Chapter 6

VMware Product Integration

This chapter covers the following topics:

This chapter contains information related to Professional VMware vSphere 7.x (2V0-21.20) exam objectives 2.2, 2.3, 2.4, and 2.5.

This chapter provides information on vSphere 7.0 integration with other VMware products, including vRealize Suite, Site Recovery Manager, Horizon, and NSX.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should study this entire chapter or move quickly to the “Exam Preparation Tasks” section. In any case, the authors recommend that you read the entire chapter at least once. Table 6-1 outlines the major headings in this chapter and the corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.

Table 6-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

vSphere Add-ons

1

vRealize Suite

2-3

Desktop and Application Virtualization

4-6

Replication and Disaster Recovery

7

Private Public and Hybrid Clouds

8-9

Networking and Security

10

1. You want to streamline the development of modern applications using a familiar single stack for containers and virtual machines. Which of the following products should you use?

  1. VMware Horizon

  2. VMware App Volumes

  3. VMware AppStack

  4. vSphere with Tanzu

2. You want to provide continuous performance optimization and intelligent remediation in your vSphere software-defined data center. Which one of the following products should you use?

  1. vRLI

  2. vROps

  3. vRA

  4. vRNI

3. You want to decrease time and effort spent on root cause analysis in your data center. Which of the following products should you use?

  1. vRLI

  2. vROps

  3. vRA

  4. vRNI

4. You want to deliver VDI using stateless virtual desktops and just-in-time delivery of user profile data and applications. Which products should you choose? (Choose two.)

  1. VMware Horizon

  2. VCF

  3. vSphere Replication

  4. HCX

  5. App Volumes

5. You want to use App Volumes in your Horizon VDI environment. Which other environments can benefit from App Volumes? (Choose two.)

  1. VCF

  2. VMware on AWS

  3. Azure VMware Solution

  4. Citrix XenApp

  5. RDSH

6. You want to provide replication for your vSphere virtual machines to a remote site. Which of the following includes the required software?

  1. Site Recovery Manager

  2. vRealize Suite

  3. vSphere Foundations

  4. vSphere Standard

7. Which of the following are use cases for VMware Site Recovery Manager? (Choose two.)

  1. Replicate data

  2. Planned migrations

  3. Disaster recovery

  4. VDI

  5. Data center automation

8. You want to use a platform that provides Cloud Builder and SDDC Manager. Which product should you choose?

  1. HCX

  2. vRealize Automation

  3. VCF

  4. vRNI

9. You want to implement a workload mobility platform that simplifies application migration, workload rebalancing, and business continuity across hybrid clouds. Which product should you implement?

  1. HCX

  2. vRealize Automation

  3. VCF

  4. vRNI

10. You want to adopt zero-trust security and automated network deployment. Which of the following products should you use?

  1. VMware NSX

  2. HCX

  3. VCF

  4. AppDefense

Foundation Topics

vSphere Add-ons

This section addresses the following products that are directly related to vSphere but are not covered in other chapters of this book:

  • vSphere with Tanzu: A vSphere edition that natively provides support for containers in the hypervisor

  • vCenter Converter: A product that facilitates the conversion of physical and other servers into virtual machines running in vSphere

  • vSphere Replication: A virtual machine replication feature that is included with specific vSphere editions

  • VMware Skyline: A proactive support offering for many VMware products, including vSphere

vSphere with Tanzu

By using vSphere with Tanzu, you can implement vSphere as a platform for natively running Kubernetes workloads. When enabled on a vSphere cluster, vSphere with Tanzu enables you to run Kubernetes workloads directly in the ESXi hypervisor and create Kubernetes clusters using dedicated resource pools. This works by creating a Kubernetes control plane directly in the hypervisor. A vSphere cluster that is enabled with vSphere for Kubernetes is called a supervisor cluster. The supervisor cluster runs on top of ESXi for compute, NSX-T Data Center for networking, and vSAN (or another shared storage solution) for storage.

With a Kubernetes control plane, you can create namespaces on the supervisor cluster, run containers in vSphere pods, and manage Kubernetes clusters using Tanzu Kubernetes Grid Service. A vSphere pod is a specialized virtual machine for running containers. In vSphere, you can manage and monitor vSphere pods and Tanzu Kubernetes clusters running in different namespaces.

vSphere with Tanzu Use Cases
Images

  • vSphere with Tanzu is commonly used to provide a familiar single stack for containers and virtual machines and to streamline development of modern applications.

vSphere with Tanzu Integration

To use vSphere with Tanzu, the main step is to install vSphere 7 with Kubernetes instead of installing vSphere 7. To run Kubernetes workloads on a vSphere cluster, you must enable the cluster with vSphere with Tanzu. In the vSphere Client, select Workload Management, select a vCenter Server, select Enable, select a cluster, and complete the wizard. In the wizard, you need to configure the cluster, network, and storage settings.

vCenter Converter

VMware vCenter Converter (also called Converter Standalone) is a free solution that automates the process of converting existing Windows and Linux machines into virtual machines running in a vSphere environment. The source machines can be physical servers or virtual machines in non-ESXi environments. You can use Converter to convert virtual machines running in VMware Workstation, VMware Fusion, Hyper-V, and Amazon EC2 Windows to virtual machines running in vSphere.

With Converter, you can hot clone Windows servers without disrupting users of the source Windows Server. With hot cloning, you can minimize downtime when converting existing Windows and Linux servers to virtual machines running in vSphere.

