Chapter 1
vSphere Overview, Components, and Requirements
This chapter covers the following topics:
This chapter contains information related to Professional VMware vSphere 7.x (2V0-21.20) exam objectives 1.1, 1.2, 2.1, 4.1, 4.1.1, 4.1.2, and 4.4.
This chapter introduces vSphere 7.0, describes its major components, and identifies its requirements.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should study this entire chapter or move quickly to the “Exam Preparation Tasks” section. In any case, the authors recommend that you read the entire chapter at least once. Table 1-1 outlines the major headings in this chapter and the corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Table 1-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundations Topics Section |
Questions Covered in This Section |
|---|---|
vSphere Components and Editions |
1, 2 |
vCenter Server Topology |
3, 4 |
Infrastructure Requirements |
5, 6 |
Other Requirements |
7, 8 |
VMware Cloud vs. VMware Virtualization |
9, 10 |
1. You plan to deploy vSphere 7.0 for three ESXi hosts and want to deploy the minimum vCenter Server edition that supports vMotion. Which vCenter Server edition do you choose?
Essentials
Essentials Plus
Foundation
Standard
2. You plan to deploy vSphere 7.0 and want to minimize virtual machine downtime by proactively detecting hardware failures and placing the host in Quarantine Mode or Maintenance Mode. Which feature do you need?
vSphere High Availability
Proactive HA
Predictive DRS
vCenter HA
3. You are preparing to deploy and manage a vSphere environment. Which vCenter Server component provides Security Assertion Markup Language (SAML) tokens?
vCenter Lookup Service
VMware Directory Service
tcServer
STS
4. You plan to deploy another vCenter Server in your vSphere 7.0 environment and want it to use an existing vSphere Single Sign-On domain. What should you do?
During vCenter Server deployment, join an existing SSO domain.
Prior to vCenter Server deployment, deploy an external PSC.
During vCenter Server deployment, connect to an external PSC.
Configure vCenter HA.
5. You plan to deploy a vCenter Server Appliance 7.0 instance to support 350 ESXi hosts and 4500 virtual machines. What is the minimum memory you should plan for the vCenter Server Appliance instance?
37 GB
56 GB
28 GB
19 GB
6. You are interested in booting your ESXi hosts using UEFI. Which of the following is a key consideration?
After installing ESXi 7.0, you can change the boot type between BIOS and UEFI by using the direct console user interface.
ESXi boot from UEFI is deprecated in ESXi 7.0.
After installing ESXi 7.0, you can change the boot type between BIOS and UEFI by using the vSphere Client.
After you install ESXi 7.0, changing the boot type between BIOS and UEFI is not supported.
7. You are planning the backup and recovery for a new vCenter Server Appliance instance using the file-based backup feature in the vCenter Server Appliance Management Interface. Which protocol is not supported?
NFS
FTP
HTTPS
SCP
8. When you are planning the procedures to manage a new vSphere 7.0 environment, which of the following is not a supported browser for the vSphere Client?
Microsoft Internet Explorer 11.0.96 for Windows users
Microsoft Edge 38 for Windows users
Safari 5.0 for Mac users
Firefox 45 for Mac users
9. You need to include on-premises cloud automation software to improve the delivery of IT services and applications in your vSphere-based SDDC. Which of the following should you choose?
VMware Cloud Assembly
VMware Service Broker
vCloud Director
vRealize Automation
10. You want a simple path to the hybrid cloud that leverages a common infrastructure and consistent operational model for on-premises and off-premises data centers. What should you use?
vRealize Suite
VCF
vCloud Director
Cloud Automation
Foundation Topics
vSphere Components and Editions
VMware vSphere is a suite of products that you can use to virtualize enterprise data centers and build private clouds.
vSphere Components
Table 1-2 describes the installable VMware products that are the core components in a vSphere environment.
Table 1-2 Installable Core vSphere Components
Component |
Description |
|---|---|
vCenter Server |
The major management component in the vSphere environment. Its services include vCenter Server, vSphere Web Client, vSphere Auto Deploy, vSphere ESXi Dump Collector, and the components that were associated with the Platform Services Controller in prior versions: vCenter Single Sign-On, License Service, Lookup Service, and VMware Certificate Authority. |
ESXi Server |
The physical host (including the hypervisor) on which virtual machines run. |
Some optional vSphere features require the deployment of additional components and specific vSphere or vCenter Server editions. Table 1-3 describes two of these optional components, which require the deployment of additional virtual appliances.
Table 1-3 Optional vSphere Components
Optional Component |
Description |
|---|---|
vSphere Replication |
An extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. |
vCenter High Availability |
A component that provides protection for vCenter Server Appliance against host, hardware, and application failures. Provides automated active/passive failover with minimal downtime. It can also be used to significantly reduce downtime when you patch vCenter Server Appliance. |
Many vSphere features, such as those described in Table 1-4, require specific vSphere configuration, and some require specific licensing, but they do not require the installation or deployment of additional software or virtual appliances.
