VCP 8 memory items Flashcards
memorization objectives
A feature that minimizes VM downtime by proactively detecting hardware failures and placing the host in Quarantine Mode or Maintenance Mode
Proactive HA
vCenter Server Foundation Edition:
- Number of ESXi hosts
- vCenter license
- Basic features (Lifecycle Mgr, Converter)
- Common features (vMotion, HA, Replication)
- Advanced features (VCHA, VC Backup/Restore)
- 4
- Separate from vSphere license
- Basic included
- Common included
- Advanced NOT included
Number of CPUs required for levels of VCSA:
- Tiny
- Small
- Medium
- Large
- X-Large
- 2
- 4
- 8
- 16
- 24
Memory required for levels of VCSA:
- Tiny
- Small
- Medium
- Large
- X-Large
- 12
- 19
- 28
- 37
- 56
Hosts supported for levels of VCSA:
- Tiny
- Small
- Medium
- Large
- X-Large
- 10
- 100
- 400
- 1000
- 2000
VMs supported for levels of VCSA:
- Tiny
- Small
- Medium
- Large
- X-Large
- 100
- 1000
- 4000
- 10,000
- 35,000
Supported by VMFS 5 but NOT VMFS 6
Access for ESXi hosts Version 6.0 and earlier,
MBR storage device partitioning
Supported by VMFS 6 but NOT VMFS 5
4Kn storage devices
Automatic space reclamation
Default snapshot files for:
- VMFS 5
- VMFS 6
- VMFSsparse <2TB, SEsparse >2TB
- SEsparse
vSphere features supported by NFS 3 but NOT NFS 4.
- Storage DRS
- Storage I/O Control
Required Capacity for RAID configuration for 100GB of data:
RAID 1
PFTT 1
200
Required Capacity for RAID configuration for 100GB of data:
RAID 5 or 6
PFTT 1
133
Required Capacity for RAID configuration for 100GB of data:
RAID 1
PFTT 2
300
Required Capacity for RAID configuration for 100GB of data:
RAID 5 or 6
PFTT 2
150
Required Capacity for RAID configuration for 100GB of data:
RAID 1
PFTT 3
400
Storage Policies parameters
ten
PFTT
SFTT
data locality
failure tolerance method
number of disk strips per object
flash read cache reservation
force provisioning
object space reservation
disable obj check sum
IOPS limit for object
Disadvantages to IP hash NIC teaming
highest resource consumption
requires change on physical adapter
complex diagnostics path
6 Features common to VSS and vDS
- Layer 2 switch
- VLAN segmentation (802.1q tagging)
- IPv6 support
- NIC teaming
- Outbound traffic shaping
- Cisco Discovery protocol (CDP)
Features only on vDS
10
Inbound traffic shaping
VM network port block
Private VLANs
Load-based NIC teaming
Data center level mgmt
network vMotion
Per-port policy settings
Port state monitoring
NetFlow
Port Mirroring
3 vDS health checks available
- VLAN trunk ranges on vDS match trunk port config on the connected switch ports
- MTU settings on vDS physical network, and physical switch ports match
- virtual switch teaming policy matches the physical switch port-channel settings
vDS health check:
Matching the switch teaming policy and physical switch port-channel setting requires?
at least 2 active physical nics
+
2 hosts
Resource Pool use cases
5
Flexible hierarchical org
Resource isolation
Access Control and delegation
Separate resource from HW
Managing multi-tier applications
VM shares for CPU and memory for
- High
- Normal
- Low
settings
per vCPU / per MB
2000 / 20
1000 / 10
500 / 5
VM Monitoring Setting for
- High
- Medium
- Low
Failure Interval seconds / Reset Period
30 / 1 hour
60 / 24 hour
120 / 7 days
VM Options : General
VM name
config file location
working directory
VM Options : Encryption
enable/disable VM encrypt
vMotion encrypt
VM Options : power mgmt
Guest OS standby triggers:
- suspend VM
- standby Guest
VM Options : VMware tools
response to Guest OS power options
VM Options : boot
3
firmware
bootdelay
failed boot recovery parameter
VM Options : Advanced
4
logging
debug
swap file location
config parameters
Core Identity Services in vSphere
3
VMware directory service (vmdir)
VMware Certificate Authority (VMCA)
VMware Authentication Framework daemon (VMAFD)
Certificates provisioned by VMCA by default.
