802.1ax, 93
802.1q tagging attacks, 97
802.3ad, 93
absent component state, vSAN, 52
acceptance levels, ESXi hosts, 496
accessing
CIM, controlling access, 491–492
datastore browsers, controlling, 261
vCenter Server, restricting access, 261
accounts
vCenter Cloud account permissions, 210–213
VMware Certification accounts, 604
acknowledging triggered alarms, 399–400
active nodes, vCenter HA, 14
AD (Active Directory), 21
adapters
host physical network adapters, managing with vDS, 351
network adapters, 181
VMkernel network adapters, migrating to vDS, 352
security, 275
Skyline, 206
integration, 206
use cases, 206
vSphere Health and vSAN Health, 53
vCenter Converter, 205
use cases, 205
vendor add-ons, 534
vSphere Replication, 206, 219–220
use cases, 220
integration, 205
use cases, 204
administration
Administration server, vCenter Server, 11
vCenter Server
Administration server, 11
restricting access, 261
restricting administrative privileges, 260–261
admission control
HA, 371
VM resources, monitoring/managing, 390–391
advanced performance charts, 377–379
agents
Host Agent, 11
vCenter Server Agent, 11
alarms
actions, 401
advanced use cases, 401
triggered alarms, viewing/acknowledging, 399–400
alerts, 397
AMD, EVC modes, 133
anti-affinity rules, 83
Appliance Shell, patching, 554–556
appliances, vCenter Server
migrating vCenter Server for Windows to vCenter Server appliance, 522–524
applications
use cases, 218
use cases, 227
monitoring
VAMI, 396
vApps, 170
array-based failovers, iSCSI, 74
ATS (Atomic Test and Set), 70
ATS Only Flags, 70
attacks
802.1q tagging attacks, 97
denial-of-service attacks, 269
double-encapsulation attacks, 97
multicast brute-force attacks, 97
spanning tree attacks, 97
audit events, 397
authentication. See also authorization; security
account lockouts, ESXi, 485–487
LDAP authentication sources, 309–310
permissions, 242
changing validation settings, 502
global permissions, 476
roles, 475
smart cards, ESXi, 499
configuring, 305
enabling with Windows Session Authentication, 472–473
enabling/disabling users, 310–311
Enhanced Linked Mode, 474
STS management, 473
VMAFD, 236
vSphere Authentication Proxy, 257
Windows Session Authentication, enabling SSO, 472–473
authorization. See also authentication; security
permissions, 242
changing validation settings, 502
global permissions, 476
roles, 475
configuring, 305
enabling with Windows Session Authentication, 472–473
enabling/disabling users, 310–311
Enhanced Linked Mode, 474
STS management, 473
Auto Deploy
ESXi host installations, 292–297
security, 491
stateless caching, 292
automation
Automation Mode, DRS, 134
cloud automation, 28
SDRS
automation levels, 82
overriding datastore cluster automation, 448
average bandwidth, 101
Azure VMware Solution, 226–227
backups
vCenter Appliance File-Based Backup and Restore, 7
vCenter Server, 23, 514–517, 538–539
bandwidth
average bandwidth, 101
burst size, 101
inbound traffic shaping, 105
network resource pools, 106–108
peak bandwidth, 101
traffic shaping policies, 101
basic multicasting filtering, 116–117
block primitives
ATS, 70
ATS Only Flag, 70
Write Same (Zero), 71
XCOPY, 70
blocking ports, 105
boot devices, vSAN, 68
bootups
Secure Boot, ESXi, 258
branches, snapshot trees, 177
brute-force attacks (multicast), 97
burst size, 101
CA, VMCA as intermediate, 238–239
caching, stateless, 292
capacity reservation settings, vSphere HA, 420
CDP (Cisco Discovery Protocol), 117–118
certificates
client certificates
vCenter Server, 261
custom certificates, 241
VMCA, 237
ESXi, 240
changing certificate mode, 479–480
custom certificates, 480
expiration, 481
host certificate modes, 241, 242
switching to VMCA Mode, 480–481
machine SSL certificates, 240, 241
solution user certificates, 240–241
SSL certificates, verifying legacy ESXi hosts, 554
unsupported certificates, VMCA, 238
vCenter single sign-on SSL signing certificates, 240
solution user certificate stores, 240–241
VMAFD, 236
custom certificates, 237
management modes (recommended), 237–238
unsupported certificates, 238
vmdir, 236
vmdir SSL certificates, 240
vSphere Virtual Machine Encryption certificates, 240
certification
exam preparation
Pearson Vue, 604
VMware Certification accounts, 604
charts, performance, 375
advanced performance charts, 377–379
overview performance charts, 375–377
troubleshooting, 383
chipsets, 181
CIM, controlling access, 491–492
claim rules, multipathing management, 458
CLI (Command-Line Interfaces)
PowerCLI
client certificates
vCenter Server, 261
cold clones, 194
hot clones, 194
linked clones, 194
rapid provisioning VM with templates, 195
cloud computing
automation, 28
Azure VMware Solution, 226–227
hybrid clouds, 28
private clouds, 28
vCenter Cloud account permissions, 210–213
VMware vCloud Director, 28
VMware vCloud Suite, 28
datastore clusters
vSphere clusters versus, 131
hosts, moving into clusters, 251
images, importing/exporting, 538
SDRS datastore cluster automation, overriding, 448
user-defined vSAN clusters, 53
vCenter HA clusters, managing, 557–558
vSAN clusters
creating with Quickstart, 415
increasing space efficiency, 430–432
managing devices in clusters, 429–430
persistent logging in vSAN clusters, 68
requirements, 66
vSphere clusters
configuring, 130
configuring with Quickstart, 365–367
creating, 364
datastore clusters versus, 131
DRS, 130–131, 134–139, 152, 368, 369–370, 384–385
resource pools, 139–143, 368–369, 385–386
cold clones, 194
comments, RFC, 92
community nodes, PVLAN, 110
compatibility
hardware
compatibility checks, 537
VM
compatibility options, 578, 579–580
compliance
compliance status (VM), vSAN, 52
vROps, 275
components
vSAN component states
absent component state, 52
degraded component state, 52
vSphere
core components, 6
optional components, 6
compute requirements
Config-vVol, 73
connecting devices,VM security, 267
consoles, opening to VM, 569–570
consumed capacity, vSAN, 51
content libraries, 7, 171–173, 594–595
creating, 595
permissions, 597
publishing, 596
subscriptions, 596
synchronization options, 598
VM deployments, 599
converting VM to templates, 573
copying/pasting VM security, 267
CPU, 181
resources, adding to VM, 580–581
troubleshooting
usage, 380
utilization, 381
cross-datastore migrations, 186
cross-host migrations, 186
cross-vCenter Server migrations, 186–187
CSR (Certificate Signing Requests), 238–239
customizing
certificates, 241
ESXi certificates, 480
VMCA, 237
TCP/IP stacks, 122
NSX, requirements, 26
vRealize Suite, requirements, 26–27
vSphere Client data center-level management, 111
Data Locality, vSAN, 57
data transfers, vCenter Server, 519
database files, 179
databases, vCenter Server, 11, 297
browser access, controlling, 261
clusters
vSphere clusters versus, 131
cross-datastore migrations, 186
NFS datastores, 43–45, 444–446
PMem datastores, 455
SDRS datastores
overriding cluster automation, 448
recommendations, 448
utilization, troubleshooting, 381
VMFS datastores, 41–43, 438–443
extending across two sites, 427–428
vVols datastores, 45
Data-vVol, 73
default TCP/IP stacks, 121
degraded component state, vSAN, 52
DEK (Data Encryption Keys), 61–62, 270
delta disk files, 179
