Appendix C

Memory Tables Answer Key

Chapter 1

Table 1-4 Available vSphere Features

Available vSphere Features	Description
vCenter Appliance File-Based Backup and Restore	A feature introduced in vSphere 7.0 that enables you to back up and restore the vCenter Server Appliance instances.
vMotion	A feature that provides live virtual machine migrations with negligible disruption from a source ESXi host to a target ESXi host.
*vSphere HA*	A feature that provides automated failover protection for VMs against host, hardware, network, and guest OS issues. In the event of host system failure, it performs cold migrations and restarts failed VMs on surviving hosts.
*Distributed Resource Scheduler (DRS)*	A feature that places and starts VMs on appropriate ESXi hosts and hot-migrates VMs using vMotion when there is contention for compute resources.
Storage vMotion	A feature that performs live migrations with negligible disruption of VMs from a source datastore to a target datastore.
Fault Tolerance (FT)	A feature that provides automated live failover protection for VMs against host, hardware, network, and guest OS issues.
Distributed Power Management (DPM)	A feature that optimizes power consumption in an ESXi cluster.
*Proactive HA*	A feature that minimizes VM downtime by proactively detecting hardware failures and placing the host in Quarantine Mode or Maintenance Mode.
Content library	A centralized repository used to manage and distribute templates, ISO files, scripts, vApps, and other files associated with VMs.
Host profiles	A feature that provides a means to apply a standard configuration to a set of ESXi hosts.

Table 1-6 vCenter Server Editions

Feature	Essentials	Essentials Plus	Foundation	Standard
Number of ESXi hosts	3 (2 CPU max)	3 (2 CPU max)	4	2000
vCenter License	Packaged with vSphere license in Essentials	Packaged with vSphere license in Essentials Plus	Sold separately from vSphere license	Sold separately from vSphere license
Basic vCenter features, like single pane of glass management, Lifecycle Manager, and VMware Converter	Supported	Supported	Supported	Supported
Common vCenter features like vMotion, vSphere HA, and vSphere Replication	Not supported	Supported	Supported	Supported
Advanced features like vCenter Server High Availability (VCHA) and vCenter Server Backup and Restore	N/A	N/A	N/A	Supported

Table 1-10 Compute Specifications for vCenter Server Appliance

Component	Number of CPUs	Memory
Tiny Environment Up to 10 hosts or 100 virtual machines	2	12 GB
Small Environment Up to 100 hosts or 1000 virtual machines	4	19 GB
Medium Environment Up to 400 hosts or 4000 virtual machines	8	28 GB
Large Environment Up to 1000 hosts or 10,000 virtual machines	16	37 GB
X-Large Environment Up to 2000 hosts or 35,000 virtual machines	24	56 GB

Table 1-11 Storage Sizes for vCenter Server Appliance

Deployment Size	Default Storage Size	Large Storage Size	X-Large Storage Size
Tiny	415 GB	1490 GB	3245 GB
Small	480 GB	1535 GB	3295 GB
Medium	700 GB	1700 GB	3460 GB
Large	1065 GB	1765 GB	3525 GB
X-Large	1805 GB	1905 GB	3665 GB

Table 1-12 Required Ports for vCenter Sever

Protocol/Port	Description	Required for
TCP 22	System port for SSHD	vCenter Server (Must be open for upgrade of the appliance.)
TCP 80	Port for direct HTTP connections; redirects requests to HTTPS port 443	vCenter Server
TCP 88	Required to be open to join Active Directory	vCenter Server
TCP/UDP 389	LDAP port for directory services for the vCenter Server group	vCenter Server to vCenter Server
TCP 443	Default port used by vCenter Server to listen for connections from the vSphere Web Client and SDK clients	vCenter Server to vCenter Server
TCP/UDP 514	vSphere Syslog Collector port for vCenter Server and vSphere Syslog Service port for vCenter Server Appliance	vCenter Server
TCP/UDP 902	Default port that the vCenter Server system uses to send data to managed hosts	vCenter Server
TCP 1514	vSphere Syslog Collector TLS port for vCenter Server	vCenter Server
TCP 2012	Control interface RPC for Single Sign-On	vCenter Server
TCP 2014	RPC port for VMware Certificate Authority (VMCA) APIs	VMCA
TCP/UDP 2020	Authentication framework management	vCenter Server
TCP 5480	vCenter Server Appliance Management Interface (VAMI)	vCenter Server
TCP/UDP 6500	ESXi Dump Collector port	vCenter Server
TCP 7080, 12721	Secure Token Service (internal ports)	vCenter Server
TCP 7081	vSphere Client (internal ports)	vCenter Server
TCP 7475, 7476	VMware vSphere Authentication Proxy	vCenter Server
TCP 8084	vSphere Lifecycle Manager SOAP port used by vSphere Lifecycle Manager client plug-in	vSphere Lifecycle Manager
TCP 9084	vSphere Lifecycle Manager Web Server Port used by ESXi hosts to access host patch files from vSphere Lifecycle Manager server	vSphere Lifecycle Manager
TCP 9087	vSphere Lifecycle Manager Web SSL port used by vSphere Lifecycle Manager client plug-in for uploading host upgrade files to vSphere Lifecycle Manager server	vSphere Lifecycle Manager
TCP 9443	vSphere Web Client HTTPS	vCenter Server

Chapter 2

Table 2-2 Comparison of VMFS Version 5 and Version 6

VMFS Features and Functionalities	Version 5	Version 6
Access for ESXi hosts Version 6.5 and later	Yes	Yes
Access for ESXi hosts Version 6.0 and earlier	Yes	No
Datastores per host	512	512
512n storage devices	Yes	Yes (default)
512e storage devices	Yes (Not supported on local 512e devices.)	Yes (default)
4Kn storage devices	No	Yes
Automatic space reclamation	No	Yes
Manual space reclamation through the esxcli command.	Yes	Yes
Space reclamation from guest OS	Limited	Yes
GPT storage device partitioning	Yes	Yes
MBR storage device partitioning	Yes For a VMFS5 datastore that has been previously upgraded from VMFS3.	No
Storage devices greater than 2 TB for each VMFS extent	Yes	Yes
Support for virtual machines with large-capacity virtual disks, or disks greater than 2 TB	Yes	Yes
Support of small files (1 KB)	Yes	Yes
Default use of ATS-only locking mechanisms on storage devices that support ATS	Yes	Yes
Block size	Standard 1 MB	Standard 1 MB
Default snapshots	VMFSsparse for virtual disks smaller than 2 TB SEsparse for virtual disks larger than 2 TB	SEsparse
Virtual disk emulation type	512n	512n
vMotion	Yes	Yes
Storage vMotion across different datastore types	Yes	Yes
High Availability and Fault Tolerance	Yes	Yes
DRS and Storage DRS	Yes	Yes
RDM	Yes	Yes

Table 2-4 Comparison of NFS Version 3 and Version 4.1 Support for vSphere Features and Solutions

