Monthly Archives: March 2011

VCAP-DCA Study Notes – 2.2 Configure and Maintain VLANs and PVLANs

This is one of the smaller objectives plus only the PVLAN concepts and practices are new – VLAN support remains relatively unchanged from VI3 (although the vDS and it’s associated VLAN support is new).

Knowledge

  • Identify types of VLANs and PVLANs

Skills and Abilities

  • Determine use cases for and configure VLAN Trunking
  • Determine use cases for and configure PVLANs
  • Use command line tools to troubleshoot and identify VLAN configurations

Tools & learning resources

Types of VLAN

VLANs are a network standard (802.1q) which are fully supported in vSphere. They can be used to minimise broadcast traffic and as a security measure to segregate traffic (although like any technology there are weaknesses). Typical uses for VLANs with vSphere are to isolate infrastructure (vMotion, iSCSI and NFS) traffic and VM traffic.

There are three main ways of using VLANs with vSphere (covered in this VMware whitepaper);

  • Virtual guest tagging (VGT) – requires VLAN driver support in the guest OS
  • Virtual Switch tagging (VST) – common option, requires VLAN trunking on external switches
  • External switch tagging (EST) – less flexible and requires more physical NICs

In the Cisco world you set a port to be an ‘access port’ or a ‘trunk port’ if it’s going to carry multiple VLANs. VLAN IDs are 16 bit values giving a range of 0-4095. 4095 is used within vSphere to mean ‘all VLANs’ and is how you configure a portgroup when using VGT.

Configuring VLANs and VLAN trunking

For standard vSwitches you configure VLAN tags on portgroups. This configuration is done at the ESX host using the VI client (Configuration -> Networking);

  • Use VLAN 0 when no VLAN tags are present (EST)
  • Use VLAN 4095 to pass all VLANs (VGT)

Use a specific VLAN ID depending on the isolation required (VST)

Continue reading VCAP-DCA Study Notes – 2.2 Configure and Maintain VLANs and PVLANs

VCAP-DCA Study notes – 2.1 Implement and Manage Complex Virtual Networks

The VCAP-DCA lab is still v4.0 (rather than v4.1) which means features such as NIOC and load based teaming (LBT) aren’t covered. Even though the Nexus 1000V isn’t on the Network objectives blueprint (just the vDS) it’s worth knowing what extra features it offers as some goals might require you to know when to use the Nexus1000V or just the vDS.

Knowledge

  • Identify common virtual switch configurations

Skills and Abilities

  • Determine use cases for and apply IPv6
  • Configure NetQueue
  • Configure SNMP
  • Determine use cases for and apply VMware DirectPath I/O
  • Migrate a vSS network to a Hybrid or Full vDS solution
  • Configure vSS and vDS settings using command line tools
  • Analyze command line output to identify vSS and vDS configuration details

Tools & learning resources

Network basics (VCP revision)

Standard switches support the following features (see section 2.3 for more details);

  • NIC teaming
    • Based on source VM ID (default)
    • Based on IP Hash (used with Etherchannel)
    • Based on source MAC hash
    • Explicit failover order
  • VLANs (EST, VST, VGT)

vDS Revision

The vDistributed switch separates the control plane and the data place to enable centralised administration as well as extra functionality compared to standard vSwitches. A good summary can be found at GeekSilver’s blog. Benefits;

  • Offers both inbound and outbound traffic shaping (standard switches only offer outbound)
    • Traffic shaping can be applied at both dvPortGroup and dvUplink PortGroup level
    • For dvUplink PortGroups ingress is traffic from external network coming into vDS, egress is traffic from vDS to external network
    • For dvPortGroups ingress is traffic from VM coming into vDS, egress is traffic from vDS to VMs
    • Configured via three policies – average bandwidth, burst rate, and peak bandwidth
  • Ability to build a third party vDS on top (Cisco Nexus 1000v)
  • Traffic statistics are available (unlike standard vSwitches)

image

NOTES:

  • CDP and MTU are set per vDS (as they are with standard vSwitches).
  • PVLANs are defined at switch level and applied at dvPortGroup level.
  • There is one DVUplink Portgroup per vDS
  • NIC teaming is configured at the dvPortGroup level but can be overridden at the dvPort  level (by default this is disabled but it can be allowed). This applies to both dvUplink Portgroups and standard dvPortGroups although on an uplink you CANNOT override the NIC teaming or Security policies.
  • Policy inheritance (lower level takes precedence but override is disabled by default)
    • dvPortGroup -> dvPort
    • dvUplink PortGroup -> dvUplinkPort

NOTE: Don’t create a vDS with special characters in the name (I used ‘Lab & Management’) as it breaks host profiles – see VMwareKB1034327.