Table 1-4 Available vSphere Features
Available vSphere Features |
Description |
|---|---|
vCenter Appliance File-Based Backup and Restore |
A feature introduced in vSphere 7.0 that enables you to back up and restore the vCenter Server Appliance instances. |
vMotion |
A feature that provides live virtual machine migrations with negligible disruption from a source ESXi host to a target ESXi host. |
A feature provides automated failover protection for VMs against host, hardware, network, and guest OS issues. In the event of host system failure, it performs cold migrations and restarts failed VMs on surviving hosts. |
|
A feature that places and starts VMs on appropriate ESXi hosts and hot-migrates VMs using vMotion when there is contention for compute resources. |
|
Storage vMotion |
A feature that performs live migrations with negligible disruption of VMs from a source datastore to a target datastore. |
Fault Tolerance (FT) |
A feature that provides automated live failover protection for VMs against host, hardware, network, and guest OS issues. |
Distributed Power Management (DPM) |
A feature that optimizes power consumption in an ESXi cluster. |
A feature that minimizes VM downtime by proactively detecting hardware failures and placing the host in Quarantine Mode or Maintenance Mode. |
|
Content library |
A centralized repository used manage and distribute templates, ISO files, scripts, vApps, and other files associated with VMs. |
Host profiles |
A feature that provides a means to apply a standard configuration to a set of ESXi hosts. |
The add-on products in Table 1-5 are commonly used in a vSphere environment and are discussed in this book. These products can be sold separately from vSphere.
Table 1-5 Add-on Products
Product |
Description |
|---|---|
vSAN |
A product that provides a SAN experience to your vSphere environment, leveraging local storage in the ESXi hosts. It tightly integrates with vSphere and is the leading Hyper-Converged Infrastructure (HCI) solution for providing a flash-optimized, secure, and simple-to-use SAN. |
NSX |
A product that adds software-based virtualized networking and security to a vSphere environment. |
vRealize Suite |
A suite of products that add operations (vRealize Operations Manager), automation (vRealize Automation), and orchestration (vRealize Orchestrator) to a vSphere environment. |
Note
Although it is an add-on product, vSAN is covered in the VCP-DCV certification exam and in this book.
The vSphere Host Client is a web-based interface provided by each ESXi host. It is available immediately following the installation of a host. Its primary purpose is to provide a GUI for configuration, management, and troubleshooting purposes when vCenter Server is not available. For example, during the implementation of a new vSphere environment, you could use the vSphere Host Client to create virtual machines for running DNS, Active Directory, and vCenter Server databases prior to deploying vCenter Server. As another example, you could use the vSphere Host Client to power down, troubleshoot, reconfigure, and restart the vCenter Server virtual machine.
The HTML5-based vSphere Client is the preferred web-based GUI for managing vSphere. It is provided by services running in the vCenter Server. The flash-based vSphere Web Client used in previous vSphere versions has been deprecated and is no longer available.
Editions and Licenses
VMware vSphere comes in many editions, and each edition is intended to address specific use cases by providing specific features. When planning for a vSphere environment, you should prepare to procure at least three line items: a vCenter Server license, a vSphere license, and support for the environment. The vCenter Server license line item should identify the desired edition and quantity (that is, the number of vCenter Server instances).
Table 1-6 provides a summary of the features that are provided with each edition of vCenter Server 7.
Table 1-6 vCenter Server Editions
Feature |
Essentials |
Essentials Plus |
Foundation |
Standard |
|---|---|---|---|---|
Number of ESXi hosts |
3 (2 CPU max) |
3 (2 CPU max) |
4 |
2000 |
vCenter License |
Packaged with vSphere license in Essentials |
Packaged with vSphere license in Essentials Plus |
Sold separately from vSphere license |
Sold separately from vSphere license |
Basic vCenter features, like single pane of glass management, Lifecycle Manager, and VMware Converter |
Supported |
Supported |
Supported |
Supported |
Common vCenter features like vMotion, vSphere HA, and vSphere Replication |
Not supported |
Supported |
Supported |
Supported |
Advanced features like vCenter Server High Availability (VCHA) and vCenter Server Backup and Restore |
N/A |
N/A |
N/A |
Supported |
You need to obtain a vSphere license in order to apply to license physical CPUs on your ESXi hosts. Starting with vSphere 7.0, one vSphere CPU license covers up to 32 cores. If a CPU has more than 32 cores, you need additional CPU licenses. The number of vSphere CPU licenses consumed by an ESXi host is determined by the number of physical CPUs on the host and the number of cores in each physical CPU. For example, you can assign a vSphere license for 10 32-core CPUs to any of the following combinations of hosts:
Five hosts with 2 CPUs and 32 cores per CPU
Five hosts with 1 CPU with 64 cores per CPU
Two hosts with 2 CPUs and 48 cores per CPU and two hosts with 1 CPU and 20 cores per CPU
The major editions of vSphere 7.0 are Standard and Enterprise Plus. Other editions may be licensed in different manners than the major editions. For example, the vSphere Desktop edition (for VDI environments) and VMware vSphere Remote Office Branch Office (for IT remote sites) are licensed per virtual machine.
Table 1-7 lists some of the features that are provided with the major editions of vSphere 7.0.
