How it Works
VMware
Loading...
ESXI - 6.0
Administrator’s Guide
446 pgs5.82 Mb0
Administrator’s Guide [fr]
494 pgs6.18 Mb0
Installation Manual
16 pgs791.7 Kb0
Installation Manual [fr]
292 pgs3.79 Mb0
User Manual
156 pgs2.05 Mb0
User Manual
72 pgs1.5 Mb0
User Manual
132 pgs941.53 Kb1
User Manual
30 pgs1.01 Mb0
User Manual
46 pgs1.24 Mb0
User Manual [fr]
118 pgs1.79 Mb0
User Manual [fr]
60 pgs487.76 Kb0
User Manual [fr]
210 pgs2.49 Mb0
Table of contents
Loading...

VMware ESXI - 6.0 Administrator’s Guide

Download
Page 1
vSphere Administration with the
vSphere Client
vCenter Server 6.0
ESXi 6.0
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Page 2
vSphere Administration with the vSphere Client
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
2 VMware, Inc.
Page 3

Contents

vSphere Administration with the vSphere Client 9
Updated Information 11
Using the vSphere Client 13
1
Start the vSphere Client and Log In 14
Stop the vSphere Client and Log Out 14
Status Bar and Recent Tasks 14
Getting Started Tabs 15
View Virtual Machine Console 15
Using Lists 16
Save vSphere Client Data 17
Panel Sections 17
Searching the vSphere Inventory 17
Custom Attributes 18
Select Objects 20
Manage vCenter Server Plug-Ins 20
Working with Active Sessions 21
Configuring ESXi Hosts and vCenter Server in the vSphere Client 23
2
Configuring ESXi Hosts 23
Configuring vCenter Server in the vSphere Client 26
Configuring Communication Among ESXi , vCenter Server, and the vSphere Client 32
Reboot or Shut Down an ESXi Host 32
Organizing Your Inventory 35
3
Create Datacenters 36
Add Hosts 37
Create Clusters 38
Create Resource Pools 38
Create Datastores 39
Create Host-Wide Networks 40
Create Datacenter-Wide Networks 40
VMware, Inc.
Managing License Keys in the vSphere Client 45
4
Licensing Limitations in the vSphere Client 45
Managing License Keys on ESXi Hosts 45
Managing License Keys on vCenter Server 47
Managing Tasks 51
5
Viewing Tasks 51
3
Page 4
vSphere Administration with the vSphere Client
Cancel a Task 53
Schedule Tasks 53
Policy Rules for Task Operations 57
Securing the Management Interface 59
6
Securing ESXi Hosts 59
Securing Virtual Machines 63
ESXi Authentication and User Management 69
7
Managing Users with the vSphere Client 69
Assigning Permissions for ESXi 72
Managing ESXi Roles 73
Using Active Directory to Manage ESXi Users 76
Use vSphere Authentication Proxy to Add a Host to a Domain 77
Adjust the Search List in Large Domains 78
Managing Hosts in vCenter Server 79
8
Disconnecting and Reconnecting a Host 79
Remove a Host from a Cluster 80
Remove a Managed Host from vCenter Server 81
Using vCenter Maps 83
9
Set the Maximum Number of Map Objects 84
View vCenter Maps 84
Print vCenter Maps 84
Export vCenter Maps 84
Creating a Virtual Machine in the vSphere Client 85
10
Start the Virtual Machine Creation Process in the vSphere Client 85
Select a Configuration Option for the New Virtual Machine in the vSphere Client 86
Enter a Name and Location for the Virtual Machine in the vSphere Client 87
Select a Host or Cluster in the vSphere Client 87
Select a Resource Pool in the vSphere Client 88
Select a Datastore in the vSphere Client 88
Select a Virtual Machine Version in the vSphere Client 89
Select an Operating System in the vSphere Client 89
Select the Number of Virtual CPUs in the vSphere Client 90
Configure Virtual Memory in the vSphere Client 90
Configure Networks in the vSphere Client 91
Select a SCSI Controller in the vSphere Client 92
Selecting a Virtual Disk Type 92
Complete Virtual Machine Creation in the vSphere Client 96
Working with Templates and Clones in the vSphere Client 97
11
Clone a Virtual Machine in the vSphere Client 97
Create a Scheduled Task to Clone a Virtual Machine in the vSphere Client 100
Create a Template in the vSphere Client 100
Deploy a Virtual Machine from a Template in the vSphere Client 103
4 VMware, Inc.
Page 5
Change Template Name in the vSphere Client 105
Deleting Templates 106
Convert a Template to a Virtual Machine in the vSphere Client 107
Contents
Customizing Guest Operating Systems 109
12
Guest Operating System Customization Requirements 109
Configure a Script to Generate Computer Names and IP Addresses During Guest Operating
System Customization in the vSphere Client 110
Customize Windows During Cloning or Deployment in the vSphere Client 111
Customize Linux During Cloning or Deployment in the vSphere Client 113
Managing Customization Specifications in the vSphere Client 115
Migrating Virtual Machines in the vSphere Client 123
13
Migrate a Powered-On Virtual Machine with vMotion in the vSphere Client 124
Migrate a Virtual Machine with Storage vMotion in the vSphere Client 125
Migrate a Powered-Off or Suspended Virtual Machine in the vSphere Client 126
CPU Compatibility and EVC 128
Deploying OVF Templates 133
14
Deploy an OVF Template in the vSphere Client 133
Export an OVF Template 134
Configuring Virtual Machines in the vSphere Client 137
15
Virtual Machine Limitations in the vSphere Client 138
Virtual Machine Hardware Versions 139
Locate the Hardware Version of a Virtual Machine in the vSphere Client 140
Change the Virtual Machine Name in the vSphere Client 141
View the Virtual Machine Configuration File Location in the vSphere Client 141
Edit Configuration File Parameters in the vSphere Client 141
Change the Configured Guest Operating System in the vSphere Client 142
Configure Virtual Machines to Automatically Upgrade VMware Tools 142
Virtual CPU Configuration 143
Virtual Memory Configuration 149
Network Virtual Machine Configuration 153
Parallel and Serial Port Configuration 154
Virtual Disk Configuration 160
SCSI and SATA Storage Controller Conditions, Limitations, and Compatibility 163
Other Virtual Machine Device Configuration 167
Configuring vServices 172
USB Configuration from an ESXi Host to a Virtual Machine 173
USB Configuration from a Client Computer to a Virtual Machine in the vSphere Client 177
Manage Power Management Settings for a Virtual Machine 180
Configure the Virtual Machine Power States 180
Delay the Boot Sequence in the vSphere Client 182