Converter offers a centralized management console that allows users to queue and monitor multiple simultaneous remote and local conversions.

vCenter Converter Use Cases

The following list identifies common use cases for vCenter Converter.

  • Creation of virtual machine templates based on existing servers

  • Physical-to-virtual server conversions

  • Virtual machine migrations from non-vSphere environments

vCenter Converter Integration

Converter is a standalone product that you can install on a Windows system. You can install it locally on a Windows desktop or on a server instance. To enable remote creation and management of tasks, you can install Converter’s server and worker components on a Windows server in your data center and install the client component on multiple desktops. The server component installs an agent component on each Windows source machine prior to hot cloning.

In the Converter user interface, you can specify a vCenter Server as the destination for a conversion operation. You must provide credentials with sufficient privileges to create the virtual machine in the vSphere environment.

VMware vSphere Replication

VMware vSphere Replication is included in multiple editions of vSphere. See the section “Replication and Disaster Recovery,” later in this chapter, for details.

VMware SkyLine

VMware Skyline is a proactive support technology, developed by VMware Global Services, that is available to customers with an active Production Support or Premier Services agreement. Skyline helps you avoid problems before they occur and reduces the amount of time spent on support requests.

The Skyline architecture includes a standalone on-premises virtual appliance (Skyline Collector) for secure, automatic data collection. It also includes a self-service web portal (Skyline Advisor) for accessing your VMware inventory, proactive findings, recommendations, and risks. You can segment data by factors, such as region and lines of business. You can use VMware Cloud Services Console to control user access and permissions. With a Premier Services agreement, you can access executive summary reports and view more powerful recommendations.

You can use Skyline Advisor to access Skyline Log Assist, which automatically (with your permission) uploads support log bundles to VMware Technical Support and eliminates manual procedures for log gathering and uploading. If you approve the request in Skyline Advisor, the requested logs are automatically uploaded to VMware Support. Likewise, you can choose to proactively push log files to VMware Support by using Log Assist within Skyline Advisor.

VMware SkyLine Use Cases

Skyline is commonly used to avoid issues and streamline resolution in a vSphere environment.

VMware SkyLine Integration

See Chapter 10, “Managing and Monitoring Clusters and Resources,” for instructions on configuring vCenter Server integration with Skyline Health.

vRealize Suite

This section covers the vRealize Suite, which is a set of products that provides a layer for operations, automation, and analysis for software-defined data centers and hybrid clouds.

vRealize Operations Manager (vROps)

vRealize Operations Manager (vROps) provides operations management for private, hybrid, and multi-cloud environments in a single pane of glass. It offers full-stack visibility from physical, virtual, and cloud infrastructure to virtual machines, containers, and applications. vROps provides continuous performance optimization, efficient capacity planning, cost management, and integrated compliance. It offers self-driving operations and intelligent remediation. It is available as an on-premises offering and as an SaaS offering.

vROps provides intelligent alerts, trending, and forecasting functionality. It uses current, historical, and predicted data for capacity analysis. For example, it calculates and provides a Days Remaining metric for many managed objects, such as vSphere clusters and datastores. This metric represents the number of days until the resource is predicted to have insufficient capacity. vROps applies customizable policies for everything it does. For example, you can use policies to adjust headroom buffers and provisioning lead times that impact capacity analysis.

vROps provides many native dashboards for management and troubleshooting. In addition, it offers many management packs to extend its operations beyond just vSphere. For example, you can install VMware-provided and third-party management packs that support operations for vSAN, NSX, third-party network gear, third-party storage system, and third-party software applications. Each management pack has its own unique requirements, which typically include installing the pack and connecting it to a management endpoint for the managed entity.

vROps Use Cases

The following list identifies common uses cases for vROps:

Images

  • Continuous performance optimization

  • Integrated compliance

  • Next-generation operations platform

  • Capacity and cost management and planning

  • Intelligent remediation

vROps Integration

In the vROps user interface, you can use the Solutions page to add a vCenter Server adapter instance (cloud account). You configure the instance by providing the address and user credentials for connecting to vCenter Server. At a minimum, the user account must have Read privileges assigned at the data center or vCenter Server level. To collect virtual machine guest OS metrics, the credential must have Performance > Modify Intervals permission enabled in the target. Additional requirements exist to allow vROps to perform automated actions in vSphere.

vRealize Log Insight (vRLI)

vRealize Log Insight (vRLI) is a software product that provides intelligent log management for infrastructure and applications for any environment. It is a highly scalable log management solution that provides intuitive dashboards, analytics, and third-party extensibility. It collects and automatically identifies structure in all types of machine-generated log data, such as application logs, network traces, configuration files, messages, performance data, and system state dumps. It builds a high-performance index for performing analytics. It monitors and manages machine data at scale.

vRLI is especially useful in a large environment with multiple vCenter Server instances and complex infrastructure. You can configure vRLI to collect and analyze data from the vCenter Servers, ESXi hosts, guest OS, network infrastructure, storage infrastructure, and more. vRLI provides a single pane of glass you can use to analyze data from the entire stack when troubleshooting.

vRLI Use Cases

vRLI is commonly used to decrease time and effort spent on root cause analysis and to aid in centralized log management and analysis.

vRLI Integration

To collect alarms, events, and tasks data from a vSphere environment, you must connect vRealize Log Insight to one or more vCenter Server systems. vRLI can collect events, tasks, alerts, and other structured data directly from the vCenter Server. It can also collect unstructured data from ESXi hosts and the vCenter Server via syslog.