Table 1-7 Features in vSphere Editions
Feature |
Standard |
Enterprise Plus |
|---|---|---|
vSphere HA, vSphere Replication, Storage vMotion, Quick Boot, vCenter Backup and Restore, vVols |
Supported |
Supported |
Distributed Switch, Proactive HA, NIOC, SIOC, Storage DRS, DRS, DPM, VM Encryption, Cross-vCenter vMotion, Long Distance vMotion, vTrust Authority, SR-IOV, vSphere Persistent Memory |
Not supported |
Supported |
vSphere Fault Tolerance |
Supported up to 2 vCPUs |
Supported up to 8 vCPUs |
vCenter Server Topology
This section describes the architecture for the vCenter Server.
vSphere 6.x supports multiple vCenter Server topologies and configurations, involving components and technologies such as vCenter Server Appliance, vCenter Server for Windows, embedded database (PostgreSQL), external (SQL Server or Oracle) database, external Platform Services Controller (PSC), embedded PSC, Enhanced Linked Mode, and Embedded Linked Mode. In vSphere 7.0, the vCenter Server configuration and topology are much simpler.
Beginning in vSphere 7.0, vCenter Server Appliance is required. Windows-based vCenter Servers are not supported. External PSCs are not supported. The services provided by PSC in prior vCenter Server versions are directly integrated into vCenter Server Appliance 7.0 and are no longer described as a part of the PSC in most documentation. For example, in vSphere 7.0, the Platform Services Controller Administration publication is replaced with the vSphere Authentication publication. Table 1-8 describes the main services in vCenter Server Appliance and related services in the ESXi host.
Table 1-8 Services in vCenter Server Appliance
Service |
Description |
|---|---|
vCenter Single Sign-On |
An authentication service that utilizes a secure token exchange mechanism rather than requiring components to authenticate users per component. |
Security Token Service (STS) |
A component that is part of vCenter Single Sign-On and provides SAML tokens to authenticate users to other vCenter components instead of requiring users to authenticate to each component. A user who authenticates to vCenter Single Sign-On is granted SAML tokens, which are then used for authentication. |
Administration server |
A component that provides vCenter Single Sign-On administration and configuration from the vSphere Client. |
vCenter Lookup Service |
A service that contains the topology of the vSphere infrastructure, allowing secure communication between vSphere components. |
VMware Directory Service |
The directory service for the vCenter Single Sign-On (SSO) domain (vsphere.local). |
vCenter Server plug-ins |
Applications that add functionality to vCenter. These usually consist of server and client components. |
vCenter Server database |
A database that contains the status of all virtual machines, ESXi hosts, and users. It is deployed via the vCenter Server deployment wizard. |
tcServer |
A service that is co-installed with vCenter and is used by web services such as ICIM/Hardware status, Performance charts, WebAccess, Storage Policy Based Services, and vCenter Service status. |
License Service |
A service that is used to store the available licenses and manage the license assignments for the entire vSphere environment. |
vCenter Server Agent |
A service that is installed on an ESXi host when that host is added to vCenter’s inventory. This service collects, communicates, and runs actions initiated from the vSphere Client. |
Host Agent |
An administrative agent installed with the ESXi installation. Responsible for collecting, communicating, and running actions initiated from the vSphere Host Client. |
If you upgrade or migrate a vCenter Server deployment that uses an external PSC, you must converge the PSC into a vCenter Server Appliance instance that you specify. In domains with multiple vCenter Server instances, you must identify the SSO replication partner for each subsequent vCenter Server. If you upgrade or migrate using the GUI-based installer, the wizard prompts you to specify the replication topology. If you upgrade or migrate using the CLI-based installer, you specify the replication topology using the JSON templates. During the upgrade or migration process, the new vCenter Server Appliance 7.0 incorporates the former PSC services, enabling you to decommission the original external PSC.
Single Sign-On (SSO) Domain
Each vCenter Server is associated with a vCenter Single Sign-On (SSO) domain, whose default name is vsphere.local. You can change the SSO domain name during deployment. The SSO domain is considered the local domain for authentication to vCenter Serve and other VMware products, such as vRealize Operations.
During vCenter Server Appliance deployment, you must create an SSO domain or join an existing SSO domain. The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring. You should give your domain a unique name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.
You can add users and groups to the SSO domain. You can add an Active Directory or LDAP identity source and allow the users and groups in that identity source to authenticate.
Enhanced Linked Mode
You can use Enhanced Linked Mode to link multiple vCenter Server systems. With Enhanced Linked Mode, you can log in to all linked vCenter Server systems simultaneously and manage the inventories of the linked systems. This mode replicates roles, permissions, licenses, and other key data across the linked systems. To join vCenter Server systems in Enhanced Linked Mode, connect them to the same vCenter SSO domain, as illustrated in Figure 1-1. Enhanced Linked Mode requires the vCenter Server Standard licensing level and is not supported with vCenter Server Foundation or vCenter Server Essentials. Up to 15 vCenter Server Appliance instances can be linked together by using Enhanced Linked Mode.
FIGURE 1-1 Enhanced Linked Mode with Two vCenter Server Appliance 7.0 Instances
vCenter HA
A vCenter HA cluster consists of three vCenter Server instances. The first instance, initially used as the Active node, is cloned twice to a Passive node and to a Witness node. Together, the three nodes provide an active/passive failover solution.
Deploying each of the nodes on a different ESXi instance protects against hardware failure. Adding the three ESXi hosts to a DRS cluster can further protect your environment.
When the vCenter HA configuration is complete, only the Active node has an active management interface (public IP address), as illustrated in Figure 1-2. The three nodes communicate over a private network called a vCenter HA network that is set up as part of the configuration. The Active node continuously replicates data to the Passive node.
FIGURE 1-2 vCenter Server HA Nodes
All three nodes are necessary for the functioning of this feature. Table 1-9 provides details for each of the nodes.