NFS Features and Functionalities	Version 3	Version 4.1
vMotion and Storage vMotion	Yes	Yes
High Availability (HA)	Yes	Yes
Fault Tolerance (FT)	Yes	Yes (Supports the new FT mechanism introduced in vSphere 6.0 that supports up to four vCPUs, not the legacy FT mechanism.)
Distributed Resource Scheduler (DRS)	Yes	Yes
Host Profiles	Yes	Yes
Storage DRS	Yes	No
Storage I/O Control	Yes	No
Site Recovery Manager	Yes	No
Virtual Volumes	Yes	Yes
vSphere Replication	Yes	Yes
vRealize Operations Manager	Yes	Yes

Table 2-7 RAID Configuration Comparison

RAID Configuration	PFTT	Data Size	Required Capacity	Usable Capacity
RAID 1 (mirroring)	1	100 GB	200 GB	50%
RAID 5 or RAID 6 (erasure coding) with four fault domains	1	100 GB	133 GB	75%
RAID 1 (mirroring)	2	100 GB	300 GB	33%
RAID 5 or RAID 6 (erasure coding) with six fault domains	2	100 GB	150 GB	67%
RAID 1 (mirroring)	3	100 GB	400 GB	25%
RAID 5 or RAID 6 (erasure coding) with six fault domains	3	N/A	N/A	N/A

Table 2-12 vSAN Storage Policies

Policy	Description
Primary Level of Failures to Tolerate (PFTT)	This policy defines how many host and device failures a VM object can withstand. For n failures tolerated, data is stored in n+1 location. (This includes parity copies with RAID 5 or 6.) If no storage policy is selected at the time of provisioning a VM, this policy is assigned by default. Where fault domains are used, 2n+1 fault domains, each with hosts adding to the capacity, are required. If an ESXi host isn’t in a fault domain, it is considered to be in a single-host fault domain. The default setting for this policy is 1, and the maximum is 3.
Secondary Level of Failures to Tolerate (SFTT)	In stretched clusters, this policy defines how many additional host failures can be tolerated after a site failure’s PFTT has been reached. If PFTT = 1, SFTT = 2, and one site is inaccessible, two more host failures can be tolerated. The default setting for this policy is 1, and the maximum is 3.
Data Locality	If PFTT = 0, this option is available. The options for this policy are None, Preferred, and Secondary. This allows objects to be limited to one site or one host in stretched clusters. The default setting for this policy is None.
Failure Tolerance Method	This policy defines whether the data replication mechanism is optimized for performance or capacity. If RAID-1 (Mirroring)—Performance is selected, there will be more space consumed in the object placement but better performance for accessing the space. If RAID-5/6 (Erasure Coding)—Capacity is selected, there will be less disk utilization, but performance will be reduced.
Number of Disk Stripes per Object	This policy determines the number of capacity devices where each VM object replica is striped. Setting this above 1 can improve performance but consumes more resources. The default setting for this policy is 1, and the maximum is 12.
Flash Read Cache Reservation	This policy defines the amount of flash capacity that is reserved for read caching of VM objects. This is defined as a percentage of the size of the VMDK. This is supported only in hybrid vSAN clusters. The default setting for this policy is 0%, and the maximum is 100%.
Force Provisioning	If set to yes, this policy forces provisioning of objects, even when policies cannot be met. The default setting for this policy is no.
Object Space Reservation	This policy defines the percentage of VMDK objects that must be thick provisioned on deployment. The options are as follows: Thin provisioning (default value) 25% reservation 50% reservation 75% reservation Thick provisioning
Disable Object Checksum	A checksum is used end-to-end in validating the integrity of the data to ensure that data copies are the same as the original. In the event of a mismatch, incorrect data is overwritten. If this policy is set to yes, a checksum is not calculated. The default setting for this policy is no.
IOPS Limit for Object	This policy sets a limit for IOPS of an object. If set to 0, there is no limit.

Chapter 3

Table 3-2 Advantages and Disadvantages of IP Hash NIC Teaming

Advantages	Disadvantages
A more even distribution of the load compared to Route Based on Originating Virtual Port and Route Based on Source MAC Hash A potentially higher throughput for virtual machines that communicate with multiple IP addresses	Highest resource consumption compared to the other load-balancing algorithms Requires changes on the physical network. Complex to troubleshoot

Advantages

Disadvantages

A more even distribution of the load compared to Route Based on Originating Virtual Port and Route Based on Source MAC Hash

A potentially higher throughput for virtual machines that communicate with multiple IP addresses

Highest resource consumption compared to the other load-balancing algorithms

Requires changes on the physical network.

Complex to troubleshoot

Table 3-3 Comparison of vSS and vDS Features

Feature	vSS	vDS
Layer 2 switch	X	X
VLAN segmentation (802.1q tagging)	X	X
IPv6 support	X	X
NIC teaming	X	X
Outbound traffic shaping	X	X
Cisco Discovery Protocol (CDP)	X	X
Inbound traffic shaping		X
VM network port block		X
Private VLANs		X
Load-based NIC teaming		X
Data center–level management		X
Network vMotion		X
Per-port policy settings		X
Port state monitoring		X
NetFlow		X
Port mirroring		X

Table 3-4 vDS Health Checks

Health Check	Required vDS Configuration
Checks whether the VLAN trunk ranges on the distributed switch match the trunk port configuration on the connected physical switch ports.	At least two active physical NICs
Checks for matching MTU settings on the distributed switch, the physical network adapter, and the physical switch ports.	At least two active physical NICs
Checks whether the virtual switch teaming policy matches the physical switch port-channel settings.	At least two active physical NICs and two hosts

Table 3-5 SR-IOV Requirements

Component	Requirements
Physical host	Must use an Intel or AMD processor. Must support IOMMU and SR-IOV. IOMMU and SR-IOV must be enabled in the BIOS.
Physical network adapter	Must be supported by the server vendor for use with the host system and SR-IOV for the specific ESXi release. SR-IOV must be enabled in the firmware. Must use MSI-X interrupts.
Physical function (PF) driver in ESXi	Must be certified by VMware. Must be installed on the ESXi host, which may require custom installation.
Guest OS	Must be supported by the NIC vendor for the specific ESXi release.
Virtual function (VF) driver in guest OS	Must be compatible with the NIC and supported on the guest OS release. Must be Microsoft WLK or WHCK certified for Windows virtual machines. Must be installed on the operating system and may require custom installation.

Chapter 4

Table 4-4 Resource Pool Use Cases

Use Case	Details
Flexible hierarchical organization	Add, remove, modify, and reorganize resource pools, as needed.
Resource isolation	Use resource pools to allocate resources to separate departments, in such a manner that changes in a pool do not unfairly impact other departments.
Access control and delegation	Use permissions to delegate activities, such as virtual machine creation and management, to other administrators.
Separation of resources from hardware	In a DRS cluster, perform resource management independently of the actual hosts.
Managing multitier applications.	Manage the resources for a group of virtual machines (in a specific resource pool), which is easier than managing resources per virtual machine.