denial-of-service attacks, VM security, 269
deploying
Auto Deploy
ESXi host installations, 292–297
security, 491
stateless caching, 292
databases, 297
VCSA deployments
VM
from templates, 249, 574, 577, 585–586
using content libraries, 599
desktop virtualization
device connections, VM security, 267, 269–270
device latency, troubleshooting, 382
directories
ESXi hosts, joining to directory services, 257
vmdir, 236
VMware Directory Service, 11
disabling
MOB, 490
unexposed features, network security, 266–267
vSAN, 421
disk groups, vSAN, 51
disk shrinking, 267
distributed file locking, RDM, 39
distributed port groups, 103, 337–338, 353–354
Distributed Power Management. See DPM
Distributed Resource Schedulers. See DRS
DNS (Domain Name System), 21–22
domains
vCenter Server
domain discovery, 21
repointing to other domains, 558–560
vCenter Single Sign-On domains, 11–12
double-encapsulation attacks, 97
DPM (Distributed Power Management), 7, 23–24, 152–153
drives (large-capacity), vSAN support, 54
dropped packets, troubleshooting, 383
DRS (Distributed Resource Scheduler), 7, 130–131, 134
Automation Mode, 134
clusters, creating, 368
evacuation workflows, 136
Memory metric for load balancing, 135
migration sensitivity, 138–139
monitoring/managing resource usage, 384–385
network-aware DRS, 135
NVM support, 136
VM
distribution, 135
DVD/CD-ROM drives, 181
dynamic name resolution, RDM, 39
eager zeroed thick virtual disks, 79
editing
ESXi host profiles, 319
elastic port allocation, 113
encrypted vMotion, 192
encryption
Encrypted vSphere vMotion, 272–273
vSphere Virtual Machine Encryption certificates, 240
Enhanced Linked Mode, 12–13, 474
enhanced reservations, resource pools, 142
ephemeral binding, 113
erasure coding
HPP, 457
NMP, 456
ESXi (ESX Integrated)
AD and user management, 497–498
changing certificate mode, 479–480
custom certificates, 480
expiration, 481
switching to VMCA Mode, 480–481
CIM, controlling access, 491–492
configuring with host profiles, 317–318
firewalls
hosts
acceptance levels, 496
accessing, 257
advanced system settings, 321
installing, 286
installing, Auto Deploy installations, 292–297
installing, interative installations, 286–288
installing, scripted installations, 288–292
joining to directory services, 257
profiles, applying permissions, 319–320
profiles, configuring ESXi with host profiles, 317–318
profiles, editing, 319
scripts and host configuration management, 483–485
syslog configurations, 405–407
verifying legacy hosts with SSL certificates, 554
VIB, 496
MOB
disabling, 490
networking security recommendations, 490
PCI, 489
PCIe devices, 489
RDMA support, 453
Secure Boot, 258
security
configuring with host profiles, 482–483
Shell security and SSH, 487–489
smart card authentication, 499
TPM chips, 258
upgrading, 524
vCenter Server security, 253
controlling MOB access, 257–258
ESXi host access, 257
ESXi password hardening, 256
ESXi Secure Boot, 258
ESXi security profiles, 254–255
TPM chips, 258
vSphere Authentication Proxy, 257
vSphere built-in features, 254
vSphere Authentication Proxy, 257
ESXi Server, 6
storage requirements, 17
ESXTOP
monitoring/managing resources, 393–395
EtherChannel, 93
Ethernet
FCoE, 38
packets. See frames
evacuation workflows, DRS, 136
EVC (Enhanced vMotion Compatibility), 130, 131–132
vSphere cluster configuration, 367–368
events, 396
alerts, 397
audit events, 397
information events, 397
streaming to remote syslog servers, 398–399
types of, 397
viewing
System Event Log, 397
in vSphere Client, 397
warning events, 397
exam preparation
exam day recommendations, 604–606
Pearson Vue, 604
expanding
reservations, resource pools, 141
expiration, ESXi certificates, 481
exporting/importing cluster images, 538
EZT for shared disks, vSAN, 53
Fabric
SCSI over Fabric, 452
failovers
array-based failovers with iSCSI, 74
FC failovers, 74
host-based failovers with iSCSI, 74
path failovers and VM, 74
storage multipathing/failover, 74
array-based failovers with iSCSI, 74
FC failovers, 74
host-based failovers with iSCSI, 74
path failovers and VM, 74
failures
tolerance, vSAN
PFTT, 57
SFTT, 57
fault domains, vSAN, 64–65, 426–427
Fault Tolerance. See FT
FC (Fibre Channel), 37
failovers, 74
FC-NVMe, 451
NVMe over FC requirements, 47
FCD (First Class Discs), 45–46
FC-NVMe (Fiber Channel over NVMe), 451
FCoE (Fiber Channel over Ethernet), 38
features, vSphere, 7
Federation Services, AD, 313–314
Fibre Channel. See FC
File Services (vSAN), 54, 62–63, 436–438
file system operations, RDM, 39
file-based persistent volumes, vSAN, 54
files
RDM
distributed file locking, 39
file permissions, 39
VM
snapshot files, 175
virtual disk files, 175
filtering
I/O filters, encryption, 41, 271
multicast filtering, 116
basic multicasting filtering, 116–117
multicast snooping, 117
firewalls
ESXi firewalls
networks security, 262
firmware updates, ESXi, 536–537
First Class Discs. See FCD
fixed port allocation, 113
flat files, 178
folders, 167
Forged Transmits, 101
FQDN (Fully Qualified Domain Names), 21–22
FT (Fault Tolerance), 7, 153–157, 373
“getting ready,” exam preparation, 603–604
GRID models, VM, 593
groups, authentication, 474–475
guest OS installations on VM, 250, 574–576
guest user mappings, VM, 585
guests, shutting down, 572
GUI (Graphical User Interface)
installing, 23
HA (High Availability)
benefits of, 144
best practices, 151
configuring
admission control, 371
advanced options, 370
detecting host issues, 144
failovers, 144
heartbeats, 146
requirements, 145
active nodes, 14
passive nodes, 14
witness nodes, 14
vSphere clusters, 143
configuring HA clusters, 370–371
failovers, 143
vSphere HA, 7
capacity reservation settings, 420
hard disks, 181
hardware
compatibility checks, 537
host hardware, monitoring/managing resources/health, 386–387
VM
hardware compatibility, 180–182
HCX (Hybrid Cloud Extension), 224
use cases, 225
Health Check, vDS, 115–116, 354
healthy object state, vSAN, 52
heartbeats, 146
High Availability. See HA
home namespace (VM), vSAN, 52
Host Agent, vCenter Server, 11
ESXi hosts
acceptance levels, 496
advanced system settings, 321
configuring security with host profiles, 482–483
installing, 286
installing, Auto Deploy installations, 292–297
installing, interative installations, 286–288
installing, scripted installations, 288–292
profiles, applying permissions, 319–320
profiles, configuring ESXi with host profiles, 317–318
profiles, editing, 319
scripts and host configuration management, 483–485
verifying legacy hosts with SSL certificates, 554
VIB, 496
failovers, iSCSI, 74
hardware, monitoring/managing resources/health, 386–387
host physical network adapters, managing with vDS, 351
issues, detecting with HA, 144
moving into clusters, 251
vDS
managing host physical network adapters with vDS, 351
removing hosts, 352
hot clones, 194
hot cross-host migrations. See vMotion
hot migrations, 186
Hot-Plug plug-in (NVMe), vSAN, 53
HPP (High Performance Plug-Ins)
esxcli commands, 457
NVMe, 454
VMware HPP, 47
best practices, 48
vSphere support, 47
HTML5-based vSphere Client, 8
hybrid clouds. See cloud computing; HCX
IDE 0, 181
IDE 1, 181
identification
NPIV, 40
VLAN ID, standard port groups, 333
identity services, 236
VMAFD, 236
