machines. Objects that are rated critical have large amounts of resources
available for reclamation.
HOL-SDC-1610
Page 242
HOL-SDC-1610
Future Analysis
Select the "Virtual Machine Reclaimable Capacity" in the Further Analysis pane.
HOL-SDC-1610
Page 243
HOL-SDC-1610
Virtual Machine Reclaimable Capacity

This will take you to the Details tab where you will be presented with a table of the
reclaimable CPU/Memory/Filesystem and Old Snapshots for all the virtual machines in
the environment. From here you can see opportunities to reclaim available resources
from specific virtual machines in your environment. This list can be exported to a CSV
by selecting the Export icon. These numbers should be used as a guide to determine the
actual resources needed.
Reclaimable Capacity at Cluster

1.
2.
3.
4.
Expand vSphere World, vc east and then msbu-east in the left pane
Select the cluster "east-apps" from the list
Select the "Analysis" tab
Select the "Reclaimable Capacity" section (May have to scroll to the right)
The cluster level will show the reclaimable capacity for all the virtual machines in that
cluster. This metric will take into account the HA Failover setting in vCenter. For
HOL-SDC-1610
Page 244
HOL-SDC-1610
example, if you are using N+1 failover the vRealize Operations will add an additional
host for failover into the calculation for Reclaimable Capacity. It will also take into any
capacity reservation Buffers defined in vRealize Operations policy. The default policy is
25% this can be adjusted for your specific environment to be as aggressive or
conservative on capacity reclamation as your organization feels comfortable with.
HOL-SDC-1610
Page 245
HOL-SDC-1610
Idle and Powered Off VMs

Scroll down to the "Child Objects with Reclaimable Capacity"pane.
From here we get a break down of Oversized, Idle and Powered Off VMs.
Oversized VMs are Virtual Machines that have been over provisioned and have
resources that may be reclaimed.
Idle VMs are the VM's that appear to be doing nothing and all of its resources are
considered reclaimable.
Powered Off VMs are just as it sounds, virtual machines that are not powered on at this
time and therefore have storage that could be reclaimed as well as allocated CPU and
Memory.
Cluster Dashboard
1. Click Home in the left pane
2. Click the arrow next to the "Dashboard List" and select the "vSphere
Clusters" dashboard under "vSphere Dashboards".
HOL-SDC-1610
Page 246
HOL-SDC-1610
There are several preconfigured dashboards. The vSphere clusters dashboard provides a
place to compare cluster utilization by CPU demand and memory usage. There are other
pre-configured dashboards that are available for viewing specific data within the
environment.
3. Click on "west-mgmt" in the "Top 25 Clusters by CPU Demand(%) (24h)"
widget. Notice the sparkline information populates in the widget below.
HOL-SDC-1610
Page 247
HOL-SDC-1610
Open west-mgmt
Let's look a bit more into the west-mgmt cluster.
Double click on the "west-mgmt".
HOL-SDC-1610
Page 248
HOL-SDC-1610
Density View
1.
2.
3.
4.
Select the "Analysis"tab

Select the "Density"badge (May need to scroll to the right)
Expand the "CPU" section
Expand the "Demand" section
The table shows the Average to Optimal ratios for the virtual machines CPU resources in
this cluster. This means that our average virtual CPU (what's used in the virtual
machines) to physical CPU (what's installed in the ESXi hosts) is close to what vRealize
Operations has calculated as optimal.
Login to vROPs-01a
Navigate and login to the vRealize Operations Appliance, vROPS-01a.
1. Click the bookmark to "vROPS-01a"
HOL-SDC-1610
Page 249
HOL-SDC-1610
2. Login using username "admin" and password "VMware1!"

3. Click Login
HOL-SDC-1610
Page 250
HOL-SDC-1610
Custom Datacenters
1. Click on the "Environment" globe
2. Next, click the "Custom Datacenters" link in the left-hand navigation pane.
HOL-SDC-1610
Page 251
HOL-SDC-1610
Custom Datacenter View

1. Expand out the 'Shared' dashboard and click on 'Cluster Site A'
2. Select the "Analysis" tab
3. Select "Reclaimable Capacity"
Custom Datacenters is a new object container within vRealize Operations. Custom
Datacenters can be used to place, hosts, clusters, virtual datacenters from multiple
vCenters into a single group. For example, a set of clusters that are licensed for SQL
may be placed into a custom datacenter to provide data on all SQL VM's and hosts from
a single view.
Conclusion
The Efficiency badge represents how well resources are being used. The badge is
affected by the Capacity related analysis badges. Efficiency generally does not need
immediate attention but identifies areas of optimization opportunity within the
environment. Reclaimable capacity can be a key indicator of an environments overall
capacity. Identifying reclaimable capacity can help to defer or avoid cost directly saving
on CapEx. Reports can be utilized to find areas of opportunity and to create a plan to
reclaim capacity from the environment. Density can be used to determine if a capacity
provider object is meeting its optimal density goals (optimal VM to Host ration).
HOL-SDC-1610
Page 252
HOL-SDC-1610
Ensure Future Capacity Through

Capacity Modeling
Log in to vROPs-01a
If you are not already logged in to vROPS-01a, please navigate and login to the vRealize
Operations Appliance, vROPS-01a. Otherwise, please proceed to the next step.
1. Click the bookmark to "vROPS-01a"
2. Log in using username "admin" and password "VMware1!"
3. Click Login
HOL-SDC-1610
Page 253
HOL-SDC-1610
Navigate to Custom Profile

1. Click the "Content" icon on the top of the left pane (Note: you may have to
use the ">>" to see it).
2. Select "Custom Profiles"
3. Click the green plus to create a profile.
HOL-SDC-1610
Page 254
HOL-SDC-1610
Custom Profile
1. Enter a Profile Name of "Web-Server-P2".
2. Select Object Type of "Virtual Machine" from the drop down. (TIP - type 'Virtual'
the search will show the available options - select 'Virtual Machine' from the list of
options
3. Enter a vCPU (1), Memory (512 MB) and Disk Space Allocation (5 GB) as
seen above.
This profile is based on an allocation. A reference machine can also be used by using the
"Populate metrics from..." button. Additionally, you can remove the "Allocation" from the
Filter and create a more specific workload.
Capacity Remaining
Navigate to Cluster Site A under Environment
1. Click the globe icon titled "Environment"
2. Navigate to "vSphere Hosts and Clusters", "vSphere World", "vCenterMonitor", "DataCenter Site A", "Cluster Site A"
HOL-SDC-1610
Page 255
HOL-SDC-1610
3. Select the "Analysis" tab from the top.

4. Select "Capacity Remaining"
5. View the Custom Profiles
How many additional Web Servers can be added?
The Custom Profiles calculate how many additional workloads of a certain configuration
the environment can handle. This is based off of current usage as well as committed
projects. Additional Profiles can be created by clicking the plus sign next to the "WebServer-P2" profile.
NOTE: If you see a question mark instead of a number the calculation has not happened
yet. Calculations in this environment have been sped up to occur every minute but the
number can take 5 minutes or more to appear. Generally, these happen on a 24-hour
period so it may take longer to appear in your environment. If the number does not
appear move on and check back.
Project Creation
Customers are always adding and removing virtual machines from their environment
and it is not always easy to track all the projects that are taking place and how they will
affect the capacity of the virtual infrastructure. Let's create a project to look at how
adding additional VM's and Hosts will affect our clusters resources.
1. Select the "Projects" Tab at the top of the page.
As you can see from the graph, where the green and blue lines intersect, at the
current rate we will run out of CPU on August 18th. This is based on the current
CPU Demand trend. If a VM starts to use more or less of the allocated CPU the
date may change.
HOL-SDC-1610
Page 256
HOL-SDC-1610
2. Currently "Most Constrained" is selected as the "Capacity Container" this can

be changed to see how other resources are being used.
3. Click the green plus to create a project.
NOTE: The screenshots in the lab manual may differ from the graphs in your lab
environment.
HOL-SDC-1610
Page 257
HOL-SDC-1610
Create a Project
1. Give the project the name 'Add 2 VMs' and something descriptive.
2. Select the Scenarios section
Add VM Project
1. Drag "add Virtual Machine" to the right pane where it says "Drop scenarios
here"
2. Change the "Implementation Date" to 1 week forward
3. Click the up arrow to increment the servers to "2" Virtual Machine
4. Change the "Memory - Allocation model" to "512" MB
Change the "CPU - Allocation model" to "2" vCPUs
HOL-SDC-1610
Page 258
HOL-SDC-1610
5. Click the "Save project and continue editing" button.

The graph at the top will change to show the effects of the project. You can see
when the project is implemented how it will affect the most constrained resource.
You can see from the graph above by adding two VMs we will run out of
resources.
6. Click Save
HOL-SDC-1610
Page 259
HOL-SDC-1610
Create an Add Host Project

1. Click the green plus to start a new project
2. Give the project the name "Add 2 Hosts" and something descriptive
3. Select the "Scenarios" section
HOL-SDC-1610
Page 260
HOL-SDC-1610
Add Host Project

1.
2.
3.
4.
Select "add Host System" and drag it to the right pane

Click the up arrow to increment the number of Host Systems to "2"
Click "Populate metrics from..." button. Select "esx-01a.corp.local"
Click Save
HOL-SDC-1610
Page 261
HOL-SDC-1610
Visualize the Add 2 VMs Project

1. Drag the "Add 2 VM's" to the section below the graph
2. (if you don't see Memory Allocation select from the drop-down)
We can see on the graph that now we have a capacity shortfall of memory allocation.
Your screen may show CPU Demand or a different resource as being the most
constrained. You can adjust the "Capacity Container" to see how other resources are
affected by adding two VMs. The RED indicates capacity shortfall.
HOL-SDC-1610
Page 262
HOL-SDC-1610
View both of the Projects

Now that we have a capacity shortfall lets fix it by adding additional capacity resources.
1. Select the "Add 2 Hosts" and drag it to the section below the graph by the "Add
2 VM's" project.
2. Change the "Capacity Container" to view the effect on different resources.
The green line indicates an addition of resources while the blue line indicates resources
being consumed. The graph above shows that we added two additional hosts before the
demand crossed the green line so there will not be a short fall.
HOL-SDC-1610
Page 263
HOL-SDC-1610
Edit the Project

1. Select the "Add 2 VM's"
2. Click the pencil to edit the project
Commit the Changes

1. Select "Committed - badges affected"
2. Click Save
HOL-SDC-1610
Page 264
HOL-SDC-1610
View the Graph

Committing the project will affect the Capacity Remaining and the Time Remaining
badges as if the two VM's were actually added to the cluster immediately.
HOL-SDC-1610
Page 265
HOL-SDC-1610
Navigate to Custom Datacenters

1. Select Environment icon
2. Click Custom Datacenters
3. Expand Shared
Custom Datacenters is a new object container construct within vRealize Operations.
Custom Datacenters can be used to group hosts, clusters, virtual datacenters from
multiple vCenters into a single group for capacity management and planning
capabilities. These might be used to combine multiple clusters licensed for SQL
together. This way a project can look at how it affects just that set of clusters. The
projects we already created are available. You can also try creating additional scenarios
and see how it affects the Custom Datacenter.
Conclusion
Capacity Remaining can be used to determine how many additional virtual machines
can be added to a cluster. Using the Custom Profile the user can specify a specific
configuration profile specific to their environment to have an easy way to determine
how many more VM's there is room for. Using projects, you can plan out adding of
resources and demand to determine when additional resources need to be added and
what resources will be constrained. The projects can be scheduled out into the future or
committed to show the actual effects on Time and Capacity remaining.
HOL-SDC-1610
Page 266
HOL-SDC-1610
Module 4: Optimize
Workload Performance
while Maintaining
Business Priorities - (60
Minutes)
HOL-SDC-1610
Page 267
HOL-SDC-1610
Module Preparation
In this module we will be covering SDRS (Storage Distributed Resource Scheduler),
SPBM (Storage Policy Base Management), Right Sizing, DRS (Distributed Resource
Scheduler) and Workload Placement. Several of these topics require load and this load
needs to exist for a period of time to help keep this module running smoothly. The next
couple of steps will walk you through generating that load.
Start CPU Load simulation on the Virtual Machines (linuxCPU-Load-01a and 02a)
Minimize any running applications. Next load PuTTY from the Desktop or from the
Launch bar.
HOL-SDC-1610
Page 268
HOL-SDC-1610
PuTTY to linux-CPU-Load-01a VM
1. Select linux-CPU-Load-01a
2. Click Load
3. Click Open
HOL-SDC-1610
Page 269
HOL-SDC-1610
Start CPU Load simulation for linux-CPU-Load-01a

1. At the login as: prompt, type root and press enter. No password will be required
2. At the linux prompt, type /opt/CPULoad.sh 4 and press enter
3. The CPU load simulation is working if you see Starting CPU load
Note: If you see ash -lt: argument expected, you did not type the "4" at the end of
the command. If you got a message ending not found, you did not type the command
with the correct case. Simply press the Enter key and retype /opt/CPULoad.sh 4, with
the 4 and matching the letters that are lower case and upper case. The command can
also be copied from the README.txt file on the desktop, which has an example of the
command.
HOL-SDC-1610
Page 270
HOL-SDC-1610
Start 2nd PuTTY session

To start a 2nd PuTTy session simply:
1. Right Click on linux-CPU-Load-01a
2. And select PuTTY
HOL-SDC-1610
Page 271
HOL-SDC-1610
1.
2.
3.
4.
Use the scroll bar to scroll down to linux-CPU-Load-02a

Select linux-CPU-Load-02a
Click Load
Click Open
Note: If you see ash -lt: argument expected, you did not type the "4" at the end of
the command. If you got a message ending not found, you did not type the command
with the correct case. Simply press the Enter key and retype /opt/CPULoad.sh 4, with
the 4 and matching the letters that are lower case and upper case. The command can
also be copied from the README.txt file on the desktop, which has an example of the
command.
HOL-SDC-1610
Page 272
HOL-SDC-1610

1. At the login as: prompt, type root and press enter. No password will be required
2. At the linux prompt, type /opt/CPULoad.sh 4 and press enter
3. The CPU load simulation is working if you see Starting CPU load
HOL-SDC-1610
Page 273
HOL-SDC-1610
Confirm two PutTTY session

Once completed you should see:
1.
2.
3.
4.
The linux-CPU-Load-01a.corp.local session in the background

The linux-CPU-Load-02a.corp.local session in the foreground
The linux-CPU-Load-02a load simulator running
Minimize both PuTTY sessions and leave running
HOL-SDC-1610
Page 274
HOL-SDC-1610
Open Firefox
1. Open Mozilla Firefox from the Desktop or Quick Launch.
HOL-SDC-1610
Page 275
HOL-SDC-1610

1.
2.
3.
4.
Insure you are logging into the vSphere Web Client

Enter the User name: administrator@corp.local
Enter the Password: VMware1!
Click Login
HOL-SDC-1610
Page 276
HOL-SDC-1610
Navigate to Hosts and Clusters view

1. Click on Hosts and Clusters in the navigation pane on in the Home tab
HOL-SDC-1610
Page 277
HOL-SDC-1610
Adjusting VM Resource Settings - linux-CPU-Load-01a

1. Toggle the swizzles, so esx-01a.corp.local, esx-02a.corp.local and the VMs
are visible
2. Right click on linux-CPU-Load-01a
3. Click Edit Resource Settings...
HOL-SDC-1610
Page 278
HOL-SDC-1610

(continued)...
1.
2.
3.
4.
Click the Pull Down and select Custom

Enter 1250 for the Custom Shares
Enter 1800 for the Reservations (MHz)
Click OK to save the changes to linux-CPU-Load-01a
HOL-SDC-1610
Page 279
HOL-SDC-1610

HOL-SDC-1610
Page 280
HOL-SDC-1610

(continued)...
1.
2.
3.
4.
Click the Pull Down and select Custom

Enter 1250 for the Custom Shares
Enter 1800 for the Reservations (MHz)
Click OK to save the changes to linux-CPU-Load-02a
Things to Remember / Watch For

To keep the lab experience positive, there are a few things to point out.
HOL-SDC-1610
Page 281
HOL-SDC-1610
Clear Alarms
The ESXi hosts are 2 CPUs for the purposes of the Lab. This is compared to a real work
ESXi host that can have 80+ cores! it is very easy to over-stress the lab and have hard
alerts set, which has been done intentionally to demonstrate learning objectives. The
manual warns you to clear them in a later section, but if they pop up at any time while
you are in the vSphere Client, clear them by clicking on the Reset to Green link. It is
on the summary tab for both Cluster Site A and each individual VM's summary tab.
For this module it should only be linux-CPU-Load-01a or linux-CPU-Load-02a.
HOL-SDC-1610
Page 282
HOL-SDC-1610
Using the Refresh buttons

The Refresh buttons for both the vSphere Web Client and vRealize Operations Manager
will help clear stale data and limit the amount of time you are waiting for data to
refresh. Most items in the lab have been accelerated, so generally it takes between 1
and 5 minutes to get the expected results. The manual does a good job of warning
where timing / refresh issues might arise and does have a valid screen shot of what you
would see, so you do not have to wait for the update cycle to occur and can continue on
with the next lesson / step. You can also resort to refreshing with the Firefox refresh as
well.
Close Firefox
1. Click the Firefox "x" to close Firefox
Preparation Conclusion
You have successfully started the CPU load simulators. Continue with the next lesson
and go enjoy the content in this module.
HOL-SDC-1610
Page 283
HOL-SDC-1610
Storage DRS
Storage DRS (SDRS) is automatic disk placement for balancing I/O and Disk Space
requirements for your virtual environment. For those familiar with DRS, SDRS is to the
VMDK (virtual disk) as DRS is to the VM (virtual machine). And much like DRS uses the
Cluster construct to aggregate hosts for a pooled compute resource, Datastore
Cluster is a construct to aggregate datastores into a pooled storage resource for
Storage DRS.
Visualizing Storage DRS (SDRS)

The image is a graphical representation of SDRS. "Like" datastores are group together to
form a Datastore Cluster. In the image, eight VMDKs (circled in the middle are
introduced into the Datastore Cluster and balanced for disk space across the three
datastores in the Datastore Cluster. in the right most image, the middle datastore (red
and circled) has excessive I/O so SDRS uses Storage vMotion to rebalance the load
maintaining both disk capacity and performance. Storage DRS functions to handle realtime spikes / congestion.
HOL-SDC-1610
Page 284
HOL-SDC-1610
What Is VMware vSphere Storage DRS? (5:08)
This is an excellent short video covering all of the SDRS concepts like Datastore
Clusters, Load Balancing, Affinity Rules and Datastore Maintenance mode.
Note: Remember to press the play button (right arrow in the lower left hand corner)
to start the video.
Improving Storage Utilization while maintaining Service

Level Agreements (SLAs)
Storage is one of the most over-provisioned resources. Many disks are allocated at over
double their used capacity. In a thick provisioned environment this leads to waste. Thin
Provisioning was developed in vSphere v4 to resolve this waste, but lacked
automation to migrate storage workloads as the physical datastore space diminished.
Storage DRS combined with Thin Provisioning is an excellent way to improve the
utilization of your storage resources while automatically maintaining any SLAs. For those
not familiar with Thin Provisioning, it is the ability to over-provisioning allocated storage
by presenting the configured storage (say 1 TB) to the virtual machine and only
allocated the used storage (say 512 GB) on the specific datastore.
This can be combined with vRealize Operations Capacity Management capabilities to
forecast when additional storage capacity is necessary.
HOL-SDC-1610
Page 285
HOL-SDC-1610
Creating a Datastore Cluster with Storage DRS (3:23)
This video demonstrates the creation of a Datastore Cluster and specific settings for
SDRS.
to start the video.
Conclusion
This concludes the Storage DRS lesson.
HOL-SDC-1610
Page 286
HOL-SDC-1610
Storage Policy Based Management

(SPBM)
Storage Policy Based Management (SPBM) is the control plane for Software Defined
Storage (SDS). vSphere sits between the storage consumers (VMs / applications) and
the storage providers (storage arrays / disks). This enables vSphere to act as the control
plane between the applications requirements and the storages capabilities. SPBM is a
policy-driven control plane and it has the ability to integrate with vRealize
Automation, vSphere APIs, PowerShell, and even OpenStack.
HOL-SDC-1610
Page 287
HOL-SDC-1610
Taking a look at Virtual Machine Storage Policies

Virtual machine storage policies evolved from the Virtual machine storage profile.
The storage policies are used to guarantee that virtual machines are placed on
storage that meet specific levels of performance, capacity, availability and other
storage based capabilities. As the above diagram depicts, the Storage Policy
Management control plane allows the VMs to be automatically and consistently matched
with the correct storage. Although storage policies can be applied against traditional
storage, the strength and automation come from applying the storage profile against
Software-Defined Storage like Virtual SAN (VSAN) and Virtual Volumes.
Additional training from VMware Education

VMware Education provides both Fee and Non-Fee based education. The link to Free
(Non-Fee) Self-paced eLearning in Local Languages is
HOL-SDC-1610
Page 288
HOL-SDC-1610
https://mylearn.vmware.com/mgrReg/plan.cfm?plan=33611&ui=www_edu. The print

screen above shows the education that is available (in multiple languages). Highlighted
is Software-Defined Storage self-paced training, which is 2 hours in length and covers
Profile Driven Storage along with numerous other Software Defined Storage (SDS)
fundamentals. The print screen also shows additional training that is available.
Deeper look at Storage Policy Based Management (and

SDS) via Hands on Labs (HOL)
If you are interested in learning more about SPBM, take the HOL-SDC-1627 lab which
provides a more in-depth look at SDS / SPBM.
This concludes the Storage Policy Based Management lesson.
HOL-SDC-1610
Page 289
HOL-SDC-1610
Right Size
Right Sizing is the art of maximizing resource utilization, while minimizing resource
contention and maintaining SLAs. vSphere remains the best method to manage basic
contention, but does not gather the necessary data required for long term analysis.
vRealize Operations has specific functions that are geared towards reducing Risk and
improving Efficiency in your environment.
For this lesson, we will be using vRealize Operations (vR Ops) to analyze VMs for Right
Sizing.
As a point of reference, vRealize Operations calculates certain Dynamic Thresholds
(DTs), Metrics and Badges nightly (default is 9 PM), which is not conducive to a Lab
where modules are completed in less than 90 minutes. For the purposes of this lab,
these values have been accelerated, however this would not be supported in a
Production environment.
Reviewing the Summary tab (Overview)

In this section, we will cover how to utilize the Summary and Analysis Tabs to Right Size
Virtual Machines (VMs).
HOL-SDC-1610
Page 290
HOL-SDC-1610
Open Firefox.
Minimize any running applications and load Firefox from the Desktop or from the
Launch bar.
HOL-SDC-1610
Page 291
HOL-SDC-1610
Log into vRealize Operations (vROPs-01a)

1.
2.
3.
4.
5.
6.
Select vROPs-01a from bookmarks

Ensure the URL is to vrops-01a.corp.local
Confirm Authentication Source is set to Local Users
In the User name field enter admin.
In the Password field enter VMware1!.
Click the Login button.
Note: The authentication source for the lab is Local Users. Additional authentication
sources can come from LDAP sources.
HOL-SDC-1610
Page 292
HOL-SDC-1610
Navigate to Environment Overview

In the navigation pane, click on either the Environment Icon or Environment in the
navigation tree.
Note: The Home, Alerts, Environment, Content and Administration icons (at the
top of the navigation pane) are always visible, but the navigation tree will differ based
on where you have navigated to.
HOL-SDC-1610
Page 293
HOL-SDC-1610
Navigate to vSphere Hosts and Clusters

1. In the navigation pane, click on vSphere Hosts and Clusters.
Note: It's beyond the scope of this lab to cover all the grouping constructs, but
vRealize Operations has numerous ways to group / view objects and metrics. Module 2
did cover a quick overview of Custom Groups and the last lesson in this module will
cover Custom Datacenters. This is a functioning lab, so feel free to navigate through
the different grouping constructs under Environment Overview (if time permits).
Summary Tab
Click on the swizzles to expand the vSphere World, vCenter-Monitor, Datacenter
Site A and Cluster Site A and stay highlighted on Cluster Site A. The Summary tab
should automatically be selected. if not, select the Summary tab.
1. The first thing to notice is the two Alert boxes for each major badge (Health, Risk
and Efficiency). The top row boxes apply to the object highlighted in the
HOL-SDC-1610
Page 294
HOL-SDC-1610
navigation pane (in this case Cluster Site A). The lower alert boxes apply to all the
decedents of the selected object. The Health Badge color can vary. Sufficient
load was generated to cause Health to go "red" in the example above. Since this
is a lab, you might also see slightly different alerts. Alerts in vRealize Operations
are smart and can combine multiple symptoms and intervals prior to triggering.
vCenter alerts should still be used for immediate issues like Network link down,
ESXi host failures, HA events and the like that are immediate in nature. vR Ops
alerts are based on data collected at 5 minute intervals (default setting that
should only be altered in rare circumstances) and augment vSphere by being able
to correlate issue over time like chronic high workload (stress). Although the
focus is Right Sizing, the following will provide a brief description of the major
badges and associated alerts.
2. The Health alerts most closely relate to vSphere. For this badge, vR Ops can
augment vSphere by being able to correlate issue like high workload and high
anomalies as an identification of abnormal VM behavior. Health and the
associated alerts would be more suited for daily operations management
activities rather than a Right Sizing activity. The minor badges associated with
Health are Workload, Anomalies and Faults.
3. The Risk alerts are an excellent starting point for any Right Sizing activity
focused on Undersized VMs. The minor badges associated with Risk are
Capacity Remaining,Time Remaining and Stress. Capacity Remaining and
Time Remaining are functions of Capacity Management. The Stress minor badge
is an excellent indicator for Right Sizing objects monitored by vR Ops that are
undersized. If you are new to vRealize Operations, Right Sizing undersized VMs
(versus Oversized VMs) is an excellent place to start in your virtualized
environment.
4. The Efficiency alerts are focused on optimization. For any Right Sizing exercise
focused on Oversized VMs, Efficiency is the place to go. The minor badges
associated with Efficiency are Reclaimable Capacity, Density and
Compliance. Focus around the Reclaimable Capacity minor badge would help
identify Oversized, Powered Off and idle VM capacity that could be reclaimed.
HOL-SDC-1610
Page 295
HOL-SDC-1610
HOL-SDC-1610
Page 296
HOL-SDC-1610
Viewing a Stress Alert