Table 1-9 vCenter HA Node Details
Node Type |
Description |
|---|---|
Active |
Is the active vCenter Server instance. Uses a public IP address for the management interface. Replicates data to the Passive node using the vCenter HA network. Communicates with the Witness node using the vCenter HA network. |
Passive |
Is cloned from the Active node. Uses the vCenter HA network to constantly receive updates from the Active node. Automatically takes over the role of the Active node if a failure occurs. |
Witness |
Is a lightweight clone of the Active node. Provides a quorum to protect against a split-brain situation. |
Infrastructure Requirements
This section describes some of the main infrastructure requirements that you should address prior to implementing vSphere.
Compute and System Requirements
When preparing to implement a vSphere environment, you should prepare sufficient supported compute (CPU and memory) resources, as described in this section.
vCenter Server
vCenter Server Appliance 7.0 can be deployed on ESXi 6.5 hosts or later, which can be managed by vCenter Server 6.5 or later.
To prepare for deployment of vCenter Server, you should plan to address the compute specifications listed in Table 1-10.
Table 1-10 Compute Specifications for vCenter Server Appliance
Component |
Number of CPUs |
Memory |
|---|---|---|
Tiny Environment Up to 10 hosts or 100 virtual machines |
2 |
12 GB |
Small Environment Up to 100 hosts or 1000 virtual machines |
4 |
19 GB |
Medium Environment Up to 400 hosts or 4000 virtual machines |
8 |
28 GB |
Large Environment Up to 1000 hosts or 10,000 virtual machines |
16 |
37 GB |
X-Large Environment Up to 2000 hosts or 35,000 virtual machines |
24 |
56 GB |
Note
If you want to have an ESXi host with more than 512 LUNs and 2048 paths, you should deploy a vCenter Server Appliance instance for a Large Environment or X-Large Environment component.
ESXi
To install ESXi 7.0, ensure that the hardware system meets the following requirements:
A supported system platform, as described in the VMware Compatibility Guide.
Two or more CPU cores.
A supported 64-bit x86 processor, as described in the VMware Compatibility Guide.
The CPU’s NX/XD bit enabled in the BIOS.
4 GB or more of physical RAM. (VMware recommends 8GB or more for production environments.)
To support 64-bit virtual machines, hardware virtualization (Intel VT-x or AMD RVI) enabled on the CPUs.
One or more supported Ethernet controllers, Gigabit or faster, as described in the VMware Compatibility Guide.
A SCSI disk or a local, non-network RAID LUN with unpartitioned space for the virtual machines.
For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board SATA controllers.
A boot disk of at least 8 GB for USB or SD devices and 32 GB for other HDD, SSD, NVMe, and other device types. The boot device must not be shared between ESXi hosts.
Note
SATA disks are considered remote, not local. These disks are not used as scratch partitions by default because they are considered remote. You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 7.0 host. To use the SATA CD-ROM device, you must use IDE emulation mode.
For vSphere 7.0, you should ensure that you meet the ESXi booting considerations:
You can boot using the Unified Extensible Firmware Interface (UEFI), which enables booting from hard drives, CD-ROM drives, or USB media.
VMware Auto Deploy supports network booting and provisioning of ESXi hosts with UEFI.
You have boot systems from disks larger than 2 TB if the system firmware add-in card firmware supports it, according to vendor documentation.
Note
Changing the host boot type between legacy BIOS and UEFI is not supported after you install ESXi 7.0.
Storage Requirements
When preparing to implement a vSphere environment, you should ensure that you have sufficient supported storage resources, as described in this section.
vCenter Server Appliance
As part of preparing for the deployment of vCenter Server Appliance, you should plan to address storage requirements. Table 1-11 lists the storage requirements for a vCenter Server Appliance instance. It allows for Lifecycle Manager, which runs as a service in vCenter Server Appliance.
Table 1-11 Storage Sizes for vCenter Server Appliance
Deployment Size |
Default Storage Size |
Large Storage Size |
X-Large Storage Size |
|---|---|---|---|
Tiny |
415 GB |
1490 GB |
3245 GB |
Small |
480 GB |
1535 GB |
3295 GB |
Medium |
700 GB |
1700 GB |
3460 GB |
Large |
1065 GB |
1765 GB |
3525 GB |
X-Large |
1805 GB |
1905 GB |
3665 GB |
ESXi
Installing ESXi 7.0 requires a boot device that is a minimum of 8 GB. Upgrading to ESXi 7.0 requires a 4 GB minimum boot device. When booting from a local disk, SAN, or iSCSI LUN, a 32 GB disk is required to allow for the creation of the boot partition, boot banks, and a VMFS_L ESX=OSData volume. The ESX-OSData volume replaces the legacy /scratch partition, VM-tools, and core dump location. If no local disk is found, ESXi 7.0 functions in degraded mode and places the /scratch partition on the ESXi host’s RAM disk and links it to /tmp/scratch. You can reconfigure /scratch to use a separate disk or LUN. For best performance and memory optimization, do not run the ESXi host in degraded mode. Likewise, when installing ESXi 7.0 on USB and SD devices, the installer attempts to allocate a scratch region on a local disk; otherwise, it places /scratch on the RAM disk.
Note
You cannot roll back to an earlier version of ESXi after upgrading. If you are concerned about upgrading, create a backup of the boot device prior to upgrading; if needed, you can restore from this backup after the upgrade.