custom certificates, 237
management modes (recommended), 237–238
unsupported certificates, 238
vmdir, 236
identity sources
IEEE 802.1ax, 93
IEEE 802.3ad, 93
images
cluster images, importing/exporting, 538
Improved Virtual Disks. See FCD
inbound traffic shaping, vDS, 105
information events, 397
infrastructure services, vSphere, 21–23
installing
CLI installers, 298–299, 301–302
ESXi, 258
ESXi hosts, 286
Auto Deploy installations, 292–297
interative installations, 286–288
scripted installations, 288–292
guest OS on VM, 250
GUI, 23
VIB, ESXi hosts, 496
VMware Enhanced Authentication plug-ins, 303
VMware Tools, 320–321, 570–571
vSphere
deploying vCenter Server components, 297–305
initial vSphere configuration, 315–322
integrated file services, vSAN, 53
Intel
SGX, VM security, 505
interactive ESXi host installations, 286–288
intermediate CA, VMCA as, 238–239
inter-VM anti-affinity rules, 448–449
inventories
vCenter Server inventory configuration, 315–316
inventory objects, 166
datastores, 169
folders, 167
networks, 169
resource pools, 168
templates, 170
vApps, 170
VM, 169
I/O (Input/Output)
latency load balancing, SDRS, 81–82
redirects, vSAN, 53
requests, PSA, 78
SIOC, 84
monitoring shares, 450
setting shares/limits, 450
IP addresses, 92
IPsec (Internet Protocol Security), 262–263
iSCSI, 37
array-based failovers, 74
host-based failovers, 74
isolation
isolated nodes, PVLAN, 110
networks security, 262
IVD (Improved Virtual Disks). See FCD
JSON templates, VCSA deployments with CLI installers, 302
KEK (Key Encryption Keys), 61–62, 270, 271
Key Management Servers, security, 502
keyboards, 181
LACP (Link Aggregation Control Protocol), 93, 113–115
LAG (Link Aggregation Groups), 346–349
LAN (Local Area Networks). See PVLAN; VLAN
large-capacity drives, vSAN support, 54
latency
sensitivity, 392
troubleshooting
device latency, 382
dropped packets, 383
VMkernel, 382
lazy zeroed thick virtual disks, 79
LDAP (Lightweight Data Access Protocol)
authentication sources, 309–310
libraries, content, 7, 171–173, 594–595
creating, 595
permissions, 597
publishing, 596
subscriptions, 596
synchronization options, 598
VM deployments, 599
licenses
License Service, vCenter Server, 11
vSphere, 9
Lifecycle Manager (vSphere), 157
ESXi
hardware compatibility checks, 537
remediation settings, 528
limits
resource pools, setting limits with, 141
VM resources, monitoring/managing, 389–390
linear snapshots, 176
linked clones, 194
links
Enhanced Linked Mode, 12–13, 474
LLDP (Link Layer Discovery Protocol), 117–118
load balancing
Memory metric for load balancing, DRS, 135
SDRS
I/O latency load balancing, 81–82
ongoing balancing, 81
space utilization load balancing, 81
load-based NIC teaming, 105
local storage, 37
logs
syslog, ESXi host configurations, 405–407
System Event Log, viewing, 397
system logs, uploading to VMware, 404
vCenter Server logs, 404
vSAN, persistent logging in vSAN clusters, 68
lookups, vCenter Lookup Service, 11
LSO (Large Segmentation Offload). See TSO
LUN (storage devices), 37
MAC addresses, 92
machine SSL certificates, 240, 241
Maintenance Mode
DRS and evacuation workflows, 136
data center-level management, vSphere Client, 111
ESXi
AD and user management, 497–498
scripts and host configuration management, 483–485
host hardware resources/health, 386–387
host physical network adapters, managing with vDS, 351
Key Management Servers, security, 502
multipathing, 456
claim rules, 458
OVF templates, 589
resource pool resource usage, 385–386
SAN management agents, RDM, 40
security certificates, 477–482
VMCA, recommended management modes, 237–238
applying storage policies to VM, 462–463
VASA, managing storage providers, 462
VASA, registering storage providers, 461
SSO, 472
enabling with Windows Session Authentication, 472–473
Enhanced Linked Mode, 474
STS management, 473
STS, 473
VAMI, 396
vCenter Server
data transfers, 519
importing/exporting cluster images, 538
migrating vCenter Server for Windows to vCenter Server appliance, 522–524
patching with Appliance Shell, 554–556
repointing to other domains, 558–560
upgrading ESXi, 524
upgrading VM, 524
VM
editing OVF templates, 585–586
GRID models, 593
guest user mappings, 585
VBS, 590
vSGA models, 593
VM resources, 393
impact of VM configurations, 392–393
latency sensitivity, 392
metrics, 388
VAMI, 396
VIMTOP, 396
vSphere Lifecycle Manager, 157, 315
ESXi firmware updates, 536–537
hardware compatibility checks, 537
remediation settings, 528
vSphere resources, 373
mappings, guest user, 585
memory, 181
NVM, DRS support, 136
NVMe
FC-NVMe, 451
HPP, 454
over PCIe, 451
PMem
datastores, 455
devices, 454
vPMem, 454
vPMemDisk, 455
RDMA
ESXi and RDMA support, 453
usage, troubleshooting, 380–381
vSAN performance, 53
memory files, 179
Memory metric for load balancing, DRS, 135
memory objects, vSAN, 52
Mem-vVol, 73
metrics
VM resources, monitoring/managing, 388
vSphere performance metrics, 374
migrating
DRS migration sensitivity, 138–139
vCenter Server for Windows to vCenter Server appliance, 522–524
cold migrations (relocation), 186, 250
cross-datastore migrations, 186
cross-host migrations, 186
cross-vCenter Server migrations, 186–187
hot migrations, 186
with Storage vMotion, 251
to vDS, 353
with vMotion, 250
VMkernel network adapters to vDS, 352
data flow, 191
encrypted vMotion, 192
multi-NIC vMotion, 190
mirroring ports, 111–112, 345–346
MOB (Managed Object Browsers)
disabling, 490
modifying vDS, 336
monitoring
applications with VM, 150, 372
host hardware resources/health, 386–387
network monitoring policies, 108
resource pool resource usage, 385–386
SIOC shares, 450
VM, 372
VM resources, 393
impact of VM configurations, 392–393
latency sensitivity, 392
metrics, 388
VAMI, 396
VIMTOP, 396
vSphere resources, 373
moving
hosts into clusters, 251
VM into resource pools, 250
MPP (third-party), VMware native modules and PSA, 78
MTU (Maximum Transmission Units), 97–98
multicast brute-force attacks, 97
multicast filtering, 116
basic multicasting filtering, 116–117
multicast snooping, 117
multi-NIC vMotion, 190
multipathing, 456
managing
claim rules, 458
NMP, esxcli commands, 457
storage multipathing/failover, 74
array-based failovers with iSCSI, 74
FC failovers, 74
host-based failovers with iSCSI, 74
path failovers and VM, 74
NAI primitives, VAAI, 71
naming conventions, RDM
dynamic name resolution, 39
user-friendly persistent names, 39
NAS/NFS, 38
Network File Systems. See NFS
Network Time Protocol. See NTP
network-aware DRS, 135
networks, 169
adapters, 181
host physical network adapters, managing with vDS, 351
VMkernel network adapters, migrating to vDS, 352
bandwidth
average bandwidth, 101
burst size, 101
inbound traffic shaping, 105
peak bandwidth, 101
data center-level management, vSphere Client, 111
ESXi
security recommendations, 490
EtherChannel, 93
IEEE 802.1ax, 93
IEEE 802.3ad, 93
IP addresses, 92
LACP, 93
MAC addresses, 92
monitoring policies, 108
multicast filtering, 116
basic multicasting filtering, 116–117
multicast snooping, 117
NetFlow, 108
NIC
load-based NIC teaming, 105
physical Ethernet switches, 92–93
physical networks, 17, 92, 351
ports
state monitoring, 111
vMotion, 111