The CPU Load generated at the beginning of this module should now be long enough to
trigger the continuous high CPU usage.. alert. You should have an alert similar to the
one in the screen shot above. Click on this alert to drill into the details. If for some
reason this alert is not available, you can open any generated alert for an understanding
of viewing the alert details.
HOL-SDC-1610
Page 297
HOL-SDC-1610
Stress Alert (Summary screen)

The summary screen only appears if multiple objects have triggered the specific alert. If
you selected an alert that did not have multiple objects, that screen will be explained on
the next step. In this example, the summary pane shows all VMs that have the
continuous high CPU usage.. alert. For this lesson, we are going to click on View
Details for linux-CPU-Load-01a.
Note: Continue to the next step if you selected an alert with only one object.
HOL-SDC-1610
Page 298
HOL-SDC-1610
Stress Alert (Details)

The Alerts Detail page is very powerful and had a considerable amount of data.
1.
2.
3.
4.
The navigation pane provides the Alert Details and the Impacted Object.
On the right, there is detailed information on the Alert.
in the middle, the Summary tab has the symptom(s) causing the alert.
If Recommendations were created for the Alert, they will also be displayed
potentially with a one-click remediation button if an action is associated.
5. As a final step, you can click on the impacted Object Symptoms, Timeline
and Relationships tabs. The Metric Charts tab allows you to drill into detail
metrics for the impacted object and the Notes tab will contain any notes that
have been added to this specific alert.
HOL-SDC-1610
Page 299
HOL-SDC-1610
Navigating back to the Cluster view

1. in the navigation pane, click on the Go Back button to return to the Cluster view.
Right Sizing using Reports

1. Confirm you are highlighted on Cluster Site A
2. Note: While building this document, you can see that the Cluster Health alert
cancelled and the Cluster Health has gone back to green.
3. Click on the Reports tab.
Reports Tab
1. From the reports tab, use the scroll bar to show the Virtual Machine report
Stressed VMs Report. The reports are in alphabetical order.
2. Click on the Stressed VMs Report and avoid clicking on the Generate Reports
or Scheduled links.if you click on either, just navigate back to the Report
Templates tab.
3. Click on the Run Template button. This will start the report generation.
4. Click on the Generated Reports link. You could also click on the Generated
Reports tab, (at the top of the screen) but this will not filter to just the Stressed
VMs Report. For the lab, this is not critical but when you have dozens of
generated reports it becomes important to filter to reduce the time it takes to find
a specific report.
HOL-SDC-1610
Page 300
HOL-SDC-1610
Note: For the purposes of this lab, we are only looking at a single report. As you can
see there are dozens of reports available at the Cluster level. The reports will change
based on where you navigate to in the navigation bar, but you could run this report at
the vSphere World level to capture all stressed VMs identified in vR Ops. We only have
a single cluster with two ESXi hosts, so we just ran the report at the cluster level.
HOL-SDC-1610
Page 301
HOL-SDC-1610
Generated Reports Tab

You should now be on the Generated Reports tab.
1. Press the Refresh button if the report does not show Completed.
2. Since we selected the Generated Reports link from the specific report, a filter
was set. if there were additional reports within this cluster you wanted to see, you
can click the expand icon and delete filters.
3. The detail line for each report will contain information about the specific report
generated.
4. Click on the PDF icon to view the report.
Note: Reports can be output as either PDF or CSV.
HOL-SDC-1610
Page 302
HOL-SDC-1610
Opening the Report

1. Select the radio button for Open with.
2. Confirm Google Chrome is in the drop down box.
3. Click OK to open the PDF in Chrome.
Note: To keep the lab compact, we are using Chrome to view PDFs rather than loading
up a more feature rich PDF viewer.
HOL-SDC-1610
Page 303
HOL-SDC-1610
Viewing the Report

1. Use the scroll bar to scroll down to the details page
2. Locate the page with the header 1. Virtual machine Recommended CPU and
Memory Size
3. Although additionalVMs may be on the report, you should be able to locate linuxCPU-Load-01a and 02a
Note: We are not going to attempt to remediate. This capability was demonstrated in
Module 2 of this Lab. Your report should show that both vVM (virtual VMs) are
undersized due to the load we are generating and would benefit from an additional
vCPU being added.
HOL-SDC-1610
Page 304
HOL-SDC-1610
Close down Chrome and the Report

1. Close down Google Chrome and the report by clicking on the x
Note: There are some 30+ OOTB (Out of the Box) reports. Although this is a lab with
limited data, most will populate with some level of content. if time permits, you are
welcome to generate and review other reports in vRealize Operations.
Reviewing the Analysis tab and Stress sub-tab (Overview)

In this section, we will review the content available for reviewing Right Sizing in the
Stress minor badge tab within the Analysis tab.
Navigate to the Analysis / Stress tabs

Go back to Firefox and insure you are on:
1. The cluster Cluster Site A.
2. The Analysis Tab.
3. The Stress Tab within the Analysis Tab.
Analysis tab and Stress sub-tab Overview

The Analysis Tab covers all the minor badges for Health, Risk and Efficiency. For the
purposes of this lesson, we will focus on the Stress Tab within the Analysis tab. The
Stress Tab is well organized and contains a wealth of information:
HOL-SDC-1610
Page 305
HOL-SDC-1610
1. At the top, the highest stressed resource is displayed. In many cases, the level of
stress for the object will be low and the Stress minor badge will be green. Since
we are generating CPU load, CPU Demand will be displayed in this box.
2. Worth noting is the What is Stress? link and See video link. Click the What is
Stress? link to get a better understanding of this minor badge.After reading the
definition of Stress, click the X to close the informational window. Do not bother
clicking the See video link in the upper corner or in the What is Stress? link.
Due to the configuration of this lab environment, these links will not work.
3. The Workload Graph is a great graphical representation of when demand is the
highest. Since this is a lab environment with no historical data, this does not do
justice to the graphical load over time that will be displayed in a Production
deployment where data has been collected for week/months.
4. The links in Further Analysis will navigate you to the Details tab and the
specific View selected. You can click on any of the links to see the Details view.
Once complete, just navigate back to the Analysis / Stress tabs.
Note: In the screen shot above you will notice the stress minor badge is Red and at
235, while in your lab could be Green. As you see in the top box (circled), stress is
trended on a 30-day basis. Without playing with the Lab's date/time or tweaking the
stress trending, there isn't sufficient time for the system to calculate and update for
issues that persist over multiple days and the analytics engine to determine a stress
score other than zero. The purpose of this lesson is to demonstrate the content
available and not the specific values.
HOL-SDC-1610
Page 306
HOL-SDC-1610
Analysis tab and Stress sub-tab Overview (continued)

1. Use the scroll bar to display Stress Breakdown and Cluster Computer
Resource Resources.
2. The Cluster Computer Resource Resources provides details on the number of
running ESXi Host and Virtual Machines, along with the Stress Policy
Settings.
3. The Stress Breakdown box shows compute (CPU and Memory) with anything
exhibiting Stress in Red. By default, Network and Disk stress are disabled. This
is a policy setting, so disk and network stress calculations can be enabled. Keep
in mind that this will increase load on the vROps Analytic Cluster and monitor the
cluster for sufficient resources.
Note: Again, you may not see stress in your lab due to multiple lab environment
factors.
HOL-SDC-1610
Page 307
HOL-SDC-1610

1. Use the scroll bar to display Child Objects with Stress.
2. The Child Objects with Stress box displays the breakdown for stress of the
child objects. It is very valuable to be able to view the correlation of stress
between Parent and Child objects to see if stress with one is affecting the other.
HOL-SDC-1610
Page 308
HOL-SDC-1610

1. Use the scroll bar to scroll all the way to the bottom and display Stress in
Related Objects.
2. The Stress in Related Objects boxprovides details on whether peer objects are
exhibiting stress. in this example we can see that both of the child objects (ESXi
Hosts) of the parent cluster are exhibiting stress. This may also vary in your lab
based on where all the VMs currently reside.
3. Hover over the skittle and all of the minor badges (along with the object name)
will be displayed.
Note: Although we did not cover all the minor badge tabs, it is worth noting that
considerable effort was made to maintain consistency for each minor badge panes. For
example, there is a What is ?? and See video link for each minor badge (although the
videos will not work in the lab). And the object driving the value of the badge will always
be displayed at the top. These types of efforts should help minimize the learning curve
with navigating the different minor badges.
Conclusion
This lesson demonstrated the power of Alerts, Reports and the Analysis Tab / Stress subtab as it relates to Stress and Right Sizing.
This concludes this lesson on Right Size.
HOL-SDC-1610
Page 309
HOL-SDC-1610
Demonstrate automatic load balancing

for assuring proper resource allocation
The VMware vSphere function that allows for automatic load balancing of cluster
compute resources is DRS (Dynamic Resource Scheduler). When configured, DRS can
dynamically balances compute (CPU / Memory) capacity across hardware resources
aggregated in a DRS enabled Cluster. DRS continuously monitoring utilization across
the cluster and intelligently allocates available resources among the virtual machines
based on resource pools and pre-defined rules that reflect business needs and changing
priorities. When a virtual machine experiences an increased load, VMware DRS can
automatically provide additional resources by redistributing virtual machines among the
physical servers in the aggregated pool.
VMware DRS allows IT organizations to:
Prioritize resources to the most critical workloads / applications in order to align
resources with business goals
Optimize hardware utilization automatically and continuously to respond to
changing workload demands
Provide dedicated resources to business units while still benefiting from higher
hardware utilization through resource pooling
Conduct zero-downtime server maintenance by migrating workloads to other
hosts in the cluster
HOL-SDC-1610
Page 310
HOL-SDC-1610
DRS Demonstration pre-check

This lesson assumes you completed the module preparation, which was to turn on the
CPU load with the linux servers. The purpose of this task is to insure the load generators
are both running on esx-01a. if you did not start the CPULoad.sh scripts, please go back
to lesson one of this module and complete.
If Firefox is not already running, double click the Firefox icon on the ControlCenter
Desktop or single click the Firefox icon on the Quick Launch bar.
HOL-SDC-1610
Page 311
HOL-SDC-1610
Login to the VMware vSphere Web Client

1.
2.
3.
4.
Click Site A Web Client from the Firefox bookmark

Enter User name: Administrator@corp.local
Enter Password: VMware1!
Click Login
HOL-SDC-1610
Page 312
HOL-SDC-1610
Navigate to Hosts and Clusters

1. Click Hosts and Clusters in the Navigation pane or the icon on the Home tab
Confirm VMs are running on the same ESXi host

1. Navigate to esx-02a.corp.local. You may have to toggle the swizzles to see
esx-02a.corp.local.
2. Click the Related Objects tab.
3. Click the Virtual Machines tab.
4. Confirm both VMs (linux-CPU-Load-01a and linux-CPU-Load-02a) are both on
this host.
5. Confirm both VMs are Powered On.
Note: It is possible that one of the other modules migrated a VM. It is also okay if both
are on esx-01a-corp.local, but we do need both VMs on one host to demonstrate
automated DRS. Skip to the Enabling Distributed Resource Scheduler (DRS) step if
both VMs are on the same host. Otherwise continue with the next step. If you have
HOL-SDC-1610
Page 313
HOL-SDC-1610
never performed a manual vMotion (Migrate..), you can continue through the next
steps to see the screens and options that are presented in the wizard.
Virtual Machines are not on the same ESXi hosts

In this example linux-CPU-Load-02a is on esx-01a.corp.local
1. Click on esx-01a.corp.local
2. Click the Related Objects and Virtual Machines tabs for esxi-01a. Right click
on the VM in the list (in this example linux-CPU-Load-02a).
3. Click the Migrate... link to start the migration process.
Note: You will most likely see other VMs. Their location should not affect the goal of
this lesson.
HOL-SDC-1610
Page 314
HOL-SDC-1610
Migration Wizard (Step 1)

1. Confirm the Change compute resource only radio button is selected.
2. Click Next.
Note: As a point of reference, the Migration Wizard covers both vMotion (Change
compute resources only) and Storage vMotion (Change storage only). There is also
an option to do both.
HOL-SDC-1610
Page 315
HOL-SDC-1610

1.
2.
3.
4.
Confirm the filter is on Host.

Confirm the radio button for esx-02a.corp.local is selected.
Confirm you have the Compatibility checks succeeded message.
Click Next.
Note: vMotion now allows cross Cluster, Resource Pools and vApps vMotions. The
wizard allows this by selecting the appropriate filter. These types of enhancements are
in support of "Any workload... Anywhere..."
HOL-SDC-1610
Page 316
HOL-SDC-1610

1. Confirm the VM Network is selected.
2. Confirm you have the Compatibility checks succeeded message. Unlike step
2, this is a compatibility check for networking rather than the compute
resource.
3. Click Next.
HOL-SDC-1610
Page 317
HOL-SDC-1610

1. Confirm the radio button for Schedule vMotion with high priority
(recommended) is selected.
2. Click Next.
HOL-SDC-1610
Page 318
HOL-SDC-1610

1. Confirm Settings.
2. Click Finish.
HOL-SDC-1610
Page 319
HOL-SDC-1610
Migration Wizard (Confirmation)

1. Confirm you are still highlighted on esx-01a.corp.local
2. Confirm that the Virtual Machine tab no longer shows linux-CPU-Load-01a or
linux-CPU-Load-02a
3. You can also confirm in Recent Tasks that the vMotion completed successfully.
This can be completed by clicking the Recent Tasks tab
Enabling Distributed Resource Scheduler (DRS)

This section will walk through the steps required to enabled DRS to automatically
balance compute workloads.
HOL-SDC-1610
Page 320
HOL-SDC-1610
Navigate to the Cluster Manage tab

1.
2.
3.
4.
5.
If not already expanded, click the swizzles and highlight Cluster Site A.
Click on the Manage Tab.
Then the Settings Tab.
And finally the vSphere DRS options.
The values should be greyed out, which would mean DRS is not enabled.
Resource Pools
Assuming DRS is disabled on Cluster Site A, select the Actions pull down and notice
that New Resource Pool option is greyed out. This is because Resource Pools require
DRS to be enabled. Resource Pools are just one of the powerful constructs that allow for
the prioritization of resources. Click anywhere outside of the pull down options and the
Actions pull down will close.
HOL-SDC-1610
Page 321
HOL-SDC-1610
Editing DRS (Distributed Resource Scheduler) settings

Insure you are highlighted on Cluster Site A, the Manage tab, the Settings tab
(within Manage) and highlighted on vSphere DRS.
1. Click Edit
HOL-SDC-1610
Page 322
HOL-SDC-1610
Editing DRS (Distributed Resource Scheduler) settings

1. Click the Turn ON vSphere DRS check box
2. Toggle the DRS Automation swizzle to expand the detail settings
3. Ensure the Fully Automated radio button is selected. Take a minute to read
each of the Automation Levels to understand the difference. Most Production
clusters with DRS enabled run at the Fully Automated level
4. Migration Threshold allows granular control of when DRS will execute a
vMotion. This is provided since there is a cost associated with a vMotion (both
network bandwidth and ESXi host compute). For the purposes of this lab and to
insure an Automated vMotion occurs, slide the slider to Aggressive. This would
not be a recommendation in a production environment due to the cost (overhead)
associated with vMotion
5. DRS also allows you to set granular control at the VM level as well. And this can
be combined with Affinity and Anti-Affinity rules
6. DRS Detail Settings include Power Management (DPM) and Advanced
Options. DPM is an excellent "Green" feature for migrating workloads to other
ESXi hosts in the cluster and putting some of the hosts in Sleep Mode. This can
reduce Power and Cooling costs in the datacenter. Prior to enabling this feature
in a Production environment, thoroughly test the ESXi host for the ability to come
in and out of sleep mode. In rare circumstances Advanced Options may be
required to customize the functionality of DRS. This should only be done in rare
circumstances and generally at the guidance of Global Support Services (GSS).
7. Click the OK button to save and close.
HOL-SDC-1610
Page 323
HOL-SDC-1610
Automation Levels
The chart shows how DRS affects placement and migration according to the setting
Manual, Partially Automated or Fully Automated.
Switch to the Cluster Summary page

1. Confirm you are still on the Host and Clusters tab in the navigation pane
HOL-SDC-1610
Page 324
HOL-SDC-1610
2. Click on Cluster Site A

3. Click the Summary Tab
4. Find the vSphere DRS pane and toggle the window size. For better viewing you
need to maximize the vSphere DRS pane. If you are unable to see the maximize
button, drag vSphere DRS to the left column. This is a limitation of the screen size
in the lab environment
5. Hover over the information icon. This lets you know what the Current and Target
Standard Deviations are set to. This is directly affected by the Migration
Threshold slider that we moved to Aggressive. in the image above, you can
see that "Aggressive" sets the Target to a standard deviation of 0.050.If DRS is in
an N/A status, the values will be dash marks. Just continue with the lab
6. Since DRS was just configured, the bubble should be to the right and showing
Imbalanced like the screen shot above. DRS checks every five minutes to
determine if vMotions are necessary based on the standard and target deviation
between the ESXi hosts in the Cluster. If your lab is showing N/A or Balanced this
will be explained later in this lesson
7. If your Cluster is showing alerts, click Reset to Green to clear them. Continue to
the next page
Adjusting the Panes in the vSphere Web Client

Since it can take up to five minutes for DRS to configure and rebalance the load, we'll
cover adjusting the Web Client panes for improved viewing to allow time for DRS to do
its thing.
HOL-SDC-1610
Page 325
HOL-SDC-1610
Adjusting the vSphere Web Client Panes (pane to outer

edge)
This step will demonstrate how to move panes to one of the sizes or top/bottom for
customized viewing.
1. Your screen is most likely not at the default pane like the print screen above. To
reset, click the down arrow beside the Adminstrator@CORP.LOCAL and select
Reset To Factory Defaults.
2. Click and hold down the mouse button on the Alarms pane.
3. Drag the Alarms pane and your cursor to the right double arrow icon so it
highlights. The screen shot above shows the left, top and bottom are greyed out
compared to the right double arrows.
4. Since my cursor is inside the Work in Progress pane, the single left, right, top &
bottom arrows also appear. The cursor is not on these arrows, so they are greyed
out and do not have any effect. Release the mouse button to complete the move
of the Alarm pane.
Adjusting the vSphere Web Client panes (pane beside

pane)
This step will demonstrate how to put two panes side by side.
HOL-SDC-1610
Page 326
HOL-SDC-1610
1. Click and hold down the mouse button on the Alarms pane.
2. Drag the Alarms pane into the Recent Tasks pane.
3. Once dragged into the Recent Tasks pane, the arrow buttons will appear.
Hovering over the Left arrow with your mouse will put the Alarm pane next to
the Recent Task pane. Release the mouse button to complete the move of the
Alarm pane.
HOL-SDC-1610
Page 327
HOL-SDC-1610
Adjusting the vSphere Web Client Panes (collapse Work in

Progress and Alarms panes)
This step will walk you through collapsing Work in Progress, Alarms and Recent Tasks for
maximum viewing space in the main display pane.
1. Unpin Work in Progress, by toggling the Push Pin.
2. Unpin Alarms, by toggling the Push Pin.
3. Unpin Recent Tasks by toggling the Push Pin as well.
Additional Layout Options

Should your layout get entirely messed up, you have the ability to reset to default.
1. Select the Pull Down associated with your logon name
(administrator@CORP.LOCAL)
2. Do not click Reset To Factory Defaults as this will reset all the panes, however
it is available should the need arise
3. You also have a Layout Settings option. This allows you to completely remove
(toggle on or off) the Recent Tasks and Alarms panes
HOL-SDC-1610
Page 328
HOL-SDC-1610
Note: Customize the Web Client to suit your needs. This layout is nice because it
maximizes the real estate, while still informing you if there are any Alarms, Work in
Progress or Recent Tasks. In the screen shot, you can see we have one Alarms and zero
Work In Progress and Recent Tasks. Your lab may differ in the number of Alarms, Work in
Progress or Recent Tasks.
Demonstrating automatic load balancing with DRS

This section will now walk you through a demonstration of automatic load balancing.
Host and Clusters View

2. Select Hosts and Clusters
HOL-SDC-1610
Page 329
HOL-SDC-1610
Viewing DRS status

1. If necessary, toggle the swizzles and highlight Cluster Site A
2. Click the Summary tab
3. Note: The Alerts can re-appear based on the amount of time it takes to complete
the lab. If they reappear, click Reset to Green
4. Click the Maximize icon for vSphere DRS
Monitoring DRS from the Summary tab - N/A status

By now, the vMotion(s) should have occurred to balance the cluster compute load to the
best of its ability. The vSphere DRS screen on the summary page lets you know how
well balanced your cluster is. It will have three status options; Balanced, Imbalanced
and N/A. It will also provide status on settings, recommendations and faults.
1. If your lab is showing N/A, you can attempt to refresh with Web Client Refresh
button or by refreshing Firefox. Ultimately, it will clear itself but can take a couple
of 5 minute cycles. This issue can be caused by several lab factors. Rather than
waiting, continue with the next step. Ultimately, the bubble and Current standard
deviation should still be accurate.
2. Note: It is worth mentioning that in this lab with only two ESXi hosts, a decent
number of VMs and the migration threshold on "aggressive" that the cluster will
probably never be in a "balanced" state. DRS is smart enough to know that
moving VMs from one ESXi host to the other will only push the imbalance the
other way and will not attempt to balance the cluster even if the setting is
aggressive. DRS is a very mature feature and has many advancements that
ensure it is highly accurate and efficient. In the example above, DRS has gotten
the ESXi hosts to a standard deviation of .376. This is actually very good for only
HOL-SDC-1610
Page 330
HOL-SDC-1610
two ESXi hosts and moving the Migration threshold to "Conservative" with a
standard deviation of .3 would not put the cluster in a balanced state.
Confirm DRS vMotion (View ESX-01a)

1.
2.
3.
4.
Click esx-01a.corp.local
Click the Related Objects tab
Click the Virtual Machines tab
You should now see only one of the CPU-Load VMs. In this case it is linux-CPULoad-01a.
HOL-SDC-1610
Page 331
HOL-SDC-1610
Switch to the Task Console

1. Select the Home Icon
2. Select Tasks
HOL-SDC-1610
Page 332
HOL-SDC-1610
Confirm DRS vMotion (View Tasks)

1. As you can see, multiple DRS initiated vMotions occurred.
Note: DRS did not attempt to continue vMotioning VMs even though the Cluster never
reached a balanced state. Your lab should show similar results.
HOL-SDC-1610
Page 333
HOL-SDC-1610
Disable DRS
To insure DRS does not interfere with other modules, you will now disable DRS for the
cluster.
1.
2.
3.
4.
5.
6.
7.
Confirm you are highlighted on Cluster Site A.

Click the Manage tab.
Click the Settings tab (within Manage).
Click on vSphere DRS.
Click Edit.
Uncheck the check box for Turn ON vSphere DRS.
Click the OK button.
HOL-SDC-1610
Page 334
HOL-SDC-1610
Reset linux-CPU-Load-01a Resource Settings

2. Click Edit Resource Settings..
HOL-SDC-1610
Page 335
HOL-SDC-1610
Reset linux-CPU-Load-01a Resource Settings (Continued)

1. Click the Shares Pull Down and set it to Normal
2. Click the Reservations Pull Down and set it to 0 MHz
3. Click OK to save the changes
HOL-SDC-1610
Page 336
HOL-SDC-1610
Reset linux-CPU-Load-01a Resource Settings

2. Click Edit Resource Settings..
HOL-SDC-1610
Page 337
HOL-SDC-1610
Reset linux-CPU-Load-02a Resource Settings (Continued)

1. Click the Shares Pull Down and set it to Normal
2. Click the Reservations Pull Down and set it to 0 MHz
3. Click OK to save the changes
Analyzing DRS efficiency with vRealize Operations Cluster

reports
In this section, we'll cover two reports from vRealize Operations that help analyze the
efficiency of DRS and the over-all balance between Memory and CPU.
HOL-SDC-1610
Page 338
HOL-SDC-1610
Log into vRealize Operations (vROPs-01a)

1.
2.
3.
4.
5.
Switch to vRealize Operations by selecting the bookmark for vROPs-01a.