When connecting the vCenter Server to vRLI, you must provide a service account with appropriate privileges. To collect structured data from the vCenter Server, the service account must have the System.View privilege. To collect syslog data from ESXi hosts, the account must have the following privileges:

  • Host.Configuration.Change settings

  • Host.Configuration.Network configuration

  • Host.Configuration.Advanced Settings

  • Host.Configuration.Security Profile and Firewall

See the “vRealize Log Insight (vRLI)” section in Chapter 10 for instructions on configuring vRLI to integrate with vCenter Server.

vRealize Automation (vRA)

vRealize Automation (vRA) is an automation platform for private and multi-cloud environments. It delivers self-service automation, DevOps for infrastructure, and network automation that helps you increase your business’s agility, productivity, and efficiency. With vRA, your internal IT teams, DevOps engineers, developers, and others get the infrastructure, applications, and resources they need as a service with a public cloud–like experience. Customers benefit from increased speed, flexibility, reliability, and scalability, and you maintain security and control.

vRA 8.x includes vRA Cloud Assembly, vRA Service Broker, and vRA Code Stream.

You can use vRA Cloud Assembly to iteratively develop and deploy blueprints for your vSphere environment and other clouds. You can use vRA Service Broker to create, manage, and use self-service catalog items. You can use vRA Code Stream to create pipelines that automate your entire DevOps lifecycle, including automation of software testing and release.

With vRA Cloud Assembly, you can build blueprints that automatically provision virtual machines based on existing virtual machines and templates in your vSphere environment. In a blueprint, you define the provisioning method, such as full clone or linked clone. You can configure the blueprint to provision multiple virtual machines, applications, and networks. For example, you can develop a blueprint to deploy a multitier application involving multiple virtual machines, networks, and software components. You can publish the blueprints and use vRA Service Broker to make them available as a service in the self-service catalog. You can configure vRA to allow consumers to provision the multitier application and its networks on demand and to destroy it when it is no longer needed.

vRA Use Cases

The following list identifies common use cases for vRA.

Images

  • Self-service private and hybrid clouds: vRA provides a self-service catalog for delivering IaaS in your on-premises vSphere environment, private clouds built on VMware Cloud Foundation, and VMware Cloud Foundation on AWS.

  • Multi-cloud automation with governance: An organization that uses vRA can extend self-service automation to multiple public clouds, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

  • DevOps: vRA provides automation for continuous integration/continuous development (CI/CD) pipelines.

  • Kubernetes automation: vRA can be used to automate Kubernetes cluster and namespace provisioning management and support.

vRA Integration

To begin using vRA, you need to deploy a vRA instance to a management vSphere cluster. A vRA 8.x deployment typically involves three vRA virtual appliances and three VMware Identity Manager (vIDM) appliances. To facilitate the deployment of these appliances, you can deploy and use the vRealize Lifecycle Manager (LCM) appliance.

To provide vSphere automation using vRA 8.x, you need to add at least one vCenter cloud account. (In vRA 7.x, you create a vSphere endpoint.) The vCenter Server that you use for a cloud account manages the user workload vSphere clusters. The cloud account provides the credentials that vRA uses to connect to vCenter Server. Table 6-2 lists the required permissions for the vCenter cloud account.

Table 6-2 Required Permissions for the vCenter Cloud Account

Object

Permissions

Datastore

  • Allocate space

  • Browse datastore

  • Low level file operations

Datastore cluster

  • Configure a datastore cluster

Folder

  • Create folder

  • Delete folder

Global

  • Manage custom attributes

  • Set custom attribute

Network

  • Assign network

Permissions

  • Modify permission

Resource

  • Assign VM to resource pool

  • Migrate powered-off virtual machine

  • Migrate powered-on virtual machine

Content library

  • Add library item

  • Create local library

  • Create subscribed library

  • Delete library item

  • Delete local library

  • Delete subscribed library

  • Download files

  • Evict library item

  • Evict subscribed library

  • Probe subscription information

  • Read storage

  • Sync library item

  • Sync subscribed library

  • Type introspection

  • Update configuration settings

  • Update files

  • Update library

  • Update library item

  • Update local library

  • Update subscribed library

  • View configuration settings

Tags

  • Assign or unassign vSphere tag

  • Create a vSphere tag

  • Create a vSphere tag category

  • Delete vSphere tag

 

  • Delete vSphere tag category

  • Edit vSphere tag

  • Edit vSphere tag category

  • Modify UsedBy field for category

  • Modify UsedBy field for tag

vApp

  • Import

  • vApp application configuration.

Virtual machine inventory

  • Create from existing

  • Create new

  • Move

  • Remove

Virtual machine interaction

  • Configure CD media

  • Console interaction

  • Device connection

  • Power off

  • Power on

  • Reset

  • Suspend

  • Tools install

Virtual machine configuration

  • Add existing disk

  • Add new disk

  • Add or remove

  • Remove disk

  • Advanced

  • Change CPU count

  • Change resource

  • Extend virtual disk

  • Disk change tracking

  • Memory

 

  • Modify device settings

  • Rename

  • Set annotation

  • Settings

  • Swapfile placement

Virtual machine provisioning

  • Customize

  • Clone template

  • Clone virtual machine

  • Deploy template

  • Read customization specs

Virtual machine state

  • Create snapshot

  • Remove snapshot

  • Revert to snapshot

vRealize Orchestrator (vRO)

vRO is a modern workflow automation platform that simplifies complex infrastructure processes. It is a key component of vRA for providing custom workflows within on-demand services and providing anything as a service (XaaS). It can be used independently to run prebuilt workflows and to create custom workflows. It automates management and operational tasks of VMware and third-party systems, such as ticketing systems, change management systems, and IT asset management systems.