resource allocation policies, NIOC, 105–106
resource pools, 106–108, 341–342
RFC, 92
security, 262
firewalls, 262
isolation, 262
segmentation, 262
TCP/IP, 92
traffic
shaping policies, 101
TSO, 118
vCenter Server requirements, 18–20
vDS, 94
architecture, 102
distributed port groups, 103
inbound traffic shaping, 105
multicast snooping, 117
NetFlow, 108
port blocking policies, 105
port state monitoring, 111
teaming policies, 99
uplink port groups, 103
vSphere Client data center-level management, 111
virtual networks, 17
DirectPath I/O, 343
distributed port groups, 337–338, 353–354
network resource pools, 341–342
PVLAN, 342
virtual ports, 94
virtual switches, 94
VLAN ID, standard port groups, 333
VMkernel
adapter settings, 122
VMkernel TCP/IP networking layer, 18
vSAN
characteristics, 414
creating clusters with Quickstart, 415
deploying with vCenter Server, 422
disabling, 421
encryption in clusters, 432–435
extending datastores across two sites, 427–428
increasing space efficiency in clusters, 430–432
licensing, 418
managing devices in clusters, 429–430
preparing, 414
requirements, 67
viewing storage providers, 436
vSphere
segmenting, 18
standard switches, 18
vSphere Client data center-level management, 111
network policies, 98
NFS (Network File Systems)
NAS/NFS, 38
NIC (Network Interface Cards)
load-based NIC teaming, 105
multi-NIC vMotion, 190
TSO, 118
NIOC (Network I/O Control), 84, 105–106
NMP (Native Multipathing Plug-ins), 75–76, 78, 456
notifications
alarms
actions, 401
advanced use cases, 401
creating definitions, 400
definition elements, 399
viewing/acknowledging triggered alarms, 399–400
VCG notification service, vSAN, 54
NPIV (N-Port ID Virtualization), 40
NSX, 8
requirements, 26
integration, 229
use cases, 229
NTP (Network Time Protocol), 22–23
NVDIMM
controllers, 182
devices, 182
NVM (Non-Volatile Memory), DRS support, 136
NVMe (Non-Volatile Memory Express), 46
controllers, 182
FC-NVMe, 451
Hot-Plug plug-in, 53
HPP, 454
over FC requirements, 47
over PCIe, 451
over PCIe requirements, 46
over RDMA (RoCE Version 2) requirements, 46
VMware HPP, 47
best practices, 48
vSphere support, 47
objects
inventory hierarchies, 243–244
states, vSAN
healthy object state, 52
unhealthy object state, 52
storage, vSAN, 51
Observer (vSAN), 53
optimizing performance, 379–383
OS, guest installations on VM, 250, 574–576
Other-vVol, 73
OVA templates, deploying VM, 577
overview performance charts, 375–377
OVF templates
deploying VM, 577
managing, 589
packets
dropped packets, troubleshooting, 383
Ethernet packets. See frames
parallel ports, 181
passive nodes, vCenter HA, 14
passwords
ESXi password hardening, 256
SSO password policies, vCenter Server security, 260
patching, vCenter Server
path failovers, VM, 74
PCI (Peripheral Component Interconnect)
controllers, 181
devices, 182
ESXi, 489
PCIe (PCI express)
devices, ESXi, 489
peak bandwidth, 101
Pearson Vue
exam preparation, 604
requirements, 604
performance
charts
advanced performance charts, 377–379
overview performance charts, 375–377
troubleshooting, 383
counters, VM security, 268
CPU performance analysis, 379–383
vSAN, memory as performance service metric, 53
vSphere
metrics, 374
permissions
applying with vCenter Server, 251–253
authentication, 242
authorization, 242
best practices, 248
content libraries, 597
file permissions, RDM, 39
hosts, moving into clusters, 251
inventory hierarchies, 243–244
privileges, 244–245, 246, 248–251
validation settings, changing, 502
vCenter Cloud account permissions, 210–213
VM
cold migration (relocation), 250
creating, 249
deploying from templates, 249
guest OS installations, 250
migrating with Storage vMotion, 251
migrating with vMotion, 250
moving into resource pools, 250
taking snapshots, 249
persistent logging in vSAN clusters, 68
persistent volumes (file-based), vSAN, 54
PFTT (Primary Level of Failures to Tolerate), 57
physical compatibility mode, RDM, 39
physical Ethernet switches, 92–93
physical networks, 17, 92, 351
planning
fault domain planning, vSAN, 64–65
Platform Service Controllers. See PSC
plug-ins
HPP
esxcli commands, 457
NVMe, 454
NMP, esxcli commands, 457
NVMe Hot-Plug plug-in, 53
SATP, PSA, 76
vCenter Server plug-ins, 11
VMware Enhanced Authentication plug-ins, 303
VMware HPP, 47
best practices, 48
vSphere support, 47
PMem
datastores, 455
devices, 454
vPMem, 454
vPMemDisk, 455
pods, vSphere with Kubernetes, 45–46
pointing devices, 182
ports
blocking policies, 105
distributed port groups, 103, 337–338, 353–354
ESXi Server, required ports, 20–21
network resource pools, 106–108
NPIV, 40
parallel ports, 181
resource allocation policies, NIOC, 105–106
serial ports, 182
standard port groups
states
vMotion, 111
uplink port groups, 103
vCenter Server, restricting access, 18–20
virtual ports, 94
post-revert snapshot trees, 176
power management, DPM, 7, 23–24, 152–153
PowerCLI (VMware)
vSAN, 53
powering on VM, 569
preparing for exams
exam day recommendations, 604–606
Pearson Vue, 604
private clouds. See cloud computing
administrative privileges (vCenter Server), restricting, 260–261
ESXi host assignments, 496–497
required privileges for common tasks, 248–251
vCenter Server, 475
Promiscuous Mode, 100
promiscuous nodes, PVLAN, 110
provisioning
rapid provisioning VM with templates, 195
TCP/IP stacks, 122
thin provisioning, vSAN, 59
proxies (authentication), configuring, 498–499
PSA (Pluggable Storage Architectures), 74–75
I/O requests, 78
SATP, 76
VMware native modules and third-party MPP, 78
PSC (Platform Service Controllers), vCenter Server, 10, 11, 297–298
PSP (Path Selection Plug-ins), 76–77
public clouds. See cloud computing
publishing content libraries, 596
PVLAN (Private VLAN), 110, 342
community nodes, 110
isolated nodes, 110
promiscuous nodes, 110
Quickstart
vSAN clusters, creating, 415
vSphere cluster configuration, 365–367
rapid provisioning VM with templates, 195
RDM (Raw Device Mappings)
diagrams, 38
distributed file locking, 39
dynamic name resolution, 39
file permissions, 39
file system operations, 39
NPIV, 40
physical compatibility mode, 39
SAN management agents, 40
snapshots, 39
use cases, 39
user-friendly persistent names, 39
virtual compatibility mode, 38–39
vMotion, 40
RDMA (Remote Direct Memory Access)
ESXi and RDMA support, 453
NVMe over RDMA (RoCE Version 2) requirements, 46
Ready Node (vSAN), 53
relocation (cold migrations), 186, 250
remote syslog servers, streaming events to, 398–399
repair objects, vSAN witness deployments, 54
replication
VRMS, 24
VRS, 24
vSphere Replication, 206, 219–221
vSphere requirements, 24
Replication objects (vSphere), vSAN, 54
repointing vCenter Server to other domains, 558–560
requirements
ESXi Server
storage requirements, 17
HA, 145
NSX, 26
Pearson Vue, 604
security certificates, 238–241
vCenter Server
storage requirements, 16
vSphere
GUI installer, 23
replication requirements, 24
user interfaces, 23
vCenter HA requirements, 24–25
vCenter Server file-based backup and restore, 23
reservations
VM resources, monitoring/managing, 389–390
resource allocation policies, NIOC, 105–106
resource pools, 106–108, 139, 168
enhanced reservations, 142
expandable reservations, 141
limits, 141