Table 4-6 Virtual Machine Shares

Setting	CPU Share Value	Memory Share Value
High	2000 per vCPU	20 per MB
Normal	1000 per vCPU	10 per MB
Low	500 per vCPU	5 per MB

Table 4-9 Advanced vSphere HA Options

Option	Description
das.isolationaddressX	Provides the addresses to use to test for host isolation when no heartbeats are received from other hosts in the cluster. If this option is not specified (which is the default setting), the management network default gateway is used to test for isolation. To specify multiple addresses, you can set das.isolationaddressX, where X is a number between 0 and 9.
das.usedefaultisolationaddress	Specifies whether to use the default gateway IP address for isolation tests.
das.isolationshutdowntimeout	For scenarios where the host’s isolation response is to shut down, specifies the period of time that the virtual machine is permitted to shut down before the system powers it off.
das.slotmeminmb	Defines the maximum bound on the memory slot size.
das.slotcpuinmhz	Defines the maximum bound on the CPU slot size.
das.vmmemoryminmb	Defines the default memory resource value assigned to a virtual machine whose memory reservation is not specified or is zero. This is used for the Host Failures Cluster Tolerates admission control policy.
das.vmcpuminmhz	Defines the default CPU resource value assigned to a virtual machine whose CPU reservation is not specified or is zero. This is used for the Host Failures Cluster Tolerates admission control policy. If no value is specified, the default of 32 MHz is used.
das.heartbeatdsperhost	Specifies the number of heartbeat datastores required per host. The default is 2. The acceptable values are 2 to 5.
das.config.fdm.isolationPolicyDelaySec	Specifies the number of seconds the system delays before executing the isolation policy after determining that a host is isolated. The minimum is 30. A lower value results in a 30-second delay.
das.respectvmvmantiaffinityrules	Determines whether vSphere HA should enforce VM–VM anti-affinity rules even when DRS is not enabled.

Table 4-10 VM Monitoring Settings

Setting	Failure Interval	Reset Period
High	30 seconds	1 hour
Medium	60 seconds	24 hours
Low	120 seconds	7 days

Chapter 5

Table 5-2 Virtual Machine Files

File	Description
vmname.vmx	Virtual machine configuration file
vmname.vmxf	Additional virtual machine configuration file
vmname.vmdk	Virtual disk characteristics (metadata) file
vmname-flat.vmdk	Virtual disk data file (commonly called a flat file)
vmname.nvram or nvram	Virtual machine BIOS or UEFI configuration file
vmname.vmsd	Virtual machine snapshot file
vmname.vmsn	Virtual machine snapshot data file
vmname.vswp	Virtual machine swap file
vmname.vmss	Virtual machine suspend file
vmware.log	Current virtual machine log file
vmware-#.log	Old virtual machine log file, where # is a number starting with 1

Table 5-4 Virtual Machine Options

Category	Description
General Options	Settings include virtual machine name, configuration file location, and the working directory location.
Encryption Options	Settings allow you to enable or disable virtual machine encryption or vMotion encryption.
Power Management	Settings allow you to choose how to respond when the guest OS is placed on standby. The choices are to suspend the virtual machine or put the guest OS into standby mode.
VMware Tools	Settings allow you to choose how to respond to specific power operations. For example, you can choose whether to power off the virtual machine or shut down the guest when the red power-off button is clicked.
Virtualization Based Security (VBS)	For virtual machines running the modern Windows OS versions, you can enable VBS to add an extra level of protection.
Boot Options	Settings include firmware, boot delay, and failed boot recovery parameters.
Advanced Options	Settings include logging, debugging, swap file location, and configuration parameters.
Fibre Channel NPIV	Settings allow the virtual machine to use N_Port ID Virtualization (NPIV), including whether to generate new worldwide names (WWNs).
vApp Options	Settings allow you to control vApp functionality for the virtual machine, such as enable/disable and IP allocation policy. vApp settings that are made directly to a virtual machine override settings made on the vApp.

Chapter 6

Table 6-2 Required Permissions for the vCenter Cloud Account

Object	Permissions
Datastore	Allocate space Browse datastore Low level file operations
Datastore cluster	Configure a datastore cluster
Folder	Create folder Delete folder
Global	Manage custom attributes Set custom attribute
Network	Assign network
Permissions	Modify permission
Resource	Assign VM to resource pool Migrate powered-off virtual machine Migrate powered-on virtual machine
Content library	Add library item Create local library Create subscribed library Delete library item Delete local library Delete subscribed library Download files Evict library item Evict subscribed library Probe subscription information Read storage Sync library item Sync subscribed library Type introspection Update configuration settings Update files Update library Update library item Update local library Update subscribed library View configuration settings
Tags	Assign or unassign vSphere tag Create a vSphere tag Create a vSphere tag category Delete vSphere tag Delete vSphere tag category Edit vSphere tag Edit vSphere tag category Modify UsedBy field for category Modify UsedBy field for tag
vApp	Import vApp application configuration.
Virtual machine inventory	Create from existing Create new Move Remove
Virtual machine interaction	Configure CD media Console interaction Device connection Power off Power on Reset Suspend Tools install
Virtual machine configuration	Add existing disk Add new disk Add or remove Remove disk Advanced Change CPU count Change resource Extend virtual disk Disk change tracking Memory Modify device settings Rename Set annotation Settings Swapfile placement
Virtual machine provisioning	Customize Clone template Clone virtual machine Deploy template Read customization specs
Virtual machine state	Create snapshot Remove snapshot Revert to snapshot

Table 6-3 Required vCenter Server Privileges for Horizon (without instant clones)

Privilege Group	Privileges to Enable
Folder	Create Folder Delete Folder
Datastore	Allocate space
Virtual Machine	In Configuration: Add or remove device Advanced Modify device settings In Interaction: Power off Power on Reset Suspend Perform wipe or shrink operations In Inventory: Create new Create from existing Remove In Provisioning: Customize Deploy template Read customization specifications Clone template Clone virtual machine
Resource	Assign virtual machine to resource pool
Global	Act as vCenter Server
Host (for Storage Accelerator)	: Advanced settings (in Configuration)
Profile Driven Storage (for vSAN or Virtual Volumes)	All privileges

Table 6-5 VMware HCX Services

Service	License	Description
Interconnect	Advanced	Creates secured connections between HCX instances, supporting migration, replication, disaster recovery, and management operations. Deployed as a virtual appliance.
WAN Optimization	Advanced	Optimizes the performance of the connection provided by HCX Interconnect through a combination of deduplication, compression, and line conditioning techniques. Deployed as a virtual appliance.
Network Extension	Advanced	Extends (that is, provides Layer 2 adjacency) the virtual machine networks between source and remote HCX-enabled environments. Deployed as a virtual appliance.
Bulk Migration	Advanced	Migrates a set of virtual machines using VMware vSphere Replication in parallel between HCX-enabled sites.
vMotion Migration	Advanced	Migrates a single virtual machine between HCX-enabled sites with no service interruption, using vMotion.
Disaster Recovery	Advanced	Protects virtual machines from disaster by using replication and recovery.
Mobility Groups	Enterprise	Allows you to group virtual machines by application, network, or other aspects for migration and monitoring.
OS Assisted Migration	Enterprise	Leverages HCX Sentinel software in the guest OS to migrate Windows and Linux virtual machines to a vSphere-enabled data center. Uses a gateway appliance at the source and a receiver appliance at the destination.
Replication Assisted vMotion (RAV)	Enterprise	Migrates a set of virtual machines in parallel, using VMware vSphere Replication and vMotion between HCX-enabled sites with no service interruption.
Site Recovery Manager (SRM) Integration	Enterprise	Integrates HCX functionality with the VMware SRM for protection and orchestrated recovery operations.
Traffic Engineering: Application Path Resiliency and TCP Flow Conditioning	Enterprise	Optimizes network traffic for HCX Interconnect and Network Extension services. The Application Path Resiliency service creates multiple tunnel flows for both Interconnect and Network Extension traffic. The TCP Flow Conditioning service adjusts and optimizes the segment size to reduce fragmentation and reduce the overall packet rate.
Mobility Optimized Networking (MON)	Enterprise	Integrates HCX Network Extension with NSX Dynamic Routing to enable optimal networking between migrated virtual machines and other virtual machines. Works with new or existing network extensions to NSX-T 3.0 Data Center.