The following are recommended for ESXi 7.0 installations:
8 GB USB drive or SD card with a 32 GB local disk: Boot partitions reside on USB or SD, and ESXi-OSData resides on a local disk.
Local disk with 32 GB minimum: This contains boot and ESX-OSData.
Local disk with 142 GB or more: This contains boot, ESX-OSData, and a VMFS datastore.
Network Requirements
This section describes some of the key networking requirements for a successful vSphere deployment.
Networking Concepts
In order to prepare for network virtualization in vSphere, you should understand some of the following concepts:
Physical network: This is a network of physical machines that are connected so that they can send data to and receive data from each other.
Virtual network: This is a network of virtual machines running on a physical machine that are connected logically to each other so that they can send data to and receive data from each other.
Opaque network: This is a network created and managed by a separate entity outside vSphere. For example, logical networks that are created and managed by VMware NSX appear in vCenter Server as opaque networks of the type nsx.LogicalSwitch. You can choose an opaque network as the backing for a VM network adapter. To manage an opaque network, use the management tools associated with the opaque network, such as VMware NSX Manager or the VMware NSX API management tools.
vSphere standard switch: This type of switch works much like a physical Ethernet switch. It detects which virtual machines are logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual machines. A vSphere standard switch can be connected to physical switches by physical Ethernet adapters, also referred to as uplink adapters.
VMkernel TCP/IP networking layer: This layer provides connectivity to hosts and handles the standard infrastructure traffic of vSphere vMotion, IP Storage, Fault Tolerance, and vSAN.
VMware recommends using network segmentation in vSphere environments for separating each type of VMkernel traffic and virtual machine traffic. You can implement network segments by using unique VLANs and IP subnets. Here is a set of commonly used network segments in vSphere:
Management
vMotion
vSphere Replication
vSphere High Availability Heartbeat
Fault Tolerance
IP Storage
Virtual Machine (typically segregated further by application or by other factors, such as test and production)
vCenter Server Network Requirements
Table 1-12 provides details for some of the required network connectivity involving vCenter Server. For each applicable connection, you should ensure that your network and firewall allow the described connectivity.
Table 1-12 Required Ports for vCenter Sever
Protocol/Port |
Description |
Required for |
|---|---|---|
TCP 22 |
System port for SSHD |
vCenter Server (Must be open for upgrade of the appliance.) |
TCP 80 |
Port for direct HTTP connections; redirects requests to HTTPS port 443 |
vCenter Server |
TCP 88 |
Required to be open to join Active Directory |
vCenter Server |
TCP/UDP 389 |
LDAP port for directory services for the vCenter Server group |
vCenter Server to vCenter Server |
TCP 443 |
Default port used by vCenter Server to listen for connections from the vSphere Web Client and SDK clients |
vCenter Server to vCenter Server |
TCP/UDP 514 |
vSphere Syslog Collector port for vCenter Server and vSphere Syslog Service port for vCenter Server Appliance |
vCenter Server |
TCP/UDP 902 |
Default port that the vCenter Server system uses to send data to managed hosts |
vCenter Server |
TCP 1514 |
vSphere Syslog Collector TLS port for vCenter Server |
vCenter Server |
TCP 2012 |
Control interface RPC for Single Sign-On |
vCenter Server |
TCP 2014 |
RPC port for VMware Certificate Authority (VMCA) APIs |
VMCA |
TCP/UDP 2020 |
Authentication framework management |
vCenter Server |
TCP 5480 |
vCenter Server Appliance Management Interface (VAMI) |
vCenter Server |
TCP/UDP 6500 |
ESXi Dump Collector port |
vCenter Server |
TCP 7080, 12721 |
Secure Token Service (internal ports) |
vCenter Server |
TCP 7081 |
vSphere Client (internal ports) |
vCenter Server |
TCP 7475, 7476 |
VMware vSphere Authentication Proxy |
vCenter Server |
TCP 8084 |
vSphere Lifecycle Manager SOAP port used by vSphere Lifecycle Manager client plug-in |
vSphere Lifecycle Manager |
TCP 9084 |
vSphere Lifecycle Manager Web Server Port used by ESXi hosts to access host patch files from vSphere Lifecycle Manager server |
vSphere Lifecycle Manager |
TCP 9087 |
vSphere Lifecycle Manager Web SSL port used by vSphere Lifecycle Manager client plug-in for uploading host upgrade files to vSphere Lifecycle Manager server |
vSphere Lifecycle Manager |
TCP 9443 |
vSphere Web Client HTTPS |
vCenter Server |
ESXi Network Requirements
Table 1-13 provides details about some of the required network connectivity involving ESXi. For each applicable connection, you should ensure that your network and firewall allow the described connectivity.