monitoring/managing resource usage, 385–386
network resource pools, 341–342
use cases, 139
VM, moving into resource pools, 250
resource usage, monitoring/managing
alarms
actions, 401
advanced use cases, 401
creating definitions, 400
definition elements, 399
viewing/acknowledging triggered alarms, 399–400
events, 396
alerts, 397
audit events, 397
information events, 397
streaming to remote syslog servers, 398–399
types of, 397
viewing in vSphere Client, 397
viewing System Event Log, 397
warning events, 397
VM resources
latency sensitivity, 392
VAMI, 396
VIMTOP, 396
restores
vCenter Appliance File-Based Backup and Restore, 7
restricting vCenter Server
access, 261
administrative privileges, 260–261
RFC (Request For Comments), 92
roles
vCenter Server, 475
Route Based on IP Hash teaming policy, 99–100
Route Based on Originating Virtual Port teaming policy, 99
Route Based on Source MAC Hash teaming policy, 99
RVC, vSAN, 52
SAN
SAN (Storage Area Networks)
management agents, RDM, 40
vSAN. See individual entry
SATA controllers, 182
SATP (Storage Array Type Plug-ins), 76
scalable shares, resource pools, 142–143
schedulers, DRS, 7
scripted ESXi host installations, 288–292
SCSI controllers, 182
SCSI UNIMAP, 59
SDDC (Software-Defined Data Centers)
NSX, requirements, 26
VMware SDCC, 27
vRealize Suite, requirements, 26–27
automation levels, 82
datastores
overriding cluster automation, 448
recommendations, 448
I/O latency load balancing, 81–82
placement (initial), 81
recommendations, 83
space utilization load balancing, 81
Secure Boot
ESXi, 258
security. See also authentication; authorization
account lockouts, ESXi, 485–487
add-ons, 275
administrative privileges (vCenter Server), restricting, 260–261
Auto Deploy, 491
certificates
custom certificates, VMCA, 237
unsupported certificates, VMCA, 238
VMAFD, 236
VMCA as intermediate CA, 237, 239
vmdir, 236
custom certificates, 241, 478–479
distributed file locking, RDM, 39
encryption
DEK, 270
Encrypted vSphere vMotion, 272–273
AD and user management, 497–498
configuring with host profiles, 482–483
controlling CIM access, 491–492
controlling MOB access, 257–258
disabling MOB, 490
firewall configuration, 492–493
host access, 257
hosts, acceptance levels, 496
hosts, joining to directory services, 257
hosts, UEFI Secure Boot, 499–500
hosts, VIB, 496
log files, 501
networking security recommendations, 490
password hardening, 256
PCI, 489
PCIe devices, 489
scripts and host configuration management, 483–485
Secure Boot, 258
Shell security and SSH, 487–489
smart card authentication, 499
TPM chips, 258
vCenter Server security, 253–258
vSphere Authentication Proxy, 257
ESXi certificates
changing certificate mode, 479–480
custom certificates, 480
expiration, 481
host certificate modes, 241, 242
switching to VMCA Mode, 480–481
firewalls
ESXi firewall configuration, 492–493
networks security, 262
identity services, 236
VMAFD, 236
vmdir, 236
Key Management Servers, 502
machine SSL certificates, 240, 241
networks, 262
firewalls, 262
isolation, 262
segmentation, 262
passwords
SSO password policies, 260
permissions
applying with vCenter Server, 251–253
authentication, 242
authorization, 242
best practices, 248
cold migration (relocation) of VM, 250
creating VM, 249
deploying from templates, 249
global permissions, 247
guest OS installations on VM, 250
inventory hierarchies, 243–244
migrating VM with Storage vMotion, 251
migrating VM with vMotion, 250
moving hosts into clusters, 251
moving VM into resource pools, 250
privileges, 244–245, 246, 248–251
taking VM snapshots, 249
smart cards, 499
solution user certificates, 240–241
storage providers, viewing, 436
VBS, 590
vCenter Server
client certificates, 261
controlling datastore browser access, 261
ESXi and vCenter Server security, 253–258
restricting access, 261
restricting administrative privileges, 260–261
SSO password policies, 260
time synchronization, 261
vCenter single sign-on SSL signing certificates, 240
VM, 265
add-ons, 275
compliance with vROps, 275
copying/pasting, 267
denial-of-service attacks, 269
device connections, 267, 269–270
disabling unexposed features, 266–267
disk shrinking, 267
Encrypted vSphere vMotion, 272–273
hardening, best practices, 265–266
performance counters, 268
SGX, 505
UEFI Secure Boot, 266
VMX file size, 268
VMCA, 239
vmdir SSL certificates, 240
vSphere built-in features, ESXi and vCenter Server security, 254
vSphere Virtual Machine Encryption certificates, 240
segmenting
networks security, 262
vSphere networks, 18
serial ports, 182
servers
Administration server, vCenter Server, 11
ESXi Server, 6
storage requirements, 17
Key Management Servers, security, 502
remote syslog servers, streaming events to, 398–399
tcServer, 11
vCenter Server, 6
Administration server, 11
appliance deployments, 298–303
controlling MOB access, 257–258
data transfers, 519
database, 11
database deployments, 297
domain discovery, 21
Enhanced Linked Mode, 12–13, 474
ephemeral binding, 113
ESXi and vCenter Server security, 253–258
file-based backup and restore, 23
Host Agent, 11
importing/exporting cluster images, 538
inventory configuration, 315–316
License Service, 11
managing, vSphere Client, 547–554
monitoring, vSphere Client, 547–554
NTP, 23
patching with Appliance Shell, 554–556
plug-ins, 11
privileges, 475
repointing to other domains, 558–560
storage requirements, 16
STS, 11
tcServer, 11
upgrading ESXi, 524
upgrading VM, 524
vCenter Lookup Service, 11
vCenter Server Agent, 11
VMware Directory Service, 11
vSAN deployments, 422
VCSA, 113
VMware servers, virtualization, 27
SFTT (Secondary Level of Failures to Tolerate), vSAN, 57
SGX, VM security, 505
shared disks, EZT for, 53
shares
resource pools, 140, 141, 142–143
SIOC
monitoring, 450
setting shares/limits, 450
virtual disks, 582
VM resources, monitoring/managing, 389–390
shrinking disks, 267
Shutdown Guest, VM, 572
SIO controllers, 182
SIOC (Storage I/O Control), 84
shares
monitoring, 450
setting shares/limits, 450
sizing
virtual disks, 582
Skyline, 206
integration, 206
use cases, 206
vSphere Health and vSAN Health, 53
smart card authentication, ESXi, 499
snapshot delta VMDK, 52
snapshots, 175
RDM, 39
taking, 249
virtual disks, 582
branches, 177
database files, 179
delta disk files, 179
flat files, 178
linear snapshots, 176
memory files, 179
parent snapshots, 178
post-revert snapshot trees, 176
preserving information, 177–178
use cases, 177
virtual disks, 582
snooping, multicast, 117
software
SGX, VM security, 505
vSAN requirements, 66
Software-Defined Data Centers. See SDDC
software-defined storage models, 40
solution user certificates, 240–241
space efficiency, vSAN, 59–61, 430–432
space utilization load balancing, SDRS, 81–82
spanning tree attacks, 97
SPBM (Storage Policy Based Management), 40–41, 79
applying storage policies to VM, 462–463
VASA, managing storage providers, 462
VASA, registering storage providers, 461
vSAN, 52
SR-IOV (Single Root-I/O Virtualization), 119–121, 343–345
SRM (Site Recovery Manager), 221–222
integration, 222
use cases, 222
SSH, ESXi Shell security, 487–489
SSL (Secure Sockets Layer)
certificates, verifying legacy ESXi hosts, 554
machine SSL certificates, 240, 241