In a vSphere environment, you may frequently perform some operational tasks. For example, say that you frequently receive requests to support the update procedure for a complex application involving multiple virtual machines. For each update, you are required to take the following actions:

  • Shut down the virtual machines, one by one, in a specific order, ensuring that each shutdown operation completes prior to beginning the next shutdown.

  • Create a snapshot of each virtual machine.

  • Power on the virtual machines, one by one, in a specific order, ensuring that the guest OS and application services for each one are running prior to beginning the next power on.

  • Inform the application team that the application is ready for update.

  • Following a successful update, delete the snapshots.

With vRO, you can build workflows to automate all or portions of such an operation. For example, vRO provides out-of-the-box workflows for virtual machine power and snapshot operations. You can build a custom workflow that leverages the existing workflows as nested workflows. In the custom workflow, you can add data input, conditional paths, looping, and monitoring.

vRO Use Cases
Images

vRO is commonly used to orchestrate common vSphere operations tasks, orchestrate common data center infrastructure and application tasks, and provide XaaS for a vRA environment.

vRO Integration

You can configure vRO 8.x to use vRA authentication or vSphere authentication. To use vSphere authentication, in the vRO Control Center, set Configure Authentication Provider > Authentication Mode to vSphere and configure it to use the credentials of the local administrator account of the vCenter Single Sign-On (SSO) domain (administrator@vsphere.local by default). With vRO 8.x, you must use vCenter Server 6.0 or later. To add a vCenter Server instance, you run the provided Add a vCenter Server Instance workflow.

vRealize Network Insight (vRNi)

vRNi helps you build an optimized, highly available and secure network infrastructure for hybrid clouds and multi-clouds. It accelerates microsegmentation planning and implementation. It provides auditing for changes to the security posture and helps you ensure compliance. It facilitates troubleshooting across network infrastructure (virtual and physical) and security infrastructure.

vRNi provides network visibility and analytics to accelerate microsegmentation security, minimize risk during application migration, optimize network performance, and manage NSX, SD-WAN VeloCloud, and Kubernetes deployments.

vRNI Use Cases

The following list identifies common uses cases for vRNi.

  • Plan application security and migration: vRNi accelerates microsegmentation deployment for private clouds and public clouds.

  • Optimize and troubleshoot virtual and physical networks: vRNi enables you to reduce the mean time to resolution for application connectivity issues, eliminate network bottlenecks, and audit network and security changes.

  • Manage and scale NSX: vRNi covers multiple NSX Manager instances and increases your availability by proactively detecting configuration issues.

vRNI Integration

You can add VMware managers, such as vCenter Server, VMware NSX Manager, and VMware NSX-T Manager, to vRNI for data collection. To add a vCenter Server to vRNI as a data source, you need to have the following privileges applied and propagated at the root level:

  • System.Anonymous

  • System.Read

  • System.View

  • Global.Settings

To support IPFIX, you also need the Modify and Port Configuration Operation privilege on the distributed switches and Modify and Policy Operation on the distributed port groups.

To identify VM-to-VM paths, you must install VMware Tools in the virtual machines.

Desktop and Application Virtualization

This section addresses VMware products for desktop and application virtualization.

VMware Horizon

VMware Horizon is a platform for securely delivering virtual desktops and applications in private clouds and hybrid clouds. It enables provisioning and management of desktop pools that have thousands of virtual desktops each. It streamlines the management of images, applications, profiles, and policies for desktops and their users. It integrates with VMware Workspace ONE Access, which establishes and verifies end-user identity with multifactor authentication and serves as the basis for conditional access and network microsegmentation policies for Horizon virtual desktops and applications.

Horizon includes instant clones which work with VMware Dynamic Environment Manager and VMware App Volumes to dynamically provide just-in-time (JIT) delivery of user profile data and applications to stateless desktops.

Horizon provisions large pools of virtual desktops from a small set of base virtual desktops by integrating with vCenter Server. Horizon makes the provisioning requests, which are carried out by vCenter Server in the appropriate vSphere clusters. vSphere provides the environment, including the compute, storage, and network resources for running the virtual desktops. With vSphere DRS and vSphere HA, it provides load balancing and high availability.

VMware Horizon Use Cases
Images

The following list identifies common use cases for VMware Horizon.

  • Remote users

  • Kiosk and task users

  • Call center

  • Bring-your-own-device (BYOD) deployments

  • Graphics-intensive applications

VMware Horizon Integration

To get started with Horizon, in the vSphere environment, you need to prepare vSphere clusters to be used as resources for virtual desktop provisioning. You must add vCenter Server instances using the Horizon console. When adding the vCenter Server instance, you need to provide the vCenter Server address and appropriate user credentials. You can use the administrator account in the SSO domain (administrator@vsphere.local by default) or, preferably, an account that is assigned the minimum privileges. Table 6-3 provides the required privileges when you are not using instant clones. The use of instant clones requires additional privileges, such as all virtual machine configuration and inventory privileges.