Enable Logging in the vSphere Client 182
Disable Acceleration in the vSphere Client 183
Configure Debugging and Statistics in the vSphere Client 183
VMware, Inc. 5
Page 6
vSphere Administration with the vSphere Client
Managing Virtual Machines 185
16
Edit Virtual Machine Startup and Shutdown Settings 185
Open a Console to a Virtual Machine 186
Adding and Removing Virtual Machines 186
Using Snapshots To Manage Virtual Machines 187
Managing Multi-Tiered Applications with vSphere vApp in the vSphere
17
Client 195
Create a vApp 196
Power On a vApp in the vSphere Client 197
Clone a vApp 198
Power Off a vApp in the vSphere Client 198
Suspend a vApp in the vSphere Client 198
Resume a vApp in the vSphere Client 199
Populate the vApp 199
Edit vApp Settings in the vSphere Client 200
Configuring IP Pools 204
Edit vApp Annotation in the vSphere Client 206
Monitoring Solutions with the vCenter Solutions Manager 207
18
Viewing Solutions 208
Monitoring Agents 208
Monitoring vServices 209
Using Host Profiles in the vSphere Client 211
19
Host Profiles Usage Model 211
Access Host Profiles View 212
Creating a Host Profile 212
Export a Host Profile 213
Import a Host Profile 214
Clone a Host Profile 214
Edit a Host Profile 214
Manage Profiles 217
Checking Compliance 220
Host Profiles and vSphere Auto Deploy 222
Networking in the vSphere Client 225
20
Networking Limitations in the vSphere Client 225
View Networking Information in the vSphere Client 226
View Network Adapter Information in the vSphere Client 226
Setting Up Networking with vSphere Standard Switches 227
Setting Up Networking with vSphere Distributed Switches 230
Managing Network Resources 247
21
vSphere Network I/O Control 247
TCP Segmentation Offload and Jumbo Frames 250
DirectPath I/O 252
Single Root I/O Virtualization (SR-IOV) 254
6 VMware, Inc.
Page 7
Contents
Networking Policies 257
22
Applying Networking Policies on a vSphere Standard or Distributed Switch 257
Teaming and Failover Policy 259
VLAN Policy 267
Security Policy 269
Traffic Shaping Policy 273
Resource Allocation Policy 277
Monitoring Policy 278
Port Blocking Policies 279
Manage Policies for Multiple Port Groups on a vSphere Distributed Switch 279
Advanced Networking 285
23
Internet Protocol Version 6 (IPv6) Support 285
VLAN Configuration 286
Working With Port Mirroring 286
Configure NetFlow Settings 293
Switch Discovery Protocol 293
Change the DNS and Routing Configuration 295
MAC Address Management 296
Managing Storage in the vSphere Client 299
24
Storage Limitations in the vSphere Client 300
Display Storage Devices for a Host in the vSphere Client 300
Display Storage Devices for an Adapter in the vSphere Client 301
View Storage Adapters Information in the vSphere Client 301
Review Datastore Information in the vSphere Client 301
Assign WWNs to Virtual Machines 301
Modify WWN Assignments 302
Set Up Networking for Software FCoE 303
Add Software FCoE Adapters 304
Disable Automatic Host Registration 304
Setting Up Independent Hardware iSCSI Adapters 305
Configuring Dependent Hardware iSCSI Adapters 306
Configuring Software iSCSI Adapters 308
Setting Up iSCSI Network 310
Using Jumbo Frames with iSCSI 315
Configuring Discovery Addresses for iSCSI Adapters 316
Configuring CHAP Parameters for iSCSI Adapters 317
Configure Advanced Parameters for iSCSI in the vSphere Client 320
Managing Storage Devices 321
Working with Datastores 322
Raw Device Mapping 332
Understanding Multipathing and Failover 333
Storage Hardware Acceleration 335
Storage Thin Provisioning 336
Using Storage Vendor Providers 338
VMware, Inc. 7
Page 8
vSphere Administration with the vSphere Client
Resource Management for Single Hosts 341
25
Configuring Resource Allocation Settings 341
Administering CPU Resources 342
Administering Memory Resources 345
Managing Storage I/O Resources 349
Managing Resource Pools 352
Using DRS Clusters to Manage Resources 356
Creating a Datastore Cluster 368
Using Datastore Clusters to Manage Storage Resources 371
Using NUMA Systems with ESXi 379
Advanced Attributes 381
Creating and Using vSphere HA Clusters 383
26
vSphere HA Checklist 383
Creating and Configuring a vSphere HA Cluster 384
Customize an Individual Virtual Machine in the vSphere Client 389
Providing Fault Tolerance for Virtual Machines 391
27
Fault Tolerance Use Cases 391
Fault Tolerance Checklist 392
Preparing Your Cluster and Hosts for Fault Tolerance 393
Using Fault Tolerance 396
Viewing Information About Fault Tolerant Virtual Machines in the vSphere Client 398
Best Practices for Fault Tolerance 400
Monitoring a Single Host with the vSphere Client 403
28
View Charts 403
Working with Advanced and Custom Charts 403
Monitoring Host Health Status 406
Monitoring Events, Alarms, and Automated Actions 408
Viewing Solutions 422
Configure SNMP Settings for vCenter Server 423
System Log Files 424
Index 429
8 VMware, Inc.
Page 9

vSphere Administration with the vSphere Client

The vSphere Administration with the vSphere Client documentation provides information on managing a single ESXi host or vCenter Server system through a direct connection from the vSphere Client. You can use these tasks to manage hosts that are not connected to a vCenter Server system, or to troubleshoot or manage hosts that have become disconnected from the vCenter Server system that managed them.
This documentation is intended primarily as a reference for tasks that you can perform when you connect directly to a host or vCenter Server with the vSphere Client. For detailed information about vSphere networking, storage, security, virtual machine management, and other topics, see the appropriate vSphere documentation.
Intended Audience
This information is intended for anyone who wants to manage a single ESXi host or vCenter Server system by connecting directly with the vSphere Client. The information is written for experienced Windows system administrators who are familiar with virtual machine technology and datacenter operations.
VMware, Inc.
9
Page 10
vSphere Administration with the vSphere Client
10 VMware, Inc.
Page 11