vCenter single sign-on SSL signing certificates, 240
vmdir SSL certificates, 240
SSO (Single Sign-On), 242, 472
configuring, 305
enabling with Windows Session Authentication, 472–473
Enhanced Linked Mode, 474
password policies, vCenter Server security, 260
STS management, 473
users
vCenter Single Sign-On, 10, 11–12
standard port groups
standard vSAN cluster deployments, 54–55
stateless caching, 292
static binding, 112
storage
anti-affinity rules, 83
controllers, VM, 583
storage
datastores, 41
vSAN datastores, 45
vVols datastores, 45
devices (LUN), 37
ESXi Server requirements, 17
FC, 37
FCoE, 38
iSCSI, 37
local storage, 37
multipathing/failover, 74
array-based failovers with iSCSI, 74
FC failovers, 74
host-based failovers with iSCSI, 74
path failovers and VM, 74
NAS/NFS, 38
NFS datastores, 43–45, 444–446
NVMe, 46
over FC requirements, 47
over PCIe requirements, 46
over RDMA (RoCE Version 2) requirements, 46
object-based storage, vSAN, 51
I/O requests, 78
SATP, 76
VMware native modules and third-party MPP, 78
automation levels, 82
I/O latency load balancing, 81–82
placement (initial), 81
recommendations, 83
space utilization load balancing, 81
SIOC, 84
monitoring shares, 450
setting shares/limits, 450
applying storage policies to VM, 462–463
VASA, managing storage providers, 462
VASA, registering storage providers, 461
vSAN, 52
VAAI
NAI primitives, 71
thin provisioning primitives, 71
vSphere storage integration, 70–71
VASA
managing storage providers, SPBM, 462
registering storage providers, SPBM, 461
vSphere storage integration, 69–70
vCenter Server requirements, 16
virtual disks, 37
eager zeroed thick virtual disks, 79
lazy zeroed thick virtual disks, 79
thin provisioned virtual disks, 79
zeroing out files, 79
virtualization, 36
FC, 37
FCoE, 38
I/O filters, 41
iSCSI, 37
local storage, 37
NAS/NFS, 38
software-defined storage models, 40–41
storage devices (LUN), 37
virtual disks, 37
VMFS, 38
vSAN, 40
VM
access, 36
vMotion, 192
data flow, 193
limitations, 193
requirements, 193
vSAN
absent component state, 52
boot devices, 68
cluster requirements, 66
concepts, 49
consumed capacity, 51
creating clusters with Quickstart, 415
Data Locality, 57
degraded component state, 52
deploying with vCenter Server, 422
disabling, 421
disk groups, 51
encryption in clusters, 432–435
extending datastores across two sites, 427–428
EZT for shared disks, 53
File Services, 54, 62–63, 436–438
file-based persistent volumes, 54
healthy object state, 52
increasing space efficiency in clusters, 430–432
integrated file services, 53
I/O redirects, 53
large-capacity drive support, 54
license requirements, 67
licensing, 418
limitations, 59
managing devices in clusters, 429–430
memory as performance service metric, 53
memory objects, 52
network requirements, 67
NVMe Hot-Plug plug-in, 53
object-based storage, 51
Observer, 53
persistent logging in vSAN clusters, 68
PFTT, 57
preparing, 414
Ready Node, 53
repair objects after witness deployments, 54
RVC, 52
SCSI UNIMAP, 59
SFTT, 57
Skyline and vSphere Health integration, 53
snapshot delta VMDK, 52
software requirements, 66
SPBM, 52
standard cluster deployments, 54–55
storage policies, 79–81, 435–436
stretched cluster deployments, 56–59
thin provisioning, 59
two-host cluster deployments, 55
unhealthy object state, 52
user-defined vSAN clusters, 53
VCG notification service, 54
viewing storage providers, 436
VM compliance status, 52
VM home namespace, 52
VM swap objects, 52
VMDK, 52
VMware PowerCLI, 53
vSphere Health, 53
vSphere Lifecycle Manager, 53, 54
vSphere Replication objects, 54
vSphere with Kubernetes integration, 54
vVols support, 54
witnesses, 52
vSAN datastores, 45
vVols
vVols datastores, 45
streaming events to remote syslog servers, 398–399
stretched vSAN cluster deployments, 56–59
STS (Security Token Service), 11, 473
subscribing to content libraries, 596
Swap-vVol, 73
switches
distributed port groups, 337–338, 353–354
physical Ethernet switches, 92–93
standard port groups
vDS, 94
advanced settings, 337
architecture, 102
distributed port groups, 103
inbound traffic shaping, 105
managing host physical network adapters with vDS, 351
modifying, 336
multicast snooping, 117
port blocking policies, 105
port state monitoring, 111
removing hosts, 352
teaming policies, 99
uplink port groups, 103
VM, migrating to vDS, 353
VMkernel network adapters, migrating to vDS, 352
vSphere Client data center-level management, 111
virtual switches, 94
vSphere standard switches, 18
network policies, 98
synchronizing
content libraries, 598
time, vCenter Server, 261
syslog
ESXi host configurations, 405–407
remote syslog servers, streaming events to, 398–399
System Event Log, 397
system logs, uploading to VMware, 404
system requirements, ESXi Server, 15–16
integration, 205
use cases, 204
TCP/IP (Transmission Control Protocol/Internet Protocol), 92
VMkernel
TCP/IP networking layer, 18
TCP/IP stacks, 121–122, 339–340
tcServer, 11
teaming policies, NIC, 98–100, 105
templates, 170
JSON templates, VCSA deployments with CLI installers, 302
OVA templates, deploying VM, 577
OVF templates
deploying VM, 577
managing, 589
rapid provisioning VM with templates, 195
VM
converting to templates, 573
deploying from templates, 574
deployments, 249
tests. See exam preparation
thin provisioning
VAAI, 71
virtual disks, 79
vSAN, 59
thresholds
time
synchronization, vCenter Server, 261
tokens, STS, 11
topologies, vCenter Server, 10–14
TPM (Trusted Platform Modules)
devices, 182
ESXi, 258
traffic filtering (network), 109–110
traffic shaping policies, 101, 105
transferring data, vCenter Server, 519
Transmission Control Protocol/Internet Protocol. See TCP/IP
triggered alarms, viewing/acknowledging, 399–400
troubleshooting
CPU
usage, 380
utilization, 381
datastores, utilization, 381
device latency, 382
dropped packets, 383
latency
device latency, 382
dropped packets, 383
VMkernel latency, 382
VM
VMkernel latency, 382
TSO (TCP Segmentation Offload), 118
two-host vSAN cluster deployments, 55
UEFI Secure Boot, 266, 499–500
UMDS (Update Manager Download Service), 529–530
unexposed features (network security), disabling, 266–267
unhealthy object state, vSAN, 52
updating
ESXi firmware updates, 536–537
vSphere Lifecycle Manager, 157
ESXi firmware updates, 536–537
hardware compatibility checks, 537
remediation settings, 528
VUM. See vSphere Lifecycle Manager
upgrading
ESXi, 524
vCenter Server
ESXi, 524
VM, 524
uplink port groups, 103
uploading system logs to VMware, 404
USB (Universal Serial Bus)
controllers, 182
devices, 182
Use Explicit Failover Order teaming policy, 99
user interfaces, vSphere requirements, 23
user-defined vSAN clusters, 53
user-friendly persistent names, RDM, 39
users
ESXi, AD and user management, 497–498
guest user mappings, VM, 585
SSO users, enabling/disabling, 310–311
VAAI (vStorage API for Array Integration)
NAI primitives, 71
thin provisioning primitives, 71
vSphere storage integration, 70–71
VAIO (vSphere API for I/O Filtering), 271
validation settings (permissions), changing, 502
VAMI (vCenter Server Application Management Interface)
monitoring/managing resources, 396
vCenter Server
vApps, 170