Table 6-3 Required vCenter Server Privileges for Horizon (without instant clones)

Privilege Group

Privileges to Enable

Folder

  • Create Folder

  • Delete Folder

Datastore

  • Allocate space

Virtual Machine

In Configuration:

  • Add or remove device

  • Advanced

  • Modify device settings

 

In Interaction:

  • Power off

  • Power on

  • Reset

  • Suspend

  • Perform wipe or shrink operations

In Inventory:

  • Create new

  • Create from existing

  • Remove

In Provisioning:

  • Customize

  • Deploy template

  • Read customization specifications

  • Clone template

  • Clone virtual machine

Resource

Assign virtual machine to resource pool

Global

Act as vCenter Server

Host (for Storage Accelerator)

Advanced settings (in Configuration)

Profile Driven Storage (for vSAN or Virtual Volumes)

All privileges

App Volumes

VMware App Volumes is a set of application and user management solutions for VMware Horizon, Citrix Virtual Apps and Desktops, and Remote Desktop Services Host (RDSH) virtual environments. It streamlines your ability to deliver, update, assign, and manage applications and users across virtual desktop infrastructure (VDI) and published application environments. With App Volumes, you install an application once, using a provisioning computer, collect the application components in AppStacks, and centrally control the mapping of AppStacks to desktops.

AppStacks and companion writable volumes are stored in virtual disk files and attached to virtual machines to deliver applications. Updates to applications involve updating or replacing AppStacks or their mappings to desktops.

In RDSH environments, applications are installed on servers and delivered via Remote Desktop. Using App Volumes with RDSH simplifies the installation and management of the application on the server. Instead of attaching AppStacks to desktops, you attach AppStacks to RDSH servers and allow RDSH to deliver the application to the user.

App Volumes Use Cases
Images

The following list identifies common use cases for App Volumes.

  • Application virtualization in VMware Horizon VDI environments

  • Application virtualization in Citrix XenDesktop and XenApp environments

  • Virtualization for RDSH-delivered applications

App Volumes Integration

In the App Volumes management console, you can add and register a vCenter Server as a machine manager. To register vCenter Server and to allow App Volumes Manager to function, you must allow the privileges listed in Table 6-4.

Table 6-4 Required vCenter Server Privileges for App Volumes Manager

Privilege Group

Privileges to Enable

Datastore

  • Allocate space

  • Browse datastore

  • Low level file operations

  • Remove file

  • Update virtual machine files

Global

Cancel task

Host (Local Operations)

Reconfigure virtual machine

Sessions

View and stop sessions

Tasks

Create task

Virtual machine

In Configuration:

  • Add existing disk

  • Add new disk

 

  • Add or remove device

  • Query unowned files

  • Change resource

  • Remove disk

  • Settings

  • Advanced

In Inventory:

  • Create new

  • Move

  • Register

  • Remove

  • Unregister

In Provisioning:

  • Promote disks

Replication and Disaster Recovery

This section addresses VMware products for replication and disaster recovery.

vSphere Replication

vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. It provides virtual machine replication between the following source and destination combinations:

  • Data center to data center

  • Cluster to cluster within a data center

  • Multiple source sites to a shared target site

vSphere Replication provides a number of benefits over storage-based replication:

  • Lower cost per virtual machine

  • Flexibility in storage vendor selection at the source and target sites

  • Lower overall cost per replication

vSphere Replication is compatible with most vSphere features, including vMotion, Storage vMotion, vSphere HA, DRS, Storage DRS, vSAN, and DPM. It is not compatible with vSphere Fault Tolerance.

vSphere Replication Use Cases

vSphere Replication is commonly used for disaster recovery and for data center migrations.

vSphere Replication Integration

vSphere Replication does not require separate licensing. Instead, it is included as a feature of the following vSphere license editions, with no limit on the number of replicated virtual machines:

  • vSphere Essentials Plus

  • vSphere Standard

  • vSphere Enterprise

  • vSphere Enterprise Plus

A minimum vSphere Replication deployment involves a single virtual appliance per site that provides vSphere Replication Management Service (VRMS) and vSphere Replication Service (VRS). It requires that specific network ports—including TCP 80, 443, and 902—be open for ESXi hosts. Likewise, it requires TCP ports 80, 443, 10443, and 7444 to be open for the vCenter Server.

vSphere Replication provides hypervisor-based replication, in which a vSphere Replication agent in the hypervisor collects and transmits changed blocks to the target VRS appliance. The method is similar to the Change Block Tracking (CBT) feature in ESXi, but it is a mechanism that is unique to vSphere Replication and prevents compatibility issues with technologies leveraging CBT.

It is possible to connect up to nine virtual appliances running just VRS per vCenter Server instance. A single VRMS appliance and nine VRS appliances can work in unison to provide replication for a single vCenter Server environment for up to 2000 replicated virtual machines.

Prior to installing vSphere Replication, you need to set the vCenter Server advanced setting VirtualCenter.FQDN to the fully qualified domain name of the vCenter Server. To install vSphere Replication, you use the standard vSphere OVF deployment wizard in the vSphere Client. Then you use the vCenter Server Appliance Management Interface (VAMI) to register the appliance with vCenter Single Sign-On. Successful registration produces a Site Recovery option on the vSphere Client home page. To replicate between sites, you deploy vSphere Replication to both sites and configure a vSphere Replication connection between the sites, using the Site Recovery page in the vSphere Client.

Configuring vSphere Replication involves the following steps:

Step 1. In the vSphere Client, navigate to Home > Site Recovery > Open Site Recovery.

Step 2. Select a vSphere connected pair and click View Details.

Step 3. Click the Replications tab.

Step 4. Select Outgoing or Incoming and click the Create New Replication icon.

Step 5. Complete the wizard to configure the replication settings, such as those for the target, seed, recovery point objective (RPO), point in time instances, and quiescing options.

To recover a virtual machine, you follow these steps:

Step 1. In the vSphere Client, navigate to Home > Site Recovery > Open Site Recovery.