Chapter 7

Table 7-2 Core Identity Services in vSphere

Service	Description
VMware Directory Service (vmdir)	Serves as an identity source that handles SAML certificate management for authentication with vCenter Single Sign-On.
VMware Certificate Authority (VMCA)	Issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates. VMCA can be used as is, or it can be used as an intermediary certificate authority.
VMware Authentication Framework Daemon (VMAFD)	Includes VMware Endpoint Certificate Store (VECS) and several internal authentication services.

Table 7-6 Certificates in vSphere

Certificate	Provisioned	Details
ESXi certificate	VMCA (default)	Stored locally on an ESXi host in the /etc/vmware/ssl directory when the host is first added to vCenter Server and when it reconnects.
Machine SSL certificate	VMCA (default)	Stored in VECS. Used to create SSL sockets for SSL client connections, for server verification, and for secure communication such as HTTPS and LDAPS. Used by the reverse proxy service, the vCenter Server service (vpxd), and the VMware Directory service (vmdir). Uses X.509 Version 3 certificates to encrypt session information.
Solution user certificate	VMCA (default)	Stored in VECS. Used by solution users to authenticate to vCenter Single Sign-On through SAML token exchange.
vCenter Single Sign-On SSL signing certificate	During installation	Used throughout vSphere for authentication, where a SAML token represents the user’s identity and contains group membership information. You can manage this certificate from the command line. Changing this certificate in the file system leads to unpredictable behavior.
VMware Directory Service (vmdir) SSL certificate	During installation	Starting with vSphere 6.5, the machine SSL certificate is used as the vmdir certificate.
vSphere Virtual Machine Encryption Certificates	Depends	Used for virtual machine encryption, which relies on an external key management server (KMS). Depending on how the solution authenticates to the KMS, it might generate certificates and store them in VECS.

Table 7-9 System Roles in vCenter Server 7.0

System Role	Description
Read-only	Allows the user to view the state of an object and details about the object. For example, users with this role can view virtual machine attributes but cannot open the VM console.
Administrator	Includes all privileges of the read-only role and allows the user to view and perform all actions on the object. If you have the administrator role on an object, you can assign privileges to individual users and groups. If you have the administrator role in vCenter Server, you can assign privileges to users and groups in the default SSO identity source. By default, the administrator@vsphere.local user has the administrator role on both vCenter Single Sign-On and vCenter Server.
No access	Prevents users from viewing or interacting with the object. New users and groups are effectively assigned this role by default.
No cryptography administrator	Includes all privileges of the administrator role, except for cryptographic operations privileges. This role allows administrators to designate users who can perform all administrative tasks except encrypting or decrypting virtual machines or accessing encrypted data.
Trusted infrastructure administrator role	Allows users to perform VMware vSphere Trust Authority operations on some objects. Membership in the TrustedAdmins group is required for full vSphere Trust Authority capabilities.

Table 7-10 Required Permissions for Common Tasks

Task	Required Privileges
Create a virtual machine	On the destination folder or in the data center: Virtual Machine.Inventory.Create New Virtual Machine.Configuration.Add New Disk Virtual Machine .Configuration.Add Existing Disk Virtual Machine.Configuration.Raw Device On the destination host or cluster or in the resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore or in the datastore folder: Datastore.Allocate Space On the network: Network.Assign Network
Deploy a virtual machine from a template	On the destination folder or in the data center: Virtual Machine.Inventory.Create from Existing Virtual Machine.Configuration.Add New Disk On a template or in a template folder: Virtual Machine.Provisioning.Deploy Template On the destination host or cluster or in the resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore or in a datastore folder: Datastore.Allocate Space On the network that the virtual machine will be assigned to: Network.Assign Network
Take a virtual machine snapshot	On the virtual machine or in a virtual machine folder: Virtual Machine.Snapshot Management.Create Snapshot On the destination datastore or in a datastore folder: Datastore.Allocate Space
Move a virtual machine into a resource pool	On the virtual machine or in a virtual machine folder: Resource.Assign Virtual Machine to Resource Pool Virtual Machine.Inventory.Move In the destination resource pool: Resource.Assign Virtual Machine to Resource Pool
Install a guest operating system on a virtual machine	On the virtual machine or in a virtual machine folder: Virtual Machine.Interaction.Answer Question Virtual Machine.Interaction.Console Interaction Virtual Machine.Interaction.Device Connection Virtual Machine.Interaction.Power Off Virtual Machine.Interaction.Power On Virtual Machine.Interaction.Reset Virtual Machine.Interaction.Configure CD Media Virtual Machine.Interaction.Configure Floppy Media Virtual Machine.Interaction.Tools Install On a datastore containing the installation media ISO image: Datastore.Browse Datastore On the datastore to which you upload the installation media ISO image: Datastore.Browse Datastore Datastore.Low Level File Operations
Migrate a virtual machine with vMotion	On the virtual machine or in a virtual machine folder: Resource.Migrate Powered on Virtual Machine Resource.Assign Virtual Machine to Resource Pool On the destination host or cluster or in a resource pool: Resource.Assign Virtual Machine to Resource Pool
Cold migrate (relocate) a virtual machine	On the virtual machine or in a virtual machine folder: Resource.Migrate Powered Off Virtual Machine Resource.Assign Virtual Machine to Resource Pool On the destination host or cluster or in a resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore: Datastore.Allocate Space
Migrate a virtual machine with Storage vMotion	On the virtual machine or in a virtual machine folder: Resource.Migrate Powered On Virtual Machine On the destination datastore: Datastore.Allocate Space
Move a host into a cluster	On the host: Host.Inventory.Add Host to Cluster On the destination cluster: Host.Inventory.Add Host to Cluster Host.Inventory.Modify. cluster

Table 7-11 ESXi Security Profile Services

Service	Default State	Description
Direct Console User Interface (DCUI)	Running	Allows you to interact with an ESXi host from the local console host using text-based menus
ESXi Shell	Stopped	Is available from the DCUI or from SSH
SSH	Stopped	Allows remote connections through Secure Shell
Load-Based Teaming Daemon	Running	Enables load-based teaming
attestd	Stopped	Enables the vSphere Trust Authority Attestation Service
kmxd	Stopped	Enables the vSphere Trust Authority Key Provider Service
Active Directory Service	Stopped	Is started on hosts after you configure ESXi for Active Directory
NTP Daemon	Stopped	Enables the Network Time Protocol daemon
PC/SC Smart Card Daemon	Stopped	Is started on hosts after you enable the host for smart card authentication
CIM Server	Running	Can be used by Common Information Model (CIM) applications
SNMP Server	Stopped	Enables the SNMP daemon
Syslog Server	Stopped	Enables the syslog daemon
VMware vCenter Agent (vpxa)	Running	Connects the host to vCenter Server
X.Org Server	Stopped	Internally used for virtual machine 3D graphics