VASA (vStorage API for Storage Awareness)
SPBM
managing storage providers, 462
registering storage providers, 461
vSphere storage integration, 69–70
VBS (Virtualization-Based Security), 590
vCenter Appliance File-Based Backup and Restore, 7
vCenter Cloud account permissions, 210–213
vCenter Converter, 205
use cases, 205
active nodes, 14
passive nodes, 14
witness nodes, 14
vCenter Lookup Service, 11
vCenter Server, 6
Administration server, 11
Appliance Shell, patching, 554–556
client certificates, 261
cluster images, importing/exporting, 538
cross-vCenter Server migrations, 186–187
data transfers, 519
database, 11
deployments
databases, 297
domain discovery, 21
Enhanced Linked Mode, 12, 13, 474
ephemeral binding, 113
ESXi and vCenter Server security, 253
controlling MOB access, 257–258
ESXi host access, 257
ESXi password hardening, 256
ESXi Secure Boot, 258
ESXi security profiles, 254–255
TPM chips, 258
vSphere Authentication Proxy, 257
vSphere built-in features, 254
file-based backup and restore, 23
Host Agent, 11
inventory configuration, 315–316
License Service, 11
logs, 404
MOB, controlling access, 257–258
NTP, 23
patching
permissions, applying, 251–253
plug-ins, 11
privileges, 475
repointing to other domains, 558–560
security
client certificates, 261
controlling datastore browser access, 261
restricting access, 261
restricting administrative privileges, 260–261
SSO password policies, 260
time synchronization, 261
storage requirements, 16
STS, 11
tcServer, 11
time synchronization, 261
upgrading
ESXi, 524
VM, 524
VAMI, monitoring/managing resources, 396
vCenter Lookup Service, 11
vCenter Server Agent, 11
VCSA deployments, 113
VMware Directory Service, 11
vSAN deployments, 422
vCenter Single Sign-On, 10, 11–12, 240, 242
VCF (VMware Cloud Foundation), 28, 223
integration, 224
use cases, 223
VCG notification service, vSAN, 54
vCloud Suite (VMware), 28
VCSA (vCenter Server Appliance)
deployments
ephemeral binding, 113
vDS (vSphere Distributed Switches), 94
advanced settings, 337
architecture, 102
distributed port groups, 103
hosts
managing host physical network adapters with vDS, 351
removing, 352
inbound traffic shaping, 105
modifying, 336
multicast snooping, 117
ports
blocking policies, 105
state monitoring, 111
teaming policies, 99
uplink port groups, 103
VM, migrating to vDS, 353
VMkernel network adapters, migrating to vDS, 352
vSphere Client data center-level management, 111
VECS (VMware Endpoint Certificate Store), 236–237, 304
solution user certificate stores, 240–241
vendor add-ons, 534
vGPU (Virtual Graphical Processing Units), VM support, 592–594
VIB (vSphere Installation Bundles), 258, 496
viewing
events
System Event Log, 397
in vSphere Client, 397
System Event Log, 397
vSAN
storage providers, 436
VIMTOP, monitoring/managing resources, 396
virtual compatibility mode, RDM, 38–39
virtual disks, 37
anti-affinity rules, 83
database files, 179
delta disk files, 179
eager zeroed thick virtual disks, 79
files, 175
flat files, 178
increasing size, 582
lazy zeroed thick virtual disks, 79
memory files, 179
shares, 582
snapshots, 582
thin provisioned virtual disks, 79
zeroing out files, 79
Virtual Machine File Systems. See VMFS
virtual machines. See VM
virtual networks, 17
DirectPath I/O, 343
distributed port groups, 337–338, 353–354
network resource pools, 341–342
PVLAN, 342
vDS
advanced settings, 337
Health Check, 354
managing host physical network adapters with vDS, 351
modifying, 336
removing hosts, 352
VM, migrating to vDS, 353
VMkernel network adapters, migrating to vDS, 352
virtual ports, 94
virtual switches, 94
Virtual Volumes. See vVols
virtualization
desktops
NPIV, 40
storage virtualization, 36
FC, 37
FCoE, 38
I/O filters, 41
iSCSI, 37
local storage, 37
NAS/NFS, 38
software-defined storage models, 40–41
storage devices (LUN), 37
virtual disks, 37
VMFS, 38
vSAN, 40
VBS, 590
VMware servers, 27
VLAN (Virtual Local Area Networks), 94–95, 101–102
VLAN ID, standard port groups, 333
VM (Virtual Machines), 169
anti-affinity rules, 83, 448–449
application monitoring, 150, 372
chipsets, 181
cold clones, 194
hot clones, 194
linked clones, 194
rapid provisioning VM with templates, 195
compatibility options, 578, 579–580
compliance status, vSAN, 52
configuring, 372
creating, 595
permissions, 597
publishing, 596
subscriptions, 596
synchronization options, 598
VM deployments, 599
deploying
from templates, 249, 574, 577, 585–586
using content libraries, 599
DRS
initial VM placements, 135–136
VM distribution, 135
DVD/CD-ROM drives, 181
GRID models, 593
guest OS
installations, 250
guest user mappings, 585
hard disks, 181
hardening, best practices, 265–266
hardware
IDE 0, 181
IDE 1, 181
inter-VM anti-affinity rules, 448–449
keyboards, 181
memory, 181
cold migrations (relocation), 186, 250
cross-datastore migrations, 186
cross-host migrations, 186
cross-vCenter Server migrations, 186–187
hot migrations, 186
with Storage vMotion, 251
to vDS, 353
with vMotion, 250
Mode settings, 582
monitoring/managing resources, 372, 393
impact of VM configurations, 392–393
latency sensitivity, 392
metrics, 388
VAMI, 396
VIMTOP, 396
moving into resource pools, 250
network adapters, 181
NPIV, 40
NVDIMM
controllers, 182
devices, 182
NVMe controllers, 182
opening consoles to VM, 569–570
OVF templates
managing, 589
VM deployments, 577
parallel ports, 181
path failovers, 74
PCI
controllers, 181
devices, 182
pointing devices, 182
PowerCLI, VM management, 590–592
powering on, 569
rapid provisioning with templates, 195
SATA controllers, 182
SCSI controllers, 182
SDRS, inter-VM anti-affinity rules, 448–449
security, 265
add-ons, 275
compliance with vROps, 275
copying/pasting, 267
denial-of-service attacks, 269
device connections, 267, 269–270
disabling unexposed features, 266–267
disk shrinking, 267
Encrypted vSphere vMotion, 272–273
hardening, best practices, 265–266
performance counters, 268
SGX, 505
UEFI Secure Boot, 266
VMX file size, 268
serial ports, 182
settings, 149
Shutdown Guest, 572
SIO controllers, 182
branches, 177
database files, 179
delta disk files, 179
flat files, 178
linear snapshots, 176
memory files, 179
parent snapshots, 178
post-revert snapshot trees, 176
preserving information, 177–178
RDM, 39
taking, 249
use cases, 177
virtual disks, 582
SPBM, applying storage policies to VM, 462–463
storage
accessing, 36
controllers, 583
TCP/IP stacks, 188
templates
converting VM to templates, 573
deploying VM from templates, 574
TPM devices, 182
traffic shaping policies, 101
troubleshooting
USB
controllers, 182
devices, 182
VBS, 590
virtual disks, 581
files, 175
increasing size, 582
provisioning, 183
shares, 582
snapshots, 582
VMCI, 182
VM-host affinity rule, 137
vSGA models, 593
vSphere Virtual Machine Encryption certificates, 240
VM home namespace, vSAN, 52
VM swap objects, vSAN, 52
VMAFD (VMware Authetication Framework Daemon), 236
VMCA (VMware Certificate Authority), 236–237, 239
custom certificates, 237
ESXi certificates, VMCA Mode, 480–481
management modes (recommended), 237–238
unsupported certificates, 238
VMCI (Virtual Machine Communication Interface), 182
VMCP (VM Component Protection), 150, 371
vmdir (VMware Directory Service), 236, 240