Step 2. Select a vSphere connected pair and click View Details.

Step 3. Click the Replications tab.

Step 4. Select a replication instance in the Incoming section.

Step 5. Click the Recover icon.

Step 6. Choose Synchronize Recent Changes (to perform a final synchronization) or Use Latest Available Data (to continue without performing a final synchronization).

Step 7. Optionally, select Power on the Virtual Machine After Recovery.

Step 8. Complete the wizard by selecting the target folder, compute resource, and other options.

You can leverage alarms in vCenter Server to get alerts about issues in vSphere Replication, such as issues with the connection, a VRS instance, or a specific replication. For example, you configure an alarm to be triggered whenever a configured replication exceeds the configured RPO.

Site Recovery Manager (SRM)

VMware Site Recovery Manager (SRM) is a business continuity solution that you can use to orchestrate planned migrations, test recoveries, and disaster recoveries. For data replication, SRM integrates with vSphere Replication and supported storage-based replication products. In SRM you can build recovery plans that include recovery steps, virtual machine priority groups, dependencies, IP address changes, and resource mappings. You can run a single plan in one of three modes:

  • Planned migration: In planned migration mode, SRM automatically shuts down the source virtual machines prior to migration, performs a final data synchronization, and stops if errors occur.

  • Disaster recovery: In disaster recovery mode, SRM attempts to shut down and synchronize the source virtual machines but continues with recovery.

  • Test: In test mode, SRM leaves the source machines running while it brings up another instance of each virtual machine, using snapshots at the recovery site in an isolated network. During a test recovery, the source machines continue to be replicated and protected. After a test recovery, you should run a cleanup to shut down and remove the target site snapshots.

SRM is tightly integrated with vSphere Replication in vSphere 7.0. To use SRM, you begin by navigating to Home > Site Recovery in the vSphere Client.

SRM Use Cases

SRM is commonly used for disaster recovery and data center migrations.

SRM Integration

Prior to installing SRM, you should implement a supported replication technology, such as EMC RecoverPoint or vSphere Replication. You need to deploy SRM to both the source and target sites. You can install a Windows-based version of SRM in a supported Windows server, or you can deploy the SRM virtual appliance. In most cases, you should deploy the SRM appliance, which includes an embedded vPostgreSQL database that supports a full-scale SRM environment.

At each site, you need to deploy an SRM server and register it with a vCenter Server. SRM requires a separate vCenter Server at the source site and at the target site.

SRM uses Transport Layer Security (TLS) and solution user authentication for secured connections with vCenter Server. It assigns a private key and a certificate to the solution user and registers it with the vCenter Single Sign-On service. When you pair SRM instances across vCenter Servers that do not use Enhanced Linked Mode, Site Recovery Manager creates an additional solution user at the remote site.

Private, Public, and Hybrid Clouds

This section addresses VMware products for private, public, and hybrid clouds.

VMware Cloud Foundation (VCF)

VCF is a hybrid cloud platform built on full-stack hyperconverged infrastructure (HCI) technology. It provides a single easy-to-deploy architecture that enables consistent, secure infrastructure and operations across private and public clouds.

VCF provides the following features:

  • Automated bring-up of the software stack, including vSphere, vCenter Server, vSAN, NSX-T, and vRealize Suite

  • Simplified provisioning in workload domains built on vSphere, vSAN, and NSX-T

  • Application-focused management, leveraging vSphere with Tanzu to support virtual machines and containers in the same platform

  • With Automated Lifecycle Management (LCM), simplified updates for all components in the stack

  • Multi-instance management, which allows multiple VCF instances to be managed together

The following are the main components in a private cloud powered by VCF 4.0:

  • Cloud Builder

  • SDDC Manager

  • vSphere

  • vSAN

  • NSX-T Data Center

  • vRealize Suite

Cloud Builder is the VCF component that automates the deployment of the entire software-defined stack. SDDC Manager is the VCF component that automates the entire system lifecycle and simplifies day-to-day management and operations.

The standard model for VCF uses separate virtual infrastructure domains for running management and user workloads. VCF also supports a consolidated model, in which the management and user workloads run in the same virtual infrastructure domain.

VCF Use Cases

VCF is commonly used for private clouds, hybrid clouds, modern applications, and VDI.

VCF Integration

To get started with VCF, you should prepare ESXi hosts for the implementation of the management domain, address network and environment prerequisites, fill in the deployment parameter workbook, deploy the VMware Cloud Builder appliance, and use Cloud Builder to deploy the management domain, including vCenter Server.

VMware Hybrid Cloud Extension (HCX)

VMware HCX is a workload mobility platform that simplifies application migration, workload rebalancing, and business continuity across on-premises data centers, private clouds, and hybrid clouds. HCX enables you to migrate thousands of virtual machines, migrate from non-vSphere platforms, upgrade vSphere versions, balance workload between on-premises and cloud, and implement replication to protect against disaster.

VMware HCX enables you to schedule and migrate thousands of vSphere virtual machines within and across data centers without requiring a reboot. HCX offers a number of services with each VMware HCX license (Advanced or Enterprise), as listed in Table 6-5.

Table 6-5 VMware HCX Services

Service

License

Description

Interconnect

Advanced

Creates secured connections between HCX instances, supporting migration, replication, disaster recovery, and management operations.

Deployed as a virtual appliance.

WAN Optimization

Advanced

Optimizes the performance of the connection provided by HCX Interconnect through a combination of deduplication, compression, and line conditioning techniques.

Deployed as a virtual appliance.

