VCP5 Notes – Objective 1.4 – Secure vCenter Server

Lately I haven’t been able to allocate as much time as I’d like towards studying for the VCP5 exam. Hopefully, with my completed projects at work I can ramp up the studies again. This time I began studying security with vCenter Server. The biggest take away, in my opinion, is the creation of privileges and roles. This is an important topic for environments which have multiple VMware administrators.

If you’re following along with my series of notes you will find the following table of contents helpful.

Objective 1.1 – Install and Configure vCenter Server
Objective 1.2 – Install and Configure VMware ESXi
Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi
Objective 1.4 – Secure vCenter Server

Identify common vCenter Server privileges and roles

  • vCenter permissions are based on role-based access control (RBAC)
  • Three types of roles
    • No Access – When assigned to an object, user cannot see that object when logging into vCenter.
    • Read Only – Can see the objects but cannot manage them.
    • Administrator – Has all privileges.
  • Sample
    • Clone the role and give it a new name
    • Virtual machine power user
    • Virtual machine user
    • Resource pool administrator
    • VMware consolidated backup user
    • Datastore consumer
    • Network consumer
  • Custom
    • When creating additional roles in vCenter.

Describe how permissions are applied and inherited in vCenter Server

  • Apply the role to the highest object in the inventory to which permissions will apply and then allow permissions to propagate to child objects.
  • Most specific and most directly applied permissions wins.
  • Permission applied directly to an object supersedes a permission that has been inherited.
  • Permissions applied to a user supersedes that of which was inherited by being in a group.

Configure and administer the ESXi firewall

  • Allow/block services and ports and/or IP addresses.
  • By default, blocks all incoming and outgoing traffic except for SSH, DNS, DHCP, and SNMP.

Continue Reading…


VCP5 Notes – Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi

After reading VMware’s VCP5 Official Certification Guide I have begun my second phase of studying which is going through each of the objectives, one by one.

I read through the objective and it’s subtopics and write notes as I go for each section. This allows me to fully understand what the exam will test me on and help me memorize what I need to know.

Objective 1.1 – Install and Configure vCenter Server
Objective 1.2 – Install and Configure VMware ESXi
Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi

Moving on to upgrading vCenter Server and VMware ESXi.. this will contain mostly bullet points and less pictures.

Identify upgrade requirements for ESXi hosts

  • Supported Upgrades to ESXi 5.1
    • ESX/ESXi 4.0, 4.0 U1, 4.0 U2, 4.0 U4
    • ESX/ESXi 4.1, 4.1 U1, 4.1 U2, 4.1 U3
    • ESXi 5.0, 5.0 U1
  • Hardware Requirements
    • Use VMware Compatibility Guide for supported platforms.
    • 64-bit x86 CPUs only.
    • Requires at least two cores.
    • Supports LAHF and SAHF CPU instructions.
    • Requires NX/XD bit to be enabled for the CPU in the BIOS.
    • Supports x64 multicore processors.
    • Minimum 2GB of RAM.

Identify steps required to upgrade a vSphere Implementation

  • Run vCenter Host Agent Pre-Upgrade Checker.
  • Upgrade vCenter Server.
  • Install vSphere Client.
  • Upgrade vSphere Update Manager.
  • Use Update Manager to upgrade ESX/ESXi hosts.
  • Use Update Manager to upgrade the virtual machines.
  • Upgrade product licenses.
  • Use vSphere Client to upgrade to VMFS5.

Continue Reading…

VCP5 Notes – Objective 1.2 – Install and Configure VMware ESXi

We started with installing and configuring VMware vCenter Server in Objective 1.1. Now we move on to installing and configuring VMware ESXi as part of the VMware VCP5 certification. My first thought is why would the next objective go into ESXi.. shouldn’t that be the first objective? It’s probably because I install vCenter Server as a virtual machine after installing ESXi.

Objective 1.1 - Install and Configure vCenter Server
Objective 1.2 – Install and Configure VMware ESXi

Perform an interactive installation of ESXi

  • Typically this would be done through a DVD, ISO, or USB drive to run the vSphere installer.

Below is a table of the vSphere 5.0 Editions. It’s handy to figure out which features are supported in each edition. Just note the Enterprise Plus supports everything.

vSphere 5.0 Editions
Standard
Enterprise
Enterprise Plus
Product Components
Processor entitlementPer 1 CPUPer 1 CPUPer 1 CPU
vRAM entitlement32 GB64 GB96 GB
vCPU entitlement8-way8-way32-way
SUSE LINUX Enterprise Server for VMwareXXX
Thin ProvisioningXXX
Update ManagerXXX
Data recoveryXXX
High AvailabilityXXX
vMotionXXX
Storage APIs for data protectionXXX
Virtual serial port concentratorXX
Hot addXX
vShield zonesXX
Fault ToleranceXX
Storage APIs for array integrationXX
Storage APIs for multipathingXX
Storage vMotionXX
DRS and DPMXX
Storage I/O controlX
Network I/O controlX
Distributed switchX
Host profilesX
Auto DeployX
Profile-driven storageX

Deploy an ESXi host using Auto Deploy

  • Leverages PXE and host profiles.
  • Auto Deploy server deploys image and host profile to each host.
  • Rules engine determines which images and profiles to send to each host.
  • Image profiles are VIBs (VMware Infrastructure Bundles).
  • Host profiles hold ESXi host configuration.
  • Answer files are used during boot process. One per each host.
  • No state stored on the host – Auto Deploy server manages state information.

Store information type

Information Type
Description
Source of State Information
Image StateExecutable software ran on ESXi hostImage profile
Configuration StateSettingsHost profile
Dynamic StateRuntime stateStored in host memory. Not persistant.
VM stateVM stored on hostManaged by vCenter Server
User inputState based on user input
Continue Reading…