Confirm Authentication Source is Local Users,
Type admin for the User Name.
Type VMware1! for the Password.
Click the Login button.
HOL-SDC-1610
Page 339
HOL-SDC-1610
Select Environment Overview

Select Environment from the Navigation pane or the button bar.
Select vSphere Host and Clusters

Select vSphere Host and Clusters from the navigation pane.
HOL-SDC-1610
Page 340
HOL-SDC-1610
Cluster Reports
1. Toggle the swizzles for vSphere World,vcsa-01a.corp.local and Datacenter
Site A.
2. Highlight Cluster Site A,
3. Select the Reports tab.
4. Confirm the Reports Templates tab is selected.
5. Type the word Distribution in the filter and press the Enter key.
6. Highlight Host CPU Demand (%) Distribution Report. Be careful not to select
the Generated reports or Schedules links.
7. Click the Run Template icon.
8. Highlight Host Memory Usage (%) Distribution Report. Again, be careful not
to select the Generated reports or Schedules links. Click the Run Template
icon for this report as well (repeating step 7)
Note: You can go to the Generated reports link and view the reports, but they will be
covered in the screen shot in the next step. This report is looking at 7 days worth of
data and with the Lab only running for an hour, the results will not be completely
accurate.
Using the Host Distribution Reports to analyze Cluster

Compute balance
1. For illustrator purposes the two reports have been combine onto a single screen
shot and were generated after the Lab had been up and running for nearly a
week.
2. The Y Axis denotes the number of ESXi hosts. For this lab there are 2 ESXi hosts.
in a real world example this could easily be showing the distribution of a 16 node
cluster (or larger).
3. The X axis denotes the usage in 10% Increments.
HOL-SDC-1610
Page 341
HOL-SDC-1610
4. We have small Linux VMs with the same workloads driving the utilization, so it is
very easy for the ESXi hosts to have comparable workloads. in this example both
are using 40-50% Memory Usage and 40-50% CPU Demand. if you saw this in the
real world, your ESXi hosts are using similar amount of RAM / CPU and this would
not be considered optimal for a Production Environment. Memory tends to be
more static and can run in the 70-90% usage range, while CPU demand tends to
be more dynamic and is better keep in the 40-60% range. Ultimately, reports like
these give you the necessary visibility to make capacity decisions for any type of
environment.
5. In the real world, you are more likely to see Memory Usage in a Bell Shaped curve
ranging from 60-90% while CPU Demand is a Bell Shaped curve ranging from
10-30%. If you saw a cluster distribution like this, you could use it for justification
of adding more physical memory to the servers in the cluster. This would allow
more workloads in the Cluster to raise your CPU Demand towards 50% (or higher)
without exceeding physical memory capacity leading to contention.
Note: vSphere with Operations Manager provides needed visibility. Most organizations
have a general idea on what is considered an acceptable usage/demand percentage to
meet SLAs and Business priorities. vRealize Operations allows an organization to make
those decisions and then monitor the infrastructure to insure the environment is not
exceeding or grossly under those target goals.
Module Clean-up
To insure the VMs do not interfere with other modules, please stop the CPU load and
close all the applications.
HOL-SDC-1610
Page 342
HOL-SDC-1610
Close Firefox
1. From the Task Bar, right click on Firefox.
2. Select Close Window.
HOL-SDC-1610
Page 343
HOL-SDC-1610
Close PuTTY sessions

1. On the Task Bar, click on the PuTTY session for linux-CPU-Load-01a.
2. Press the Enter key and insure you see four Terminated. This shows that all four
workers stopped.
3. Type exit and press the Enter key.
4. Repeat steps 1-3 for linux-CPU-Load-02a.
Conclusion
DRS is a very mature / battle tested feature that should be enabled on Clusters and set
to fully automated. And based on Cluster requirements, DRS provides granular control.
As demonstrated, DRS handles real time cluster balancing against random spikes and
HOL-SDC-1610
Page 344
HOL-SDC-1610
insuring workloads are balanced in the short term. This can be further augmented with
Cluster analysis via vRealize Operations insuring optimal performance and a higher level
of visibility over a longer period of time.
This concludes Demonstrate automatic load balancing for assuring proper
resource allocation.
HOL-SDC-1610
Page 345
HOL-SDC-1610
Workload Placement (WLP) Rebalance

More and more, the concept of 'Any Workload.. Anywhere..' is becoming prevalent in IT.
VMware has been addressing this concept with vSphere functionality such as cross
vCenter, Datacenter, Cluster, Storage and even virtual switch vMotions. With the
underlying infrastructure capable of extending beyond the Cluster boundary, the next
logical step is to implement enhanced analysis and automation for workload placement,
moves and rebalancing beyond the confines of a single Cluster. Workload Placement
(WLP) is a new feature for vRealize Operations v6.1and beyond that brings this to a
reality. With WLP come a new construct called Custom Datacenter.
What is a "Custom Datacenter"

A Custom Data Center is a new logical container (introduced in vROps v6.1) that allows
Data Centers, Clusters and Hosts from one or more vCenters to be combined into a
logically aggregated Datacenter. The Custom Data Center construct is a first class
citizen of vRealize Operations and brings capacity management / planning for this object
type. This includes support for all badges equivalent to Data Centers and Clusters.
Creating a Custom Datacenter

This section will walk you through how to create a Custom Datacenter. If you are not
already in Firefox and logged into vRealize Operations (vROPs-01a), go ahead and start
Firefox and log into vROPs-01a (2nd icon in Bookmark). As a reminder the credentials
are Admin (User Name) and VMware1! (password)
HOL-SDC-1610
Page 346
HOL-SDC-1610
Navigate to Environment Overview

In the navigation pane, click on either the Environment Icon or Environment in the
navigation tree.
Note: The Home, Alerts, Environment, Content and Administration icons are
always visible, but the navigation tree will differ based on where you have navigated to.
HOL-SDC-1610
Page 347
HOL-SDC-1610
Custom Datacenter
1. Confirm you are on Environment Overview in the navigation pane. Selecting
the Custom Datacenters (see arrow in the navigation pane) will take you to the
currently defined Custom Datacenters for Viewing and Analysis.
2. Select the Custom Datacenters tab in the details pane. This pane allows you to
Add, Edit, Clone or Delete Custom Datacenters.
3. As an example, there is a Custom Datacenter called Shared. As you can see, the
Major Badges for Health, Risk and Efficiency are displays with their current color
status.
4. Select the Plus icon to create a new Custom Datacenter.
New Custom Datacenter Wizard

1. Enter a Name and Description. Name is required, but Description is optional.
We will not be using it anywhere else in the lab, so you can be creative or just
type example in one or both.
2. Toggle the swizzles (arrows), so your screen matches the screen shot above. The
only swizzles that do not need to be toggled are the ones associated with the esxi
hosts (esx-01a.corp.local and esx-02a.corp.local). VMs reside under Hosts and
are consumers and not providers, so they cannot be selected n a Custom
Datacenter.
3. Check the boxes for Cluster Site A and Cluster Site B. As you see, by checking
Cluster Site A, the esxi hosts are automatically selected. You could go all the way
up to the vSphere World level and then everything would be selected.
4. Click OK to close the wizard and save the changes. After clicking OK, you will
notice all the badges have ? (question marks). This is expected behavior. Some
badges only calculate / update nightly.
HOL-SDC-1610
Page 348
HOL-SDC-1610
Note: The most important concept for Custom Datacenters to understand is that it is
a Container construct. ThevSphere World container contains all objects being
collected. Even the ESXi Hosts are containers that contain Virtual Machines (VMs).
Ultimately, the Custom Datacenter construct is focused on the VMs that reside within
the selected containers and doing analysis on where best to locate VMs within the
selected object container. In this example we have selected Cluster Site A (and inherited
esx-01a, esx-02a and the associated VMs) and Cluster Site B, so any monitoring or
analysis would be for both Clusters. Cluster Site B is an empty cluster due to limitations
imposed in the lab. In a Production environment, there could easily be hundreds of
objects selected. A great real world example is common compute clusters in a
Production environment. Many companies have multiple shared clusters. Combining
these into a single Custom Datacenter and allowing vRealize Operations to rebalance
the workloads across multiple clusters is an excellent use-case for WLP rebalance.
WLP complements DRS

In the previous section Demonstrate automatic load balancing for assuring
proper resource allocation, we covered DRS. As mentioned in that section, DRS is
focused on real time balancing within the confines of a single cluster. The WLP
HOL-SDC-1610
Page 349
HOL-SDC-1610
rebalance feature complements DRS by addressing workload placement beyond the

confines of the Cluster.The rebalance capability is fully configurable with Policies. For
vRealize Operations v6.1/v6.2, the rebalance function is limited to a single vCenter
although the Custom Data Center object can extend to multiple vCenters. WLP is fully
integrated with DRS and utilizes DRS for the actual workload placement within the
cluster for version 6.2. WLP does not conflict with DRS and does not make single cluster
recommendations/placement.
HOL-SDC-1610
Page 350
HOL-SDC-1610
Workload Placement (Initial Placement)

Although not a focus of this section, it is worth noting that WLP has an API driven Initial
Placement function. This will help simplify the provisioning process through a vROps
REST API query to determine the best placement for a VM workload. VMware and third
party products will be able to utilize the APIs. The example shows how vR Ops is queried
and returns a Placement Recommendation for the new VM workload.
Workload Placement Policy Settings

This section will walk you through modifying the Policy Settings to change how WLP
addresses rebalance.
HOL-SDC-1610
Page 351
HOL-SDC-1610
Navigate to Administration
1. In the navigation pane, click the Administration Icon. If you hover over the
icon, it will display the associated icon name in yellow. Depending on your screen
resolution, you may need to click the >> to see the Administration Icon.
Note: Since we have navigated down in the tree, we do not have the ability to use the
navigation tree without first selecting the Home icon.
HOL-SDC-1610
Page 352
HOL-SDC-1610
Navigate to Policies pane

1.
2.
3.
4.
Select Policies in the Navigation pane

Select the Policy Library tab
Highlight on Default Policy
Click the edit icon
Note: We navigated to the Default Policy because this is the active policy. You can
click on the Active Policies tab to see the active policies. vRealize Operations allows
for granular control of how objects are analyzed and displayed bases on groups and
policies. Policies is a very extensive function of vROps and should be thoroughly
thought out prior to building a Policy Hierarchy and assigning Objects via Groups.
Workload Automation
Your screen will probably not show everything in the screen shot. Use the scroll bars to
view all items in the pane.
1. As you can see there are 8 sections to the Policy Wizard. It is beyond the scope of
this lesson to cover all eight sections. It is worth pointing out that section 8
(Apply Policy to Groups) is how you make a policy active. Once a policy is
HOL-SDC-1610
Page 353
HOL-SDC-1610
2.
3.
4.
5.
associated with a group, the changes made to the policy will now take affect for
that group
Select Workload Automation. We are going to focus on #4, Workload
Automation.
The first thing to point out is the Lock / Unlock toggle. You cannot edit the
properties while the specific section is locked. Balance Workloads had already
been modified to Aggressive. For Virtual Machines selected to move during
balance, which is all the way at the bottom,toggle the lock icon to unlocked. You
can now select the radio button for Virtual Machines with lowest demand
Worth noting is the graphical representation of the settings. Unlock Consolidate
Workloads and click near Maximum. You can't click on the slider and drag it.
Notice the change in the graphical representation and how it shows hosts
evacuated (no VMs). Now toggle the lock and it will reset it to None and change
the graphical representation back.
Click the Save button to save the changes.
Note: There are three sections that affect Workload Placement. They are Balance
Workloads, Consolidate Workloads and Advanced Setting. They are very much
self-explanatory. Balance Workloads is focused on balancing workloads across Hosts
associated with this policy. Consolidate Workloads will attempt to evacuate hosts so
workloads are running on as few hosts as possible based on the setting. The default is
none, so no consolidation will happen. The final section is Advanced Settings. The two
check box options are Virtual Machine with lowest demand and Virtual Machine
with highest demand. Since it is a radio button, you can only select one. For the
purposes of this lab select the radio button for Virtual Machine with lowest demand.
HOL-SDC-1610
Page 354
HOL-SDC-1610
Workload Placement - Video (4:06)
This Introduction Lab is not large enough to properly demonstrate WLP. VMware has an
excellent WLP YouTube Video to watch.
HOL-SDC-1610
Page 355
HOL-SDC-1610
to start the video.
Conclusion
This concludes the lesson on Workload Placement (WLP) Rebalance.
HOL-SDC-1610
Page 356
HOL-SDC-1610
Module 5: Ensure
Business Continuity and
Availability - (60 Minutes)
HOL-SDC-1610
Page 357
HOL-SDC-1610
Show automatic restart of virtual

machines after a host failure
This lab shows how to use the VMware vSphere web client to enable and configure High
Availability (HA). HA protects from down time by automating recovery in the event of a
host failure.
What is vSphere High Availability?

vSphere HA increases the availability for virtual machine by monitoring hosts within a
vSphere cluster. In the event of a host, storage connectivity, or OS failure, the virtual
machines are restarted on the remaining healthy hosts.
When you create a vSphere HA cluster, a single host is automatically elected as the
master host. The master host communicates with vCenter Server and monitors the state
of all protected virtual machines and of the slave hosts. Different types of host failures
are possible, and the master host must detect and appropriately deal with the failure.
The master host must distinguish between a failed host and one that is in a network
partition or that has become network isolated. The master host uses network and
datastore heartbeating to determine the type of failure. Also note that vSphere HA is a
host function which means there is not a dependency on vCenter in order to effectively
fail over VMs to other hosts in the cluster.
HOL-SDC-1610
Page 358
HOL-SDC-1610
HA Primary Components
HOL-SDC-1610
Page 359
HOL-SDC-1610
The Master Role
HOL-SDC-1610
Page 360
HOL-SDC-1610
The Slave Role
HOL-SDC-1610
Page 361
HOL-SDC-1610
The Master Election Process
Enable and Configure vSphere High Availability (HA)

This lesson will walk through the steps required to enable vSphere HA.
Prepare for this module

You prepare for the lab if you have closed windows or logged out of the VMware
vSphere Web Client interface and VMware vRealize Operations.
HOL-SDC-1610
Page 362
HOL-SDC-1610
Launch Firefox from the ControlCenter Desktop

If not already running, double click the Firefox icon on the ControlCenter Desktop or
single click the Firefox icon on the Quick Launch bar
HOL-SDC-1610
Page 363
HOL-SDC-1610

1. Enter the User name: CORP\Administrator.
2. Enter the Password: VMware1!.
3. Click Login.
HOL-SDC-1610
Page 364
HOL-SDC-1610

1. First, go to the Home button.
2. Select Hosts and Clusters.
HOL-SDC-1610
Page 365
HOL-SDC-1610
Settings for High Availability

On the vSphere Web Client tab:
1. Click Cluster Site A.
2. Click Actions to bring up the drop down menu.
3. Click Settings.
HOL-SDC-1610
Page 366
HOL-SDC-1610
Cluster Settings
1. Click vSphere HA under Services to bring up the settings for high availability.
Note that you may need to scroll to the top of the list.
2. Click Edit.
HOL-SDC-1610
Page 367
HOL-SDC-1610
Enable High Availability

1.
2.
3.
4.
Check the box Turn ON vSphere HA.

Check the box Protect against Storage Connectivity Loss.
Change the VM Monitoring section to VM and Application Monitoring.
Expand the Admission Control section by selecting the >.
HOL-SDC-1610
Page 368
HOL-SDC-1610
Admission Control Settings

Scroll down and check the radio button Define failover capacity by reserving a
percentage of the cluster resources and accept the default settings of 25%.
HOL-SDC-1610
Page 369
HOL-SDC-1610
VM Monitoring and Datastore Heartbeating

1. Expand the Datastore Heartbeating section.
2. Select the radio button for Automatically select datastores accessible from
the host.
HOL-SDC-1610
Page 370
HOL-SDC-1610
Failure conditions and VM response

1. Scroll up and expand the Failure condition and VM response
2. Click the Response for Datastore with All Path Down (APD) drop list and
select Power off and restart VMs (aggressive).
3. Change the Delay for VM failover for APD to 1 minute.
4. In the Response forAPD recovery after APD timeout drop-down list, select
Reset VMs.
5. Click OK.
HOL-SDC-1610
Page 371
HOL-SDC-1610
Use the Summary Tab to Verify that HA Is Enabled

1. Click the Summary tab
2. Locate and expand the vSphere HA panel in the data area: click on the > to the
left of the panel's name to expand it.
3. Note the handy icon that lets you know vSphere HA is enabled
Note: The bars that display resource usage in blue, protected capacity in light gray, and
reserve capacity using stripes.
Demonstrating HA response to a host failure

This section will walk you through a demonstration of vSphere High Availability response
to a host failure.
Note: For this lesson to work, the virtual machines have to be connected to the VM
Network portgroup on the virtual distributed switch vds-site-a.
HOL-SDC-1610
Page 372
HOL-SDC-1610
Host Failure Types and Detection

The master host of a vSphere HA cluster is responsible for detecting the failure of slave
hosts. Depending on the type of failure detected, the virtual machines running on the
hosts might need to be failed over.
In a vSphere HA cluster, three types of host failure are detected:
Failure- A host stops functioning.
Isolation- A host becomes network isolated.
Partition- A host loses network connectivity with the master host.
The master host monitors the liveness of the slave hosts in the cluster. This
communication is done through the exchange of network heartbeats every second.
When the master host stops receiving these heartbeats from a slave host, it checks for
host liveness before declaring the host to have failed. The liveness check that the
master host performs is to determine whether the slave host is exchanging heartbeats
with one of the datastores. See Datastore Heartbeating. Also, the master host checks
whether the host responds to ICMP pings sent to its management IP addresses.
If a master host is unable to communicate directly with the agent on a slave host, the
slave host does not respond to ICMP pings, and the agent is not issuing heartbeats it is
considered to have failed. The host's virtual machines are restarted on alternate hosts.
If such a slave host is exchanging heartbeats with a datastore, the master host assumes
that it is in a network partition or network isolated and so continues to monitor the host
and its virtual machines. See Network Partitions.
Host network isolation occurs when a host is still running, but it can no longer observe
traffic from vSphere HA agents on the management network. If a host stops observing
this traffic, it attempts to ping the cluster isolation addresses. If this also fails, the host
declares itself as isolated from the network.
The master host monitors the virtual machines that are running on an isolated host and
if it observes that they power off, and the master host is responsible for the virtual
machines, it restarts them.
Note: If you ensure that the network infrastructure is sufficiently redundant and that at
least one network path is available at all times, host network isolation should be a rare
occurrence.
In this lesson we will experiment with a Host failure.
Confirm VM Placement
1. Ensure you are on the Host and Clusters navigation tab.
2. Drill down and highlight esx-01a.corp.local.
3. Select the Related Objects tab
HOL-SDC-1610
Page 373
HOL-SDC-1610
4. Click the Virtual Machines tab

5. Confirm that you have at least one running virtual machine hosted on the
selected ESXi host.
Note: If for any reason no virtual machines are hosted on the selected host, please
select the esx-02a.corp.local and migrate at least one virtual machine on esx-01a ESXi
host.
HOL-SDC-1610
Page 374
HOL-SDC-1610
Connect to the ESXi host

1.
2.
3.
4.
Double click the Puttyicon on the ControlCenter Desktop.

Select esx-01a.corp.local in the Saved Sessions list.
Click Load
Click Open
HOL-SDC-1610
Page 375
HOL-SDC-1610
Force a host reboot

Confirm you are connected to esx-01a and type reboot and hit enter
HOL-SDC-1610
Page 376
HOL-SDC-1610
Observe vSphere HA in action

1.
2.
3.
4.
Go back to Firefox and click the Host and Clusters tab in the navigation pane
Select Cluster Site A.
Select the Summary tab.
Click the Refresh icon until you start receiving information about the vSphere
HA host status and any failover actions being initiated.
After a few seconds you should start receiving alerts telling you about the vSphere HA
host status for esx-01a.corp.local host. Few seconds later the vSphere HA failover will
start giving you some progress status telling you information on how many virtual
machine in the current cluster are being restarted.
Note: Depending on the number of VMs you had running on esx-01a, the warning
message will differ from the screenshot.
HOL-SDC-1610
Page 377
HOL-SDC-1610
Confirm a failover has taken place

1.
2.
3.
4.
5.
Ensure you are on the Host and Clusters navigation tab.

Drill down and highlight esx-02a.corp.local.
Select the Related Objects tab
Confirm that all your running virtual machine are now hosted on the selected
ESXi host.
Open a New Firefox tab

We will now see how vRealize Operations Manager react to a failover situation. We
should be able to quickly see the updated VMs placement.
Click the + icon at the top of the Firefox window
HOL-SDC-1610
Page 378
HOL-SDC-1610
Login to vRealize Operations Manager

1.
2.
3.
4.
Click the vROPs-01a favorite.

Enter the User name: admin.
Enter the Password: VMware1!.
Click Login.
HOL-SDC-1610
Page 379
HOL-SDC-1610
Confirm VMs placement using vROPS

1. Using the search field, type esx-02a.
2. Select the Host Systemesx-02a.corp.local.
Note: in vRealize Operations Manager, it is often faster to navigate through objects
using the search field rather than navigating using the navigation tree from the
environment tab.
HOL-SDC-1610
Page 380
HOL-SDC-1610
Using the Analysis tab

1. Click the Analysis tab.
2. Note the number at the right of the Summary | Number of running VMs field.
You should now see that vROPs has updated the information that all VMS are now
running on esx-02a.
Note: vROPs will always display a summary of the running configuration on the right
pane for any type of objects.
Demonstrate vSphere HA response to a Datastore with All

Paths Down event
to a Datastore with All Paths Down event.
HOL-SDC-1610
Page 381
HOL-SDC-1610
VM Component Protection
If VM Component Protection (VMCP) is enabled, vSphere HA can detect datastore
accessibility failures and provide automated recovery for affected virtual machines.
VMCP provides protection against datastore accessibility failures that can affect a virtual
machine running on a host in a vSphere HA cluster. When a datastore accessibility
failure occurs, the affected host can no longer access the storage path for a specific
datastore. You can determine the response that vSphere HA will make to such a failure,
ranging from the creation of event alarms to virtual machine restarts on other hosts.
Types of Failure
There are two types of datastore accessibility failure:
PDL (Permanent Device Loss) is an unrecoverable loss of accessibility that occurs
when a storage device reports the datastore is no longer accessible by the host.
This condition cannot be reverted without powering off virtual machines.
APD (All Paths Down) represents a transient or unknown accessibility loss or any
other unidentified delay in I/O processing. This type of accessibility issue is
recoverable.
In this lesson we will experiment with an APD failure.
HOL-SDC-1610
Page 382
HOL-SDC-1610
Confirm VMs placement

On the vSphere Web Client tab:
1.
2.
3.
4.
5.

Select the Related Objects tab
Confirm that you have at least one running virtual machine hosted on the
selected ESXi host.
Note: If for any reason no virtual machines are hosted on the selected host, please
select the esx-01a.corp.local and migrate at least one virtual machine on esx-02a ESXi
host.
HOL-SDC-1610
Page 383
HOL-SDC-1610

1.
2.
3.
4.

Click Load
Click Open
Break storage communication

In the Putty window, type
HOL-SDC-1610
Page 384
HOL-SDC-1610
esxcli network ip interface ipv4 set -i vmk1 -t dhcp
HOL-SDC-1610
Page 385
HOL-SDC-1610
Confirm an All Paths Down event

Switch back to the vSphere Web client.
1.
2.
3.
4.
5.

Drill down and highlight Cluster Site A.
Select the Monitor tab.
Click the vSphere HA sub-tab.
Confirm that the datastore ds-site-a-nfs01 has been declared APD (All Paths
Down).
Note: I might take a few seconds before vSphere Web Client display the APD condition.
If it's not yet displayed, click refresh until the condition is displayed and proceed to the
next step.
HOL-SDC-1610
Page 386
HOL-SDC-1610
Confirm VM Placement
After the minimal delay previously configured in the vSphere HA settings (1 minute), the
VMs will be shutdown on the host experiencing an All Paths Down event and will be
restarted on one of the available hosts in the Cluster.
1.
2.
3.
4.
5.

Select the RelatedObjects tab.
Click the Virtual Machines tab.
Confirm that you have at least one running virtual machine hosted on the
selected ESXi host.
NOTE: After 1 minute of esx-02a.corp.local's storage being inaccessible, the VM's that
were running on it will start to shut down and be restarted on esx-01a.corp.local. The
overall process will take longer than 1 minute.
HOL-SDC-1610
Page 387
HOL-SDC-1610
Restore Storage Connectivity

Switch back to your Putty session. Once you rebooted esx-02a.corp.local, Putty lost
connectivity. In order to re-establish the connect back to storage, we will need to
reconnect.
If you haven't already, click OK.
HOL-SDC-1610
Page 388
HOL-SDC-1610
Restart session
From the Putty menu in the top left hand corner, select 'Restart Session'.
Reconnect Storage
Issue the following command to re-establish the storage connection:
esxcli network ip interface ipv4 set -i vmk1 -I 10.10.20.52 -N 255.255.255.0 -t static
Minimize Putty and let's verify the connection!
Verify Storage is Connected

Back in the vSphere Web Client, navigate to:
1. Make sure you are on 'esx-02a.corp.local'
2. Click on the 'Summary' tab
HOL-SDC-1610
Page 389
HOL-SDC-1610
3. Click the 'Refresh' button

You should see the error message 'All shared datastores failed on the host
esx-02a.corp.local' cleared.
Demonstrate vSphere HA response to VM failure

to a virtual machine failure.
VM and Application Monitoring

VM Monitoring restarts individual virtual machines if their VMware Tools heartbeats are
not received within a set time. Similarly, Application Monitoring can restart a virtual
machine if the heartbeats for an application it is running are not received. You can
enable these features and configure the sensitivity with which vSphere HA monitors
non-responsiveness.
When you enable VM Monitoring, the VM Monitoring service (using VMware Tools)
evaluates whether each virtual machine in the cluster is running by checking for regular
heartbeats and I/O activity from the VMware Tools process running inside the guest. If no
heartbeats or I/O activity are received, this is most likely because the guest operating
system has failed or VMware Tools is not being allocated any time to complete tasks. In
HOL-SDC-1610
Page 390
HOL-SDC-1610
such a case, the VM Monitoring service determines that the virtual machine has failed
and the virtual machine is rebooted to restore service.
Occasionally, virtual machines or applications that are still functioning properly stop
sending heartbeats. To avoid unnecessary resets, the VM Monitoring service also
monitors a virtual machine's I/O activity. If no heartbeats are received within the failure
interval, the I/O stats interval (a cluster-level attribute) is checked. The I/O stats interval
determines if any disk or network activity has occurred for the virtual machine during
the previous two minutes (120 seconds). If not, the virtual machine is reset. This default
value (120 seconds) can be changed using the advanced option das.iostatsinterval.
To enable Application Monitoring, you must first obtain the appropriate SDK (or be using
an application that supports VMware Application Monitoring) and use it to set up
customized heartbeats for the applications you want to monitor. After you have done
this, Application Monitoring works much the same way that VM Monitoring does. If the
heartbeats for an application are not received for a specified time, its virtual machine is
restarted.
You can configure the level of monitoring sensitivity. Highly sensitive monitoring results
in a more rapid conclusion that a failure has occurred. While unlikely, highly sensitive
monitoring might lead to falsely identifying failures when the virtual machine or
application in question is actually still working, but heartbeats have not been received
due to factors such as resource constraints. Low sensitivity monitoring results in longer
interruptions in service between actual failures and virtual machines being reset. Select
an option that is an effective compromise for your needs.
After failures are detected, vSphere HA resets virtual machines. The reset ensures that
services remain available. To avoid resetting virtual machines repeatedly for nontransient errors, by default, virtual machines will be reset only three times during a
certain configurable time interval. After virtual machines have been reset three times,
vSphere HA makes no further attempts to reset the virtual machines after subsequent
failures until after the specified time has elapsed. You can configure the number of
resets using the Maximum per-VM resets custom setting.
In this lesson, we will experiment with a VM failure.
HOL-SDC-1610
Page 391
HOL-SDC-1610
Demonstrate vSphere HA response to VM failure

1.
2.
3.
4.