Updated Information

This vSphere Administration with the vSphere Client is updated with each release of the product or when necessary.
This table provides the update history of the vSphere Administration with the vSphere Client .
Revision Description
EN-001606-02
EN-001606-01
EN-001606-00 Initial release.
Removed information related to vSphere Storage Appliance. This functionality is deprecated in
n
vSphere 6.0.
Added a note to Chapter 1, “Using the vSphere Client,” on page 13 about enabling an Active
n
Directory user.
Removed information related to Storage Views and Storage Reports. This functionality is deprecated
n
inv Sphere 6.0.
Updated the number of LUN IDs in “Change the Number of Scanned Storage Devices,” on page 322
n
Added licensing limitation topic “Licensing Limitations in the vSphere Client,” on page 45.
n
VMware, Inc. 11
Page 12
vSphere Administration with the vSphere Client
12 VMware, Inc.
Page 13

Using the vSphere Client 1

The vSphere Client is an interface for administering vCenter Server and ESXi.
The vSphere Client user interface is configured based on the server to which it is connected:
When the server is a vCenter Server system, the vSphere Client displays all the options available to the
n
vSphere environment, according to the licensing configuration and the user permissions.
When the server is an ESXi host, the vSphere Client displays only the options appropriate to single host
n
management.
NOTE If you want to enable an Active Directory user to log in to a vCenter Server instance by using the vSphere Client with SSPI, you must join the vCenter Server instance to the Active Directory domain. For information on how to join a vCenter Server Appliance with an external Platform Services Controller to an Active Directory domain, see the VMware knowledge base article at http://kb.vmware.com/kb/2118543.
When you first log in to the vSphere Client, it displays a Home page with icons that you select to access vSphere Client functions. When you log out of the vSphere Client, the client application retains the view that was displayed when it closed, and returns you to that view when you next log in.
You perform many management tasks from the Inventory view, which consists of a single window containing a menu bar, a navigation bar, a toolbar, a status bar, a panel section, and pop-up menus.
VMware, Inc.
This chapter includes the following topics:
“Start the vSphere Client and Log In,” on page 14
n
“Stop the vSphere Client and Log Out,” on page 14
n
“Status Bar and Recent Tasks,” on page 14
n
“Getting Started Tabs,” on page 15
n
“View Virtual Machine Console,” on page 15
n
“Using Lists,” on page 16
n
“Save vSphere Client Data,” on page 17
n
“Panel Sections,” on page 17
n
“Searching the vSphere Inventory,” on page 17
n
“Custom Attributes,” on page 18
n
“Select Objects,” on page 20
n
“Manage vCenter Server Plug-Ins,” on page 20
n
“Working with Active Sessions,” on page 21
n
13
Page 14
vSphere Administration with the vSphere Client

Start the vSphere Client and Log In

The vSphere Client is a graphical user interface for ESXi host and vCenter Server management.
A login screen appears when you start the vSphere Client. After you log in, the client displays the objects and functionality appropriate to the server you are accessing and the permissions available to the user you logged in as.
Procedure
1 Log in to your Windows system.
If this is the first time you are starting the vSphere Client, log in as the administrator.
If the managed host is not a domain controller, log in as either local_host_name\user or user, where
n
user is a member of the local Administrators group.
If the managed host is a domain controller, you must log in as domain\user, where domain is the
n
domain name for which the managed host is a controller and user is a member of that domain’s Domain Administrators group. VMware does not recommend running on a domain controller.
2 Double-click a shortcut or select the vSphere Client from Start > Programs > VMware > VMware
vSphere Client.
3 Enter the IP address or server name, your user name, and your password.
4 Click Login to continue.
You are now connected to the host.
NOTE If you connect to an ESXi host that is currently managed by a vCenter Server system, you will receive a warning message and changes made to the host may not be reflected in the vCenter Server system