Table 7-12 Incoming and Outgoing Firewall Ports

Firewall Service	Incoming Port(s)	Outgoing Port(s)
CIM Server	5988 (TCP)
CIM Secure Server	5989 (TCP)
CIM SLP	427 (TCP,UDP)	427 (TCP,UDP)
DHCPv6	546 (TCP,UDP)	547 (TCP,UDP)
DVSSync	8301, 8302 (UDP)	8301, 8302 (UDP)
HBR		44046, 31031 (TCP)
NFC	902 (TCP)	902 (TCP)
WOL		9 (UDP)
vSAN Clustering	12345, 23451 (UDP)	12345, 23451 (UDP)
DCHP Client	68 (UDP)	68 (UDP)
DNS Client	53 (UDP)	53 (TCP,UDP)
Fault Tolerance	8100, 8200, 8300 (TCP,UDP)	80, 8100, 8200, 8300 (TCP,UDP)
NSX Distributed Logical Router Service	6999 (UDP)	6999 (UDP)
Software iSCSI Client		3260 (TCP)
rabbitmqproxy		5671 (TCP)
vSAN Transport	2233 (TCP)	2233 (TCP)
SNMP Server	161 (UDP)
SSH Server	22 (TCP)
vMotion	8000 (TCP)	8000 (TCP)
VMware vCenter Agent		902 (UDP)
vSphere Web Access	80 (TCP)
vsanvp	8080 (TCP)	8080 (TCP)
RFB Protocol	5900–5964 (TCP)
vSphere Life Cycle Manager	80, 9000 (TCP)	80, 9000 (TCP)
I/O Filter	9080 (TCP)

Table 7-14 Network Security Policies

Option	Setting	Description
Promiscuous Mode	Accept	The virtual switch forwards all frames to the virtual network adapter.
Promiscuous Mode	Reject	The virtual switch forwards only the frames that are addressed to the virtual network adapter.
MAC Address Changes	Accept	If the guest operating system changes the effective MAC address of the virtual adapter to a value that differs from the MAC address assigned to the adapter in the VMX file, the virtual switch allows the inbound frame to pass.
MAC Address Changes	Reject	If the guest operating system changes the effective MAC address of the virtual adapter to a value that differs from the MAC address assigned to the adapter in the VMX file, the virtual switch drops all inbound frames to the adapter. If the guest OS changes the MAC address back to its original value, the virtual switch stops dropping the frames and allows inbound traffic to the adapter.
Forged Transmits	Accept	The virtual switch does not filter outbound frames. It permits all outbound frames, regardless of the source MAC address.
Forged Transmits	Reject	The virtual switch drops any outbound frame from a virtual machine virtual adapter that uses a source MAC address that differs from the MAC address assigned to the virtual adapter in the VMX file.

Chapter 8

Table 8-2 Information Required for ESXi Installation

Information	Required or Optional	Details
Keyboard layout	Required	Default: US English
VLAN ID	Optional	Range: 0–4094 Default: None
IP address	Optional	Default: DHCP
Subnet mask	Optional	Default: Based on the configured IP address
Gateway	Optional	Default: Based on the configured IP address and subnet mask
Primary DNS	Optional	Default: Based on the configured IP address and subnet mask
Secondary DNS	Optional	Default: None
Host name	Required for static IP settings	Default: None
Install location	Required	At least 5 GB if you install on a single disk Default: None
Migrate existing ESXi settings; preserve VMFS datastore	Required if you are installing ESXi on a drive with an existing ESXi installation	Default: None
Root password	Required	Must contain at least 8 to 40 characters and meet other requirements Default: None

Table 8-5 Auto Deploy Components

Component	Description/Purpose
Auto Deploy server	Uses a rules engine, a set of images, a set of host profiles, and required infrastructure to manage ESXi deployments.
Rules engine	Assigns image profiles and host profiles to each host.
Host profile	Defines host-specific configurations, such as networking, NTP, and host permissions. You can use host customization in conjunction with host profiles to provide details that are unique to each host, such as IP address.
Auto Deploy PowerCLI	Servers as a command-line engine for driving Auto Deploy.
Image Builder PowerCLI	Servers as a command-line engine for building images.
vCenter Server	Manages the vSphere inventory and provides host profiles.
DHCP server	Provides IP configuration to the host and redirects the host to the PXE server.
PXE server	Boots the host and directs it to the TFTP server.
TFTP server	Provides the appropriate boot image.
Software depot	Holds a collection of VIBs either online (accessible via HTTP) or offline (accessible via a USB drive or CD/DVD).
Image profile	Holds a collection of VIBs used to install the ESXi server and saved as ZIP files or ISO images. You can obtain image profiles from VMware and VMware partners, and you can create custom image profiles by using ESXi Image Builder.
vSphere Installation Bundle (VIB)	Packages a collection of files (such as drivers) into an archive similar to a ZIP file. Each VIB is released with an acceptance level that cannot be changed. The host acceptance level assigned to each host determines which VIBs can be installed to the host. These are the acceptance levels, from highest to lowest: VMwareCertified VMwareAccepted PartnerSupported CommunitySupported

Table 8-9 VECS Stores

Store	Description
Machine SSL store (MACHINE_SSL_CERT)	Used by the reverse proxy service on each ESXi host and by the vmdir service.
Trusted root store (TRUSTED_ROOTS)	Contains all trusted root certificates.
Solution user stores: Machine vpxd vpxd-extension vsphere-webclient	VECS includes one store for each solution user.
vSphere Certificate Manager utility backup store (BACKUP_STORE)	Used by VMCA to support certificate reversion.
Other stores	Other stores might be added by solutions. For example, the Virtual Volumes solution adds an SMS store.

The SSO domain contains many predefined groups, including the following:

Users: This group contains all users in the SSO domain.
DCAdmins: Members of this group can perform domain controller administrator actions on VMware Directory Service.
SolutionUsers: Each solution user authenticates individually to vCenter Single Sign-On with a certificate. By default, VMCA provisions solution users with certificates. Do not add members to this group explicitly.
CAAdmins: Members have administrator privileges for VMCA. Adding members to these groups is not usually recommended, but a user must be a member of this group to perform most certificate management operations, such as using the certool command.
SystemConfiguration.BashShellAdministrators: Members can enable and disable access to the BASH Shell.
SystemConfiguration.Administrators: Members can view and manage the system configuration and perform tasks such as restarting services.
LicenseSevice.Administrators: Members have full write access to all licensing-related data and can add, remove, assign, and un-assign serial keys for all product assets registered in licensing service.
Administrators: Members can perform SSO administration tasks for VMware Directory Service (vmdir).