Drill down and highlight linux-App-01a virtual machine.
Select the Summary tab
Validate that the virtual machine and the VMware Tools are running
HOL-SDC-1610
Page 392
HOL-SDC-1610
Open a SSH session to a Linux VM

1.
2.
3.
4.

Select linux-App-01a in the Saved Sessions list.
Click Load
Click Open
Make the Linux VM crash

1. Login as root
2. Enter echo c > /proc/sysrq-trigger
3. Press Enter
This will trigger a kernel panic in the VM. vSphere HA will detect that the Linux OS has
crashed and trigger the proper response based on the settings previously entered in the
vSphere HA configuration.
HOL-SDC-1610
Page 393
HOL-SDC-1610
NOTE : You will not see a response from the PuTTY window. It will become unresponsive
and you will eventually receive a network error from Putty.
Monitor the vSphere HA response

Go back to the vSphere client and refresh the screen until you receive a vSphere HA
virtual machine monitoring action
HOL-SDC-1610
Page 394
HOL-SDC-1610
Verify the event log for more information

1. Select the Monitor tab
2. Click the Event option
3. Look for the event highlighted in this example
The virtual machine has been reset as expected once vSphere HA has stopped receiving
heartbeats from the VMware Tools.
HOL-SDC-1610
Page 395
HOL-SDC-1610
Clear the warning message

1. Select the Summary tab.
2. Click the Reset to Green hyperlink to clear off the warning message.
Video: vRealize Operation Manager : Fault Analysis Badge

(3:54)
The following video will show the basics to managing vSphere fault in vRealize
Operation Manager.
Conclusion
This concludes the vSphere HA lesson.
We were able to successfully demonstrate vSphere response to the following events:
HOL-SDC-1610
Page 396
HOL-SDC-1610
Host Failure
Datastore All Paths Down failure
VM failure
HOL-SDC-1610
Page 397
HOL-SDC-1610
Demonstrate resilience to network

component failures
This lab shows how to use the VMware vSphere web client to enable and configure
network redundancy to protect the systems against network failures.

HOL-SDC-1610
Page 398
HOL-SDC-1610

1. Enter the User name: CORP\Administrator
2. Enter the Password: VMware1!
3. Click Login
HOL-SDC-1610
Page 399
HOL-SDC-1610

1. First, go to the "Home" button
2. Select "Hosts and Clusters"
HOL-SDC-1610
Page 400
HOL-SDC-1610
Verify the Teaming and failover virtual switch

1.
2.
3.
4.
5.
Ensure you are on the Networking navigation tab.

Click VM Network.
Select the Manage tab.
Click the Settings menu.
Observethe Teaming and Failover configuration for the VM Network
portgroup.
Here we can see that the portgroup has been configured to distribute the network traffic
across all available uplinks using the Route based on originating virtual port policy.
It will detect a network failure only if a link is declared down at the layer 2 level. We can
also see that if an uplink comes back online again after a failure, it will be automatically
added to the network team.
Verify the virtual switch uplinks configuration on the hosts

1.
2.
3.
4.
5.
6.
7.
Ensure you are on the Hosts and Clusters navigation tab.

Click esx-01a.corp.local.
Click the Networking menu.
Select Virtual switches.
click vds-site-a .
Expand the first and the second uplink of the vds-site-a virtual switch
From that screen you can easily observe that there are two active uplinks for vds-site-a
on that host. The first uplink is vmnic0. As we can see, the Management Network, the
HOL-SDC-1610
Page 401
HOL-SDC-1610
Storage Network and the vMotion Network rely on the two uplinks to communicate with
storage, other ESXi hosts and allow remote management.
We will simulate an uplink failure, where one of the two uplinks will get disconnected.
HOL-SDC-1610
Page 402
HOL-SDC-1610
Simulate and network link failure

Using the vSphere Web Client, we can easily trace the network interfaces being used by
a virtual machine for example. In this case we can see that virtual machine linuxApp-01a has his network traffic being routed through vmnic0 and vmnic1.
HOL-SDC-1610
Page 403
HOL-SDC-1610
Test network connectivity

1. Click the Command Prompt icon on the ControlCenter Desktop.
2. Type ping192.168.110.123-t and press Enter.
3. Confirm that you are receiving a response fromlinux-App-01a.
Let the ping command continue sending requests.
HOL-SDC-1610
Page 404
HOL-SDC-1610

1.
2.
3.
4.

Click Load
Click Open
HOL-SDC-1610
Page 405
HOL-SDC-1610
Change the link status of the uplink vmnic0

Type
esxcli network nic down -n vmnic0
and press Enter.
HOL-SDC-1610
Page 406
HOL-SDC-1610
Network response time

Switch back to the Command Prompt and stop the ping command by pressing CTRL-C
Scroll up until you can spot slightly longer response time. In this example we were
consistently getting our response under 1ms. At the moment we disabled the uplink, the
response time increased to 14ms.
Taking note of the error message

Switch back to Firefox
1. Select Cluster Site A.
2. Click on the Summary tab.
3. Observe the error message being displayed.
HOL-SDC-1610
Page 407
HOL-SDC-1610
Verify the uplink state on the host

1.
2.
3.
4.
5.
6.
Select esx-01a.corp.local.
Click Networking.
Select Virtual switches.
Select vds-site-a.
Scroll to see the uplinks status.
Here we can see that the state of the uplink is being reflected on that screen.
HOL-SDC-1610
Page 408
HOL-SDC-1610
Physical adapter status

1. Click on Physical adapters
2. Observe the detailed information for the vmnic that we disabled.
Change the link status of the uplink vmnic0 back to normal

Type
esxcli network nic up -n vmnic0
HOL-SDC-1610
Page 409
HOL-SDC-1610
and press Enter.
Conclusion
This concludes the Teaming and Failover lesson.
We were able to successfully demonstrate the vSphere is able to transparently balance
network traffic and failover in the advent of a network link failure.
Lesson clear up - please close the command prompt and putty session.
HOL-SDC-1610
Page 410
HOL-SDC-1610
vSphere Data Protection and vSphere

Replication
vSphere Data Protection is a backup and recovery solution designed for vSphere
environments. Powered by EMC Avamar, it provides agent-less, image-level virtual
machine backups to disk. It also provides application-aware protection for businesscritical Microsoft applications (Exchange, SQL Server, SharePoint) along with WANefficient, encrypted backup data replication. vSphere Data Protection is fully integrated
with vCenter Server and vSphere Web Client.
VMware vSphere Replication is a hypervisor-based, asynchronous replication solution for
vSphere virtual machines. It is fully integrated with VMware vCenter Server and the
vSphere Web Client. vSphere Replication delivers flexible, reliable and cost-efficient
replication to enable data protection and disaster recovery for all virtual machines in
your environment.
For a deeper level of understanding of vSphere Data Protection and vSphere
Replication, please consider the following lab:
VMware Business Continuity and Disaster Recovery (BC/DR) solutions drive automation,
efficiency, data protection, and validation of an organization's enterprise-level BC/DR
strategy. Learn how to reduce downtime and increase availability for your applications
and services with Site Recovery Manager (SRM) and VMware Data Protection Advanced
(VDP-A).
HOL-SDC-1605 High Availability and Resilient Infrastructure
HOL-SDC-1610
Page 411
HOL-SDC-1610
Module 6: Simplify
Security and Compliance (60 Minutes)
HOL-SDC-1610
Page 412
HOL-SDC-1610
Introduction to vSphere Hardening

vSphere Hardening Guides
The vSphere Hardening Guide provides guidance on how to securely deploy VMware
vSphere in a production environment. The vSphere Hardening Guide also serves as a
foundation upon which regulatory compliance objectives are built. These organizations
map compliance guidelines with vSphere Hardening Guide guidelines.
Guides for vSphere are provided in an easy to consume spreadsheet format, with rich
metadata to allow for guideline classification and risk assessment. They also include
script examples for enabling security automation. Comparison documents are provided
that list changes in guidance in successive versions of the guide.
Hardening Guides are an industry recognized method of implementing stricter security
to meet regulatory and local security standards above and beyond frameworks like
Common Criteria.
Prepare for this lesson

vSphere Web Client interface and VMware vRealize Operations.
HOL-SDC-1610
Page 413
HOL-SDC-1610

HOL-SDC-1610
Page 414
HOL-SDC-1610
Log in to the VMware vSphere Web Client

1. If the page does not automatically bring you to the vSphere Web Client, click the
'Site A Web Client' shortcut on the button bar.
2. Tick the box for 'Use Windows session authentication'
3. Click Login.
vSphere Update Manager compliance

VMware vSphere Update Manager automates patch management and eliminates
manual tracking and patching of vSphere hosts and virtual machines. It compares the
state of vSphere hosts with baselines, then updates and patches to enforce compliance.
Gain visibility into patch status across the virtual infrastructure with a patch
compliance dashboard.
Stage and schedule patching for remote sites.
Deploy offline patch bundles downloaded directly from vendor websites.
HOL-SDC-1610
Page 415
HOL-SDC-1610

Attach the VMware Update Manager baselines

1.
2.
3.
4.
Click
Click
Click
Click
HOL-SDC-1610
Cluster Site A.
Manage.
Update Manager.
the Attach Baseline... button.
Page 416
HOL-SDC-1610
Attach Baseline or Group

In this step, we will assign the two default hosts patch baselines to the Cluster Site A
cluster. Any hosts participating in this cluster will inherit these patches baselines.
1. Select the two existing Patch Baselines.
2. Click OK (or press Enter).
Scan the hosts for compliance status

Notice that the two newly attached baselines are Non-Compliant. We will need first to
start a scan on each individual hosts first. This could be done one host at a time or like
in this example, we will scan the whole cluster at once.
Click the 'Scan for Updates...' button.
HOL-SDC-1610
Page 417
HOL-SDC-1610
Confirm Scan
Make sure both boxes are checked and click OK to start the scan.
Confirm the task has started

Since we are only scanning two hosts, the scan should be fairly quick. If you would like
to track the progress, you can click the 'Recent Tasks' tab.
When the task has completed, click the 'Recent Tasks' tab again to collapse it.
HOL-SDC-1610
Page 418
HOL-SDC-1610
Confirm the hosts compliance status

1. Click one of the baselines that we have just scanned the hosts for.
We can see that both of our hosts are compliant with both Critical and Non-Critical
patches. If they were not, they would be listed in the Non-Compliant tab.
Click the esx-01a.corp.local link to get more details about the patches it has installed.
HOL-SDC-1610
Page 419
HOL-SDC-1610
Make sure we are in the right spot!

Make sure you are brought to:
1. esx-01a.corp.local
2. Manage
3. Update Manager
HOL-SDC-1610
Page 420
HOL-SDC-1610
Get compliance detailed status for a host

Click the Critical Host Patches (Predefined) baseline and observe the status of each
patches for that host.
Host compliance in vRealize Operations

The vSphere Hardening Guide alerts notify you when settings or properties on your
hosts or virtual machines are not configured in compliance with the guide. To use the
alerts, override the policy setting so that Local is enabled.
The alert-based compliance does not work until you enable one or both of the vSphere
Hardening Guide alerts. One alert is for ESXi hosts and one is for virtual machines. The
Hardening Guide checks the collected data do determine if the recommended settings
on configured so that your ESXi hosts and virtual machines operate in a secure manner.
HOL-SDC-1610
Page 421
HOL-SDC-1610
Open a new tab

1. Open a new tab in Firefox.
2. Click the vROPs-01a shortcut on the buttonbar.

1. Enter the User name: admin.
3. Click Login.
HOL-SDC-1610
Page 422
HOL-SDC-1610
Default Policy
Click on the Administrative tab (the gear) and click on Policies in the left-hand
navigation pane.
NOTE: Depending on your screen size, you may need to click the '>>' in order to select
the Administration tab.
HOL-SDC-1610
Page 423
HOL-SDC-1610
Customize a Policy to Enable the vSphere Hardening Guide

Alerts
1. Click the Policy Library tab and expand the Base Settings (if needed).
2. Select the Default Policy policy that you want to customize.
3. Click the pencil to edit the policy.
Edit Monitoring Policy

1. In the workspace navigation, click Alert and Symptom Definitions.
2. In the Alert Definitions pane, enter hardening in the Filter text box.
3. The list displays ESXi Host is Violating vSphere Hardening Guide and Virtual
Machine is Violating vSphere Hardening Guide alerts.
HOL-SDC-1610
Page 424
HOL-SDC-1610
Change the Local status for vSphere Hardening alerts

1. For each alert, click the State drop-down menu and click Local.
2. Click Save.
Note: The alerts and the associated symptom definitions are enabled. When the
configured policy is active, Hardening Guide alerts are generated when the configured
symptom definitions are found to be true for hosts or virtual machines.
Ensure Your Host Objects Are In Compliance Using AlertBased Compliance

As a virtual infrastructure administrator, you use vRealize Configuration Manager to
monitor the objects in your environment, including ESXi hosts on which you run your
company's virtual machines. You review the Compliance tab for one or more of your
hosts and discover that several of them are violating the VMware vSphere Hardening
Guide standard, and you need to identify the problems and fix them.
The alert-based compliance for some of the rules in the VMware vSphere Hardening
Guide are included in vRealize Configuration Manager.
HOL-SDC-1610
Page 425
HOL-SDC-1610
Check for Alerts

Click on the 'Environment' tab and click on 'vSphere Hosts and Clusters'.
HOL-SDC-1610
Page 426
HOL-SDC-1610
Check the Recommendations Dashboard

In the left pane, Click the Home button and look at the Risk column for any alerts
regarding vSphere hardening guide.
You should, by now, have received two alerts:
One that list the number of hosts not compliant with the vSphere Hardening
Guide
On that list all the VMs not compliant with the vSphere Hardening Guide.
Select one of the ESXi hosts

In the Search box, at the far right of the screen, type esx-01a.corp.local.
HOL-SDC-1610
Page 427
HOL-SDC-1610
Scroll down to the bottom of the list.

Click the esx-01a.corp.local Host System.
Note: Using the Search box is usually the fastest way to navigate to an object. If more
than one object has the same name, they will be differentiated by a category name.
HOL-SDC-1610
Page 428
HOL-SDC-1610
Listing vSphere Hardening Guide Alerts

On the Summary tab, click the ESXi host is violating vSphere 5.5 Hardening
Guide.
HOL-SDC-1610
Page 429
HOL-SDC-1610
Review The Alert

Review the page to determine the criticality and pervasiveness of non-compliant
standards for this host and in your environment. It includes the violated rules as
symptoms and the recommendations to resolve the alert.
In the Recommendations area, click the link to the vSphere 5.5 Hardening Guide.
The hardening guide is downloaded to the system you are using to access
vRealize Configuration Manager.
In the Hardening Guide workbook, click the ESXi tab and locate the Disable DCUI
to prevent local administrative control rule.
Review the information on the row and implement the appropriate remediation
method.
For this rule, you can use the ESXi Shell Command, PowerCLI Command, or the
steps provided in the VMware vSphere Documentation Center to change the
setting.
HOL-SDC-1610
Page 430
HOL-SDC-1610
Conclusion
We identified and resolved and out of compliance rule for the host object. Four or more
collection cycles after you make the change to the host settings, the rule should no
longer be included in the list of violated rules for the host
HOL-SDC-1610
Page 431
HOL-SDC-1610
Ensure auditability of administrative

actions
Lockdown Mode
To increase the security of your ESXi hosts, you can put them in lockdown mode. In
lockdown mode, operations must be performed through vCenter Server by default.
Starting with vSphere 6.0, you can select normal lockdown mode or strict lockdown
mode, which offer different degrees of lockdown. vSphere 6.0 also introduces the
Exception User list. Exception users do not lose their privileges when the host enters
lockdown mode. Use the Exception User list to add the accounts of third-party solutions
and external applications that need to access the host directly when the host is in
lockdown mode.
In normal lockdown mode the DCUI service is not stopped. If the connection to the
vCenter Server system is lost and access through the vSphere Web Client is no longer
available, privileged accounts can log in to the ESXi host's Direct Console Interface and
exit lockdown mode. Only the following accounts can access the Direct Console User
Interface:
Normal Lockdown Mode
Accounts in the Exception User list for lockdown mode who have administrative
privileges on the host. The Exception Users list is meant for service accounts that
perform very specific tasks. Adding ESXi administrators to this list defeats the
purpose of lockdown mode.
Users defined in the DCUI.Access advanced option for the host. This option is for
emergency access to the Direct Console Interface in case the connection to
vCenter Server is lost. These users do not require administrative privileges on the
host.
Strict Lockdown Mode
In strict lockdown mode, which is new in vSphere 6.0, the DCUI service is stopped. If the
connection to vCenter Server is lost and the vSphere Web Client is no longer available,
the ESXi host becomes unavailable unless the ESXi Shell and SSH services are enabled
and Exception Users are defined. If you cannot restore the connection to the vCenter
Server system, you have to reinstall the host.
Lockdown Mode and the ESXi Shell and SSH Services
Strict lockdown mode stops the DCUI service. However, the ESXi Shell and SSH services
are independent of lockdown mode. For lockdown mode to be an effective security
HOL-SDC-1610
Page 432
HOL-SDC-1610
measure, ensure that the ESXi Shell and SSH services are also disabled. Those services
are disabled by default.
When a host is in lockdown mode, users on the Exception Users list can access the host
from the ESXi Shell and through SSH if they have the Administrator role on the host.
This access is possible even in strict lockdown mode. Leaving the ESXi Shell service and
the SSH service disabled is the most secure option.
Note: The Exception Users list is meant for service accounts that perform specific tasks
such as host backups, and not for administrators. Adding administrator users to the
Exception Users list defeats the purpose of lockdown mode.
Prepare for this lesson

vSphere Web Client interface.

HOL-SDC-1610
Page 433
HOL-SDC-1610
Log in to the VMware vSphere Web Client

1. If the page does not automatically bring you to the vSphere Web Client, click the
'Site A Web Client' shortcut on the button bar.
2. Tick the box for 'Use Windows session authentication'
3. Click Login.
HOL-SDC-1610
Page 434
HOL-SDC-1610

HOL-SDC-1610
Page 435
HOL-SDC-1610
Enable Lockdown Mode Using the vSphere Web Client

1.
2.
3.
4.
5.
6.
On the left pane, click the Host and Clusters tab.

Navigate to Cluster Site A and click esx-01a.corp.local.
Click the Manage tab
Click Settings.
Under System, select Security Profile.
In the Lockdown Mode panel, click Edit.
HOL-SDC-1610
Page 436
HOL-SDC-1610
Configure Lockdown Mode

1. Select the Strict option.
2. Click Exception Users.
Note: The host can only be accessed through vCenter Server. If SSH or the ESXi Shell are
enabled, running sessions for accounts in the DCUI.Access advanced option and for
Exception User accounts that have administrator privileges remain enabled. All other
sessions are terminated.
Click OK when prompted to Enable strict lockdown mode for this host.
HOL-SDC-1610
Page 437
HOL-SDC-1610
Add an Exception User

1.
2.
3.
4.
5.
Click on the Exception Users tab.

Click the green + button.
Select the root user.
Click Add.
Click Ok.
Note: If Active Directory authentication would have been activated on the host, you
would also be able to choose a user from the Active Directory domain.
HOL-SDC-1610
Page 438
HOL-SDC-1610
Verify settings
If everything matches the image, click OK to continue.
HOL-SDC-1610
Page 439
HOL-SDC-1610
Confirm Lockdown Mode Configuration

Verify that the Lockdown Mode is enabled and strict and that the user root is part of the
Exception Users list.
Track and Audit changes in vCenter Web Client

vSphere includes a user-configurable events and alarms subsystem. This subsystem
tracks events happening throughout vSphere and stores the data in log files and the
vCenter Server database. This subsystem also enables you to specify the conditions
under which alarms are triggered. Alarms can change state from mild warnings to more
serious alerts as system conditions change, and can trigger automated alarm actions.
This functionality is useful when you want to be informed, or take immediate action,
when certain events or conditions occur for a specific inventory object, or group of
objects.
HOL-SDC-1610
Page 440
HOL-SDC-1610
Audit vSphere Changes

1.
2.
3.
4.
On the left pane, click the Host and Clusters tab.