Stop the vSphere Client and Log Out

When you no longer need to view or alter the activities that the ESXi host or vCenter Server system is performing, log out of the vSphere Client.
NOTE Closing a vSphere Client session does not stop the host system.
Procedure
Click the close box (X) , or select File > Exit.
u
The vSphere Client shuts down. The vSphere Client is logged out of the ESXi host or vCenter Server system. The host continues to run all its normal activities in the background.
Status Bar and Recent Tasks
Use the status bar to view information about recently completed or active tasks.
The status bar appears at the bottom of the window. It displays any currently running or recently completed active tasks. Included is a progress bar indicating the percentage complete of each task.
14 VMware, Inc.
Page 15
Getting Started Tabs
In the case where ESXi or vCenter Server is newly installed and no inventory objects have been added, the Getting Started tabs guide you through the steps of adding items to the inventory and setting up the virtual environment.
Disable Getting Started Tabs on page 15
n
You can disable the Getting Started tabs if you do not want to display them.
Restore Getting Started Tabs on page 15
n
If you turned off the display of the Getting Started tabs, you can restore the settings to display these tabs for all inventory objects.
Disable Getting Started Tabs
You can disable the Getting Started tabs if you do not want to display them.
You can disable the tabs in the following ways.
Procedure
Click the Close Tab link to disable Getting Started tabs for the type of object selected.
n
Chapter 1 Using the vSphere Client
Change the vSphere Client settings to hide all Getting Started tabs.
n
a Select Edit > Client Settings.
b Select the General tab.
c Deselect the Show Getting Started Tabs check box and click OK.
Restore Getting Started Tabs
If you turned off the display of the Getting Started tabs, you can restore the settings to display these tabs for all inventory objects.
Procedure
1 Select Edit > Client Settings.
2 Click the General tab.
3 Select Show Getting Started Tabs and click OK.
View Virtual Machine Console
The console of a powered-on virtual machine is available through a connected server. All console connections to the virtual machine see the same information. The message line indicates the number of active connections viewing the virtual machine.
Procedure
1 Select a powered-on virtual machine.
2 In the Information panel, click the Console tab.
3 (Optional) Click the pop-out icon in the navigation bar to show the virtual machine console in a
separate window.
4 (Optional) Press Ctrl+Alt+Enter to enter or exit full screen mode.
VMware, Inc. 15
Page 16
vSphere Administration with the vSphere Client
Using Lists
Many vSphere Client inventory tabs display lists of information.
For example, the Virtual Machines tab displays a list of all the virtual machines associated with a host or a cluster. Sort any list in the vSphere Client by clicking the column label heading. A triangle in the column head shows the sort order as ascending or descending.
You can also filter a list, sorting and including only selected items. A filter is sorted by a keyword. Select the columns to include in the search for the keyword.
Filter a List View
You can filter a list if it is too long, or if you are looking for specific items in the list. For example, you can filter a list of alarms for alarms that begin with the word "datastore". You can show and hide the filter field by using the Filtering option in the View menu.
The list view is updated based on whether filtering is on or off. For example, if you are in the Virtual Machines tab and the filtered text is “powered on", then only virtual machines whose state is set to powered on will be displayed. If the state of any virtual machine changes, the virtual machine is removed from the list. Virtual machines that are added to the list are also filtered.
Procedure
1 On any inventory panel that displays a list, click the arrow next to the filter box at the top right of the
pane.
2 Select the attributes on which to filter.
3 Enter search criteria into the filter field.
The search automatically starts after a pause of more than one second. Neither boolean expressions nor special characters are supported. Filtering is not case-sensitive.
4 (Optional) Click Clear to clear the filter field.
Export a List
You can export a list in the vSphere Client to a file. Multiple file types are available when saving the file locally.
Procedure
1 In the vSphere Client, navigate to a list view. For example, click the Virtual Machines tab when
viewing a host.
2 Select File > Export > Export List.
3 Type a filename and select a file type.
4 Click Save.
16 VMware, Inc.
Page 17