Table 8-10 SSO Policies and Parameters

SSO Policy Parameter	Policy Setting	Details
Password Policy	Description	Password policy description.
	Maximum lifetime	Maximum number of days a password can exist before the user must change it.
	Restrict reuse	Number of the user’s previous passwords that cannot be selected.
	Maximum length	Maximum number of characters that are allowed in the password.
	Minimum length	Minimum number of characters that are allowed in the password, which must be no fewer than the combined minimum of alphabetic, numeric, and special character requirements.
	Character requirements	Minimum number of different character types that are required in the password. The types include special, alphabetic, uppercase, lowercase, and numeric.
	Identical adjacent characters	The number of identical adjacent characters that are supported in a password. The value must be greater than 0.
Lockout Policy	Description	Description of the lockout policy.
	Max number of failed login attempts	Maximum number of failed login attempts that are allowed before the account is locked.
	Time interval between failures	Time period in which failed login attempts must occur to trigger a lockout.
	Unlock time	The amount of time the account stays locked. The value 0 specifies that an administrator must explicitly unlock the account.
Token Policy	Clock tolerance	Time difference, in milliseconds, that SSO tolerates between a client clock and a domain controller clock. If the time difference is greater than the specified value, SSO declares the token to be invalid.
	Maximum token renewal count	Maximum number of times a token may be renewed before a new security token is required.
	Maximum token delegation count	Maximum number of times a single holder-of-key token can be delegated.
	Maximum bearer token lifetime	The lifetime value of a bearer token before the token must be reissued.
	Maximum holder-of-key token lifetime	The lifetime value of a holder-of-key token before the token is marked invalid.

Table 8-11 ESXi 7.0 Kernel Options

Kernel Option	Description
autoPartition=TRUE/FALSE (default FALSE)	This option, if set to TRUE, defines automatic partitioning of the unused local storage devices at boot time. The boot disk gets partitioned with boot bands, ESXi-OSData, and, if the disk is larger than 128 GB, a VMFS partition. Any new empty device discovered will be auto-partitioned as well. Auto-partitioning can be set for only the first unused device with the setting autoPartitionOnlyOnceAndSkipSsd=TRUE. On hosts with USB boot and VMFS-L, ESX-OSData does not exist on other local disks. If a storage device has both a scratch partition and a coredump partition, the scratch partition is converted to ESX-OSData; otherwise, the first unused disk identified is partitioned with ESX-OSData as well.
skipPartitioningSsds=TRUE/FALSE (default FALSE)	If this option is set to TRUE, local SSDs are excluded from automatic partitioning.
autoPartitionOnlyOnceAndSkipSsd=TRUE/FALSE (default FALSE)	If this option is set to TRUE, SSD/NVMe devices are excluded, and the ESXi host automatically partitions the first unused local disk if there is no VMFS-L ESX-OSData volume.
allowCoreDumpOnUSB=TRUE/FALSE (default FALSE)	If this option is set to TRUE, ESXi can write kernel crash coredumps to the VMFS-L Locker volume on a USB boot device.
dumpSize (default:0 (automatically sized))	This option sets the size of the coredump file (in megabytes) created on the system VMFS-L volume. This is limited to one-half of the space available on the VMFS-L volume.
autoCreateDumpFile=TRUE/FALSE (default TRUE)	This option, when set to TRUE, automatically creates a coredump file. This is attempted in the following order: VMFS-L ESX-OSData USB VMFS-L Local VMFS

Chapter 9

Table 9-2 VLAN ID Details

VLAN ID	VLAN Tagging Mode	Description
0	External switch tagging (EST)	The virtual switch does not pass traffic associated with a VLAN.
1 to 4094	Virtual switch tagging (VST)	The virtual switch tags traffic with the entered tag.
4095	Virtual guest tagging (VGT)	Virtual machines handle VLANs. The virtual switch passes traffic from any VLAN.

Enhanced LACP support for vDS supports the following load-balancing modes (hashing algorithms):

Destination IP address
Destination IP address and TCP/UDP port
Destination IP address and VLAN
Destination IP address, TCP/UDP port, and VLAN
Destination MAC address
Destination TCP/UDP port
Source IP address
Source IP address and TCP/UDP port
Source IP address and VLAN
Source IP address, TCP/UDP port, and VLAN
Source MAC address
Source TCP/UDP port
Source and destination IP address
Source and destination IP address and TCP/UDP port
Source and destination IP address and VLAN
Source and destination IP address, TCP/UDP port, and VLAN
Source and destination MAC address
Source and destination TCP/UDP port
Source port ID
VLAN

Chapter 10

Table 10-4 Performance Chart Types

Chart Type	Description	Example
Line chart	Displays metrics for a single inventory object, where data for each metric is represented by a separate line.	For example, Aa network chart for a host can contain one line showing the number of packets received and another line showing the number of packets transmitted.
Bar chart	Displays metrics for objects, where each bar represents metrics for an object.	A bar chart can display metrics for datastores, where each datastore is represented as a bar. Each bar displays metrics based on the file type, such as virtual disk or snapshot.
Pie chart	Displays metrics for a single object, where each slice represents a category or child object.	A datastore pie chart can display the amount of storage space occupied by each virtual machine or by each file type.
Stacked Chart	Displays metrics for child objects.	A host’s stacked CPU usage chart displays metrics for the 10 virtual machines on the host that are consuming the most CPU. The Other amount displays the total CPU usage of the remaining virtual machines.