Navigate to vcsa-01a.corp.local.
Click the Monitor tab
Click Events.
Search for the modifications that you just completed when you activated Lockdown
Mode and look at the details of the related events.
Note: You can view events associated with a single object or view all vSphere events.
The events list for a selected inventory object includes events associated with child
objects. vSphere keeps information about tasks and events for 30 days. Alternatively,
you could select any object in the inventory tree if you want to narrow the search scope.
Track and Audit activity in vRealize Operations Manager

The user activity report helps you understand the scope of user activities in your
vRealize Operations Manager instance, such as when users logged in, actions they took
on clusters and nodes, changes they made to system passwords, when they activated
certificates, and when they logged out.
HOL-SDC-1610
Page 441
HOL-SDC-1610
Open a new tab

1. Open a new tab in Firefox.
2. Click the vROPs-01a shortcut on the buttonbar.

1. Enter the User name: admin.
3. Click Login.
HOL-SDC-1610
Page 442
HOL-SDC-1610
Audit Users and the Environment in vRealize Operations

Manager
1. Click Administration(NOTE: you may have to use the '>>' to see the
Administration tab)
2. Click Audit
HOL-SDC-1610
Page 443
HOL-SDC-1610
User Activity Audit

The user activity report helps you understand the scope of user activities in your
vRealize Operations Manager instance, such as when users logged in, actions they took
on clusters and nodes, changes they made to system passwords, when they activated
certificates, and when they logged out.
HOL-SDC-1610
Page 444
HOL-SDC-1610
User Permissions Audit

A user permissions audit report provides an overview of the local users and LDAP
imported users in your vRealize Operations Manager instance, and a list of groups to
which each user belongs. This report helps you understand the scope of the user
accounts and their roles, access groups, and access privileges in your environment.
The report displays the access group associated with each local user and LDAP imported
user and the access privileges granted to the user in each access group. This report
does not include vCenter Server users, roles, or privileges.
When a user is a member of a specific user group, the associated access group could
provide the user with access to configuration, dashboards, and templates, or to specific
navigation areas in the user interface such as Administration. The access rights
associated with the access group include actions for each access group, such as the
ability to add, edit, or delete dashboards, or to view, configure, or manage objects.
System Audit for vRealize Operations Manager

A system audit report provides an overview of the counts of objects, metrics, super
metrics, applications, and custom groups in your vRealize Operations Manager instance.
This report can help you understand the scale of your environment.
The system audit report displays the types and number of objects that vRealize
Operations Manager manages. Reported objects include those that are configured and
collecting data, the types of objects, object counts for adapters, the metrics that are
configured and being collected, super metrics, vRealize Operations Manager generated
metrics, the number of applications used, and the number of custom groups.
HOL-SDC-1610
Page 445
HOL-SDC-1610
You can use this report to help determine whether the number of objects in your
environment exceeds a supported limit.
HOL-SDC-1610
Page 446
HOL-SDC-1610
Track License usage

1. Click Administration.
2. Click Licensing.
Here we can track license entitlements and usage for every solution installed.
License keys activate the solution or product and are available in varying levels. Higher
levels typically allow vRealize Operations Manager to monitor more objects.
Conclusion
We demonstrated how to restrict access to vSphere ESXi host using the Lockdown Mode
option. We also demonstrated how to track changes on any objects managed by
vCenter Server. Additionally, we demonstrated the audit feature of vRealize Operation
and how to track license usage.
HOL-SDC-1610
Page 447
HOL-SDC-1610
Demonstrate user authorization

capabilities
VMware recommends that you create roles to suit the access control needs of your
environment. If you create or edit a role on a vCenter Server system that is part of a
connected group in Linked Mode, the changes that you make are propagated to all other
vCenter Server systems in the group.
A role is a predefined set of privileges. Privileges define rights to perform actions and
read properties. For example, the Virtual Machine Administrator role consists of read
properties and of a set of rights to perform actions. The role allows a user to read and
change virtual machine attributes.
When you assign permissions, you pair a user or group with a role and associate that
pairing with an inventory object. A single user or group can have different roles for
different objects in the inventory
vCenter Server provides system roles and sample roles by default:
System roles - System roles are permanent. You cannot edit the privileges associated
with these roles.
Sample roles - VMware provides sample roles for certain frequently performed
combination of tasks. You can clone, modify or remove these roles.
Note: Changes to roles and privileges take effect immediately, even if the users involved
are logged in. The exception is searches, where changes take effect after the user has
logged out and logged back in.
Create a Role in the vSphere Web Client

You can create vCenter Server custom roles to suit the access control needs of your
environment.
If you create or edit a role on a vCenter Server system that is part of the same vCenter
Single Sign-On domain as other vCenter Server systems, the VMware Directory Service
(vmdir) propagates the changes that you make to all other vCenter Server systems in
the group. Assignments of roles to specific users and objects are not shared across
vCenter Server systems.
HOL-SDC-1610
Page 448
HOL-SDC-1610
Administration
In the vSphere Web Client, click the Home icon and select Administration.
Roles
Verify the Roles tab is selected.
HOL-SDC-1610
Page 449
HOL-SDC-1610
Create a Role
Click the green + to create a role.
Role name
1. Name the role HOL Role
2. Tick the All Privileges box
3. Click the OK button to create the new role
Edit a Role in the vSphere Web Client

When you edit a role, you can change the privileges selected for that role. When
completed, these privileges are applied to any user or group that is assigned the edited
role. In Linked Mode, the changes you make are propagated to all other vCenter Server
systems in the group. However, assignments of roles to specific users and objects are
not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 450
HOL-SDC-1610
Edit HOL Role

1. Click on the role HOL Role to select it
2. Click the Edit button
HOL-SDC-1610
Page 451
HOL-SDC-1610
Remove Permissions
Let's say that your company has separate teams to manage networking and storage, so
the HOL Role does not need access to either of them.
Uncheck the boxes for Networking and Storage views and click OK.
Clone a Role in the vSphere Web Client

You can make a copy of an existing role, rename it, and edit it. When you make a copy,
the new role is not applied to any users, groups or objects -- it does not inherit anything
from the parent except the settings. In Linked Mode, the changes are propagated to all
other vCenter Server systems in the group, but assignments of roles to specific users
and objects are not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 452
HOL-SDC-1610
Clone a Role
1. Click on the role HOL Role to select it
2. Click the Clone button
HOL-SDC-1610
Page 453
HOL-SDC-1610
Role name and privileges

1. Name the cloned role HOL Dev Role Since we cloned the role, it is missing the
Network and Storage views privileges that the HOL Dev users require.
2. Tick the All Privileges box to restore full Administrative privileges to this role.
3. Click OK to complete the clone
HOL-SDC-1610
Page 454
HOL-SDC-1610
New Role Cloned
Rename a Role in the vSphere Web Client

You might rename a role when you change the role's purpose. When you rename a role,
no changes occur to that roles assignments. In Linked Mode, the changes you make to
the roles are propagated to other vCenter Server systems in the group, however roles
assignments are not shared across linked vCenter Server systems.
HOL-SDC-1610
Page 455
HOL-SDC-1610
Edit Role Name

Click on the role HOL Role to select it and then click the Edit button.
HOL-SDC-1610
Page 456
HOL-SDC-1610
New Name
1. Rename the role to HOL Admin Role
2. Click OK
Remove a Role in the vSphere Web Client

When you remove a role that is not assigned to any users or groups, the definition of the
role is removed from the list of roles. When you remove a role that is assigned to a user
or group, you can remove assignments or replace them with an assignment to another
role.
NOTE:
HOL-SDC-1610
Page 457
HOL-SDC-1610
Before removing a role from a vCenter Server system that is part of a connected group
in Linked Mode, check the use of that role on the other vCenter Server systems in the
group. Removing a role from one vCenter Server system also removes that role from all
other vCenter Server systems in the group, even if you reassign permissions to another
role on the current vCenter Server system.
Delete Role
1. Click on the role HOL Admin Role to select it.
2. Click the Delete button.
Confirm Deletion
Click Yes to confirm you want to delete this role.
HOL-SDC-1610
Page 458
HOL-SDC-1610
Role Deleted
We can see that the role named HOL Admin Role has been deleted.
Creating unique and granular roles for users in your organization enables better security
for your vSphere infrastructure.
This concludes this lesson on User Access and Authentication Roles.
SSO Configuration in the vSphere Web Client

You can use identity sources to attach one or more domains to vCenter Single Sign-On.
A domain is a repository for users and groups that the vCenter Single Sign-On server
can use for user authentication.
An identity source is a collection of user and group data. The user and group data is
stored in Active Directory, OpenLDAP, or locally to the operating system of the machine
where vCenter Single Sign-On is installed.
After installation, every instance of vCenter Single Sign-On has the identity source
your_domain_name, for example vsphere.local. This identity source is internal to
vCenter Single Sign-On. A vCenter Single Sign-On administrator can add identity
HOL-SDC-1610
Page 459
HOL-SDC-1610
sources, set the default identity source, and create users and groups in the
vsphere.local identity source.
Log out of the vSphere Web Client

From the Administrator@CORP.LOCAL menu, select 'Logout'.
HOL-SDC-1610
Page 460
HOL-SDC-1610
Log in with elevated privileges

You configure vCenter Single Sign-On from the vSphere Web Client. To configure vCenter
Single Sign-On, you must have vCenter Single Sign-On administrator privileges. Having
vCenter Single Sign-On administrator privileges is different from having the
Administrator role on vCenter Server or ESXi. By default, only the user
administrator@vsphere.local has administrator privileges on the vCenter Single Sign-On
server in a new installation.
1. Enter administrator@vsphere.local in the User Name field.
2. Enter VMware1! in the Password field.
3. Click Login.
HOL-SDC-1610
Page 461
HOL-SDC-1610
Administration
In the vSphere Web Client, click the Home icon and select Administration.
HOL-SDC-1610
Page 462
HOL-SDC-1610
Edit a vCenter Single Sign-On Identity Source

vSphere users are defined in an identity source. You can edit the details of an identity
source that is associated with vCenter Single Sign-On.
1.
2.
3.
4.
In the left pane, Select Configuration.

Click on the Identity Sources tab
Select the corp.local identity source.
Click the Pencil button to edit the identity source.
HOL-SDC-1610
Page 463
HOL-SDC-1610
Edit Identity source

In our scenario, we only have access to one Active Directory domain and integration has
already been completed. We only have the possibility to change the domain name.
Use the Use machine account option if you do not expect to rename this machine. If
you expect to rename the local machine, you must specify an SPN, a user who can
authenticate with the identity source, and a password for the user.
Cancel out of the Edit Identity Source Wizard (or press the 'Esc' key if the Cancel
button is not visible).
HOL-SDC-1610
Page 464
HOL-SDC-1610
HOL-SDC-1610
Page 465
HOL-SDC-1610
Add a vCenter Single Sign-On Group

1. Click Users and Groups.
2. Click the Group tab in the right pane.
3. Click the green + button to add a new vCenter Single Sign-On Group.
Note: In the vCenter Single Sign-On, groups listed on the Groups tab are internal to
vCenter Single Sign-On. A group lets you create a container for a collection of group
members (principals).
Name the New Group

1. Enter HOL DEV Users in the Group Name field.
2. Click Ok.
Note: You cannot change the group name after you create the group.
HOL-SDC-1610
Page 466
HOL-SDC-1610
Add Members to a vCenter Single Sign-On Group

1. Select the HOL Dev Users group.
2. Click the Add Members button.
Note : Members of a vCenter Single Sign-On group can be users or other groups from
one or more identity sources. You can add new members from the vSphere Web Client.
Groups listed on the Groups tab in the vSphere Web Client are part of the vsphere.local
domain.
HOL-SDC-1610
Page 467
HOL-SDC-1610
Add Principals
1.
2.
3.
4.
5.
6.
In the Domain drop list, select corp.local as the identity source.

Select Show Group first.
In the Search box, type dev.
Select the Private Cloud Developers group.
Click Add.
Click OK.
Note: You can simultaneously add multiple members.
Add a Global Permission

You can use global permissions to give a user or group privileges for all objects in all
inventory hierarchies in your deployment.
1. In the left pane, select Global Permissions.
HOL-SDC-1610
Page 468
HOL-SDC-1610
2. Click the Manage tab.

3. Click the green + button to add a new permission.
Note: Use global permissions with care. Verify that you really want to assign permissions
to all objects in all inventory hierarchies.
HOL-SDC-1610
Page 469
HOL-SDC-1610
Assign an existing group

Click the Add button.
HOL-SDC-1610
Page 470
HOL-SDC-1610
Select Users or Groups

1.
2.
3.
4.
5.
In the Domain drop list, select vsphere.local as the identity source.

In the Search box, type dev.
Select the HOL Dev Users group that we recently created.
Click Add.
Click OK.
Select a Role
1. Select the HOL Dev Role from the Assigned Role drop-down menu.
2. Leave the Propagate to children check box selected.
3. Click OK.
Note: The roles that are assigned to the object appear in the menu. The privileges
contained in the role are listed in the section below the role title. If you assign a global
and do not select Propagate, the users or groups associated with this permission do not
HOL-SDC-1610
Page 471
HOL-SDC-1610
have access to the objects in the hierarchy. They only have access to some global
functionality such as creating roles.
HOL-SDC-1610
Page 472
HOL-SDC-1610
Verify the Global Permissions

Confirm the new permission created is listed in the Global Permission view.
Managing Users and Access Control in vRealize Operations

Manager
Each user must have a user account to use vRealize Operations Manager. Administrators
can assign each user to be a member of one or more user groups, and apply roles to
assign specific privileges to each user for authorization to perform actions.
User Access Control
To ensure security of the objects in your vRealize Operations Manager instance, as a
system administrator you can manage all aspects of user access control. You create
user accounts, assign each user to be a member of one or more user groups, assign
roles to each user or user group to set their privileges, and select the objects in your
environment that each user can access.
A role is a collection of action privileges that grants a user or user group the permission
to access objects. Roles do not include privileges to view or configure objects. You must
assign privileges to objects separately when you add or edit a user account.
Switch Tab to vROPs-01a

1. Move to the vRealize Operations Manager tab.
HOL-SDC-1610
Page 473
HOL-SDC-1610
2. If the tab is not opened or you closed it, simply click the 'vROPS-01a' shortcut
and use Admin and VMware1! to log back in.
3. If you were logged out, use Admin and VMware1! to log back in.
Authentication Sources
You can obtain user accounts from external sources so that you can use them in your
vRealize Operations Manager instance.
Open Firefox and log into vROPS-01a using the bookmarked shortcut, user = 'Admin'
password = 'VMware1!' if not already open.
HOL-SDC-1610
Page 474
HOL-SDC-1610
External sources include any identity source that uses the Lightweight Directory Access
Protocol (LDAP), such as Active Directory and OpenLDAP. The external sources provide
the authentication for these users.
1. Click the Administration icon (you may need to use the '>>' to see the
Administration icon).
2. Select Authentication Sources.
3. Click the green + icon to add a new authentication source.
HOL-SDC-1610
Page 475
HOL-SDC-1610
Add New Source

1.
2.
3.
4.
5.
6.
7.
In the Source Display Name field, enter corp.local.

Select Active Directory as the Source Type.
Enter corp.local in the Domain/Subdomain field.
In the User field, enter administrator@corp.local
In the Password field, enter VMware1!.
Click the Test button to confirm the settings and click Ok to close the info box.
Click OK.
vRealize Operations Manager is now ready to import users or groups from the newly
created external authentication source.
HOL-SDC-1610
Page 476
HOL-SDC-1610
Roles
You can assign users specific roles to perform actions and view features and objects in
vRealize Operations Manager. With role-based access, users can only perform the
actions that their permissions allow as designated by a system administrator.
1. In the vRealize Operations Manager Client, click the Administration icon.
2. Select Access Control.
3. Select Roles.
HOL-SDC-1610
Page 477
HOL-SDC-1610
Create a Role
1. On the left pane, select Access Control.
2. Click the Roles tab.
3. Click the green + to create a role.
Role Name
1. Name the role HOL Role
2. Click the OK button to create the new role
Note: Once a name has been given to a role, it cannot be changed.
Edit HOL Role

1. Scroll down
HOL-SDC-1610
Page 478
HOL-SDC-1610
2. Click on the role HOL Role to select it.

3. Click the Edit button
HOL-SDC-1610
Page 479
HOL-SDC-1610
Edit Permissions
Let's say that your company has separate teams to monitor and manage content for
vRealize Operations, the HOL Role does not need access to any of the content
management permissions.
1. Tick the Administrative Access - all permission box
2. Untick the Content box.
3. Click Update.
Clone a Role in the vRealize Operations

You can make a copy of an existing role, rename it, and edit it. When you make a copy,
the new role is not applied to any users, groups or objects -- it does not inherit anything
from the parent except the settings.
HOL-SDC-1610
Page 480
HOL-SDC-1610
Clone a Role
1. Click on the role HOL Role to select it.
2. Click the Clone button.
Role Name
1. Name the cloned role HOL Dev Role.
2. Click OK to complete the clone.
HOL-SDC-1610
Page 481
HOL-SDC-1610
New Role Cloned
Remove a Role in the vRealize Operations

When you remove a role that is not assigned to any users or groups, the definition of the
role is removed from the list of roles. When you remove a role that is assigned to a user
or group, you can remove assignments or replace them with an assignment to another
role.
HOL-SDC-1610
Page 482
HOL-SDC-1610
Delete Role
1. Click on the role HOL Dev Role to select it.
2. Click the Delete button.
Confirm Deletion
Click Yes to confirm you want to delete this role.
HOL-SDC-1610
Page 483
HOL-SDC-1610
Role Deleted
We can see that the role named HOL Dev Role has been deleted.
Import a group from an External Source

You can assign an imported user account to one or more user groups, assign roles to the
imported user account, and associate the imported user account with objects in the
vRealize Operations Manager environment that users are allowed to access.
HOL-SDC-1610
Page 484
HOL-SDC-1610
Access the User Group Configuration Panel

1. In the left pane, Click Access Control.
2. Select the User Groups tab.
3. Click the Import Group icon.
HOL-SDC-1610
Page 485
HOL-SDC-1610
Import User Groups

1.
2.
3.
4.
5.
Select corp.local in the Import From drop list.

Select the Basic option.
Enter Private Cloud Developers in the Search String field and press Enter.
Tick the check box beside the Private Group Developers group in the list.
Click Next.
Roles and Objects

1. Select HOL Role in the Select Role drop list.
2. Tick the Assign this role to the group check box.
3. Select vSphere Hosts and Clusters object in the Select Object Hierarchies
pane.
4. Click Finish.
HOL-SDC-1610
Page 486
HOL-SDC-1610
To further restrict or control which object are accessible to this group we could use a
vRealize Operations Manager container such as a Custom Group or a Custom
Datacenter for instance.
Note: To allow the user account to access all objects in the vCenter Server inventory of
the vRealize Operations Manager instance, click the Allow access to all objects in
the system check box. For example, click the check box to allow a user, such as an
administrator, to access all objects.
Conclusion
Creating unique and granular roles for users in your organization enables better security
for your vSphere infrastructure and vRealize Operations Manager.
HOL-SDC-1610
Page 487
HOL-SDC-1610
Managing and Tracking Change

Start CPU Load simulation on the Virtual Machine(linuxCPU-Load-01a)
Minimize any running applications. Next load PuTTY from the Desktop or from the
Launch bar.
1. Select linux-CPU-Load-01a.
HOL-SDC-1610
Page 488
HOL-SDC-1610
2. Click Load.
3. Click Open.
HOL-SDC-1610
Page 489
HOL-SDC-1610

HOL-SDC-1610
Page 490
HOL-SDC-1610
Confirm Workload status for Virtual Machine linux-CPULoad-01a

Open vRealize Operations Manager
1.
2.
3.
4.
Enter linux-CPU-Load-01a in the Search box.

Select the linux-CPU-Load-01a virtual machine the the result box.
Click the Analysis Tab.
Select the Workload Tab.
If you successfully completed the previous task, you should see the Workload score at
99 and CPU Usage at around 3GHz. Take note that there is no CPU limit configured on
that virtual machine.
NOTE: It may take a couple of minutes for the CPU to ramp up. You can click the
Refresh (6) button to see it start to spike.
HOL-SDC-1610
Page 491
HOL-SDC-1610
Open vCenter Web Client in Virtual Machine Context

1. Click the Action menu.
2. Select Open Virtual Machine in vSphere Web Client...
Note: If Firefox warns you, saying that this connection is untrusted. Simply Expand the I
Understand the Risks and Click the Add Exception... button. Confirm the Security
Exception by pressing the associated button.
HOL-SDC-1610
Page 492
HOL-SDC-1610
Edit Resource Settings

In the vSphere Web Client:
1. Click Action to bring the Action menu.
HOL-SDC-1610
Page 493
HOL-SDC-1610
Add CPU Limit

1. In the CPU Limit box, enter 200.
2. Click OK.
HOL-SDC-1610
Page 494
HOL-SDC-1610
Verify CPU Limit impact

Switch back to vRealize Operation Manager and observe the Workload which should
now be around 45%. CPU usage should be around 200 Mhz as it is expected since we
have set a CPU limit for that virtual machine.
Note: You might have to wait a minute or two before the Workload adjusts itself to the
current CPU usage. Again, you can use the 'Refresh' (4) button to monitor the
changes.
HOL-SDC-1610
Page 495
HOL-SDC-1610
Track Configuration Changes in Timeline

1. Click the Troubleshooting tab.
2. Select the Timeline option.
3. Click the Select Criticality Level button to narrow our search. (deselect all
other options, leaving info)
You should now see a Property Symptom telling you that a Virtual Machine CPU Limit has
been set. Hover over the description of the event to display more details.
Be notified by configuration changes

1. Click the Content button on the left pane (you may need to use the '>>' button
to see the Content button.
2. Select Alert Definitions.
3. Click the green + button to create a new alert.
HOL-SDC-1610
Page 496
HOL-SDC-1610
Name The Alert

1. Enter HOL - Virtual machine has limits set and is demanding more CPU
than the configured limit in the name box.
2. Click Base Object Type.
HOL-SDC-1610
Page 497
HOL-SDC-1610
Specify the Object Type For The Alert

1. Select an Object Type by typing virtual machine in the search box.
2. Click Virtual Machine.
3. Click Alert Impact.
HOL-SDC-1610
Page 498
HOL-SDC-1610
Specify The Alert Type And Subtype

Leave all configurations to their default values except for Alert Type and Subtype.
1. Select Hardware (OSI) : Configuration.
2. Click Add Symptom Definition.
HOL-SDC-1610
Page 499
HOL-SDC-1610
Configure the Alert symptoms

1. Enter cpu limit in the Filter box.
2. Drag the two displayed symptoms to the right pane.
3. Click Save.
What we just did is create an alert that will get triggered when the two selected
conditions are met. If any virtual machine has a CPU limit set and when the CPU
demand exceeds the configured limit we, the alert will be trigger.
Back to linux-CPU-Load-01a
Navigate back to linux-CPU-Load-01a virtual machine by typing 'linux-CPU-Load-01a'
in the search box.
Click on the link for linux-CPU-Load-01a.
HOL-SDC-1610
Page 500
HOL-SDC-1610
The Alert gets triggered

Navigate back to linux-CPU-Load-01a virtual machine
1. Click the Alerts Tab.
2. Select the Alert you just created.
Note: It could take a minute or so before the error show up.
HOL-SDC-1610
Page 501
HOL-SDC-1610
Check the Alert Details

Observe the details of the alert.
Expand the highlighted symptoms to reveal more details for each of them.
Note: It would also have been possible to configure some remediations and actions for
this alert.
HOL-SDC-1610
Page 502
HOL-SDC-1610
Clean up for the Next Module

1. Bring back the Putty session connected to Linux-CPU-Load-01a and click enter to
stop the CPU load script
2. Close the Putty application.
Switch to the vSphere Web Client tab

Switch back to the vSphere Web Client so we can remove the Resource limit on linuxCPU-Load-01a.
HOL-SDC-1610
Page 503
HOL-SDC-1610
Resource Settings
From the 'Actions' menu, select 'Edit Resource Settings'.
HOL-SDC-1610
Page 504
HOL-SDC-1610
Change the CPU Limit

Set the CPU Limit back to '0' and click 'OK'.
Conclusion
We demonstrated the capabilities of vRealize Operations to track changes executed in
vCenter Server. We also demonstrated that it was possible to get alerted when a change
was made and that change affected the health of a managed object.
HOL-SDC-1610
Page 505
HOL-SDC-1610
Module 7: Log
Management with
vRealize Log Insight - (60
Minutes)
HOL-SDC-1610
Page 506
HOL-SDC-1610
Overview of vRealize Log Insight

vRealize Log Insight delivers real-time log management for VMware environments, with
machine learning-based Intelligent Grouping, high performance search and better
troubleshooting across physical, virtual, and cloud environments.
High Performance Ingestion
vRealize Log Insight can process any type of log or machine generated data. vRealize
Log Insight supports very high throughput rates and low latency. vRealize Log Insight
possesses a collection framework, which accepts data through syslog, Windows and
Linux agents, or via a RESTful Ingestion API.
Scalability
vRealize Log Insight can scale out by using multiple virtual appliance instances. This
enables linear scaling of the ingestion throughput, increases query performance and
allows for ingestion high availability. In cluster mode, vRealize Log Insight provides
master and worker nodes. Both master and worker nodes are responsible for a subset of
data. Master nodes can query all subsets of data and aggregate the results. vRealize
Log Insight provides an internal Load Balancer for scale out, allowing you to load
balance and scale out from out of the box.
Real-Time Search
Data ingested by vRealize Log Insight is available for search within seconds. Also,
historical data can be searched from the same interface with the same low latency.
vRealize Log Insight supports complete keyword queries. Keywords are defined as any
alpha-numeric, hyphen, or underscore characters. In addition to the complete keyword
queries, vRealize Log Insight supports glob queries (for example, erro?, vm*) and field
based filtering (for example, hostname does NOT match test*, IP contains "10.64").
Furthermore, log message fields that contain numeric values can be used to define
selection filters (for example, CPU>80, 10<threads<100, and so on).
Search results are presented as individual events. Each event comes from a single
source, but search results may come from multiple sources. You can use vRealize Log
Insight to correlate the data on one or multiple dimensions (for example, time and
request identifiers) providing a coherent view across the stack. This way, root cause
analysis becomes much easier.
vRealize Log Insight Agent
vRealize Log Insight uses a native Windows and Linux agent to gather log data from
Windows and Linux servers as well as desktops. You can collect events from Windows
event channels and log files, and forward them to the vRealize Log Insight server. Some
of the benefits are centralized configuration, ease of use, data compression, and
HOL-SDC-1610
Page 507
HOL-SDC-1610
encryption. 3rd party agents are supported as well, but those benefits listed above
provide unique advantages by using our native agent.
Intelligent Grouping
vRealize Log Insight uses a new machine learning technology. Intelligent Grouping scans
incoming unstructured data and quickly groups messages together by problem type in
order to give you the ability to rapidly understand issues that may span your physical,
virtual, and hybrid cloud environments. The Event Trends tab in the Interactive Analytics
page provides automatic analysis of your events with context around new insights and
anomaly detection. We can now see how events are trending in a specified time interval
and easily detect ones that are potentially affecting the health of your environment or
application.
Aggregation
Fields that are extracted from log data can be used for aggregation. This is similar to the
functionality that GROUP-BY queries provide in a relational database or pivot-tables in
Microsoft Excel. The difference is that there is no need for extract, transform, and load
(ETL) processes and vRealize Log Insight scales to any size of data.
You can generate aggregate views of the data and identify specific events or errors
without having to access multiple systems and applications. For example, while viewing
an important system metric, for example the number of errors per minute, you can drill
down to a specific time-range of events and examine the errors that occurred in the
environment.
Runtime Field Extraction
Raw log data is not always easy to understand, and you might need to process some
data to identify the fields that are important for searching and aggregation. vRealize Log
Insight extracts most fields automatically, and you can dynamically extract a new field
from the data. It is as easy as double-clicking the message text and selecting Extract
Field. The regex is provided automatically based on your selection. The extracted
fields can be used for selection, projection, and aggregation.
Dashboards
You can create dashboards of useful metrics that you want to monitor closely. Any query
can be turned into a dashboard widget and summarized for any range in time. You can
check the performance of your system for the last five minutes, hour, or day. You can
view a breakdown of errors by hour and observe the trends in log events.
Security Considerations
IT decision makers, architects, administrators, and others who must familiarize
themselves with the security components of vRealize Log Insight must read the VMware
vRealize Log Insight Security Guide. For more information, you can visit the vRealize Log
HOL-SDC-1610
Page 508
HOL-SDC-1610
Insight Documentation found at https://www.vmware.com/support/pubs/log-insightpubs.html

The Security Guide contains concise references to the security features of vRealize Log
Insight. Topics include the product external interfaces, ports, authentication
mechanisms, and options for configuration and management of security features.
Dashboards Overview
Dashboards Think of the dashboards page as an overview section. Dashboards
provide the ability to quickly visualize log data and determine potential issues within an
environment. Log Insight provides two different types of widgets inside a dashboard:
charts and queries. Charts are a visual representation of data and the most commonly
used widget. Queries are saved pieces of information that provide both a visual and
textual representation of data on the Interactive Analytics page, but they are listed only
by a defined name on the dashboards page. Query widgets are typically used when a
chart widget does not necessarily provide useful information.
Interactive Analytics Allows administrators and engineers to perform searches using
plain language or REGEX strings and view log message detail to determine problem
areas and perform root cause analysis.
HOL-SDC-1610
Page 509
HOL-SDC-1610
Interactive Analytics Overview