Save vSphere Client Data

The vSphere Client user interface is similar to a browser. Most user actions are persistent in the ESXi host and vCenter Server data that appears. You typically do not have to save the data.
Procedure
You can save the client data by either printing a copy of the window or exporting the server data.
u
Option Description
Copy the window
Export server data
Panel Sections
The body of the vSphere Client page has a panel section. Most views have a left and a right panel: the Inventory panel and the Information panel.
You can resize these panels.
Chapter 1 Using the vSphere Client
Use the Microsoft Windows Print Screen option to print a copy of the vSphere Client window.
Select File > Export and select a format in which to save the data. Open the data in an appropriate application and print from that application.
Inventory panel
Information panels
Displays a hierarchical list of vSphere objects when an Inventory or Maps view appears.
Display lists and charts. Depending on the navigation items or Inventory item selected, the Information panel is divided into tabbed elements.
Searching the vSphere Inventory
When you are connected to a vCenter Server system with the vSphere Client, you can search the vSphere inventory for virtual machines, hosts, datastores, networks, or folders that match specified criteria.
If the vSphere Client is connected to a vCenter Server system that is part of a connected group in vCenter Linked Mode, you can search the inventories of all vCenter Server systems in that group. You can view and search only for inventory objects that you have permission to view. Because the search service queries Active Directory for information about user permissions, you must be logged in to a domain account to search all vCenter Server systems in Linked Mode. If you log in using a local account, searches return results only for the local vCenter Server system, even if it is joined to other servers in Linked Mode.
NOTE If your permissions change while you are logged in, the search service might not immediately recognize these changes. To ensure that your search is performed with up-to-date permissions, log out of all your open sessions and log in again before performing the search.
Perform a Simple Search
A simple search searches all the properties of the specified type or types of objects for the entered search term.
Procedure
1 Click the icon in the search field at the top right of the vSphere Client window and select the type of
inventory item to search for.
Virtual Machines
n
Hosts
n
VMware, Inc. 17
Page 18
vSphere Administration with the vSphere Client
Folders
n
Datastores
n
Networks
n
Inventory, which finds matches to the search criteria in any of the available managed object types.
n
2 Type one or more search terms into the search field and press Enter.
3 (Optional) If more items are found than can be displayed in the results pane, click Show all.
What to do next
If you are not satisfied with the results of the simple search, perform an advanced search.
Perform an Advanced Search
Using advanced search allows you to search for managed objects that meet multiple criteria. For example, you can search for virtual machines matching a particular search string which reside on hosts whose names match a second search string.
Prerequisites
Open a vSphere Client session to a vCenter Server system
n
Procedure
1 In the vSphere Client, select View > Inventory > Search to display the advanced search page.
2 Click the icon in the search text box and select the type of object you want to search for.
3 Type one or more search terms into the search text box.
4 (Optional) Refine the search based on additional properties.
a Click Show options.
b From the drop-down menu, select the additional property that you want to use to restrict the
search results. The available properties depend on the type of object you are searching for.
c Select or type the appropriate options for the property you have selected.
d To add more properties, click Add and repeat steps a through c.
An advanced search always finds objects that match all the properties in the list.
5 Click Search.
The search results are displayed below the search specification.
Custom Attributes
You can use custom attributes to associate user-specific meta-information with virtual machines and managed hosts.
Attributes are the resources that are monitored and managed for all the managed hosts and virtual machines in your vSphere environment. Attributes’ status and states appear on the inventory panels.
After you create the attributes, set the value for the attribute on each virtual machine or managed host, as appropriate. This value is stored with vCenter Server and not with the virtual machine or managed host. Use the new attribute to filter information about your virtual machines and managed hosts. If you no longer need the custom attribute, remove it. A custom attribute is always a string.
18 VMware, Inc.
Page 19
Chapter 1 Using the vSphere Client
For example, suppose you have a set of products and you want to sort them by sales representative. Create a custom attribute for sales person name, Name. Add the custom attribute, Name, column to one of the list views. Add the appropriate name to each product entry. Click the column title Name to sort alphabetically.
The custom attributes feature is available only when you are connected to a vCenter Server system.
Add Custom Attributes on page 19
n
You can create custom attributes to associate with virtual machines or managed hosts.
Edit a Custom Attribute on page 19
n
You can edit custom attributes and add annotations for a virtual machine or host from the Summary tab for the object. Annotations can be used to provide additional descriptive text or comments for an object.
Add Custom Attributes
You can create custom attributes to associate with virtual machines or managed hosts.
Procedure
1 Select Administration > Custom Attributes.
This option is not available when connected only to an ESXi host.
2 Click Add.
3 Enter the values for the custom attribute.
a Type the name of the attribute in the Name text box.
b Select the attribute type from the Type drop-down menu: Virtual Machine, Host, or Global.
c In the Value text box, type the value you want to give to the attribute for the currently selected
object.
d Click OK.
After you have defined an attribute on a single virtual machine or host, it is available to all objects of that type in the inventory. However, the value you specify is applied only to the currently selected object.
4 (Optional) To change the attribute name, click in the Name field and type the name you want to assign
to the attribute.
5 Click OK.
Edit a Custom Attribute
You can edit custom attributes and add annotations for a virtual machine or host from the Summary tab for the object. Annotations can be used to provide additional descriptive text or comments for an object.
Procedure
1 Select the virtual machine or host in the inventory.
2 Click the Summary tab for the virtual machine or host.
3 In the Annotations box, click the Edit link.
The Edit Custom Attributes dialog box appears.
4 To edit the value of an attribute that has already been defined, double-click the Value field for that
attribute and enter the new value.
5 Click OK to save your changes.
VMware, Inc. 19
Page 20
vSphere Administration with the vSphere Client
Select Objects
vCenter Server objects are datacenters, networks, datastores, resource pools, clusters, hosts, and virtual machines. Selecting an object allows you to view the status of the object and enables the menus so you can select actions to take on the object.
Procedure
Locate the object by browsing or search.
u
From the vSphere Client Home page, click the icon for the appropriate inventory view, and browse
n
through the inventory hierarchy to select the object.
Perform a search for the object, and double-click it in the search results.
n
Manage vCenter Server Plug-Ins
After the server component of a plug-in is installed and registered with vCenter Server, its client component is available to vSphere clients. Client component installation and enablement are managed through the Plug-in Manager dialog box.
The Plug-in Manager lets you perform the following actions:
View available plug-ins that are not currently installed on the client.
n
View installed plug-ins.
n
Download and install available plug-ins.
n
Enable and disable installed plug-ins.
n
Install Plug-Ins
You can install plug-ins using the Plug-in Manager.
Procedure
1 Launch the vSphere Client and log in to a vCenter Server system.
2 Select Plug-ins > Manage Plug-ins.
3 Select the Available Plug-ins tab in the Plug-in Manager dialog box.
4 Click Download and Install for the plug-in you want.
5 Follow the prompts in the installation wizard.
6 After installation is complete, verify that the plug-in is listed under the Installed Plug-ins tab and that
it is enabled.
There might be short delay between the completion of the installation and the plug-in appearing in the list of installed plug-ins.
Disable and Enable Plug-Ins
You can disable or enable plug-ins using the Plug-in Manager.
Disabling a plug-in does not remove it from the client. You must uninstall the plug-in to remove it.
Procedure
1 Launch the vSphere Client and log in to a vCenter Server system.
2 Select Plug-ins > Manage Plug-ins.
20 VMware, Inc.
Page 21
Chapter 1 Using the vSphere Client
3 Select the Installed tab in the Plug-in Manager dialog box.
4 Right-click on a plug-in and select Enable to enable a plug-in, or select Disable to disable it.
Remove Plug-Ins
You can remove plug-ins through the operating system’s control panel.
Procedure
Consult your operating system’s documentation for instructions on how to use the Add/Remove
u
Programs control panel.
Troubleshooting vCenter Server Plug-Ins
In cases where vCenter Server plug-ins are not working, you have several options to correct the problem.
vCenter Server plug-ins that run on the Tomcat server have extension.xml files, which contain the URL where the corresponding Web application can be accessed. These files are located in C:\Program
Files\VMware\Infrastructure\VirtualCenter Server\extensions. Extension installers populate these XML
files using the DNS name for the machine.
Example from the stats extension.xml file: <url>https://SPULOV-XP-VM12.vmware.com:
8443/statsreport/vicr.do</url>.
vCenter Server, plug-in servers, and the clients that use them must be located on systems under the same domain. If they are not under the same domain, or if the DNS of the plug-in server is changed, the plug-in clients will not be able to access the URL, and the plug-in will not work.
You can edit the XML files manually by replacing the DNS name with an IP address. Reregister the plug-in after you edit its extension.xml file.
Working with Active Sessions
You can view a list of users who are logged in to a vCenter Server system when your vSphere Client is connected to that server. You can end sessions, and you can send a message to all users logged on to an active session.
These features are not available when your vSphere Client is connected to an ESXi host.
View Active Sessions
You can view active sessions on the home page of a vSphere Client.
Procedure
From the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions
u
button.
Terminate Active Sessions
Terminating an active session ends the vSphere Client session and any remote console connections started by the user during the session.
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
2 Right-click a session and select Terminate Session.
3 Click OK to confirm the termination.
VMware, Inc. 21
Page 22
vSphere Administration with the vSphere Client
Send a Message to All Active Users
You can send a Message of the Day to all active session users and to new users when they log into the vSphere Client.
The Message of the day text is sent as a notice message to all active session users and to new users when they log in.
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
2 Type a message in the Message of the day field.
3 Click Change.
The message is broadcast to all users logged into the vSphere Client.
22 VMware, Inc.
Page 23
Configuring ESXi Hosts and vCenter
Server in the vSphere Client 2
Use the vSphere Client to configure ESXi and vCenter Server settings.
This chapter includes the following topics:
“Configuring ESXi Hosts,” on page 23
n
“Configuring vCenter Server in the vSphere Client,” on page 26
n
“Configuring Communication Among ESXi, vCenter Server, and the vSphere Client,” on page 32
n
“Reboot or Shut Down an ESXi Host,” on page 32
n
Configuring ESXi Hosts
You can perform a variety of host configuration tasks when you connect directly to an ESXi host or vCenter Server system with the vSphere Client, such as setting the scratch partition, redirecting the direct console, and configuring syslog.
Host Limitations in the vSphere Client
The host configuration tasks that you can perform when you connect directly to an ESXi host or vCenter Server system with the vSphere Client are limited.
The following host features are unavailable or read-only in the vSphere Client
Deleted file reclamation
n
Guest authorization
n
Host profiles reference host independence
n
Lockdown mode
n
Use the vSphere Web Client as the primary interface for managing the full range of host functions available in your vSphere 6.0 environment.
Redirect the Direct Console to a Serial Port by Using the vSphere Client
You can redirect the direct console to either of the serial ports com1 or com2. When you use the vSphere Client to redirect the direct console to a serial port, the boot option that you set persists after subsequent reboots.
Prerequisites
Verify that you can access the host from the vSphere Client.
n
VMware, Inc.
23
Page 24
vSphere Administration with the vSphere Client
Verify that the serial port is not already in use for serial logging and debugging, or for ESX Shell
n
(tty1Port).
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Click the Configuration tab.
3 Under Software, click Advanced Settings.
4 In the left pane, expand the VMkernel listing and select Boot.
5 Make sure that the VMkernel.Boot.logPort and VMkernel.Boot.gdbPort fields are not set to use the
com port that you want to redirect the direct console to.
6 Set VMkernel.Boot.tty2Port to the serial port to redirect the direct console to: com1 or com2.
7 Click OK.
8 Reboot the host.
You can now manage the ESXi host remotely from a console that is connected to the serial port.