Table 10-6 CPU Performance Analysis

Symptoms	Likely Causes	Potential Solutions
Host: CPU usage is consistently high. Virtual machine: CPU usage is above 90%. CPU ready is above 20%. Application performance is poor.	The host has insufficient CPU resources to meet the demand. Too many virtual CPUs are running on the host. Storage or network operations are placing the CPU in a wait state. The guest OS generates too much load for the CPU.	Add the host to a DRS cluster. Increase the number of hosts in the DRS cluster. Migrate one or more virtual machines to other hosts. Upgrade the physical CPUs of the host. Upgrade ESXi to the latest version. Enable CPU-saving features such as TCP segmentation offload, large memory pages, and jumbo frames. Increase the amount of memory allocated to the virtual machines, which may improve cached I/O and reduce CPU utilization. Reduce the number of virtual CPUs assigned to virtual machines. Ensure that VMware Tools is installed. Compare the CPU usage of troubled virtual machines with that of other virtual machines on the host or in the resource pool. (Hint: Use a stacked graph.) Increase the CPU limit, shares, or reservation on the troubled virtual machine.
Host: Memory usage is consistently 94% or higher. Free memory is 6% or less. Virtual machine: Swapping is occurring. (Memory usage may be high or low.)	The host has insufficient memory resources to meet the demand.	Ensure that VMware Tools is installed and that the balloon driver is enabled for all virtual machines. Reduce the memory size on oversized virtual machines. Reduce the memory reservation of virtual machines where it is set higher than needed. Add the host to a DRS cluster. Increase the number of hosts in the DRS cluster. Migrate one or more virtual machines to other hosts. Add physical memory to the host.
Virtual machine: Memory usage is high. Guest OS: Memory usage is high. Paging is occurring.	The guest OS is not provided sufficient memory by the virtual machine.	Increase the memory size of the virtual machine.
Virtual machine: CPU ready is low. Guest OS: CPU utilization is high.	The guest OS is not provided sufficient CPU resources by the virtual machine.	Increase the number of CPUs for the virtual machine. Migrate the virtual machine to a host with faster CPUs.
Datastore: Space utilization is high.	Snapshot files are consuming a lot of datastore space. Some virtual machines are provisioned with more storage space than required. The datastore has insufficient storage space to meet the demand.	Delete or consolidate virtual machine snapshots. Convert some virtual disks to thin provisioned. Migrate one or more virtual machines (or virtual disks) to other datastores. Add the datastore to a Storage DRS datastore cluster. Add datastores with available space to the datastore cluster. Add more storage space to the datastore.
Disk: Device latency is greater than 15 ms.	Problems are occurring with the storage array.	Migrate the virtual machines to datastores backed by other storage arrays.
Disk: VMkernel latency is greater than 4 ms. Queue latency is greater than zero.	The maximum throughput of a storage device is not sufficient to meet the demand of the current workload.	Migrate the virtual machines to datastores backed by storage devices (LUNs) with more spindles. Balance virtual machines and their disk I/O across the available physical resources. Use Storage DRS I/O balancing. Add more disks (spindles) to the storage device backing the datastore. Configure the queue depth and cache settings on the RAID controllers. Adjust the Disk.SchedNumReqOutstanding parameter. Configure multipathing. Increase the memory size of the virtual machine to eliminate any guest OS paging. Increase the guest OS caching of disk I/O. Ensure that no virtual machine swapping or ballooning is occurring. Defragment guest file systems. Use eager zeroed thick provisioned virtual disks.
Network: The number of packets dropped is greater than zero. Latency is high. The transfer rate is low.	The maximum throughput of a physical network adapter is not sufficient to meet the demand of the current workload. Virtual machine network resource shares are too few. Network packet size is too large, which results in high network latency. Use the VMware AppSpeed performance monitoring application or a third-party application to check network latency. Network packet size is too small, which increases the demand for the CPU resources needed for processing each packet. Host CPU, or possibly virtual machine CPU, resources are not enough to handle the load.	Install VMware Tools on each virtual machine and configure the guest OS to use the best-performing network adapter driver (such as vmxnet3). Migrate virtual machines to other hosts or to other physical network adapters. Verify that all NICs are running in full duplex mode. Implement TCP Segmentation Offload (TSO) and jumbo frames. Assign additional physical adapters as uplinks for the associated port groups. Replace physical network adapters with high-bandwidth adapters. Place sets of virtual machines that communicate with each other regularly on the same ESXi host.
Performance charts are empty.	Some metrics are not available for pre-ESXi 5.0 hosts. Data is deleted when you remove objects to vCenter Server or remove them. Performance chart data for inventory objects that were moved to a new site by VMware vCenter Site Recovery Manager is deleted from the old site and not copied to the new site. Performance chart data is deleted when you use VMware vMotion across vCenter Server instances. Real-time statistics are not available for disconnected hosts or powered-off virtual machines. Non-real-time statics are rolled up at specific intervals. For example, 1-day statistics might not be available for 30 minutes after the current time, depending on when the sample period began. The 1-day statistics are rolled up to create one data point every 30 minutes. If a delay occurs in the roll-up operation, the 1-week statistics might not be available for 1 hour after the current time. It takes 30 minutes for the 1-week collection interval, plus 30 minutes for the 1-day collection interval. The 1-week statistics are rolled up to create one data point every two hours. If a delay occurs in the roll-up operations, the 1-month statistics might not be available for 3 hours. It takes 2 hours for the 1-month collection interval, plus 1 hour for the 1-week collection interval. The 1-month statistics are rolled up to create one data point every day. If a delay occurs in the roll-up operations, the statistics might not be available for 1 day and 3 hours. It takes 1 day for the past year collection interval, plus 3 hours for the past month collection interval. During this time, the charts are empty.	Upgrade hosts to a later version of ESXi. Allow time for data collection on objects that were recently added, migrated, or recovered to the vCenter Server. Power on all hosts and allow time for real-time statistics to collect. Allow time for the required roll-ups for non-real-time statistics.

Table 10-9 Key ESXTOP Panels and Metrics

Panel	Statistic	Description
CPU	%USED	Percentage of physical CPU core cycles used by the virtual machine.
CPU	%RUN	Percentage of total time scheduled for the virtual machine without accounting for hyperthreading, system time, co-stopping, and waiting: %RUN = 100% – %RDY – %CSTP – %WAIT
CPU	%RDY	Percentage of time the virtual machine was ready to run but was not provided CPU resources on which to execute. Indicator of CPU contention on the host.
CPU	%WAIT	Percentage of time the virtual machine spent in the blocked or busy wait state, including idle time. %WAIT includes %SWPWT.
CPU	%CSTP	Percentage of time a virtual machine spends in a ready, co-deschedule state. A high value indicates that the virtual machine’s multiple CPUs are in contention.
CPU	%SWPWT	Percentage of time a virtual machine spends waiting for the host to swap memory.
Memory	MEMSZ	Amount of physical memory allocated to a virtual machine: MEMSZ = GRANT + MCTLSZ + SWCUR + “Never Touched”
Memory	GRANT	Amount of guest physical memory mapped to a virtual machine
Memory	CNSM	Amount of the memory consumed by the virtual machine: CNSM = GRANT – Shared Memory
Memory	SWCUR	Amount of memory swapped by the virtual machine.
Memory	SWR/s	Rate at which the host swaps in memory from disk for the virtual machine.
Memory	OVHD	Amount of memory used for virtual machine overhead, which is memory charged to the virtual machine that is not used by the guest OS.
Virtual Machine Storage	READS/s	Number of read commands issued per second.
Virtual Machine Storage	WRITES/s	Number of write commands issued per second.
Virtual Machine Storage	MBREAD/s	Megabytes read per second.
Virtual Machine Storage	LAT/rd	Average latency (in milliseconds) per read.
Network	PKRRX/s	Number of packets received per second.
Network	MbTX/s	Megabits transmitted per second.
Network	%DRPTX	Percentage of transmit packets dropped. Indicates that the physical network adapter cannot meet the demand, perhaps due to load from other virtual machines.
Network	%DRPRX	Percentage of receive packets dropped. Indicates that insufficient CPU resources are available for network processing.

Table 10-13 ESXi Log Files

Component	Location	Description
VMkernel	/var/log/vmkernel.log	Data related to virtual machines and ESXi
VMkernel warnings	/var/log/vmkwarning.log	Data related to virtual machines
VMkernel summary	/var/log/vmksummary.log	Data related to uptime and availability statistics for ESXi
ESXi host agent	/var/log/hostd.log	Data related to the agent that manages and configures the ESXi host and its virtual machines
vCenter agent	/var/log/vpxa.log	Data related to the agent that communicates with vCenter Server
ESXi Shell	/var/log/shell.log	Data related to each command typed into the ESXi Shell as well as shell events
Authentication	/var/log/auth.log	Data related to event authentication for the local system
System messages	/var/log/syslog.log	General log messages that can be used for troubleshooting
Virtual machines	vmware.log located in the same folder as the virtual machine configuration file.	Data related to virtual machine power events, system failure information, tool status and activity, time sync, virtual hardware changes, vMotion migrations, machine clones, and more
Trusted infrastructure agent	/var/run/log/kmxa.log	Data related to the client service on the ESXi trusted host
Key provider service	/var/run/log/kmxd.log	Data related to the vSphere Trust Authority key provider service
Attestation service	/var/run/log/attestd.log	Data related to the vSphere Trust Authority attestation service
ESX token service	/var/run/log/esxtokend.log	Data related to the vSphere Trust Authority ESXi token service
ESX API forwarder	/var/run/log/esxapiadapter.log	Data related to the vSphere Trust Authority API forwarder
Quick Boot	/var/log/loadESX.log	Data related to restarting an ESXi host through Quick Boot

Table 10-14 vCenter Server Logging Options

Logging Option	Description
None (Disable Logging)	No vCenter Server logging occurs.
Error (Errors Only)	The vCenter Server collects only error entries in its log files.
Warning (Warning and Errors)	The vCenter Server collects warning and error entries in its log files.
Info (Normal Logging)	The vCenter Server collects information, warning, and error entries in its log files.
Verbose (Verbose)	The vCenter Server collects verbose, information, warning, and error entries in its log files.
Trivia (Extended Verbose)	The vCenter Server collects trivia, verbose, information, warning, and error entries in its log files.