ESXi certificate
Machine SSL certificate
Solution user certificate
Certificates provisioned during install by default
vCenter SSO SSL signing certificate
VMware Directory Service (vmdir) SSL certificate
System Roles in vCenter Server 7.0 and higher
read-only
Administrator
No Access
Required Permissions to:
Create a VM
folder/datacenter
- VM.inventory.create new
- VM.configuration.addnewdisk
- VM.configuration.addexistingdisk
- VM.configuration.rawdevice
host/cluster
- resource.assign VM to pool
Datastore
- datastore.allocate space
Network
- network.assign network
Required Permissions to:
deploy a VM from template
folder/datacenter
- VM.inventory.create from existing
- VM.configuration.Add new disk
template/template folder
- VM.provisioning.deploy template
destination host/cluster/pool
- resource.assign VM to resource pool
destination datastore or DS folder
- datastore.allocate space
network
- network.assign network
Required Permissions to:
take VM snapshot
VM or folder
- VM.snapshot management.create snapshot
destination datastore or DS folder
datastore.allocate space
Required Permissions to:
move VM into resource pool
VM or VM folder
- resource.assign VM to resource pool
- VM.inventory.move
destination resource pool
- resource.assign VM to resource pool
Required Permissions to:
Install a Guest OS on VM
VM or VM folder
- VM.interaction.*
datastore containing ISO
- datastore.browse datastore
datastore on which you upload ISO
- datastore.browse datastore
- datastore.low level file operations
Required Permissions to:
Cold migrate VM
VM or folder
- resource.migrate powered off VM
- resource.assign VM to resource pool
host/cluster destination
- resource.assign VM to resource pool
datastore destination
- datastore.allocate space
Required Permissions to:
migrate VM with svMotion
VM or folder
- resource.migrate powered on VM
Datastore destination
- datastore.allocate space
Required Permissions to:
move host into cluster
Host
- host.inventory.add host to cluster
Cluster destination
- host.inventory.add host to cluster
- host.inventory.modify cluster
ESXi Security Profile Services:
Services that are RUN by default
- DCUI
- Load-Based Teaming Daemon
- CIM Server
- VMware vCenter Agent (vpxa)
Network Security Policy options
- Promiscuous Mode
- MAC address changes
(frames inbound to VM) - Forged Transmits
(frames outbound from VM)
ESXi root password requirement
8-40 characters and other
Auto Deploy components
12
Auto Deploy server
Rules engine
Host Profile
Auto Deploy PowerCLI
Image Builder PowerCLI
VC Server
DHCP server
PXE server
TFTP server
Software Depot
Image Profile
vSphere Installation Bundle (VIB)
VECS Stores
MACHINE.SSL.CERT
TRUSTED_ROOTS
BACKUP_STORE
SSO domain groups
8
Users
DCAdmins
Solution users
CAadmins
SystemConfiguration.BashShellAdministrators
SystemConfiguration.Administrators
License***.Administrators
Administrators
6 SSO Policy Parameters:
password policy
maximum lifetime
restrict reuse
maximum length
minimum length
char.requirements
identical adjacent characters
SSO Policy Parameters:
lockout policy
3
max number of failed login attempts
time interval between failures
unlock time
SSO Policy Parameters:
token policy
5
clock tolerance
max token renewal count
max token delegation count
max bearer token lifetime
maximum holder-of-key token lifetime
6 Kernel options
autopartition
skipPartitioningSsds
autoPartitionOnlyOnceandSkipSsd
allowCoreDumpOnUSB
dumpSize
autoCreateDumpFile
VLAN ID for:
External Switch Tagging (EST)
0
VLAN ID for:
Virtual Switch Tagging (VST)
1-4094
VLAN ID for:
Virtual Guest Tagging (VGT)
4095
vDS load-balancing modes
(Enhanced LACP support)
Destination/Source/Destination+Source
- IP address
- IP address and TCP/UDP port
- IP address and VLAN
- IP address, TCP/UDP port, and VLAN
- MAC address
- TCP/UDP port
Source port ID
VLAN
Performance Analysis:
- CPU usage consistently high
- VM CPU usage >90%
- CPU Ready > 20%
insufficient host resources
- CPU, storage, network
Performance Analysis:
- Host memory >94%
- VM swapping is occurring
insufficient host memory
Performance Analysis:
- VM memory usage is high
- Guest OS memory usage is high
- Paging occurring
Guest OS doesn’t have enough memory available
Performance Analysis:
- VM CPU ready is low
- Guest OS CPU utilization is high
Guest not provided enough CPU
Performance Analysis:
Datastore space utilization is high
- snapshot files
- overprovisioning VMs
- small datastore
Performance Analysis:
Dev latency >15ms
problems on storage array
Performance Analysis:
Disk :
- VMkernel latency is >4ms
- Queue latency > 0
maximum throughput of a storage device is not sufficient to meet the demand
Performance Analysis:
Network:
- dropped packets > 0
- latency is high
- transfer rate is low
max throughput of network is insufficient
Performance Analysis:
charts are empty
- data may have been moved to new location (vCenter, folder)
- non-real time data rolled up
ESXTOP:
CPU metrics
6
%used
%RUN
%RDY
%WAIT
%CSTP
%SWPWT
ESXTOP:
6 memory metrics
MEMSZ
GRANT
CNSM
SWCUR - amount of mem swapped
SWR/s - rate of swap
OVHD - VM overhead
ESXTOP:
storage metrics
4
READs/s
WRITEs/s
MBREAD/s
LAT/rd
ESXTOP:
network metrics
4
PKRRX/s - packets received per sec
MbTX/s - Megabits transmit per sec
%DRPTX
%DRPRX
ESXi Log Files
9,1
/var/log/
vmkernel
vmkwarning
vmksummary
hostd
vpxa
shell
auth
syslog
loadESX - related to restart of ESXi via Quick boot
vmware.log (VM home folder)
ESXi Log Files related to vSphere Trust Authority framework
5
/var/run/log
kmxa - client service on ESXi trusted host
kmxd - VTA key provider service
attestd - VTA attestation service
esxtokend - VTA ESXi token service
esxapiadapter - VTA API forwarder
VC Server logging levels
none
error
warning
info
verbose
trivia
vSAN cluster:
- Network used by HA
- Heartbeat Datastores
- Host Isolation criteria
- vSAN Network
- non-vSAN datastore
- isolation addr not pingable ; vSAN storage network inaccessible
vSAN not enabled on cluster:
- Network used by HA
- Heartbeat Datastores
- Host Isolation criteria
- management network
- Any datastore that is mounted to multiple hosts
- Isolation addr not pingable and mgmt network inaccessible
Datastore Browser option:
Inflate
convert a selected thin virtual disk to thick
Storage Filter Options
4
vmfsFilter
rdmFilter
sameHostsandTransportsFilter
hostRescanFilter
Shared Storage Capability present on SCSI over Fabric but NOT present on NVMe over Fabric
6
RDM
Coredump
SCSI-2 reservation
Shared VMDK
vVols
Hardware Acceleration with VAAI plug-ins
Default MPP for:
- SCSI over Fabric
- NVMe over Fabric
SCSI = NMP
NVMe = HPP
SCSI over Fabric limits
LUNs=1024
paths=4096
NVMe over Fabric limits
namespaces = 32
paths = 128
max 4 paths per namespace in a host
ESXCLI commands:
create an esxi host local user account
esxcli system account add
ESXCLI commands:
configure an ESXi host local user account
esxcli system account set
ESXCLI commands:
Lists ESXi host local user accounts
esxcli system account list
ESXCLI commands:
Deletes an ESXi host local user account
esxcli system account remove
ESXCLI commands:
lists the host’s DNS servers
esxcli network ip dns server list
ESXCLI commands:
Lists the ESXi host’s physical network adapters
esxcli network nic list
ESXCLI commands:
Displays the shell interactive timeout for the host
esxcli system settings advanced get /UserVars/ESXiShellTimeout
Normal Lockdown Mode restrictions compared with Normal mode
vSphere Web Services API:
only vCenter (vpxuser) and Exception users (vCloud Director)
CIM providers:
only vCenter (vpxuser) and Exception users (vCloud Director)
DCUI:
DCUI.access users with admin rights on host
ESXi Shell (if enabled):
DCUI.access users with admin rights on host
SSH (if enabled):
DCUI.access users with admin rights on host
Strict Lockdown restriction compared to Normal Lockdown
DCUI is stopped (unavailable)
A software release that makes small changes to the current version.
Update
A software release that introduces major changes to the software.
Upgrade
A small software update that provides bug fixes or enhancements.
Patch
The smallest installable software package (metadata and binary payload) for ESXi
VIB
An XML file that describes the contents of the VIB, including dependency information, textual descriptions, system requirements, and information about bulletins
VIB metadata
A VIB that is not included in a component
Standalone VIB
The hosted version of updates provided by VMware, OEMs, and third-party software vendors, containing the metadata and the actual VIBs
Depot
An archive (ZIP file) that contains VIBs and metadata that you use for offline patching and updates.
Offline bundle/depot
A VMware partner, such as Dell, HPE, or VMware Cloud on AWS
OEM
A provider of I/O filters, device drivers, CIM modules, and so on
third-party software provider
Collection Interval Frequency
- 1 day
- 1 week
- 1 month
- 1 year
- 5 min
- 30 min
- 2 hours
- 1 day