Set the Scratch Partition in the vSphere Client

If a scratch partition is not set up, you might want to configure one, especially if low memory is a concern. When a scratch partition is not present, vm-support output is stored in a ramdisk.
Prerequisites
The directory to use for the scratch partition must exist on the host.
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Click the Configuration tab.
3 Under Software, click Advanced Settings.
4 Select ScratchConfig.
The field ScratchConfig.CurrentScratchLocation shows the current location of the scratch partition.
5 In the field ScratchConfig.ConfiguredScratchLocation, enter a directory path that is unique for this
host.
6 Reboot the host for the changes to take effect.
Configure Syslog on ESXi Hosts
All ESXi hosts run a syslog service (vmsyslogd), which logs messages from the VMkernel and other system components to log files.
You can use the vSphere Client or the esxcli system syslog vCLI command to configure the syslog service.
For more information about using vCLI commands, see Getting Started with vSphere Command-Line Interfaces.
Procedure
1 In the vSphere Client inventory, select the host.
2 Click the Configuration tab.
3 In the Software panel, click Advanced Settings.
24 VMware, Inc.
Page 25
Chapter 2 Configuring ESXi Hosts and vCenter Server in the vSphere Client
4 Select Syslog in the tree control.
5 To set up logging globally, click global and make changes to the fields on the right.
Option Description
Syslog.global.defaultRotate
Syslog.global.defaultSize
Syslog.global.LogDir
Syslog.global.logDirUnique
Syslog.global.LogHost
Sets the maximum number of archives to keep. You can set this number globally and for individual subloggers.
Sets the default size of the log, in KB, before the system rotates logs. You can set this number globally and for individual subloggers.
Directory where logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the /scratch directory on the local file system is persistent across reboots. The directory should be specified as [datastorename] path_to_file where the path is relative to the root of the volume backing the datastore. For example, the path [storage1] /systemlogs maps to the path /vmfs/volumes/storage1/systemlogs.
Selecting this option creates a subdirectory with the name of the ESXi host under the directory specified by Syslog.global.LogDir. A unique directory is useful if the same NFS directory is used by multiple ESXi hosts.
Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. You can include the protocol and the port, for example, ssl://hostName1:514. UDP (default), TCP, and SSL are supported. The remote host must have syslog installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
6 (Optional) To overwrite the default log size and log rotation for any of the logs.
a Click loggers.
b Click the name of the log you that want to customize and enter the number of rotations and log
size you want.
7 Click OK.
Changes to the syslog options take effect immediately.
Set the Host Image Profile Acceptance Level
The Host Image Profile acceptance level determines which vSphere installation bundles (VIBs) are accepted for installation.
VIB signatures are checked and accepted for installation based on a combination of the VIB acceptance level and the host image profile acceptance level. VIBs are tagged with an acceptance level that depends on their signature status.
Prerequisites
Required privileges: Host.Configuration.SecurityProfile and Host.Configuration.Firewall
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Under Software, click Security Profile.
3 Under Host Image Profile Acceptance Level, click Edit.
VMware, Inc. 25
Page 26
vSphere Administration with the vSphere Client
4 Select the acceptance level and click OK.
Table 21. Host Image Profile Acceptance Levels
Host Image Profile Acceptance Level Accepted Levels of VIBs
VMware Certified VMware Certified
VMware Accepted VMware Certified, VMware Accepted
Partner Supported VMware Certified, VMware Accepted, Partner
Supported
Community Supported VMware Certified, VMware Accepted, Partner
Supported, Community Supported