The Interactive Analytics page allows administrators and engineers to drill down into log
messages, to determine problem areas, and to perform root cause analysis.
At the top of the page, just below the navigation bar, you will notice a section with a
black background. This section gives you a visual representation of your log data.
The chart in this section should look similar to the chart widgets that you saw on the
Dashboards page. By default, the overview chart is a bar chart that displays the count
of all events over time for the log messages seen over the last five minutes. Log Insight
refers to ingested data as events. The events visually represented on the overview chart
can be manipulated in a variety of ways, but most commonly are changed through the
use of functions and groupings.
There are many options available once you have created a custom query in the
Interactive Analytics page:
Add current query to favorites - You can save your current query and time
range in Log Insight to view it later. Saved queries can only be loaded from the
Interactive Analytics page.
Add current query to dashboard - You can save lists of search queries to your
custom dashboards by creating query list widgets.
Export or share current query - In addition to saving a dashboard you can
also choose to save a query. NOTE: A saved query stores the time range in
addition to the query. This is different than how all other pieces of information are
saved in Log Insight (i.e. everything else you can save does not include the time
range.)
Create or Manage Alerts - When you find a query you care about you might
want to configure an alert when that query returns one or more results. Log
Insight allows for alerts to be sent via email or vCenter Operations.
Manage Extracted Fields - This is important if you wish to find an extracted
field that does not appear on the current query page.
HOL-SDC-1610
Page 510
HOL-SDC-1610
Content Packs Overview

Content packs provide a powerful way to extend Log Insight through pre-defined
knowledge about particular events. To browse to the Content Packs section, select the
three bars icon in the navigation bar and select Content Packs.
A content pack is made up of various components. These components can include:
Dashboards the dashboard groups (i.e. pages) that make up the selected
dashboard
Queries
Chart widgets
Saved queries located under Saved Searches
Alerts remember always disabled when exported
Agent Groups - contain configuration for monitoring, parsing, and tagging event
to be sent to Log Insight
Fields labeled as Extracted Fields
Administration Overview
The administration section provides health information as well as allows for the
modification of configuration settings. All information displayed during the initial
HOL-SDC-1610
Page 511
HOL-SDC-1610
configuration wizard of the product can be modified from the administration section.
There are other aspects of the administration section that are not configurable during
the initial configuration wizard such as where cluster members and agents can be
managed.
Configuring vRealize Log Insight

Now that we understand the purpose of vRealize Log Insight, the next step is to
configure our environment.
HOL-SDC-1610
Page 512
HOL-SDC-1610
Configuring vCenter & vSphere

Integration
Before you configure Log Insight to collect alarms, events, and tasks data from your
vSphere environment, you must connect Log Insight to one or more vCenter Server
systems.
Log Insight can collect two types of data from vCenter Server instances and the ESXi
hosts that they manage:
Events, tasks, and alerts are structured data with specific meaning. If configured,
Log Insight pulls events, tasks, and alerts from the registered vCenter Server
instances.
Logs contain unstructured data that can be analyzed in Log Insight. ESXi hosts or
vCenter Server Appliance instances can push their logs to Log Insight through
syslog.
In this lab section we will configure Log Insight to integrate with our vCenter and the two
hosts that it manages.
HOL-SDC-1610
Page 513
HOL-SDC-1610
Keyboard Shortcuts
To aid in typing some of the entries in the lab, we have added a README.txt file on the
ControlCenter desktop to help account for the variations in keyboard layouts. Where
applicable you can also use the README file to copy and paste commands included in
steps.
Launching the vRealize Log Insight User Interface

On the ControlCenter Desktop, launch Firefox.
HOL-SDC-1610
Page 514
HOL-SDC-1610
Browser Zoom Setting

If you have trouble navigating through any of the wizards we will use in this module, use
Firefox zoom to adjust the UI screen.
1. Click to open Firefox Menu
2. Use the '+' and '-' to zoom in or out as appropriate to fit the screen
HOL-SDC-1610
Page 515
HOL-SDC-1610
Log Insight Bookmark

1. Click the Log Insight Folder and select loginsight-01a
Connect to the loginsight-01a Appliance

1. Username: admin
2. Password: VMware1!
3. Click Login
HOL-SDC-1610
Page 516
HOL-SDC-1610
Ready to Ingest Data

The Log Insight appliance was prepared previously and is ready to configure log
collection.
We can now move ahead to the vSphere integration section.
1. Click Configure vSphere Integration
Configuring vCenter & vSphere Integration

Enter the following configuration information.
1. Hostname: vcsa-01a.corp.local
2. Username: administrator@vsphere.local
HOL-SDC-1610
Page 517
HOL-SDC-1610
4. Click Test Connection

Note: Collect vCenter Server events, task, and alarms and Configure ESXi
hosts to send logs to Log Insight are checked by default. These options will
reconfigure vCenter and associated ESXi hosts to send syslog data to Log Insight.
Additional configuration is required to send further vCenter syslog data. We will cover
the additional configuration steps later in this section.
HOL-SDC-1610
Page 518
HOL-SDC-1610
Test successful
Verify you receive a Test successful message before continuing.
Note: If you do not receive a Test successful, please return to the previous step and
verify your configuration.
1. Click Save
Wait for vCenter and ESXi Host Configuration to Complete

As the screenshot states, this step may take a few moments. Please proceed to the next
step once this completes.
HOL-SDC-1610
Page 519
HOL-SDC-1610
Configuration Completed Successfully

1. Click OK to continue
Look at Help Information

1. If you click the ? next to Collect vCenter Server events, tasks, and alarms, you will
notice that we need to configure vCenter to send logs to Log Insight.
Leave this tab open for now. We will return to the Log Insight interface shortly. Please
move to the next step.
Forwarding vCenter Logs in vCSA 6.0

The VMware vCenter Server Virtual Appliance (vCSA) provides an alternative option for
organizations that chose not to run the Windows vCenter Server but still require
centralized management of VMware vSphere deployments in the enterprise.
vCSA provides exactly the same functionality as the traditional Windows vCenter Server,
but packaged in a Linux distribution.
With vCSA 6.0, there is partial support for native remote syslog, which is configurable
through the VMware Syslog Service under the new vCenter Server System
Configuration found within the vSphere Web Client.
HOL-SDC-1610
Page 520
HOL-SDC-1610
There are currently two major sets of logs, that are forwarded to a remote syslog server
when the new syslog service is configured:
1. All logs from ESXi hosts that are connected to the vCenter Server will be
forwarded
2. A partial set of vCenter Server service logs will be forwarded. The specific service
logs that are forwarded are found in /etc/vmware-syslog/custom-file-location.conf
Launch the vSphere Web Client

Open a new Tab in your browser to go to the vSphere Web Client.
1.
2.
3.
4.
Click the vSphere Web Client bookmark in your browser

Username: administrator@vsphere.local
Password: VMware1!
Click Login
HOL-SDC-1610
Page 521
HOL-SDC-1610
Navigate to Administration
1. Click Administration to open the admin section of the Web Client
HOL-SDC-1610
Page 522
HOL-SDC-1610
System Configuration
1. Click System Configuration
HOL-SDC-1610
Page 523
HOL-SDC-1610
Services
1. Click Services
HOL-SDC-1610
Page 524
HOL-SDC-1610
VMware Syslog Service Settings

Next, we will browse to the System Configuration Services in order to edit the VMware
Syslog Service using the following procedures:
1. You will see two services named "VMware Syslog Service (..." - You want to
select the SECOND service
2. To verify you selected the correct one, verify the summary tab displays VMware
Syslog Service (vcsa-01a.corp.local)
HOL-SDC-1610
Page 525
HOL-SDC-1610
Edit VMware Syslog Service Settings

1. Select the Manage tab
2. Select Edit
HOL-SDC-1610
Page 526
HOL-SDC-1610
Update Values
There are four settings that you will need to configure:
1.
2.
3.
4.
5.
Common Log Level - Enter info

Host - Enter loginsight-01a.corp.local
Port - Enter 514
Protocol - Enter UDP
Click OK
A restart is not required when configuring the syslog service. Logs will automatically be
forwarded to the remote syslog server.
HOL-SDC-1610
Page 527
HOL-SDC-1610
Forward vCenter Server log (vpxd.log)

The vCenter log file vpxd.log is not being forwarded. Over the next several steps, we will
make a configuration change, which allows this log to be forwarded to Log Insight. This
change will require a restart.
Navigate to vCenter Inventory Lists

1. Click the Home icon.
2. Click vCenter Inventory Lists
HOL-SDC-1610
Page 528
HOL-SDC-1610
Open vCenter Object list

1. Click vCenter Servers
Edit Advanced Settings

We must now navigate to the advanced settings and edit them.
1.
2.
3.
4.
5.
Click
Click
Click
Click
Click
on vCenter Object vcsa-01a.corp.local

Manage tab
Settings tab
Advanced Settings section in left pane
Edit button
Modify and Save Advanced vCenter Server Settings

1. You will need to change the vCenter Server advanced setting
"config.alert.log.outputToSyslog" property from false to true.
HOL-SDC-1610
Page 529
HOL-SDC-1610
2. Click OK
Back out of the configuration page using the Navigator

1. Click the Home button
2. Click Administration
HOL-SDC-1610
Page 530
HOL-SDC-1610
Open System Configuration

1. Click System Configuration
Open Actions for vcsa-01a.corp.local

1. Click on Nodes
2. Right-click vcsa-01a.corp.local
3. Click Reboot
HOL-SDC-1610
Page 531
HOL-SDC-1610
Confirm Reboot
1. Enter a reason for rebooting: Changed SysConfig
2. Click OK
HOL-SDC-1610
Page 532
HOL-SDC-1610
Verify Restart
It will take a few minutes for the restart to complete. If you click the Web Browser
Refresh, you will either see the above Print Screen or potentially error messages within
the Web Client as the browsers attempts to cache specific screens and the VCSA shuts
down. You do not need to wait for the Unable to connect screen to appear. While the
vCenter is rebooting, continue to the next section.
Section Complete
You are now finished with this section of the module; you may now continue to the next
section.
HOL-SDC-1610
Page 533
HOL-SDC-1610
Log Insight Standalone Instance to Log

Insight Cluster
Log Insight provides a clustering option for scenarios where the number of ingested log
events, or events per second, increases above the amount a single node supports or
when business requirements dictate, such as the need to prevent log ingestion
downtime. In those situations, a clustered configuration addresses the scale and High
Availability requirements. Log Insight offers support for up to 6 nodes per cluster
instance and the ability to retain up to 2 terabytes of searchable log data per node (12
terabytes total for a cluster instance). Clustering enables ingestion high availability
when used with the included Internal Load Balancer (ILB) or a supported external load
balancer. In this section we will walk through how to configure a Log Insight cluster and
enable the Internal Load Balancer (ILB).
Important notes:
For most environments, running multiple, separate Log Insight instances should
not be necessary
A Log Insight cluster must be in the same data center and same layer 2 network
If you have multiple datacenters, then you should consider using Log Insight
forwarders in each datacenter. Depending on business requirements the
forwarder in each datacenter may need to be a cluster
You cannot join already configured standalone nodes together, but you can join
new nodes to an already configured standalone node
Devices should connect to Log Insight via the Fully Qualified Domain Name
(FQDN)
Standalone nodes do not provide redundancy, any downtime to a standalone
node will result in an outage
For the purposes of this lab, we will only be configuring a 2 node cluster. In a production
instance, a 3-node cluster is the minimum supported.
HOL-SDC-1610
Page 534
HOL-SDC-1610
Open loginsight-02a
First, let's open a new browser tab to navigate to our new Log Insight appliance that has
already been deployed for you. Go to your browser window that you already have
open.
1. Click + icon to open a new tab.
2. Click Log Insight in the bookmark bar
3. Click the loginsight-02a link
Deploy New Log Insight Appliance

1. Click Next
HOL-SDC-1610
Page 535
HOL-SDC-1610
Choose Deployment Type

1. Select Join Existing Deployment.
Join Existing Deployment

1. Enter the fully qualified domain name (FQDN) of the Log Insight master:
loginsight-01a.corp.local.
2. Click Go
HOL-SDC-1610
Page 536
HOL-SDC-1610
Request to Join was Received Successfully

The above message should appear with a successful attempt to join the cluster.
1. Click the link that says "Click here to access the Cluster Management page"
and you will be redirected to the Cluster Management page of the master node.
You may need to re-authenticate to Log Insight. Please ignore the next step if reauthentication is NOT required.
HOL-SDC-1610
Page 537
HOL-SDC-1610
Re-Authenticate to loginsight-02a Appliance if Required

1. Username: admin
3. Click Login
Accept Worker Request

1. Click Allow to accept the request from the new worker node to join the cluster.
This process may take a few moments.
HOL-SDC-1610
Page 538
HOL-SDC-1610
Cluster Mode is Now Enabled

Notice the page has updated and created an additional node 192.168.120.121
(loginsight-02a).
HOL-SDC-1610
Page 539
HOL-SDC-1610
Enable Integrated Load Balancer

At the bottom of the same page, complete the following to enable the Integrated Load
Balancer.
1. Selectthe check box next to "Enable Integrated Load Balancer".
2. Enter the IP (192.168.120.123)of the ILB. The FQDN (optional) of this IP
Address is loginsight.corp.local.
3. Select Save.You should a "Status In Progress" appear under the IP Address. This
will take a few moments to complete so be patient.
Note: You must enter the IP address here and not the FQDN, which is optional.
HOL-SDC-1610
Page 540
HOL-SDC-1610
Cluster Page
The Cluster Page should now appear as the image above. You have now created a
cluster with an internal load balancer.
Note the warning message shown. We have one more step to complete before things
are finalized to make the warning message disappear.
HOL-SDC-1610
Page 541
HOL-SDC-1610
Reconfigure vSphere Integration

Notice that the Syslog target is configured to Log Insight Master.
1. Navigate to vSphere Integration section by clicking vSphere in the left pane.
2. Click Unconfigure.
Unconfigure ESXi Hosts

1. Click Continue
HOL-SDC-1610
Page 542
HOL-SDC-1610
Configuration Change Complete

1. Click OK to continue
Save vSphere Integration

1. Click Configure ESXi hosts to send logs to Log Insight. Notice the Internal
Load Balancer IP is listed.
2. Click Save to commit the changes. This may take a few moments.
Confirm Update
1. Click OK to complete the configuration change.
HOL-SDC-1610
Page 543
HOL-SDC-1610
Finalized Cluster Configuration

1. Select Cluster under the Management section in the left side menu.
Note: The warning message about reconfiguring vSphere Integration is no longer
present. The cluster status is now set to Available. Congratulations, you have
successfully created a cluster and reconfigured the vSphere integration. Remain on
this tab for the next section.
HOL-SDC-1610
Page 544
HOL-SDC-1610
Event Forwarding
Any Log Insight instance, whether standalone or clustered, can be configured to forward
events. When forwarding events, the Log Insight instance still ingests and stores events
locally. Archiving is also an option once configured. In addition, queries can be issued
from Log Insight instances configured for event forwarding. Forwarders are also often
used for the following reasons:
To send log data up to 10 destinations, including a Security information and event
management (SIEM) solution.
Compress log data to reduce bandwidth requirements.
Enhance security by minimizing the number of devices which send events to a
primary Log Insight destination.
Forwarders are a complete Log Insight instance, which provides backup for log
events in the event connectivity is lost to the destination
Filtering events before forwarding to a primary Log Insight destination
Important:
There is no way to configure Log Insight to ONLY forward events (i.e. not ingest
and store logs locally)
Events that the Log Insight instance has previously ingested are not forwarded
after event forwarding has been configured.
Browse to Event Forwarding

1. Select Event Forwarding.
2. Click New Destination.
NOTE: You might see the red escalation mark in the upper right corner of the console.
The warning is due to the lab environment not including an SMTP server.
HOL-SDC-1610
Page 545
HOL-SDC-1610
New Destination
Upon selecting the option to create a new destination you will be prompted to provide
information including:
Name: Destination (meaningful user-friendly name or alias)
Host: The FQDN for the remote destination.
Protocol: How events should be sent to the remote destination
Ingestion API (default) if the remote destination is another Log Insight
instance
Syslog (TCP) if the remote destination is something other than Log Insight
Note: Syslog forwarding over UDP is not supported today.
Tags (optional): Let you add fields with predefined values to events for easier
querying.
One or more fields to pass with the event.
Tags are only available when using Ingestion API.
Filters (optional): What events you would like to forward
By default, all events are sent
Filters only support static fields such as syslog metadata fields or ingestion
API tags
There are also several advanced options, which include:
Port: In case you have a non-standard port requirement
Cache: Disk-based cache in case the remote destination is unavailable (maximum
allowed = 2000)
Note: We recommend always changing this to the maximum allowed (2000)
Workers: Number of worker threads per node (in most cases should not be
changed)
HOL-SDC-1610
Page 546
HOL-SDC-1610
HOL-SDC-1610
Page 547
HOL-SDC-1610
Enter New Destination Information

When setting up a log insight forwarder you have the option of specifying specific
events to forward using filters, and in this example we will filter on messages containing
the word error.
1.
2.
3.
4.
Enter Name: LI Forwarded Events

Enter Host: loginsight-03a.corp.local
Click Add Filter
Modify Filter: Change hostname to text, set filer to does not match then enter
error as the filter word
5. Click Test and confirm Test event forwarded successfully
6. Click Save
Note: Optionally, you can select Run in Interactive Analytics to show a sample of
events that would be forwarded based on the filter that you created.
HOL-SDC-1610
Page 548
HOL-SDC-1610
Configuration Complete
1. Click the Web Browser Refresh if no data is presented.
2. You should not see events.
Now that the configuration is complete, let's take a look at the events coming over to
our destination on loginsight-03a.corp.local
Open loginsight-03a
1. Click the + icon to open a new browser tab
2. Click Log Insight on the bookmark bar
3. Click the loginsight-03a link
HOL-SDC-1610
Page 549
HOL-SDC-1610
Log In to loginsight-03a
1. Username: admin
3. Click Login
HOL-SDC-1610
Page 550
HOL-SDC-1610
View Interactive Analytics

1. Click on the Interactive Analytics tab
The forwarded events are now available in the Interactive Analytics of
loginsight-03a.corp.local.
Note: Due to differences in time there may be differences in what is shown.
Section Complete
At this point, you have completed a basic configuration of the Event Forwarder.
HOL-SDC-1610
Page 551
HOL-SDC-1610
Exploring vSphere Log Events

In this section we will use Log Insight explore the logs of a vSphere environment. Often,
without a log analysis tools such as Log Insight, log errors are not viewed until
production workloads have degraded or failed and the business is impacted. With Log
Insight we can uncover log events and patterns that may ultimately lead to problems so
we can take action beforehand. In this section we will focus on log analysis and
dashboards, though you can use these same principles to create alerts and forward
them to vRealize Operations or via SMTP.
Log Insight Bookmark

1. If you are not already logged into Log Insight server loginsight-01a, click the Log
Insight folder and select loginsight-01a
HOL-SDC-1610
Page 552
HOL-SDC-1610
Login to Loginsight-01a
1. Enter Username: admin
2. Enter Password: VMware1!
3. Click Login
Log Insight Dashboard General Overview

If you have successfully connected to a vCenter, earlier in this module, the first screen
you will see is the General Overview dashboard.
1. If you are not already at this screen click the Dashboard tab.
2. This is the dashboard category tile; it tells you the source of the dashboards that
are available (to see a complete list of installed dashboards click the down arrow
next to the category title). Dashboards are either created within Log Insight or
come as part of a Content Pack. By default, the vSphere Content Pack comes preinstalled. Dashboards from any other content pack that you install can be found
by clicking the arrow.
3. This section is a list of actual dashboards for the current category - The image
above shows the dashboards from the VMware - vSphere content Pack.
4. This section of the screen allows you to apply a date/time range filter to limit the
data you are viewing within the dashboard.
HOL-SDC-1610
Page 553
HOL-SDC-1610
5. This section shows the filters which are available as part of this dashboard. The
filters allow you to quickly focus the dashboard on a specific object/item of
interest.
6. Widgets, the widget in Log Insight are configured to query the consolidated log
database and show specific areas of regular interest. In this case, the widget is
showing a graphical representation of all the vSphere log messages and when
they were generated. Widgets can be arranged in multiple ways and sizes.
Switch to Interactive Analytics

1. Click the Interactive Analytics tab
HOL-SDC-1610
Page 554
HOL-SDC-1610
The Interactive Analytics Screen

The following describes the different sections of the Interactive Analytics Screen:
1. This area shows the graphical representation of the current Query, because we
have not specified anything as a query or filter all the events are being shown.
2. This section modifies how the graph displays the data.
3. With the Search box, you can enter anything here you would like to search for
within the logs. For example, this could be a host name, error message or
number.
4. With Data Range, Log Insight auto-correlates all log data, in this field you can
specify a specific time range you would like to search for log entries. By default,
the time range field is set to Latest 5 minutes of data. Be advised: large date
ranges will take a longer time to return the complete set of data, but that data
will stream in as the query result is returned. In this lab we have only just
connected to the vCenter thus we have a limited time range where data is
available.
5. Events are the log entries which match the query and will be displayed here. The
key words (Fields) contained in each of the log messages will be called out in blue
below the log message. By default, Log Insight understands all the Syslog defined
fields. As part of content packs Fields are added which are specific to their
domain. In this case all the vSphere and Syslog Fields are available.
6. The Field List is all the defined fields from all the log messages which are part of
the result set from the query. You can click on any one of them and they will show
you a graphical representation of the number of log messages which are
associated to that field.
HOL-SDC-1610
Page 555
HOL-SDC-1610
HOL-SDC-1610
Page 556
HOL-SDC-1610
Searching Log Events

As you enter keyword searches inside the search box, Log Insight will provide auto
complete options as you type.
1. In the search field type vcsa* (remember to type in the asterisk), in this case we
are looking for all messages which are related to the vCenter vcsa-01a. In
English, simply type in what you are looking for and add an asterisk as the
wildcard.
2. Enter the data range, Latest 5 minutes of data.
3. Click the search Icon.
Event Types
Event Types are used when troubleshooting to quickly narrow down the resulting set of
log messages into pattern matched clusters. This capability allows you to quickly
eliminate irrelevant log messages.
1. Click the Event Types Tab. This will sort the result set of log messages by Event
type.
2. The Events column will provide the count of messages of the pattern matched
type
3. Click the x to remove this message type from the result set and automatically
creates a filter for that message type (you must hover the mouse over the area
for the "x" to display.
HOL-SDC-1610
Page 557
HOL-SDC-1610
Note: The lab you are taking is a live dynamic environment. What you see will differ
from what is captured in the screenshot. Please choose any event in the window and
proceed to the next step.
Filters
After deleting the Event Type, the log messages are retained. They are only removed
from this query and the system automatically creates a filter or constraint excluding
that specific event type.
Creating a Filter
Now we will create a new filter to only include log messages based on the text api
invocations. This will show the number of api connections to your vCenter server.
HOL-SDC-1610
Page 558
HOL-SDC-1610
1. Click Add Filter
Set Filter Constraints
1.
2.
3.
4.
5.
Set Filter to text.