VMDK (Virtual Machine Disks)
snapshot delta VMDK, 52
vSAN, 52
VMFS (Virtual Machine File Systems), 38, 41–43, 438–443
VMkernel
adapter settings, 122, 338–339
latency, troubleshooting, 382
network adapters, migrating to vDS, 352
TCP/IP
networking layer, 18
data flow, 191
encrypted vMotion, 192, 272–273
EVC
AMD modes, 133
vSphere clusters, 130, 131–133, 367–368
multi-NIC vMotion, 190
port states, 111
RDM, 40
data flow, 193
limitations, 193
requirements, 193
VM migration, 251
TCP/IP stacks, 122
VM migration, 250
VMware
Azure VMware Solution, 226–227
Enhanced Authentication plug-ins, 303
HPP, 47
best practices, 48
vSphere support, 47
NVMe, 46
over FC requirements, 47
over PCIe requirements, 46
over RDMA (RoCE Version 2) requirements, 46
PowerCLI
vSAN, 53
private clouds, 28
PSA, VMware native modules and third-party MPP, 78
SDDC, 27
server virtualization, 27
Skyline, 206
integration, 206
use cases, 206
vSphere Health and vSAN Health, 53
system logs, uploading, 404
vCloud Suite, 28
solution user certificate stores, 240–241
VM resources, monitoring/managing, 391–392
VMAFD, 236
custom certificates, 237
management modes (recommended), 237–238
unsupported certificates, 238
vmdir, 236
vRA, 209
use cases, 210
vRLI, 208
use cases, 208
vRNI, 214
integration, 215
integration, 214
use cases, 214
compliance, 275
integration, 208
Predictive DRS, 152
use cases, 207
vSphere Lifecycle Manager, 315
vSphere Replication, 206, 219–221
VMware Certification accounts, 604
VMware Cloud Foundation. See VCF
VMware Directory Service, 11
use cases, 216
VMware Service Lifecycle Manager, 157
VMware Tools, 183
VMware vCloud Director, 28
VMX file size, VM security, 268
vNIC (Virtual Network Interface Cards), 93–94
vPMem (Virtual PMem), 454
vPMemDisk (Virtual PMem Disks), 455
vRA (vRealize Automation), 26–27, 209
use cases, 210
vRealize Log Insight. See vRLI
vRealize Network Insight. See vRNI
vRealize Operations. See vROps
vRA, 209
use cases, 210
vRLI, 208
use cases, 208
vRNI, 214
integration, 215
integration, 214
use cases, 214
compliance, 275
integration, 208
Predictive DRS, 152
use cases, 207
vRLI (vRealize Log Insight), 27, 208, 407
use cases, 208
VRMS (vSphere Replication Management Service), 24
vRNI (vRealize Network Insight), 27, 214
integration, 215
vRO (vRealize Orchestrator), 213–214
integration, 214
use cases, 214
vROps (vRealize Operations), 26, 207
compliance, 275
integration, 208
Predictive DRS, 152
use cases, 207
VRS (vSphere Replication Service), 24
absent component state, 52
boot devices, 68
cluster requirements, 66
clusters
creating with Quickstart, 415
increasing space efficiency, 430–432
managing devices in clusters, 429–430
concepts, 49
consumed capacity, 51
Data Locality, 57
extending across two sites, 427–428
degraded component state, 52
disabling, 421
disk groups, 51
EZT for shared disks, 53
File Services, 54, 62–63, 436–438
file-based persistent volumes, 54
healthy object state, 52
integrated file services, 53
I/O redirects, 53
large-capacity drive support, 54
limitations, 59
memory as performance service metric, 53
memory objects, 52
networks
requirements, 67
NVMe Hot-Plug plug-in, 53
object-based storage, 51
Observer, 53
persistent logging in vSAN clusters, 68
PFTT, 57
preparing, 414
Ready Node, 53
repair objects after witness deployments, 54
RVC, 52
SCSI UNIMAP, 59
SFTT, 57
Skyline and vSphere Health integration, 53
snapshot delta VMDK, 52
software requirements, 66
SPBM, 52
standard cluster deployments, 54–55
storage policies, 79–81, 435–436
stretched cluster deployments, 56–59
thin provisioning, 59
two-host cluster deployments, 55
unhealthy object state, 52
user-defined vSAN clusters, 53
VCG notification service, 54
VM compliance status, 52
VM home namespace, 52
VM swap objects, 52
VMDK, 52
VMware PowerCLI, 53
vSphere Health, 53
vSphere Lifecycle Manager, 53, 54
vSphere Replication objects, 54
vSphere with Kubernetes integration, 54
vVols support, 54
vSGA models, VM, 593
vSGX (Virtual Intel Software Guard Extension), 274–275
vSphere
Auto Deploy, security, 491
components
core components, 6
optional components, 6
configuring, 315
vCenter HA implementation, 316–317
vCenter Server inventory configuration, 315–316
VMware vSphere Lifecycle Manager, 315
vSphere Client, 315
features, 7
infrastructure services, 21–23
installing
deploying vCenter Server components, 297–305
initial vSphere configuration, 315–322
licenses, 9
Lifecycle Manager, 157
ESXi firmware updates, 536–537
hardware compatibility checks, 537
remediation settings, 528
managing resources, 373
monitoring resources, 373
networks
segmenting, 18
performance
metrics, 374
pods, vSphere with Kubernetes, 45–46
Replication objects, vSAN, 54
requirements
GUI installer, 23
NSX, 26
replication requirements, 24
user interfaces, 23
vCenter HA requirements, 24–25
vCenter Server file-based backup and restore, 23
storage integration, 68
upgrading to vSphere 7.0, 517–518
vSphere Host Client, 8
vSphere Authentication Proxy, 257
vSphere Client
data center-level management, 111
events, viewing, 397
HTML5-based, 8
multipathing management, 457–458
port state monitoring, 111
vCenter Server, monitoring/managing, 547–554
vSphere configurations, 315
vSphere clusters
creating, 364
datastore clusters versus, 131
Automation Mode, 134
creating DRS clusters, 368
evacuation workflows, 136
Memory metric for load balancing, 135
migration sensitivity, 138–139
monitoring/managing resource usage, 384–385
network-aware DRS, 135
NVM support, 136
VM distribution, 135
VM initial placements, 135–136
AMD modes, 133
HA, 143
admission control, 371
advanced options, 148–149, 370
benefits of, 144
best practices, 151
configuring HA clusters, 370
detecting host issues, 144
heartbeats, 146
requirements, 145
vCenter Server, 145
resource pools, 139
expandable reservations, 141
limits, 141
monitoring/managing resource usage, 385–386
use cases, 139
vSphere HA, 7
benefits of, 144
best practices, 151
capacity reservation settings, 420
detecting host issues, 144
failovers, 143
heartbeats, 146
requirements, 145
vCenter Server, 145
vSphere clusters, failovers, 144
vSphere Health
Skyline and vSAN Health integration, 53
vSAN Health, 53
vSphere Host Client, 8
vSphere Lifecycle Manager, 315
vSphere Replication, 6, 206, 219–220
use cases, 220
vSphere Replication Management Service. See VRMS
vSphere Replication Service. See VRS
vSphere standard switches, 18
vSphere Virtual Machine Encryption certificates, 240
integration, 205
use cases, 204
vSS (vSphere Standard Switches), 94, 95–97
network policies, 98
vTA (vSphere Trust Authority), 258–259
operations, 504
vTPM (Virtual Trusted Platform Module), 273–274
Vue (Pearson)
exam preparation, 604
requirements, 604
VUM (VMware Update Manager). See vSphere Lifecycle Manager
vVols (Virtual Volumes), 40–41, 72
architecture, 72
Config-vVol, 73
datastores, 45
Data-vVol, 73
limitations, 73
Mem-vVol, 73
Other-vVol, 73
Swap-vVol, 73
vSAN, 54
warning events, 397
web proxies, ESXi security settings, 490–491
Windows Session Authentication, enabling SSO, 472–473
witness nodes, vCenter HA, 14
workflows, evacuation, 136
Write Same (Zero), 71
XCOPY (Extended Copy), 70
zeroing out files, 79