Chapter 11

Table 11-2 Network Differences in vSAN and non-vSAN Clusters

Factor	vSAN Is Enabled	vSAN Is Not Enabled
Network used by vSphere HA	vSAN network	Management network
Heartbeat datastores	Any datastore, other than a vSAN datastore, that is mounted to multiple hosts in the cluster	Any datastore that is mounted to multiple hosts in the cluster
Host isolation criteria	Isolation addresses not pingable and vSAN storage network inaccessible	Isolation addresses not pingable and management network inaccessible

Table 11-4 Datastore Browser Options

Option	Description
Upload Files	Upload a local file to the datastore.
Upload Folder	Upload a local folder to the datastore.
Download	Download a file from the datastore to the local machine.
New Folder	Create a folder on the datastore.
Copy to	Copy selected folders or files to a new location on the datastore or on another datastore.
Move to	Move selected folders or files to a new location on the datastore or on another datastore.
Rename to	Rename selected files.
Delete	Delete selected folders or files.
Inflate	Convert a selected thin virtual disk to thick.

Table 11-5 Storage Filters

Filter	Description
config.vpxd.filter.vmfsFilter (VMFS filter)	Hides storage devices (LUNs) that are used by a VMFS datastore on any host managed by vCenter Server.
config.vpxd.filter.rdmFilter (RDM filter)	Hides storage devices (LUNs) that are used by an RDM on any host managed by vCenter Server.
config.vpxd.filter.sameHostsAndTransportsFilter (Same Hosts and Transports filter)	Hides storage devices (LUNs) that are ineligible for use as VMFS datastore extents because of incompatibility with the selected datastore. Hides LUNs that are not exposed to all hosts that share the original datastore. Hides LUNs that use a storage type (such as Fibre Channel, iSCSI, or local) that is different from the original datastore.
config.vpxd.filter.hostRescanFilter (Host Rescan filter)	Automatically rescans and updates VMFS datastores following datastore management operations. If you present a new LUN to a host or a cluster, the hosts automatically perform a rescan, regardless of this setting.

Table 11-7 SCSI over Fabric and NVMe over Fabric Comparison

Shared Storage Capability	SCSI over Fabric	NVMe over Fabric
RDM	Supported	Not supported
Coredump	Supported	Not supported
SCSI-2 reservations	Supported	Not supported
Shared VMDK	Supported	Not supported
vVols	Supported	Not supported
Hardware acceleration with VAAI plug-ins	Supported	Not supported
Default MPP	NMP	HPP (NVMe-oF targets cannot be claimed by NMP.)
Limits	LUNs=1024, paths=4096	Namespaces=32, paths=128 (maximum 4 paths per namespace in a host)

Chapter 12

Table 12-2 Sample ESXCLI Commands

Command	Description
esxcli system account add	Creates an ESXi host local user account
esxcli system account set	Configures an ESXi host local user account
esxcli system account list	Lists ESXi host local user accounts
esxcli system account remove	Deletes an ESXi host local user accounts
esxcli network ip dns server list	Lists the host’s DNS servers
esxcli network nic list	Lists the ESXi host’s physical network adapters
esxcli system settings advanced get /UserVars/ESXiShellTimeOut	Displays the shell interactive timeout for the host

Table 12-4 ESXi Lockdown Mode Behavior

Service	Normal Mode	Normal Lockdown Mode	Strict Lockdown Mode
vSphere Web Services API	All users, based on permissions	vCenter (vpxuser) Exception users, based on permissions vCloud Director (vslauser, if available)	vCenter (vpxuser) Exception users, based on permissions vCloud Director (vslauser, if available)
CIM providers	Users with administrator privileges on the host	vCenter (vpxuser) Exception users, based on permissions vCloud Director (vslauser, if available)	vCenter (vpxuser) Exception users, based on permissions vCloud Director (vslauser, if available)
DCUI	Users with administrator privileges on the host and users defined in the DCUI.Access advanced option	Users defined in the DCUI.Access advanced option Exception users with administrator privileges on the host	DCUI service is stopped
ESXi Shell (if enabled)	Users with administrator privileges on the host	Users defined in the DCUI.Access advanced option Exception users with administrator privileges on the host	Users defined in the DCUI.Access advanced option Exception users with administrator privileges on the host
SSH (if enabled)	Users with administrator privileges on the host	Users defined in the DCUI.Access advanced option Exception users with administrator privileges on the host	Users defined in the DCUI.Access advanced option Exception users with administrator privileges on the host

Chapter 13

Table 13-4 Lifecycle Manager Definitions

Term	Definition
Update	A software release that makes small changes to the current version, such as vSphere 7.0 Update 1, 7.0 Update 2, and so on.
Upgrade	A software release that introduces major changes to the software. For example, you can upgrade from vSphere 6.5 to 6.7 and 7.0.
Patch	A small software update that provides bug fixes or enhancements to the current version of the software, such as 7.0a, 7.0 Update 1a, and so on.
VIB (vSphere Installation Bundle)	The smallest installable software package (metadata and binary payload) for ESXi.
VIB metadata	An XML file that describes the contents of the VIB, including dependency information, textual descriptions, system requirements, and information about bulletins.
Standalone VIB	A VIB that is not included in a component.
Depot	The hosted version of updates provided by VMware, OEMs, and third-party software vendors, containing the metadata and the actual VIBs.
Offline bundle/offline depot	An archive (ZIP file) that contains VIBs and metadata that you use for offline patching and updates. A single offline bundle might contain multiple base images, vendor add-ons, or components.
OEM (original equipment manufacturer)	A VMware partner, such as Dell, HPE, or VMware Cloud on AWS.
Third-party software provider	A provider of I/O filters, device drivers, CIM modules, and so on.

Table 13-8 Collection Intervals

Collection Interval (Archive Length)	Collection Frequency	Default Behavior
1 day	5 minutes	Real-time (20-second) statistics are rolled up to create one data point every 5 minutes. The result is 288 data points every day. You can change the interval duration and archive length of the 1-day collection interval by configuring the statistics settings.
1 week	30 minutes	1-day statistics are rolled up to create one data point every 30 minutes. The result is 336 data points every week. You cannot change the default settings of the 1-week collection interval.
1 month	2 hours	1-week statistics are rolled up to create one data point every 2 hours. The result is 360 data points every month. You cannot change the default settings of the 1-month collection interval.
1 year	1 day	1-month statistics are rolled up to create one data point every day. The result is 365 data points each year. You can change the archive length of the 1-year collection interval by configuring the statistics settings.