Continue reading VCAP-DCA Study notes – 2.1 Implement and Manage Complex Virtual Networks

VCAP-DCA Study notes – 6.1 vSphere Log Files

Knowledge

  • Identify vCenter Server log file names and locations
  • Identify ESX/ESXi log files names and locations
  • Identify tools used to view vSphere log files

Skills and Abilities

  • Generate vCenter Server and ESX/ESXi log bundles
  • Use vicfg‐syslog to configure centralized logging on ESX/ESXi Hosts
  • Test centralized logging configuration
  • Configure the vMA appliance as a log host
  • Use vilogger to enable/disable log collection on the vMA appliance
  • Use vilogger to configure log rotation and retention
  • Analyze log entries to obtain configuration information
  • Analyze log entries to identify and resolve issues

Tools & learning resources

I’m covering the troubleshooting objectives last while preparing for the VCAP-DCA – it seems like the logical thing to do. Learn all the material then play with it, break it, fix it, recreate it etc. Practice makes perfect! I’ve been using the Trainsignal’s Troubleshooting for vSphere course but the official VMware Troubleshooting course has been getting good feedback.

vCenter log files

Located in;

  • %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\Logs (W2k3)
  • C:\ProgramData\VMware\VMware VirtualCenter\Logs (W2k8)

Available logs;

  • sms.log                                   Storage Management Service
  • vpxd-xxxx.log                        vCenter logs
    • vpxd-xxxx.log.gz are archived logs. You have to unzip them to see contents.

You can change the logging level (which defaults to ‘normal’) by going to vCenter Server Settings -> Logging Options. This VMwareKB describes how to enable trivia logging in vCenter (even if vCenter isn’t running) although this may have a performance impact and should only be used temporarily while diagnosing issues.

There are numerous ways to do this; Continue reading VCAP-DCA Study notes – 6.1 vSphere Log Files

VCAP-DCA Study notes – 1.2 Manage Storage Capacity

Managing storage capacity is another potentially huge topic, even for a midsized company. The storage management functionality within vSphere is fairly comprehensive and a significant improvement over VI3.

Knowledge

  • Identify storage provisioning methods
  • Identify available storage monitoring tools, metrics and alarms

Skills and Abilities

  • Apply space utilization data to manage storage resources
  • Provision and manage storage resources according to Virtual Machine requirements
  • Understand interactions between virtual storage provisioning and physical storage provisioning
  • Apply VMware storage best practices
  • Configure datastore alarms
  • Analyze datastore alarms and errors to determine space availability

Tools & learning resources

Storage provisioning methods

There are three main protocols you can use to provision storage;

  • Fibre channel
    • Block protocol
    • Uses multipathing (PSA framework)
    • Configured via vicfg-mpath, vicfg-scsidevs
  • iSCSI
    • block protocol
    • Uses multipathing (PSA framework)
    • hardware or software (boot from SAN is h/w initiator only)
    • configured via vicfg-iscsi, esxcfg-swiscsi and esxcfg-hwiscsi, vicfg-mpath, esxcli
  • NFS
    • File level (not block)
    • No multipathing (uses underlying Ethernet network resilience)
    • Thin by default
    • no RDM, MSCS,
    • configured via vicfg-nas

I won’t go into much detail on each, just make sure you’re happy provisioning storage for each protocol both in the VI client and the CLI.

Know the various options for provisioning storage;

  • VI  client. Can be used to create/extend/delete all types of storage. VMFS volumes created via the VI client are automatically aligned.
  • CLI – vmkfstools.
    • NOTE: When creating a VMFS datastore via CLI you need to align it. Check VMFS alignment using ‘fdisk –lu’. Read more in Duncan Epping’s blogpost.
  • PowerCLI. Managing storage with PowerCLI – VMwareKB1028368
  • Vendor plugins (Netapp RCU for example). I’m not going to cover this here as I doubt the VCAP-DCA exam environment will include (or assume any knowledge of) these!

When provisioning storage there are various considerations;

  • Thin vs thick
  • Extents vs true extension
  • Local vs FC/iSCSI vs NFS
  • VMFS vs RDM

Continue reading VCAP-DCA Study notes – 1.2 Manage Storage Capacity

VCAP-DCA Study notes – 1.1 Implement and manage complex storage

Storage is an area where you can never know too much. For many infrastructures storage is the most likely cause of performance issues and a source of complexity and misconfiguration – especially given that many VI admins come from a server background (not storage) due to VMware’s server consolidation roots.

Knowledge

  • Identify RAID levels
  • Identify supported HBA types
  • Identify virtual disk format types

Skills and Abilities

  • Determine use cases for and configure VMware DirectPath I/O
  • Determine requirements for and configure NPIV
  • Determine appropriate RAID level for various Virtual Machine workloads
  • Apply VMware storage best practices
  • Understand use cases for Raw Device Mapping
  • Configure vCenter Server storage filters
  • Understand and apply VMFS resignaturing
  • Understand and apply LUN masking using PSA‐related commands
  • Analyze I/O workloads to determine storage performance requirements

Tools & learning resources

Identify RAID levels

Common RAID types: 0, 1, 5, 6, 10. Wikipedia do a good summary of the basic RAID types if you’re not familiar with them. Scott Lowe has a good article about RAID in storage arrays, as does Josh Townsend over at VMtoday.

The impact of RAID types will vary depending on your storage vendor and how they implement RAID. Netapp (which I’m most familiar with) using a proprietary RAID-DP which is like RAID-6 but without the performance penalties (so Netapp say).

Scott Lowe has a good article about RAID in storage arrays, as does Josh Townsend over at VMtoday.

Supported HBA types

This is a slightly odd exam topic – presumably we won’t be buying HBAs as part of the exam so what’s there to know? The best (only!) place to look for real world info is VMware’s HCL (which is now an online, searchable repository). Essentially it comes down to Fibre Channel or iSCSI HBAs.

Remember you can have a maximum of 8 HBAs or 16 HBA ports per ESX/ESXi server.You should not mix HBAs from different vendors in a single server. It can work but isn’t officially supported.

Continue reading VCAP-DCA Study notes – 1.1 Implement and manage complex storage