Network Extension

Advanced

Extends (that is, provides Layer 2 adjacency) the virtual machine networks between source and remote HCX-enabled environments.

Deployed as a virtual appliance.

Bulk Migration

Advanced

Migrates a set of virtual machines using VMware vSphere Replication in parallel between HCX-enabled sites.

vMotion Migration

Advanced

Migrates a single virtual machine between HCX-enabled sites with no service interruption, using vMotion.

Disaster Recovery

Advanced

Protects virtual machines from disaster by using replication and recovery.

Mobility Groups

Enterprise

Allows you to group virtual machines by application, network, or other aspects for migration and monitoring.

OS Assisted Migration

Enterprise

Leverages HCX Sentinel software in the guest OS to migrate Windows and Linux virtual machines to a vSphere-enabled data center.

Uses a gateway appliance at the source and a receiver appliance at the destination.

Replication Assisted vMotion (RAV)

Enterprise

Migrates a set of virtual machines in parallel, using VMware vSphere Replication and vMotion between HCX-enabled sites with no service interruption.

Site Recovery Manager (SRM) Integration

Enterprise

Integrates HCX functionality with the VMware SRM for protection and orchestrated recovery operations.

Traffic Engineering: Application Path Resiliency and TCP Flow Conditioning

Enterprise

Optimizes network traffic for HCX Interconnect and Network Extension services.

The Application Path Resiliency service creates multiple tunnel flows for both Interconnect and Network Extension traffic.

The TCP Flow Conditioning service adjusts and optimizes the segment size to reduce fragmentation and reduce the overall packet rate.

Mobility Optimized Networking (MON)

Enterprise

Integrates HCX Network Extension with NSX Dynamic Routing to enable optimal networking between migrated virtual machines and other virtual machines.

Works with new or existing network extensions to NSX-T 3.0 Data Center.
HCX Use Cases

HCX is commonly used for cloud adoption and migration, workload rebalancing, and business continuity.

HCX Integration

To integrate HCX into an on-premises vSphere environment, you need to implement HCX components that connect the environment to another environment, such as a hosted private cloud or hybrid cloud. The following are the key components, and their services are described in Table 6-5:

  • HCX Connector and HCX Cloud Installation

  • HCX-IX Interconnect Appliance

  • HCX WAN Optimization Appliance

  • HCX Network Extension Virtual Appliance

VMware HCX is used in VMware on AWS, Azure VMware Solution, and other hybrid cloud solutions.

VMware on AWS

VMware Cloud (VMC) on Amazon Web Services (AWS) is an integrated cloud offering jointly developed by AWS and VMware. You can migrate and extend your on-premises VMware vSphere-based environments to the AWS Cloud running on Amazon Elastic Compute Cloud (Amazon EC2). With VMC on AWS, you can deploy a software-defined data center (SDDC) on demand. You configure the network and security to suit your needs and then begin deploying virtual machines. VMware provides support for VMC on AWS. You can open the VMware Cloud Services console to get support.

VMC on AWS provides workloads with access to more than 175 AWS services, including database, AI/ML, and security services. It provides simplicity for hybrid cloud operations by enabling you to use the same VCF technologies (vSphere, vSAN, NSX, vCenter Server) across the on-premises environment and the AWS cloud. It does not require custom, on-premises hardware. It improves availability and accelerates cloud migration by enabling workloads to be directly migrated between an on-premises environment and AWS. To migrate virtual machines from an on-premises vSphere environment to VMC on AWS, you can perform a live migration via vMotion or use VMware HCX.

Azure VMware Solution

Azure VMware Solution combines VMware’s SDDC software with the Microsoft Azure global cloud service ecosystem to provide a hosted private cloud. Azure VMware Solution is managed to meet performance, availability, security, and compliance requirements. Currently, you cannot use on-premises vCenter Server to manage the hosted private cloud. Instead, you use vCenter Server and NSX Manager in a hosted private cloud.

You can set up VMware HCX for an Azure VMware Solution private cloud. HCX enables migration of VMware workloads to the cloud and other connected sites. If you meet standard cross-vCenter vMotion requirements, you can migrate on-premises virtual machines to the hosted private cloud. To configure HCX, you deploy an HCX virtual appliance in your on-premises vSphere environment and connect it to HCX in your hosted private cloud.

You can use Azure Migrate to migrate on-premises vSphere virtual machines to Azure.

Networking and Security

This section addresses VMware products for networking and security.

AppDefense

VMware AppDefense provides data center endpoint security that protects applications running in a virtualized environment. It learns good behavior for each of your virtual machines and applications so it can detect and respond to deviations from that good behavior. It can respond with actions on the virtual machine, such as blocking networking, suspending, quarantining, snapshotting, powering off, or killing a suspicious process in the guest OS.

AppDefense is a SaaS product that works with an on-premises virtual appliance and a vCenter Server plug-in. The on-premises virtual appliance connects to vCenter Server, NSX Manager, and other optional components. You can deploy an AppDefense module to each protected host. Likewise, you can deploy an AppDefense agent to guest operating systems. AppDefense can tie into provisioning systems such as vRealize Automation or Puppet to define appropriate and allowed behaviors.

AppDefense Use Cases
Images

The following list provides common use cases for AppDefense

  • Accelerate security operations

  • Protect critical workloads

  • Increase the security posture of every workload

  • Enhance the effectiveness of microsegmentation

App Defense Integration

AppDefense Appliance must be able to connect over the Internet with AppDefense Manager using TCP port 443.