Set the Operator to contains
Type API invocations
Click the search button
At this point the result list will only show log messages related to the text API
invocations that are not event_type you filtered.
NOTE: Now we have narrowed down our results. Prior to adding filters there were over
a dozen different event types.
HOL-SDC-1610
Page 559
HOL-SDC-1610
Field Extraction
Extracted fields provide a powerful way to construct queries in Log Insight. You can also
create your own custom extracted fields.
1. Switch back to the Events tab.
2. Highlight the value next to "API invocations:". In the example above, its listed as 1,
but this number could be different.
3. A pop up window appears, select Extract field.
HOL-SDC-1610
Page 560
HOL-SDC-1610
Fields configuration
A Fields configuration will appear on the right side of your screen. We now need to name
the extracted field, determine who can use the field, then save the field for use in the
future. You will use this extracted field later in this module when we integrate with
vRealize Operations Manager.
1. In the Field Name input box, type vmw_vc_api.
2. Under Available for drop down, you have the option to make this extracted field
available to just yourself or all users. Leave this as Me Only.
3. Click Save.
Extracted Field Complete

Notice that we now have a new field called vmw_vc_api. We will leverage this later in
the module. For now, we will move to the next step.
HOL-SDC-1610
Page 561
HOL-SDC-1610
Grouping Events
Now we want to group these events which add some additional data into our graph.
1. Select over time drop down
2. Place a check next to vmw_vc_auth_source (VMware - vSphere) and
vmw_vc_auth_user (VMware - vSphere)
3. Click Apply
Legend Created
Notice that a legend has been created on the right side of the graph to display the IP
address and the username for who was connecting to the vCenter appliance.
HOL-SDC-1610
Page 562
HOL-SDC-1610
Add Query to Dashboard

Now we will create a new dashboard called API Invocation Events based on our search
results.
1. Click Add to Dashboard.
Add Chart to Dashboard

1. Enter API Invocation Events in the Name field, replacing the default content
2. Ensure the Dashboard 1 is selected. You can change the dashboard you are
adding this query to any dashboard you have rights to modify or create a new
dashboard
3. Click Add
HOL-SDC-1610
Page 563
HOL-SDC-1610
Navigate to the Dashboards page

1. Click the Dashboards tab
Select My Dashboards
1. Click the drop down arrow for the dashboard list
2. Select My Dashboards
HOL-SDC-1610
Page 564
HOL-SDC-1610
Observe the Modified Dashboard

Observe that a new widget named API Invocation Events is now included with
Dashboard 1.
Section Complete
You now know how to use Log Insight to explore the logs of a vSphere environment. You
can leave the browser open for the next section.
HOL-SDC-1610
Page 565
HOL-SDC-1610
Installing Content Packs

Content packs contain dashboards, extracted fields, saved queries, and alerts that are
related to a specific product or set of logs.
Some content packs such as the VMware - vSphere content pack are loaded by default,
while others can be downloaded from Log Insight Content Pack Marketplace (Solutions
Exchange). In this section we will:
Investigate available Content Packs
Import Content Pack for vRealize Operations 6.x
Managing Content Packs

We will continue to use loginsight-01a for this exercise. On the top right corner of the
Log Insight UI:
1. Click the menu icon
2. Click Content Packs
HOL-SDC-1610
Page 566
HOL-SDC-1610
Log Insight Content Pack Marketplace

The lab environment isn't connected to the internet, so the vRealize Operations content
pack file was downloaded previously to the lab environment.
HOL-SDC-1610
Page 567
HOL-SDC-1610
Log Insight Content Pack Marketplace

The screenshot depicts the Log Insight Content Pack Marketplace when the appliance is
connected to the Internet.
The Marketplace includes a large number of VMware and 3rd party created Content
Packs, which provides extensibility around how log messages are viewed, queried, and
used for alerts.
Solutions Exchange (Marketplace) for Log Insight

Additionally, you can browse Solution Exchange and view the content and
documentation. For Log Insight:
1. You can see there are 47 Content Packs (the number of packs and page format
style may change over time)
2. With 47 Content Packs, there is a search feature to reduce the number of
displayed content pack
HOL-SDC-1610
Page 568
HOL-SDC-1610
Note: There is considerable amount of content and it is worth visiting Solutions

Exchange for Log Insight, vRealize Operations and other VMware related extensible
content.
HOL-SDC-1610
Page 569
HOL-SDC-1610
VMware - vSphere Content Pack

1. Click VMware - vSphere in the left navigation pane
2. Observe that the VMware - vSphere Content Pack version 3.0 is installed
3. Click the different tabs to gain information about the installed content
Log Insight General Content Pack

1. Click General in the left hand navigation pane, which is the second content pack
installed by default
2. Observe that the GeneralContent Pack version 2.5 is installed
Import the vCenter Operations Manager Content Pack

On the bottom of the left hand navigation pane:
HOL-SDC-1610
Page 570
HOL-SDC-1610
1. Click the Import Content Pack button
Import Content Pack

1. Click Browse
HOL-SDC-1610
Page 571
HOL-SDC-1610
File Upload
1. Browse to C:\LabFiles\
2. Click VMware - vR Ops 6.x.vlcp
3. Click Open
Import Content Pack Continued

There are two options when installing a content pack.
Install as content pack
Description - The content is imported as a read-only content pack that is visible to all
users of the Log Insight instance.
HOL-SDC-1610
Page 572
HOL-SDC-1610
Note: Content pack dashboards are read-only. You cannot delete or rename them.
However, you can clone content pack dashboards to your custom dashboard. You can
clone whole dashboards or individual widgets.
Import into My Content
Description - The content is imported as custom content to your user space, and is
visible only to you. You can edit the imported content without having to clone it.
Note: Content pack metadata, such as name, author, icon, and so on, are not displayed
in this mode. Once imported in My Content, the content pack cannot be uninstalled as a
pack. If you want to remove a content pack from My Content, you have to individually
remove each of its elements, such as dashboards, queries, alerts, and fields.
1. Choose Install as content pack.
2. Click Import.
HOL-SDC-1610
Page 573
HOL-SDC-1610
Success - VMware - vCenter Operations Manager Content

Pack Installed
Observe that VMware - vR Ops 6.x specific widgets, queries, alerts, agent groups, and
fields are now available in Installed Content Packs. Each element of the content
pack helps to highlight specific issues with a vRealize Operations Manager appliance.
The content pack simplifies the process of finding and viewing relevant log data as well
as facilitates integration of alerts between Log Insight and vRealize Operations Manager.
With Internet access (not possible with the Lab environment), you will be notified
regarding updates. In the sample printscreen, you can see that one update is available.
HOL-SDC-1610
Page 574
HOL-SDC-1610
Updating a Content Pack

To view the update(s), you would click the Update link in the navigation pane and then
Update the specific content pack or Update All, if multiple updates were available. For
the purposes of this Log Insight introduction, not having the latest vROps Content Pack
will not affect the features being demonstrated.
Configure vRealize Operations Manager to send logs to

Log Insight
Now that we have the content pack for vRealize Operations Manager 6 installed, let's
configure vrops-01a.corp.local to send its logs to the Log Insight cluster
(loginsight.corp.local)
If you are running vRealize Operations 6.0.1 or later - the Log Insight agent is already
pre-installed on your appliance - all you have to do is configure it!
We have already provided a completed configuration file in the C:\LabFiles directory. In
this lab, we will be manually copying over the agent configuration but you can centrally
manage agent configuration via the Log Insight UI using Agent Groups which can be
found in the Administration section of the UI.
Configuration parameters
Note: If you have a multi-tier deployment, you will need to customize the below config
file for each node.
Here are the parameters that need to be changed:
HOL-SDC-1610
Page 575
HOL-SDC-1610
hostname - This is the IP or FQDN of your Log Insight server. Note that this only
needs to be changed in the [server] section at the top of the file, and not
throughout the entire file. Below, it is set to <YOUR LOGINSIGHT HOSTNAME
HERE>
vmw_vr_ops_clustername - This is the *name* of your vRealize Operations
cluster. This can be anything you like here and can be used to distinguish one
cluster from another if you have multiples. Below, it is <YOUR CLUSTER NAME
HERE>
vmw_vr_ops_clusterrole - This is the role that the node you are installing this
file on fills. The choices are "Master", "Replica", "Data", or "RemoteCollector"
- on a single-node installation, use Master. Below, it is set to Master. This value
can be found on the Administration > Cluster Management page in the
vRealize Operations Manager UI (see above image)
vmw_vr_ops_hostname - This is the hostname of your vRealize Operations
Manager cluster. This hostname can also be found on the Administration >
Cluster Management page in the vRealize Operations Manager UI (see above
image). Below, it is set to <YOUR VROPS HOSTNAME HERE>
vmw_vr_ops_nodename - This is the node name of the node you are installing
this file on. This name can be found on the Administration > Cluster
Management page in the vRealize Operations Manager UI (see above image).
Below, it is set to <YOUR NODE NAME HERE>
HOL-SDC-1610
Page 576
HOL-SDC-1610
Open WinSCP
1. Open the Windows Start screen

2. Click WinSCP
HOL-SDC-1610
Page 577
HOL-SDC-1610
WinSCP to vrops-01a.corp.local
1. Select vrops-01a.corp.local
2. Click Login
HOL-SDC-1610
Page 578
HOL-SDC-1610
Update Unknown Server, Security or Banner Message

If you see this unknown server message....
1. Select Yes
Note: You may also see a Security Message or Banner message. Accept or Continue
to clear the messages.
HOL-SDC-1610
Page 579
HOL-SDC-1610
Browse to Directories
The correct directory paths may already appear within WinSCP. If you do not see the
correct paths, please proceed with the steps below. Otherwise, you can move to the
next step.
1. Browse to C:\LabFiles\ (left frame). This can easily be completed by using the
toolbar up-directory navigation and then once at C:\, select the LabFiles folder.
2. Browse to /var/lib/loginsight-agent on vrops-01a.corp.local (right frame). This
can be accomplished by using the up-folder toolbar button to get to root and then
navigate to the loginsight-agent folder.
Drag liagent.ini to /var/lib/loginsight-agent directory

Click-Drag the file liagent.ini from left pane to right pane
HOL-SDC-1610
Page 580
HOL-SDC-1610
Overwrite liagent.ini
Overwrite /var/lib/loginsight-agent/liagent.ini with C:\LabFiles\liagent.ini by
dragging liagent.ini from the left frame to the right frame.
1. Click Yes
Close WinSCP
1. Click the X in the upper right corner to close WinSCP
Complete close of WinSCP

1. Click OK to finish closing WinSCP
HOL-SDC-1610
Page 581
HOL-SDC-1610
Open Putty
1. From the Task Bar select the Putty shortcut
Log in to vrops-01a.corp.local
1.
2.
3.
4.
Scroll to the bottom of the list

Select vrops-01a.corp.local
Select Load
Click Open
Enter root credentials

1. Enter login as: root
HOL-SDC-1610
Page 582
HOL-SDC-1610
2. Enter password: VMware1! and press Enter
Restart Log Insight Agent

Run the following command to restart the Log Insight Agent:
1. Type: /etc/init.d/liagentd restart and press Enter
2. Confirm the liagentd stops and restarts
3. Type: exit and press Enter
View Log Content from VMware - vRealize Operations

Manager 6.x Content Pack
The logs from vrops-01a.corp.local will now begin being sent to the log insight cluster
(loginsight.corp.local).
1. Select the Dashboards tab if you are not already in this location
2. Select the drop down arrow
3. Select VMware - vR Ops 6.x from under the Content Pack Dashboards section
HOL-SDC-1610
Page 583
HOL-SDC-1610
4. After navigating to the dashboard, please refresh the view using the Update
button
Conclusion
This concludes installing content packs.
Please proceed to the next section where we will complete works with installing and
managing Log Insight agents.
HOL-SDC-1610
Page 584
HOL-SDC-1610
Installing & Managing Log Insight

Agents
Earlier in this lab, we configured the Linux Agent on our vRealize Operations Manager
appliance which featured the capabilities of the Linux agent.
The Log Insight Linux Agent collects events from log files on Linux machines and
forwards them to the vRealize Log Insight server. In a Linux system, applications can
store log data in flat text files on the file system. The Log Insight Linux Agent runs as a
daemon and starts immediately after installation.
We also have a Log Insight Windows Agent which collects events from Windows event
channels and log files, and forwards them to the Log Insight server. A Windows event
channel is a pool for collecting related events in a Windows system. By default, the Log
Insight Windows Agent collects events from the Application, System, and Security
channels. The Log Insight Windows Agent runs as a Windows service and starts
immediately after installation.
Both agents can monitor directories and collect events from flat text log files
During and after installation, you can configure the following options for the Log Insight
Windows Agent:
Select the target Log Insight server to which the Log Insight Windows Agent forwards
events.
Select the communication protocol and port that the Log Insight Windows Agent uses.
Add additional Windows event channels from which the Log Insight Windows Agent
collects events to.
Select Windows directories to monitor and add flat log files to collection.
3rd party agents are also supported, but our own native agents (for Windows and Linux)
offer significant advantages, such as easy/central configuration through the log insight
UI, data compression, and encryption over SSL (available in version 3.0).
In this lab section we will install the Windows Agent on the ControlCenter Server. In real
world deployments you could deliver the agent with your favorite application delivery
management methodology including vRealize Configuration Manager, Microsoft System
Center Configuration Manager, Active Directory GPO's, etc...
Select the Agents Management Page

Note: Ensure that you are on the Log Insight browser tab.
HOL-SDC-1610
Page 585
HOL-SDC-1610
1. On the upper right, click the admin drop down

2. Select Administration
3. Select Agents from the left hand navigation pane
HOL-SDC-1610
Page 586
HOL-SDC-1610
Agents
Click Download Log Insight Agent Version 3.0.0
Download Log Insight Agent Version 3.0.0

1. Click on Windows MSI (32-bit/64-bit)
HOL-SDC-1610
Page 587
HOL-SDC-1610
Save file
1. Click Save File
Launch the Log Insight Agent Installer

1. Click on the downloads arrow in Firefox
2. Click on VMware-vCenter-Log-Insight-Agent.....
HOL-SDC-1610
Page 588
HOL-SDC-1610
Open File - Security Warning

1. Click Run
HOL-SDC-1610
Page 589
HOL-SDC-1610
VMware vCenter Log Insight Agent Setup - EULA

1. Click the check box next to I accept the terms of the License Agreement
2. Click Next
HOL-SDC-1610
Page 590
HOL-SDC-1610
VMware vCenter Log Insight Agent Setup - Server

Configuration
1. Confirm/Enter "loginsight.corp.local"in the host context box. This is the
integrated load balancer address
2. Click Install
HOL-SDC-1610
Page 591
HOL-SDC-1610
VMware vCenter Log Insight Agent Setup - Finish

1. Click Finish
Close the Download Agents Selection Box

1. Click X to close the Download agent's selection box
HOL-SDC-1610
Page 592
HOL-SDC-1610
Refresh the Agents information page

1. Refresh the browser page by pressing F5 or click the Refresh button
2. Observe that the ControlCenter Server is now configured for sending its logs to
Log Insight
HOL-SDC-1610
Page 593
HOL-SDC-1610
Centralized Agent Configuration

A new feature is the ability to create an agent group. In the Agents page of the
Administration section of the UI, one can configure an agent group and centrally
manage disparate groups of agent configurations for linux, windows, and vSphere
solutions.
We will create a new group for Windows Agents to apply specific configuration changes
to our windows agents.
1. Select All Agents
2. Select New Group
HOL-SDC-1610
Page 594
HOL-SDC-1610
New Agent Group

1. Type Windows Agents in the Name Field
2. Click New Group
HOL-SDC-1610
Page 595
HOL-SDC-1610
Save New Group

An alternative to modifying the .ini file is to use the Agent Configuration Utility.
Changes made in the Agent Configuration Utility can be propagated to All Agents.
Configuration information that does not apply to the local agent is ignored. I.e. The
Linux agents would ignore the configuration for the Windows Firewall.
We will now create a filter rule for the agents running a Windows Operating System and
apply an agent configuration specific to Windows.
1. In the filter rule, click on the dropdown and change hostname to OS
2. In the filter, type windows
3. Add the following text to the Agent Configuration Window
[winlog|Events_Firewall]
channel=Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
enabled=yes
4. Click Save New Group
HOL-SDC-1610
Page 596
HOL-SDC-1610
Agent configuration saved successfully

The agent configuration is now saved and you will see an "Agent configuration saved
successfully" popup window that will automatically disappear.
HOL-SDC-1610
Page 597
HOL-SDC-1610
Windows Agent Group Complete

1. Click on Windows Agents drop down menu
2. You should now see the Windows Agents listed under Active Groups in the agent's
dropdown
Conclusion
This concludes Installing and Managing Log Insight Agents.
HOL-SDC-1610
Page 598
HOL-SDC-1610
Integrate vRealize Log Insight with

The integration between vRealize Log Insight and vRealize Operations Manager is
extremely powerful. This section will explore the integration to illustrate how the two
products work together. As you may know, there are two primary types of data in your
environment:
Structured: vRealize Operations Manager is meant to collect primarily
structured data, think metrics like performance, directly from applications (e.g.
vSphere) or monitoring products (e.g. Hyperic). Without Log Insight integration,
vR Ops does not have any insight into unstructured data such as log messages.
Unstructured: Log Insight is meant to collect primarily unstructured data
directly from applications (e.g. vSphere), but more commonly being fed by
devices via syslog or API. While a primary use case for Log Insight is syslog
events, structured text such as CSV and JSON including metrics such as
performance are also supported.
It is important to collect and analyze both types of data within your environment. This
can be done seamlessly by integrating Log Insight with vRealize Operations Manager.
In the following section, you will complete the following items:
Install the Management Pack for Log Insight

Configure vRealize Operations Integration
Open in Context
Create an alarm and send to vRealize Operations Manager
After performing the items below to install the management pack and configure the
integration, we will be able to have 2-way launch in context between the two solutions,
as well as alerts integration and inventory unification - to aid in your troubleshooting
workflow.
HOL-SDC-1610
Page 599
HOL-SDC-1610
Installing the Management Pack for Log Insight

1. Click the + icon to open a New Tab in the firefox browser
2. Click the bookmark vROps-01a

User the following credentials to log into the system.
1.
2.
3.
4.
Authentication Source: Local Users

Username: admin
Password: VMware1!
Click Login
HOL-SDC-1610
Page 600
HOL-SDC-1610
Navigate to the Administration tab

1. Select Administration from the navigation pane or select the Administration
button
Add Solution
1. Ensure the Solutions section is highlighted
2. In the right frame, select the green plus icon
HOL-SDC-1610
Page 601
HOL-SDC-1610
Select a Solution to Install

1. Click Browse
HOL-SDC-1610
Page 602
HOL-SDC-1610
Browse to LabFiles Directory

Complete the following steps:
1. Select the C:\LabFiles directory, if not already highlighted
2. Select the vmware-vcops-6.0-MPforLogInsight-1.0... pak file
3. Click Open
Upload Management Pack for Log Insight

1. Click the check boxes for Install the PAK file even if it is already installed
and Reset predefined content to a newer version provided by this
update. Although not necessary for the first installation, this guarantees content
is fully installed during upgrades.
HOL-SDC-1610
Page 603
HOL-SDC-1610
2. Click the OK button for the Warning: User modifications to predefined

Alerts... This brings up an important "Best Practice". When modifying vROps
content (Dashboards, Views, Reports, Alerts, etc), always clone and make
changes to cloned content. This insures you benefit from new content in future
releases without losing custom content that you have created.
HOL-SDC-1610
Page 604
HOL-SDC-1610
Install Management Pack for Log Insight
1. Click Upload. It will take a minute or so for the upload proces to complete and
the Next button to no longer be greyed out
2. Click the Next button once available
HOL-SDC-1610
Page 605
HOL-SDC-1610
Accept EULA
1. Click the Check Box to accept the terms of this agreement
2. Click Next
HOL-SDC-1610
Page 606
HOL-SDC-1610
Complete Installation
The installation will take a few minutes to complete
1. Click Finish when the installation is complete and the Finish button is no longer
greyed out
HOL-SDC-1610
Page 607
HOL-SDC-1610
Verify Installation
The Management Pack for Log Insight is now installed. There is no further configuration
needed within the vRealize Operations Manager product UI. We will now switch to the
Log Insight product UI to complete the integration.
HOL-SDC-1610
Page 608
HOL-SDC-1610
Configuring vRealize Operations Integration

1. Select the Log Insight browser tab. This assumes you left the browser open
from the previous section. If you closed the browser, select LogInsight-01a from
the FireFox bookmark, log in and navigate to the administration pane.
2. Click the vRealize Operations link in the navigation pane.
HOL-SDC-1610
Page 609
HOL-SDC-1610
Configuring vRealize Operations Integration

1.
2.
3.
4.
5.
6.
Enter 192.168.110.70 in the Hostname field

Enter admin in the Username field
Enter VMware1! in the Password field
Ensure both checkboxes are enabled
Select Test Connection and confirm Test Successful
Select Save
Registering with vRealize Operations Manager

Be patient as the initial configuration can take several minutes to complete.
HOL-SDC-1610
Page 610
HOL-SDC-1610
Registration Successful
1. Once the registration completes, click OK.
Navigate to vRealize Operations

1. Return to vrops-01a.corp.local within the Firefox browser.
Environment
1. Click the Environment icon (looks like earth) in the Navigation pane
HOL-SDC-1610
Page 611
HOL-SDC-1610
vSphere Hosts and Clusters

1. Click vSphere Hosts and Clusters
HOL-SDC-1610
Page 612
HOL-SDC-1610
esx-01a.corp.local
1. Click the swizzles (small triangle) next to each object for World, vCenter,
Datacenter Site A and Cluster Site A
2. Click esx-01a.corp.local
3. Click the Actions dropdown
4. Select Search for logs in vRealize Log Insight. Selecting this option will
launch vRealize Log Insight in context i.e. only show logs for esx01-a
HOL-SDC-1610
Page 613
HOL-SDC-1610
This Connection is Untrusted

Note: If you do not get this warning message, please move on to the next step.
1. Click I Understand the Risks (Same risks as always; itchy watery eyes, dry
mouth, insomnia, trouble focusing, and a sudden and inexplicable desire to watch
re-runs of the Full House!)
2. Click Add Exception
HOL-SDC-1610
Page 614
HOL-SDC-1610
Confirm Security Exception

1. If required, click Confirm Security Exception.
HOL-SDC-1610
Page 615
HOL-SDC-1610
Login to Log Insight

Authenticate to Log Insight again, if required.
1. Username: admin
3. Click Login
HOL-SDC-1610
Page 616
HOL-SDC-1610
Interactive Analytics
Launch in context can be useful when you are troubleshooting an object in vRealize
Operations and you need to quickly check the relevant logs for that object.
1.
2.
3.
4.
A constraint is automatically added with the vR Ops identifier (vmw_vr_ops_id)

Note: the vR Ops identifier for esx-01a already added to the constraint.
Only log events specific to esx-01a are presented within the events tab.
Click Interactive Analytics to clear the constraint. Alternatively, you can click
the "x" next to the constraint. Clicking Interactively Analytics is useful when you
want to clear all constraints from a query.
Create alerts in Log Insight

Now that Log Insight and vRealize Operations are integrated we can also create alerts in
Log Insight and send them to vRealize Operations. We will examine the alert
functionality over the next several steps.
1. Click Add Filter
HOL-SDC-1610
Page 617
HOL-SDC-1610
2.
3.
4.
5.
6.
Select the drop down with the word text and type vmw_vc_api_invocations
Select the drop down with the "=" sign and select the ">" sign
Type in the value "1" in the last input box
Click the query magnifying glass
Notice only log events with greater than 1 API invocation appear in the list
Create Alert from Query

We would like to send an alert over to the vRealize Operations dashboard for vcsa-01a,
based on the API query, so our Operations team becomes aware of issues in a timely
fashion.
1. To the right of the search bar, click the Red alert icon
2. Click Create Alert from Query
HOL-SDC-1610
Page 618
HOL-SDC-1610
New Alert
Fill out the Alert:
1.
2.
3.
4.
Name: API Invocation Alert

Enable Email: Uncheck
Enable Send to vRealize Operations Manager: Check
Click Select
Select the vRealize Operations Manager Resource to

Receive Alert
1. Type: vCenter
2. Select All Objects from the drop down
3. Choose the last vCenter (vCenter-Actions) in the list.
HOL-SDC-1610
Page 619
HOL-SDC-1610
Note: The resource option is used as the default object in vRealize Operations Manager
that will receive the LI alert assuming inventory mapping returns no information for an
event triggered by the Log Insight alert (e.g. non-vSphere events). If the event does
have inventory mapping information, then the Log Insight alert will automatically get
mapped to the correct object in vRealize Operations Manager regardless of what the
resource parameter is set to in Log Insight.
HOL-SDC-1610
Page 620
HOL-SDC-1610
Finalize Alert
Type a note to remind the team why we created this alert. You can type whatever you
want.
1. The notes field provides the ability to add information to the notification.
Information could, for example, include resolution steps or a kb article link.
2. Click Save
Alert integration is configured with the query information that was used previously.
Note: Log Insight alerts are sent to vRealize Operations Manager as notification events.
Notification events in vRealize Operations Manager are accessible from a variety of
locations including:
Summary - Top Alerts under the Health badge
Alerts - A dedicated section for alerts as well as an alerts section per object
Object - Shows Log Insight alerts in Troubleshooting > Events
HOL-SDC-1610
Page 621
HOL-SDC-1610
HOL-SDC-1610
Page 622
HOL-SDC-1610
Conclusion
Due to the dynamic nature of the lab environment, an alert may not be
available in vRealize Operations. For this exercise we will treat the alert as
configured and display an example.
HOL-SDC-1610
Page 623
HOL-SDC-1610
Conclusion
Thank you for completing the vRealize Log Insight Module! For additional Log Insight
content check out HOL-SDC-1635 (vRealize Log Insight) and HOL-SDC-1601(Cloud
Management with vRealize Suite Standard).
HOL-SDC-1610
Page 624
HOL-SDC-1610
Module 8: From Beginner

to Advanced Features
with PowerCLI - (60
Minutes)
HOL-SDC-1610
Page 625
HOL-SDC-1610
Module overview
This module will introduce you to VMware vSphere PowerCLI. Novice users will easily
learn to use the tool and more advanced users will get familiar with the new
functionality available in the latest releases of the product like configuring an OVA
before deploying it and filtering objects by their tags. Both new and experienced users
are sure to learn something new.
HOL-SDC-1610
Page 626
HOL-SDC-1610
Getting Started With PowerShell and

PowerCLI
In this lesson you'll learn the basics of PowerShell and PowerCLI. You'll learn how to start
the PowerCLI console and PowerShell ISE, how to list available commands and view their
help.
Starting PowerCLI
After installation, PowerCLI can be started by double clicking the desktop icon labeled
"VMware vSphere PowerCLI". This will open the PowerShell console and load all PowerCLI
modules.
HOL-SDC-1610
Page 627
HOL-SDC-1610
Using Powershell ISE

As an alternative to the simple console, you can use Powershell ISE script editor, which
provides a better user experience. You can start the editor by double clicking its icon on
the desktop (1). The upper pane (2) is for viewing/editing script files, and the lower pane
(3) is for running individual commands and displaying their output (an analog of the
standard PowerShell console).
HOL-SDC-1610
Page 628
HOL-SDC-1610
Using Powershell ISE

During this lab you will execute various PowerCLI commands in the lower pane of
PowerShell ISE or in the PowerShell console. You can either type the commands yourself
or copy-paste them from the "Module7.ps1" files located on the desktop. The most
convenient way to go through the lab is to open Module7.ps1 in the upper pane of
Powershell ISE. This file contains all commands you will call in this module. Each
command can be selected (1) and executed by pressing F8 (or "Run Selection" button
(2)). Before executing a new command make sure the previous one is completed - you
will see "Completed" message (3) at the bottom of the console.
Listing Available Commands

Let's explore what we can do with PowerCLI. PowerCLI's snapins provide more than 500
commands (called cmdlets in PowerShell) for managing vSphere, vCloud Air, SRM, vR
Ops, and VUM. You can view the available PowerCLI commands by typing:
Get-VICommand
HOL-SDC-1610
Page 629
HOL-SDC-1610
This will list all PowerCLI commands. As the list is quite large, you may want to narrow it
down to something more specific, for example all commands for managing VMs:
Get-VICommand *VM
Hint: You can use autocomplete for faster typing - just start typing the beginning of the
command/parameter and press "Tab".
Connecting to vSphere
The first thing we need to do in order to manage our vCenter Server is to connect to it.
This is done by using the Connect-VIServer command. Our vCenter is named "vcsa-01a"
and here's how to connect to it:
Connect-VIServer vcsa-01a -User corp\administrator -Password VMware1!
The command will connect to the vCenter with the specified user's credentials.
Getting Help
If you are unsure how to use a specific cmdlet, you can easily view its help by typing
Get-Help (or for short - just "help") and the name of the cmdlet:
help Connect-VIServer
If you want to see the full help with example usages of the cmdlet and parameter
descriptions you should open the full help of the cmdlet:
help Connect-VIServer -Full
If you want to see only the examples, you can use -examples switch like this:
HOL-SDC-1610
Page 630
HOL-SDC-1610
help Connect-VIServer -Examples
You can also search for a specific word in the entire help archive. Let's try searching for
a cmdlet that vmotions VMs:
help vmotion
The result contains the cmdlet we need - Move-VM. We'll use it later in this module.
Feel free to check the help of any cmdlet we demonstrate in this lab.
HOL-SDC-1610
Page 631
HOL-SDC-1610
Using PowerCLI for reporting

With more than 100 Get-* cmdlets PowerCLI is also a powerful reporting tool. In this
lesson, you'll learn more about this usage of PowerCLI.
HOL-SDC-1610
Page 632
HOL-SDC-1610
Retrieving VMs
One of the most common things to do is list the VMs in your vCenter Server. This is
useful for browsing the inventory and reporting as well as for further processing of
specific VMs (e.g. batch modification of VMs). You can retrieve all VMs with:
Get-VM
You can also retrieve one or more VMs by name. Try out the following:
Get-VM linux-CPU-Load-01a
Get-VM linux*
HOL-SDC-1610
Page 633
HOL-SDC-1610
Retrieving specific properties of an object

When you call a cmdlet (like Get-VM) the result you get is an object or array of objects
(in this case it's a VM object). To see what properties the object(s) have you can use
Get-Member cmdlet like this:
Get-VM linux-CPU-Load-01a | Get-Member -MemberType property
This will list all the available properties of the VM object.