Table 1-13 Required Ports for ESXi
Protocol/Port |
Service |
Direction |
Description |
|---|---|---|---|
TCP 5988 |
CIM Server |
Inbound |
Server for Common Information Model (CIM) |
TCP 5989 |
CIM Secure Server |
Inbound |
Secure Server for CIM |
UDP 8301, 8302 |
DVSSync |
Inbound, outbound |
Used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled |
TCP 902 |
NFC |
Inbound, outbound |
ESXi uses Network File Copy (NFC) for operations such as copying and moving data between datastores |
UDP 12345, 23451 |
vSAN Clustering |
Inbound, outbound |
Used by vSAN nodes for multicast to establish cluster members and distribute vSAN metadata |
UDP 68 |
DHCP |
Inbound, outbound |
DHCP client for IPv4 |
UDP 53 |
DNS |
Inbound |
DNS client |
TCP/UDP 53 |
DNS |
Outbound |
DNS client |
TCP/UDP 8200, 8100, 8300 |
Fault Tolerance |
Inbound |
Traffic between hosts for vSphere Fault Tolerance (FT) |
TCP/UDP 80, 8200, 8100, 8300 |
Fault Tolerance |
Outbound |
Supports vSphere Fault Tolerance (FT) |
TCP 2233 |
vSAN Transport |
Inbound |
vSAN reliable datagram transport for vSAN storage I/O |
TCP 22 |
SSH |
Inbound |
SSH server |
TCP 902, 443 |
vSphere Web Client |
Inbound |
Allows user connections from vSphere Web Client |
TCP/UDP 547 |
DHCPv6 |
Outbound |
DHCP client for IPv6 |
UDP 9 |
WOL |
Outbound |
Wake-on-LAN |
TCP 3260 |
iSCSI |
Outbound |
Supports software iSCSI |
TCP 8000 |
vMotion |
Outbound |
Supports vMotion |
UDP 902 |
vCenter Agent |
Outbound |
Used by the vCenter Agent |
Infrastructure Services
In addition to providing the required compute, storage, and network infrastructure, you should provide supporting infrastructure services, such as Active Directory (AD), Domain Name System (DNS), and Network Time Protocol (NTP).
AD
In many vSphere environments, vCenter Single Sign-On (SSO) is integrated with directory services, such as Microsoft Active Directory (AD). SSO can authenticate users from internal users and groups, and it can connect to trusted external directory services such as AD. If you plan to leverage AD for an SSO identity source, you should ensure that the proper network connectivity, service account credentials, and AD services are available and ready for use.
If you plan to install vCenter Server for Windows and use AD identity sources, you should ensure that the Windows server is a member of the AD domain but is not a domain controller.
Note
If the system you use for your vCenter Server installation belongs to a workgroup rather than a domain, vCenter Server cannot discover all domains and systems available on the network when using some features.
DNS
You might want to assign static IP addresses and resolvable fully qualified domain names (FQDNs) to your vSphere components, such as vCenter Server and ESXi hosts. Before installing these components, you should ensure that the proper IP addresses and FQDN entries are registered in your DNS server. You should configure forward and reverse DNS records.
For example, prior to deploying vCenter Server Appliance, you should assign a static IP address and host name in DNS. The IP address must have a valid (internal) domain name system (DNS) registration. During the vCenter Server installation, you must provide the fully qualified domain name (FQDN)or the static IP. VMware recommends using the FQDN. You should ensure that DNS reverse lookup returns the appropriate FQDN when queried with the IP address of the vCenter appliance. Otherwise, the installation of the Web Server component that supports the vSphere Web client fails.
When you deploy vCenter Server Appliance, the installation of the web server component that supports the vSphere Web Client fails if the installer cannot look up the FQDN for the appliance from its IP address. Reverse lookup is implemented using PTR records. If you plan to use an FQDN for the appliance system name, you must verify that the FQDN is resolvable by a DNS server.
Starting with vSphere 6.5, vCenter Server supports mixed IPv4 and IPv6 environment. If you want to set up vCenter Server Appliance to use an IPv6 address version, use the FQDN or host name of the appliance.
It is important to ensure that each vSphere Web Client instance and each ESXi host instance can successfully resolve the vCenter Server FQDN. It is also important to ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all vSphere Web Client instances. Finally, It is important to ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all vSphere Web Clients.
NTP
It is important to provide time synchronization between the nodes. All vCenter Server instances must be time synchronized. ESXi hosts must be time synchronized to support features such as vSphere HA. In most environments, you should plan to use NTP servers for time synchronization. Prior to implementing vSphere, verify that the NTP servers are running and available.
Be prepared to provide the names or IP addresses for the NTP servers when installing vSphere components such as vCenter Server and ESXi. For example, during the deployment of vCenter Server Appliance, you can choose to synchronize time with NTP servers and provide a list of NTP server names or IP addresses, separated by commas. Alternatively, you can choose to allow the appliance to synchronize time with the ESXi host.
Note
If a vCenter Server Appliance instance is set for NTP time synchronization, it ignores its time_tools-sync Boolean parameter. Otherwise, if the parameter is TRUE, VMware Tools synchronizes the time in the appliance’s guest OS with the ESXi host.
Other Requirements
This section describes a few additional requirements for some of the optional components (refer to Table 1-3), available vSphere features (refer to Table 1-4), and add-on products (refer to Table 1-5).
Additional Requirements
The following sections describe some of the requirements for a variety of commonly used vSphere features.
User Interfaces
The vSphere Host Client and vSphere Client utilize HTML5. The flash-based vSphere Web Client is not supported in vSphere 7. For Windows users, VMware supports Microsoft Edge 38 and later, Microsoft Internet Explorer 11.0.96 and later, Mozilla Firefox 45 and later, Google Chrome 50 and later, and Safari 5.1 and later. For Mac users, VMware supports Safari 5.1 and later, Mozilla Firefox 45 and later, and Google Chrome 50 and later.
vCenter Server File-Based Backup and Restore
If you plan to schedule file-based backups using the VAMI, you must prepare an FTP, FTPS, HTTP, HTTPS, or SCP server with sufficient disk space to store the backups.