To get started, you should subscribe to the AppDefense service, log on to the AppDefense Manager website, and download the AppDefense Appliance OVA file. Use the vSphere Client to deploy the appliance (by selecting Deploy OVF Template) into your management environment. Back in the AppDefense Manager website, choose Provision Appliance and identify the appliance name. The provisioning process generates an UUID, an API key, and a URL. Use a web browser to access the AppDefense Appliance GUI and register the appliance with the protected vCenter Server. In the registration wizard, provide the UUID and API key. You should deploy AppDefense Appliance for each protected vCenter Server.

When you deploy AppDefense Appliance, it registers with vCenter Server and collects inventory. You can then install the AppDefense host and guest modules. To install the host modules, download the vSphere Information Bundle (VIB) from AppDefense Manager and use the esxcli software vib install command.

To deploy the guest module to protected virtual machines, you must install VMware Tools, ensure that the virtual machine hardware version is 13 or later, and install the AppDefense host module to the host running the virtual machine. Use AppDefense Manager to select the virtual machine and then select Enable Guest Integrity. Finally, install the guest module in the guest OS. In Windows, use Control Panel > Programs and Features to modify the VMware Tools program and enable AppDefense.

NSX

VMware NSX Data Center (NSX) is a network virtualization and security platform that enables a software-defined approach to networking that extends across data centers, clouds, and application frameworks. NSX enables you to provision and manage networks independently of the underlying hardware, much as you do with virtual machines. You can reproduce a complex network in seconds and create multiple networks with diverse requirements.

NSX provides a new operational model for software-defined networking and extends it to the virtual cloud network. It provides a complete set of logical networking, security capabilities, and services, such as logical switching, routing, firewalling, load balancing, virtual private networking, quality of service (QoS), and monitoring.

VMware NSX-T Data Center (NSX-T) is the recommended product for practically all new virtualized networking use cases. Although it was originally developed for non-vSphere environments, it now supports vSphere. Most NSX customers are migrating or starting to consider migrating to NSX-T. The NSX-T platform provides the following components:

  • NSX-T managers

  • NSX-T edge nodes

  • NSX-T distributed routers

  • NSX-T service routers

  • NSX-T segments (logical switches)

Guest Module uses a data plane, a control plane, and a management plane.

NSX Use Cases
Images

The following list identifies the common uses cases for NSX.

  • Adopt zero-trust security

  • Multi-cloud networking

  • Automated network deployment

  • Network and security for cloud-native applications (containers)

NSX Integration

To prepare for an NSX-T installation, you need to meet the requirements for deploying its components, such as the NSX-T managers and edge nodes. Typically, a three-node NSX-T Manager cluster is deployed to a management vSphere cluster, and the NSX-T edges are deployed in a shared edge and compute cluster.

After deploying the required virtual appliances from OVF, you log in to NSX-T Manager and add a vCenter Server as a compute manager. When adding the vCenter Server compute manager, you should use the administrator account of the Single Sign-On domain (administrator@vsphere.local by default) or use a custom account configured with the appropriate privileges. Next, you deploy NSX-T edges to vSphere clusters managed by the vCenter Server and create the transport zones and transport nodes.

With NSX-T, you implement NSX-T Virtual Distributed Switches (N-VDS), which are logical switches that are decoupled from the vCenter Server to provide cross-platform support. They function much like a vSphere Distributed Switch (vDS), in that they provide uplinks to host physical NICs, multiple teaming policies, VLAN support, and more, but they can reside in a non-vSphere environment.

With vSphere 7.0 and NSX-T 3.0, you can run NSX-T directly on a vDS 7.0. This provides simpler integration in vCenter Server as well as some other benefits. When creating transport zone nodes on ESXi hosts, you can choose between N-VDS and VDS as the host switch type.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have some choices for exam preparation: the exercises here, Chapter 15, “Final Preparation,” and the exam simulation questions on the companion website.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 6-6 lists these key topics and the page number on which each is found.

Images

Table 6-6 Key Topics for Chapter 6

Key Topic Element

Description

Page Number

List

Use cases for vSphere with Tanzu

204

List

Use cases for vROps

207

List

Use cases for vRA

210

List

Use cases for vRO

214

List

Use cases for Horizon

216

List

Use cases for App Volumes

218

List

Use cases for AppDefense

227

List

Use cases for NSX

229

Complete Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the companion website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key” (also on the companion website), includes completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

vCenter Converter

Skyline

vRealize Log Insight (vRLI)

vRealize Automation (vRA)

VMware Horizon

App Volumes

vSphere Replication

Site Recovery Manager (SRM)

Review Questions

1. You want to build custom workflows to support XaaS. Which product should you use?

  1. vRLI

  2. vRO

  3. vROps

  4. App Volumes

2. You need to provide virtual desktops and applications to remote users and call centers. Which product should you implement?

  1. VCF

  2. vRealize Suite

  3. AppDefense

  4. Horizon

3. You want to configure vSphere Replication using the vSphere Client. Which of the following is the correct navigation path?

  1. Home > vCenter Server > vSphere Replication

  2. Home > Site Recovery > Open Site Recovery

  3. Home > Host and Clusters > Replications

  4. Home > Administration > Replication

4. Which of the following products provides connection, WAN optimization, and bulk migrations?

  1. vRealize Suite

  2. vSphere Replication

  3. SRM

  4. HCX

5. You want to provide data center endpoint security to protect applications running in a vSphere environment. Which one of the following products should you use?

  1. AppDefense

  2. HCX

  3. VCF

  4. vRealize Operations