Configuring vCenter Server in the vSphere Client

Use the vCenter Server Settings dialog box to configure licensing, statistics collection, logging and other settings.

vCenter Server Limitations in the vSphere Client

The vCenter Server tasks that you can perform when you connect directly to vCenter Server with the vSphere Client are limited.
The following vCenter Server features are unavailable or read-only in the vSphere Client:
Runtime settings
n
Licensing reports
n
Certificate management
n
Creating and managing categories and tags
n
Use the vSphere Web Client as the primary interface for managing the full range of vCenter Server functions available in your vSphere 6.0 environment.
Configure License Settings for vCenter Server
You must configure a license to use vCenter Server. License keys are required for various vSphere components and features.
Prerequisites
To configure licenses, the vSphere Client must be connected to a vCenter Server system.
Required privilege: Global.Settings
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 If the vCenter Server system is part of a connected group, select the server you want to configure from
the Current vCenter Server drop-down menu.
26 VMware, Inc.
Page 27
Chapter 2 Configuring ESXi Hosts and vCenter Server in the vSphere Client
3 In the vCenter License section, select the type of license key to assign to this vCenter Server.
Select Assign an existing license key to this vCenter Server and select a license key from the
n
Product list.
Select Assign a new license key to this vCenter Server, click Enter Key, and enter a
n
vCenter Server license key and an optional label for the key.
NOTE To enter ESXi host license keys, select View > Administration > Licensing
.
Configure Statistics Intervals
Statistic intervals determine the frequency at which statistic queries occur, the length of time statistical data is stored in the database, and the type of statistical data collected.
Required privilege: Global.Settings
NOTE Not all interval attributes are configurable.
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 If necessary, select Administration > Settings to open the vCenter Server Settings dialog box
vCenter Server.
2 In the navigation panel, select Statistics.
3 In the Statistics Intervals section, select or deselect a collection interval to enable or disable it.
Enabling a longer interval automatically enables all shorter intervals.
4 To change a collection interval attribute, select its row in the Statistics Interval section and click Edit to
open the Edit Collection Interval dialog box.
a In Keep Samples for, select an archive length.
This option is configurable only for the Day and Year intervals.
b In Statistics Interval, select an interval duration.
This option is configurable only for the Day interval.
c In Statistics Level select a new level interval level.
Level 4 uses the highest number of statistics counters. Use it only for debugging purposes.
The statistics level must be less than or equal to the statistics level set for the preceeding statistics interval. This is a vCenter Server dependency.
5 (Optional) In the Database Size section, estimate the effect of the statistics settings on the database.
a Enter the number of Physical Hosts.
b Enter the number of Virtual Machines.
The estimated space required and number of database rows required are calculated and displayed.
c If necessary, make changes to your statistics collection settings.
6 Click OK.
VMware, Inc. 27
Page 28
vSphere Administration with the vSphere Client
Configure Runtime Settings
You can change the vCenter Server ID and the vCenter Server Managed IP address. Usually, you do not need to change these settings, but you might need to make changes if you run multiple vCenter Server systems in the same environment.
Required privilege: Global.Settings
Prerequisites
To configure runtime settings, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 If the vCenter Server system is part of a connected group, select the server you want to configure from
the Current vCenter Server drop-down menu.
3 In the navigation panel, select Runtime Settings.
4 In vCenter Server Unique ID, enter a unique ID.
You can change this value to a number from 0 through 63 to uniquely identify each vCenter Server system running in a common environment. By default, an ID value is generated randomly.
5 In vCenter Server Managed IP, enter the vCenter Server system IP address.
6 In vCenter Server Name, enter the name of the vCenter Server system.
If you change the DNS name of the vCenter Server, use this option to modify the vCenter Server name to match.
7 Click OK to save your changes and close the dialog box.
What to do next
If you made changes to the vCenter Server system Unique ID, you must restart the vCenter Server system for these changes to take effect.
Configure Active Directory Settings
You can configure some of the ways vCenter Server interacts with the Active Directory server.
Required privilege: Global.Settings
Prerequisites
To configure active directory settings, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Active Directory.
3 In Active Directory Timeout, enter the timeout interval in seconds for connecting to the Active
Directory server.
4 Select Enable Query Limit to limit the number of users and groups displayed in the Add Permissions
dialog box.
28 VMware, Inc.
Page 29
Chapter 2 Configuring ESXi Hosts and vCenter Server in the vSphere Client
5 In Users & Groups, enter the maximum number of users and groups to display.
If you enter 0 (zero), all users and groups appear.
6 Select Enable Validation to have vCenter Server periodically check its known users and groups against
the Active Directory server.
7 In Validation Period, enter the number of minutes between instances of synchronization.
8 Click OK to save your changes and close the dialog box.
Configure Mail Sender Settings
You must configure the email address of the sender account in order to enable vCenter Server operations, such as sending email notifications as alarm actions.
Required privilege: Global.Settings
Prerequisites
To configure SMTP notifications, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Mail.
3 Enter the SMTP server information.
The SMTP Server is the DNS name or IP address of the SMTP gateway to use for sending email messages
4 Enter the sender account information.
The Sender Account is the email message address of the sender.
NOTE The full email address must be entered, including the domain name (the information after the @ sign).
For example, mail_server@datacenter.com.
5 Click OK.
What to do next
To test the mail settings, create an alarm that can be triggered by a user action, such as an alarm triggered by powering off a virtual machine, and verify that you receive an email when the alarm is triggered.
Configure SNMP Settings
You can configure up to four receivers to receive SNMP traps from vCenter Server. For each receiver, specify a host name, port, and community.
Prerequisites
To configure SNMP settings, the vSphere Client must be connected to a vCenter Server system.
Required privilege: Global.Settings
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
VMware, Inc. 29
Page 30
vSphere Administration with the vSphere Client
2 In the settings list, select SNMP.
3 In Receiver URL, enter the host name or IP address of the SNMP receiver.
4 In the field next to the Receiver URL field, enter the port number of the receiver.
The port number must be a value between 1 and 65535.
5 In Community String, enter the community identifier.
6 Click OK.
Configure Timeout Settings
You can configure the timeout intervals for vCenter Server operations. These intervals specify the amount of time after which the vSphere Client times out.
Required privilege: Global.Settings
Prerequisites
To configure timeout settings, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Timeout Settings.
3 In Normal Operations, enter the timeout interval in seconds for normal operations.
Do not set the value to zero (0).
4 In Long Operations, enter the timeout interval in minutes for long operations.
Do not set the value to zero (0).
5 Click OK.
6 Restart the vCenter Server system for the changes to take effect.
Configure Logging Options
You can configure the amount of detail that vCenter Server collects in log files.
Required privilege: Global.Settings
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Logging Options.
3 From the vCenter Server Logging list, select logging options.
Option Description
None (Disable logging)
Error (Errors only)
Warning (Errors and warnings)
30 VMware, Inc.
Turn off logging
Display only error log entries
Display warning and error log entries
Page 31
Chapter 2 Configuring ESXi Hosts and vCenter Server in the vSphere Client
Option Description
Info (Normal logging)
Verbose (Verbose)
Trivia (Extended verbose)
Displays information, error, and warning log entries
Displays information, error, warning, and verbose log entries
Displays information, error, warning, verbose, and trivia log entries
4 Click OK.
Changes to the logging settings take effect immediately. You do not need to restart vCenter Server system.
Configure the Maximum Number of Database Connections
You can configure the maxiumum number of database connections that can occur simultaneously.
Prerequisites
To configure database settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Database.
3 In Maximum number, type the number.
Generally, you do not need to change this value. You might want to increase this number if your vCenter Server system frequently performs many operations and performance is critical. You might want to decrease this number, if the database is shared and connections to the database are costly. VMware recommends that you not change this value unless one of these issues pertains to your system.
4 Click OK.
Configure Database Retention Policy
In order to limit the growth of the vCenter Server database and conserve storage space, you can configure the database to discard information about tasks or events after a specified period of time.
Do not use these options if you want to retain a complete history of tasks and events for your vCenter Server.
Prerequisites
To configure the database retention policy, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 Select Database Retention Policy.
3 (Optional) Select Tasks retained for, and type a value in days in the text box.
Information about tasks performed on this vCenter Server system will be discarded after the specified number of days.
4 (Optional) Select Events retained for, and type a value in days in the text box.
Information about events for this vCenter Server system will be discarded after the specified number of days.
VMware, Inc. 31
Page 32
vSphere Administration with the vSphere Client
5 Click OK.
Configure Advanced Settings
You can use the Advanced Settings page to modify the vCenter Server configuration file, vpxd.cfg.
This page can be used to add entries to the vpxd.cfg file, but not to edit or delete them. VMware recommends that you change these settings only when instructed to do so by VMware technical support or when you are following specific instructions in VMware documentation.
Required privilege: Global.Settings
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings
dialog box.
2 In the navigation pane, select Advanced Settings.
3 In the Key field, type a key.
4 In the Value field, type the value for the specified key.
5 Click Add.
6 Click OK.
What to do next
Many advanced options changes require that the vCenter Server system be restarted before they take effect. Consult VMware technical support to determine if your changes require a restart.