GUI Installer
You can use the GUI installer to interactively install vCenter Server Appliance. To do so, you must run the GUI deployment from a Windows, Linux, or Mac machine that is in the network on which you want to deploy the instance.
Distributed Power Management (DPM)
DPM requires the ability to wake a host from standby mode, which means it needs to be able to send a network command to the host to power on. For this feature, DPM requires iLO, IPMI, or a Wake-on-LAN (WoL) network adapter to be present in each participating host in the cluster. DPM must be supplied with the proper credentials to access the interface and power on the host.
vSphere Replication Requirements
In order to use vSphere Replication 8.3, you must deploy a vSphere Replication Management Service (VRMS) appliance. Optionally, you can add nine additional vSphere Replication Service (VRS) appliances. You should plan for the compute, storage, and network needs of these appliances.
The VRMS appliance requires two vCPUs and 8 GB memory. Optionally, you can configure it for 4 vCPUs. Each VRS appliance requires two vCPUs and 716 MB memory. The amount of CPU and memory resources consumed by the vSphere Replication agent on each host is negligible.
Each VRMS and VRS appliance contains two virtual disks whose sizes are 13 BG and 9 GB. To thick provision these virtual disks, you must provide 22 GB storage. If you do not reserve the memory, you should provide storage for the VRMS (8 GB) and VRS (716 MB each) swap files.
Each appliance has at least one network interface and requires at least one IP address. Optionally, you can use separate network connections to allow each appliance to separate management and replication traffic.
The main storage requirement for vSphere Replication is to support the target datastore to which the VMs will be replicated. At a minimum in the replication target datastore, you should provide enough storage to replicate each virtual disk, to support each replicated VM’s swap file, and to store each VM’s multiple point-in-time captures (snapshots).
vCenter High Availability Requirements
The minimum software version for the nodes in a vCenter HA cluster is vCenter Server 6.5. The minimum software versions for the environment (such as a management cluster) where the vCenter HA nodes live are ESXi 6.0 and vCenter Server 6.0. Although not required, VMware recommends that you use a minimum of three ESXi hosts with DRS rules to separate the nodes onto separate hosts. You must use a vCenter Server Appliance Small or larger deployment size (not Tiny) and a vCenter Server Standard (not Foundation) license. A single vCenter Server license is adequate for a single vCenter HA cluster. vCenter HA works with VMFS, NFS, and vSAN datastores.
You must configure the appropriate virtual switch port groups prior to configuring vCenter HA. The vCenter HA network connects the Active, Passive, and Witness nodes, replicates the server state, and monitors heartbeats. The vCenter HA network must be on a different subnet than the management network, must provide less than 10 ms latency between nodes, and must not use a default gateway. The vCenter HA and management network IP addresses must be static.
You can use the Set Up vCenter HA wizard in the vSphere Client to configure vCenter HA. You have the option to perform an automatic configuration or a manual configuration. The automatic configuration requires a self-managed vCenter Server rather than a vCenter Server that resides in a management cluster that is managed by another vCenter Server. The automatic configuration automatically clones the initial (Active node) vCenter Server to create the Witness and Passive nodes. The manual configuration requires you to clone the Active node yourself but gives you more control.
When configuration is complete, the vCenter HA cluster has two networks: the management network on the first virtual NIC and the vCenter HA network on the second virtual NIC.
SDDC Requirements
To build a software-defined data center (SDDC), you may plan to implement additional VMware products, such as vSAN, NSX, and vRealize Suite. Here are some of the requirements you should address.
vSAN
When preparing to implement vSAN, verify that the ESXi hosts meet the vSAN hardware requirements. All the devices, drivers, and firmware versions in your vSAN configuration must be certified and listed in the vSAN section of the VMware Compatibility Guide.
Table 1-14 lists the storage device requirements for vSAN hosts.
Table 1-14 Storage Device Requirements for vSAN Hosts
Component |
Requirements |
|---|---|
Cache |
One SAS or SATA solid-state disk (SSD) or PCIe flash device |
Virtual machine data storage |
For hybrid group configuration, at least one SAS or NL-SAS magnetic disk For all-flash group configuration, at least one SAS or SATA solid-state disk (SSD) or PCIe flash device |
Storage controllers |
One SAS or SATA host bus adapter (HBA) or a RAID controller that is in passthrough mode or RAID 0 mode |
You need to prepare a network for vSAN traffic. This is the network in which you will connect a VMkernel network adapter for each ESXi host. For non-stretched vSAN clusters, the network should provide a maximum round-trip time (RTT) of 1 ms.
NSX
When preparing to implement NSX, ensure that you address the hardware and network latency requirements.
A typical NSX Data Center for vSphere (NSX-V) implementation involves deploying NSX Manager, three NSX Controller instances, and one or more NSX Edge instances. Table 1-15 lists the hardware requirements for these NSX-V Version 6.4 devices.