Note: Here we use a PowerShell functionality called "pipeline" (or "piping"). Get-Member
cmdlet actually has a parameter called "InputObject" that accepts VM objects (as well
as all other PowerShell objects). Instead of retrieving our VMs, storing them in a variable
and passing them to that parameter of Get-Member, we simply "pipe" the output of GetVM to Get-Member. This way the output of the first cmdlet becomes the input of the
second.
Then you can use PowerShell's 'select' command to retrieve only the properties you
need from resulting object:
Get-VM linux-CPU-Load-01a | Select Name, NumCPU, MemoryMB, PowerState, VMHost
HOL-SDC-1610
Page 634
HOL-SDC-1610
Filtering report results

When the Get-* cmdlet has no parameter to filter the objects by the property you need,
you can use PowerShell's 'where' command to filter the results from a cmdlet call:
Get-VM | Where {$_.Powerstate -eq "PoweredOn"} | Select Name, NumCPU, MemoryMB, PowerState,
VMHost
Hint: $_ is a reserved powershell variable that holds the current object from the pipeline
HOL-SDC-1610
Page 635
HOL-SDC-1610
Exporting report results to various

formats
To present the data to your manager or another team or to transfer them to another
system that your company uses you need them formatted in some way. In this lesson
you'll learn how to export the data, generated by your PowerCLI reports to various
different formats (txt, csv, xml, html).
HOL-SDC-1610
Page 636
HOL-SDC-1610
Exporting to txt
Let's start with the most basic export - to txt file. To export your report to txt use OutFile PowerShell cmdlet:
Get-VM | Select Name, NumCPU, MemoryMB, PowerState, VMHost | Out-File c:\myPowerCLIReport.txt
Open the text file to check the result.
Exporting to csv
Now let's export the same data to csv format. We'll use Export-Csv cmdlet to do that:
Get-VM | Select Name, NumCPU, MemoryMB, PowerState, VMHost | Export-Csv
c:\myPowerCLIReport.csv -NoTypeInformation
HOL-SDC-1610
Page 637
HOL-SDC-1610
Check the result in the csv file
HOL-SDC-1610
Page 638
HOL-SDC-1610
Exporting to xml
The next format that you'll export to is XML. The PowerShell cmdlet we'll use is
ConvertTo-Xml. Since this cmdlet returns XMLDocument object we need to call its Save
method to write formatted data to file:
(Get-VM | Select Name, NumCPU, MemoryMB, PowerState, VMHost | ConvertTo-Xml
-NoTypeInformation).Save("c:\myPowerCLIReport.xml")
Check the result in the xml file
Exporting to HTML
You can also export the data in HTML format by using ConvertTo-Html cmdlet. Since this
command just formats the data in HTML you also need Set-Content cmdlet to write
formatted data to file:
HOL-SDC-1610
Page 639
HOL-SDC-1610
Get-VM | Select Name, NumCPU, MemoryMB, PowerState, VMHost | ConvertTo-Html | Set-Content

"c:\myPowerCLIReport.html"
Now go to 'c:\' folder and open the report.
Adding formatting to the HTML page

If we want to make our HTML report look a bit better, we can apply some styles on it like
this:
$a = "<style>"
$a = $a + "BODY{background-color:Gainsboro;}"
$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse:
collapse;}"
$a = $a + "TH{border-width: 1px;padding: 5px;border-style: solid;border-color:
black;background-color:SkyBlue}"
$a = $a + "TD{border-width: 1px;padding: 5px;border-style: solid;border-color:
black;background-color:PaleTurquoise}"
$a = $a + "</style>"
Get-VM | Select Name, NumCPU, MemoryMB, PowerState, VMHost | ConvertTo-Html -head $a |
Set-Content "c:\myPowerCLIReport.html"
If you open the report, now you'll see that it looks much better
HOL-SDC-1610
Page 640
HOL-SDC-1610
HOL-SDC-1610
Page 641
HOL-SDC-1610
Setting up and configuring a cluster

In the next few lessons you'll setup a small virtual environment of a fictional company Nephosoft. You'll start with creating and configuring a cluster. Then you'll setup
networking by creating and configuring a virtual distributed switch (VDS). At the end
you'll create several virtual machines based on a predefined specification, tag them
accordingly and then do a batch update of multiple VM specifications, based on their
tag. In this lesson we'll start with information on how to create and configure a cluster
with PowerCLI. You'll setup its EVC, HA and DRS settings.
Creating a cluster
To create a new cluster we'll use the New-Cluster cmdlet. We have to specify the name
and the location of the new cluster:
$cluster1 = New-Cluster -Name "Nephosoft Cluster 1" -Location "Datacenter Site A"
Configuring cluster's Enhanced vMotion Compatibility

Mode
Now let's configure the cluster's enhanced vMotion compatibility mode to ensure CPU
compatibility for vMotion. To do that we'll first determine what EVC modes are supported
by our hosts:
$evcModes = Get-VMHost | Select MaxEVCMode
Now inspect the content of the $evcModes variable. Just type the name of the variable
($evcModes) and its value will be printed to the screen. You'll notice that both hosts
have the same evc mode.
Note: The EVC mode might be different from the one on the screenshot above, because
it depends on the physical hardware that your lab environment runs on.
Let's set that EVC mode to the cluster to make sure that any other hosts that might be
added to the cluster in the future will have to match this EVC mode:
Set-Cluster $cluster1 -EVCMode $evcModes[0].MaxEVCMode
When you are prompted for confirmation - click yes.
HOL-SDC-1610
Page 642
HOL-SDC-1610
Hint: Prompting for confirmation is good for interactive usage, however it is undesired in
scripts since it will halt them. You can automatically confirm the operation by appending
"-Confirm:$false" parameter to your cmdlet call.
Enabling HA on the cluster

The next step is to enable HA on our cluster to ensure that our VMs are protected in
case of host failure:
Set-Cluster $cluster1 -HAEnabled:$true -Confirm:$false
HOL-SDC-1610
Page 643
HOL-SDC-1610
Enabling DRS on the cluster and configuring DRS settings

Now let's enable DRS on this cluster and set its automation level to "manual" to make it
generate recommendations for VM placement and migration (you can retrieve and apply
those recommendations with Get-DrsRecommendation and Apply-DrsRecommendation
cmdlets):
Set-Cluster $cluster1 -DRSEnabled:$true -DRSAutomationLevel "Manual" -Confirm:$false
HOL-SDC-1610
Page 644
HOL-SDC-1610
Moving hosts to the cluster

In this lesson you'll learn how to move our hosts to the already created cluster.
HOL-SDC-1610
Page 645
HOL-SDC-1610
Moving hosts to the cluster

To move the hosts into the new cluster we need to put them in maintenance mode first.
To put them in maintenance mode we have to shut down all the running VMs before
that. So, let's retrieve all the running VMs and then stop them:
$vmsToStop = Get-VM | Where {$_.Powerstate -eq "PoweredOn"}
Stop-VM $vmsToStop -Confirm:$false
Now let's put the hosts in maintenance mode:

Get-VMHost | Set-VMHost -State Maintenance
Next we'll use the Move-Host cmdlet to move the hosts to the cluster:
Get-VMHost | Move-VMHost -Destination $cluster1
And at the end let's take the hosts out of maintenance mode:
Get-VMHost | Set-VMHost -State Connected
HOL-SDC-1610
Page 646
HOL-SDC-1610
Setting up and configuring virtual

distributed switch
In this lesson you'll learn how to create a distributed switch and migrate host
networking to the distributed switch.
Creating a VDS (virtual distributed switch)

We'll start by creating a VDS with the New-VDSwitch cmdlet:
$vds = New-VDSwitch -Name "Nephosoft VDS" -Location "Datacenter Site A"
You can check the content of the $vds variable.
Adding ESX hosts to the VDS

Next step is to add both our ESX hosts to the distributed switch:
Add-VDSwitchVMHost -VDSwitch $vds -VMHost esx-01a.corp.local, esx-02a.corp.local
You can verify ESX hosts are successfully added in the distributed switch:
Get-VMHost -DistributedSwitch $vds
HOL-SDC-1610
Page 647
HOL-SDC-1610
Creating distributed portgroups

Now let's create portgroups for the management, storage, vMotion and VM networks
with the New-VDPortGroup cmdlets:
$pgManagement = New-VDPortGroup $vds -Name "management"
$pgvMotion = New-VDPortGroup $vds -Name "vMotion"
$pgStorage = New-VDPortGroup $vds -Name "storage"
$pgVM = New-VDPortGroup $vds -Name "VM"
You can verify that portgroups are successfully created:

Get-VDPortGroup -VDSwitch $vds
Migrating host networking to the VDS

We'll migrate our hosts' networking host by host. First we'll save both our hosts in a
variable:
$hosts = Get-VMHost
esx-01a.corp.local, esx-02a.corp.local
Then we'll migrate the networking for each one of them by using PowerShell's foreach
loop. For each host we'll first retrieve its physical nics and then its management,
storage, and vMotion VMKernel nics. Then we'll migrate them together by using the AddVDSwitchPhysicalNetworkAdapter cmdlet, while specifying the distributed portgroups for
each VMKernel nic with the VirtualNicPortGroup parameter:
HOL-SDC-1610
Page 648
HOL-SDC-1610
foreach ($vmhost in $hosts) {

$pNics = Get-VMHostNetworkAdapter -VMHost $vmhost -Physical
$vNicManagement = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk0
$vNicStorage = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk1
$vNicvMotion = Get-VMHostNetworkAdapter -VMHost $vmhost -Name vmk2
Add-VDSwitchPhysicalNetworkAdapter -DistributedSwitch $vds -VMHostPhysicalNic $pNics
-VMHostVirtualNic $vNicManagement,$vNicStorage,$vNicvMotion -VirtualNicPortGroup
$pgManagement,$pgStorage,$pgvMotion -Confirm:$false
}
Migrating VM networking to the VDS

In the end let's migrate the VM networking as well. First we'll get the network adapters
of all the VMs:
$vmNetworkAdapters = Get-VM | Get-NetworkAdapter
Next we'll migrate these network adapters to the "VM" portgroup that we created in the
previous step:
Set-NetworkAdapter -NetworkAdapter $vmNetworkAdapters -Portgroup $pgVM -Confirm:$false
Now the network traffic of all the VMs is going through the VDSwitch.
HOL-SDC-1610
Page 649
HOL-SDC-1610
Creating a VM and vMotioning it

between the hosts
In this lesson you'll learn how to create a VM and vMotion it between the two hosts in
the cluster.
Creating a VM from scratch

Let's start by creating a VM with the New-VM cmdlet. We'll specify the VM's name, hard
disk and memory size, the host and the datastore, on which we want to create it. Also
we'll specify the portgroup for the VM network to be in the distributed switch, created
earlier. We'll place the VM on our NFS datastore, which is shared between our two hosts.
$vm = New-VM -Name 'jsmith' -VMHost esx-01a.corp.local -DiskGB 10 -MemoryMB 512 -Datastore
ds-site-a-nfs01 -Portgroup $pgVM
Let's start that VM:

$vm | Start-VM
vMotioning the VM between the host

Now let's move the VM to the other host to make the workload more equally distributed:
Move-VM $vm -Destination esx-02a.corp.local
Note: If this is not the first module you're doing in this session, there is a chance that
you may have some disconnected datastores in your environment. In this case you'll
receive an error that Move-VM is unable to access the virtual machine configuration. If
this happens you'll have to reconnect the NFS datastore on one of your hosts. To do so
we'll use Get-EsxCli cmdlet:
Retrieve EsxCLli for esx-02a.corp.local:
HOL-SDC-1610
Page 650
HOL-SDC-1610
$esxCli = Get-EsxCli -VMhost esx-02a.corp.local
Verify NFS datastore isn't accessible:

$esxCli.storage.nfs.list()
...
Accessible
: false
...
Disconnect NFS datastore:

$esxCli.storage.nfs.remove('ds-site-a-nfs01')
Reconnect NFS datastore:

$esxCli.storage.nfs.add('10.10.20.60', $false, $false, '/mnt/NFSA', 'ds-site-a-nfs01')
If needed repeat the same procedure for esx-01a.corp.local

Tip: Since Move-VM operation could take significantly long time, you may want to move
the VMs asynchronously and continue your work in the meantime. You can do that by
specifying -RunAsync parameter of Move-VM. Many other cmdlets that may take long
time to complete also support -RunAsync.
HOL-SDC-1610
Page 651
HOL-SDC-1610
Creating multiple VMs and tagging

them appropriately
In this lesson you'll learn how to create multiple VMs with PowerCLI by a specification
saved in csv file. You'll also tag the VMs according to the same specification.
Reviewing the specification

First of all let's review the specification that we'll follow when creating the VMs. Open
the 'vmspec.csv' file located on your desktop. For every VM we have the name, memory
size (in MB), disk size (in GB), department and type (user or server VM).
HOL-SDC-1610
Page 652
HOL-SDC-1610
Reading the information from the csv file to an array

Now let's import that file to a PowerShell variable:
$spec = Import-Csv 'C:\Users\Administrator\Desktop\vmspecs.csv'
Inspect the content of the $spec variable. You'll find out that it contains an array of
objects (one object for each VM) and each one of these objects has a corresponding
property for name, memory size, disk size, department and type.
Creating VMs based on the specification

Now let's create the VMs based on the specification. We'll use the foreach PowerShell
loop again:
foreach ($vmSpec in $spec)
{
New-VM -Name $vmSpec.Name -MemoryMB $vmSpec."Memory size" -DiskGB $vmSpec."Disk size"
-VMHost esx-01a.corp.local -Portgroup $pgVM
}
Creating tag categories

Our next task is to tag our newly created VMs appropriately. To do that we'll start by
creating two different tag categories - "Department" and "Type":
HOL-SDC-1610
Page 653
HOL-SDC-1610
New-TagCategory -Name Department

New-TagCategory -Name Type
HOL-SDC-1610
Page 654
HOL-SDC-1610
Creating tags based on the specification

Let's retrieve the unique department names first:
$departmentTagNames = $spec | select -Unique Department
Now let's create tag for each department:

foreach ($departmentTagName in $departmentTagNames)
{
New-Tag -Name $departmentTagName.Department -Category Department
}
Next we have to do the same for the VM types:

$vmTypes = $spec | select -Unique Type
foreach ($vmType in $vmTypes)
{
New-Tag -Name $vmType.Type -Category Type
}
You can check what tags were defined as a result by calling:

Get-Tag
HOL-SDC-1610
Page 655
HOL-SDC-1610
HOL-SDC-1610
Page 656
HOL-SDC-1610
Assigning tags to the VMs based on the specification

Now when we have the tags and tag categories properly defined it's time to tag the VMs
appropriately. We'll use the New-TagAssignment to assign a tag to a VM:
foreach ($vmSpec in $spec)
{
$departmentTag = Get-Tag $vmSpec.Department
$typeTag = Get-Tag $vmSpec.Type
$vm = Get-VM -Name $vmSpec.Name
New-TagAssignment -Entity $vm -Tag $departmentTag
New-TagAssignment -Entity $vm -Tag $typeTag
}
HOL-SDC-1610
Page 657
HOL-SDC-1610
Modifying multiple VMs based on their

tag
In this lesson you'll learn how to modify multiple VMs simultaneously with PowerCLI,
based on their tags.
HOL-SDC-1610
Page 658
HOL-SDC-1610
Updating VMs memory capacity based on their tags

A new application will be deployed in the Nephosoft sales department and that requires
the memory on the user machines to be updated to 1GB. Now that we have our VMs
properly tagged it's easier to make a mass update of the VMs. Let's retrieve all the VMs
from the sales department first:
$salesVMs = Get-VM -Tag sales
Next let's retrieve all the user VMs:

$userVMs = Get-VM -Tag user
Note: We cannot use "Get-VM -Tag sales, user", because that will return all the VMs are
either from the sales department, or user VMs and what we actually want is to get the
VMs that are both from the sales department and are user VMs
Now let's select all VMs that have both tags assigned. For that purpose we'll use
Compare-Object Powershell cmdlet:
$salesUserVMs = Compare-Object $salesVMs $userVMs -IncludeEqual -ExcludeDifferent -PassThru
Before we can update the VMs memory we need to make sure that they are all stopped:
$salesUserVMs | where {$_.PowerState -eq "PoweredOn"} | Stop-VM -Confirm:$false
Finally we'll update the VM's memory capacity with the Set-VM cmdlet:
Set-VM $salesUserVMs -MemoryGB 1 -Confirm:$false
HOL-SDC-1610
Page 659
HOL-SDC-1610
Configuring and deploying an OFV

template
In this lesson you'll learn how you can apply configuration to an OVF template, when
deploying one.
Retrieve OvfConfiguration object

The OVF configuration in PowerCLI is represented as an OvfConfiguration object, which
can be retrieved from an ovf file by Get-OvfConfiguration cmdlet. Note that you have to
be connected to a vCenter server in order to use this cmdlet, as it needs the connection
to parse the OVA properties.
$linuxMicroConfig = Get-OvfConfiguration -Ovf C:\OVF\linux-micro-01a\linux-micro-01a.ovf
Take a look at the object inside the $linuxMicroConfig variable. It contains one property,
which points to the source ovf file and second, which is the actual configurable property
for the selected ovf file - NetworkMapping. When we take a look inside the
NetworkMapping object we'll see that it contains single property VM_Network, which is
the only configuration that can be applied to that ovf tempalte.
Update OVF configuration

You can update the retrieved configuration just by assigning values to the object
properties, matching the configurations you want to apply. In our case we will assign
value to the "VM_Network"
$linuxMicroConfig.NetworkMapping.VM_Network.Value = 'VM'
HOL-SDC-1610
Page 660
HOL-SDC-1610
Import vApp applying configuration

When you import your vApp you can apply its configuration using the new Import-VApp
parameter "OvfConfiguration".
Import-VApp -Source 'C:\linux-micro-01a\linux-micro-01a.ovf' -OvfConfiguration
$linuxMicroConfig -Name 'LinuxMicro' -VMHost 'esx-01a.corp.local'
Let's verify that configuration has been applied:

$linuxMicroVM = Get-VM 'LinuxMicro'
$linuxMicroVM | Get-NetworkAdapter
As you can see, the vApp has been deployed with the correct network mapping.
HOL-SDC-1610
Page 661
HOL-SDC-1610
Further Reading
This lesson is for information purpose only and lists some of the more advanced features
of PowerCLI, useful reading materials for both novice and advanced users as well as
information for other PowerCLI related labs. Feel free to experiment with these if you
like.
Other PowerCLI related labs

HOL-SDC-1602 vSphere with Operations Management - Advanced Topics: Module 8 will
introduce you to the new PowerCLI cmdlets for managing vRealize Operation Manager.
HOL-HBD-1683 Managing Your Hybrid Cloud: Module 3 is all about managing vCloud Air
with VMware vSphere PowerCLI.
Accessing the entire vSphere API

Although PowerCLI offers more than 300 cmdlets for managing vSphere they don't cover
the entire functionality of the platform. Despite that you are still able to access all of the
functionality by using the Get-View cmdlet. This special cmdlet is an access point to the
entire vSphere API. The objects returned by the cmdlet are known as "Views" and
represent an exact copy of the vSphere API objects. You can find more information about
these objects in the vSphere API Reference
Documentation:
http://pubs.vmware.com/vsphere-60/index.jsp
Using this cmdlet you will be able to write scripts directly against the API in an objectoriented manner.
Onyx for the Web Client

Onyx for the Web Client is a Fling that translates actions taken in the vSphere Web
Client to PowerCLI.Net code. This Fling was the winning entry in last years 2014 Fling
Contest. Its an update, of sorts, to the Onyx fling, as it allows for similar functionality in
the web client.
The Onyx for the Web Client Fling provides the ability to record actions taken in the
vSphere Web Client and turn these actions into PowerCLI.Net code. The resulting code
can then be used to understand how VMware performs an action in the API and also
better define functions. You could also input the resulting code into search engines to
find the API documentation and information on how to use this area of the vSphere API.
HOL-SDC-1610
Page 662
HOL-SDC-1610
https://labs.vmware.com/flings/onyx-for-the-web-client
Useful materials to get you started with advanced

PowerCLI scripting
If you are new to PowerCLI or want to learn more about the product then here are a few
blogs you can follow. There you can find great articles and scripts about PowerCLI:
The official PowerCLI blog: http://blogs.vmware.com/PowerCLI/
Alan Renouf's blog: http://www.virtu-al.net
Luc Dekens' blog: http://www.lucd.info
HOL-SDC-1610
Page 663
HOL-SDC-1610
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-SDC-1610
Version: 20160804-125633
HOL-SDC-1610
Page 664

Hol-Sdc-1610 PDF en

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Hol-Sdc-1610 PDF en

Cargado por

Copyright:

Formatos disponibles

HOL-SDC-1610

Demonstrate user authorization capabilities ...................................................... 448

Lab Overview - HOLSDC-1610 - Virtualization

Module 1 - Introduction to vSOM (60 Minutes)

Activation Prompt or Watermark

Reduce Storage Costs

VMware vSphere with Operations

Simplify IT Management of Virtual Infrastructure

Increased Host-Level Configuration Maximums (logical CPUs increased to 320)

vSphere Hypervisor: Introduction to Virtualization (5:50)

Video: vSphere with Operations Management - Overview

Understanding the User Interface vSphere Web Client

Using the vSphere 6.0 Web Client

Log into the vSphere Web Client

2. Password "VMware1!" (without quotes)

vSphere Web Client User Interface Overview

Navigation Tree or Navigator

vCenter 6.0 Inventory

Navigating to the Inventory Items

Virtual Machine Inventory List

Virtual Machine Summary

Using the Tag and Search Features to Find Objects Quickly

Search for Virtual Machines

Virtual Machines That Exist in the Environment

Change the field shown to "Virtual Machine".

Name the Search

View Saved Searches

Saved Search Results

List of Virtual Machines

2. Select "Related Objects" on the right. An expanded list of virtual machines is

Recent Objects Navigator

Recent History Navigator

To view your current history, Right-click or hold on the Navigator bar.

Tags, User Defined Labels

Create Tag Categories

New Tag Category

Create a New Tag

Tag Creation and Assign to a Category

List Created Tags

Assign Tags to a Virtual Machine

Select a Virtual Machine

Assign Tag to Virtual Machine

Search Using Tags

Understanding the User Interface vRealize Operations Manager

Logging into vRealize Operations Manager

Navigate to an Object to Run a Report

Use The Report Filter and Run a Report

View Completed Reports

Open the Report

Viewing the Report

Understanding the Report

Enabling and Disabling Dashboards

Click on the "Home" icon

View the NFS Dashboards

How to Install vSOM

Video: Installing ESXi using the Installer (4:35)

Video: Overview of the ESXi Direct Console User Interface

Video: Express Installation and Getting Started -vRealize

Module 2: Build and

Virtual Infrastructure - Cluster

Video: Create vCenter Inventory (Datacenter, Cluster,

Virtual Infrastructure - Create and Edit

Create a Virtual Machine