Table 1-15 Hardware Requirements for NSX Appliances
Appliance |
Memory |
vCPUs |
Disk Space |
|---|---|---|---|
NSX Manager |
16 GB |
4 or 8 |
60 GB |
NSX Controller |
4 GB |
4 |
28 GB |
NSX Edge |
Compact: 512 MB Large: 1 GB Quad Large: 2 GB X-Large: 8 GB |
Compact: 1 Large: 2 Quad Large: 4 X-Large: 6 |
X-Large: 2.75 GB Other: 1 GB |
You should ensure that the network latency is no higher than 150 ms RTT for NSX Manager connections with NSX Controller instances, vCenter Server, and ESXi hosts.
vRealize Suite
vRealize Operations (vROps) is a tool that provides monitoring of and analytics for a vSphere environment. It provides smart alerts and also identifies undersized or oversized virtual machines. Many businesses use vROps to improve the operation of vSphere and SDDC. They use it for many other purposes, such as capacity planning, proactively remediating issues, reclaiming wasted resources, and compliance.
vRealize Automation is cloud automation software that speeds up the delivery of infrastructure and application resources on-premises and in the public cloud. It provides self-service and policy-based automation. Many businesses use vRealize Automation to automate processes and improve the delivery of IT services and applications.
vRealize Network Insight (vRNI) is a tool that can collect details and flows from physical and virtual network infrastructure. You can use it to help plan and monitor a software-defined network. Many businesses use vRNI for microsegmentation planning and network troubleshooting in an SDDC.
vRealize Log Insight (vRLI) is a tool that can collect and analyze logs from vSphere components, virtual machines, physical machines, and the entire infrastructure. Many businesses use vRLI to centrally collect and analyze logs from the entire SDDC.
VMware Cloud vs. VMware Virtualization
This section provides brief explanations of virtualization and cloud technologies.
Server Virtualization
VMware vSphere 7.0 is the industry-leading virtualization and cloud platform. It provides virtualization (abstraction, pooling, and automation) of x86-64 based server hardware and related infrastructure, such as network switches. It provides live workload migrations, high availability, and efficient management at scale in a secured infrastructure.
VMware SDDC
A software-defined data center (SDDC) is a data center that leverages logical infrastructure services that are abstracted from the underlying physical infrastructure. It allows any application to run on a logical platform that is backed by x86-64, any storage, and any network infrastructure. Pioneered by VMware, a SDDC is the ideal architecture for private, public, and hybrid clouds. It extends virtualization concepts to all data center resources and services.
The SDDC includes compute virtualization (vSphere), network virtualization (NSX), and software-defined storage (vSAN and vVols) to deliver abstraction, pooling, and automation of the compute, network, and storage infrastructure services. It includes vRealize Automation and vRealize Operations to deliver policy-based automated management of the data center, services, and applications.
vCloud Suite and Private Clouds
VMware vCloud Suite is an enterprise-ready private cloud software suite that includes vSphere for data center virtualization and VMware vRealize Suite for cloud management.
VCF and Hybrid Clouds
A hybrid cloud is a cloud that is a combination of a private cloud, public cloud, and on-premises infrastructure. It is the result of combining any cloud solution with in-house IT infrastructure.
VMware Cloud Foundation (VCF) is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, networking, security, and cloud management to run enterprise apps in private or public environments. It delivers a simple path to the hybrid cloud by leveraging a common infrastructure and consistent operational model for on-premises and off-premises data centers.
VMC on AWS
VMware Cloud (VMC) on AWS is an integrated cloud offering jointly developed by AWS and VMware that provides a highly scalable, secure service that allows organizations to seamlessly migrate and extend their on-premises vSphere-based environments to the AWS cloud. You can use it to deliver a seamless hybrid cloud by extending your on-premises vSphere environment to the AWS cloud.
VMware vCloud Director
VMware vCloud Director is a cloud service-delivery platform used by some cloud providers to operate and manage cloud-based services. Service providers can use vCloud Director to deliver secure, efficient, and elastic cloud resources to thousands of customers.
Cloud Automation
VMware Cloud Assembly and VMware Service Broker are software as a service (SaaS) offerings that address similar use cases to the on-premises cases that VMware vRealize Automation addresses.
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have some choices for exam preparation: the exercises here, Chapter 15, “Final Preparation,” and the exam simulation questions on the companion website.
Review All the Key Topics
Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 1-16 lists these key topics and the page number on which each is found.
Complete Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the companion website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key” (also on the companion website), includes completed tables and lists to check your work.
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
Answer Review Questions
1. You plan to implement vSphere 7.0 and use vSphere Fault Tolerance to protect virtual machines with two vCPUs. Which is the minimum vSphere edition that you need?
vSphere Essentials Plus
vSphere Foundations
vSphere Standard
vSphere Enterprise Plus
2. You are planning to deploy vSphere 7.0. Where should you place VMware Directory Service?
Nowhere as VMware Directory Service is not used
In an external PSC
Either in an external PSC or in an embedded PSC
In vCenter Server
3. You are planning to deploy ESXi in a vSphere 7.0 environment and want to minimize memory per ESXi host. What is the minimum host memory that VMware recommends for a production environment?
4 GB
8 GB
16 GB
24 GB
4. You are planning to install vCenter Server 7.0 and want to use the GUI installer. Which of the following are supported locations from which to run the installer? (Choose two.)
The vSphere Host Client on an ESXi host
The vCenter Server Appliance Management Interface
Windows
Mac
5. Which of the following is the industry’s most advanced hybrid cloud platform?
VMware Cloud Assembly
VCF
VMC on AWS
vRealize Automation