Configuring Communication Among ESXi , vCenter Server, and the vSphere Client

By default, the vSphere Client uses ports 80 and 443 to communicate with vCenter Server and ESXi hosts.
Configure your firewall to allow communication between the vSphere Client and vCenter Server by opening ports 80 and 443.
vCenter Server acts as a web service. If your environment requires the use of a web proxy, vCenter Server can be proxied like any other web service.
Reboot or Shut Down an ESXi Host
You can power off or restart (reboot) any ESXi host using the vSphere Client. Powering off a managed host disconnects it from vCenter Server, but does not remove it from the inventory.
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Shut down all virtual machines running on the ESXi host.
3 Right-click the ESXi host and select Reboot or Shut Down.
If you select Reboot, the ESXi host shuts down and reboots.
n
If you select Shut Down, the ESXi host shuts down. You must manually power the system back on.
n
32 VMware, Inc.
Page 33
4 Provide a reason for the shut down.
This information is added to the log.
Chapter 2 Configuring ESXi Hosts and vCenter Server in the vSphere Client
VMware, Inc. 33
Page 34
vSphere Administration with the vSphere Client
34 VMware, Inc.
Page 35
Organizing Your Inventory 3
Plan how you will set up your virtual environment. A large vSphere implementation might contain several virtual data centers with a complex arrangement of hosts, clusters, resource pools, and networks. Smaller implementations might require a single virtual data center with a much less complex topology. Regardless of the scale of your virtual environment, consider how the virtual machines it will support are going to be used and administered.
Here are questions you should answer as you create and organize an inventory of virtual objects:
Will some virtual machines require dedicated resources?
n
Will some virtual machines experience periodic spikes in workload?
n
Will some virtual machines need to be administered as a group?
n
Do you want to use multiple vSphere Standard Switches, or you want to have a single vSphere
n
Distributed Switch per data center?
Do you want to use vMotion and Distributed Resource Management with certain virtual machines but
n
not others?
Will some virtual objects require one set of system permissions, while other objects will require a
n
different set of permissions?
The left pane of the vSphere Client displays your vSphere inventory. You can add and arrange objects in any way with the following restrictions:
The name of an inventory object must be unique with its parent.
n
vApp names must be unique within the Virtual Machines and Templates view.
n
System permissions are inherited and cascade.
n
Tasks for Organizing Your Inventory
Populating and organizing your inventory involves the following activities:
Create data centers.
n
Add hosts to the data centers.
n
Organize inventory objects in folders.
n
Setup networking by using vSphere Standard Switches or vSphere Distributed Switches. To use
n
services such as vMotion, TCP/IP storage, Virtual SAN, and Fault Tolerance, setup VMkernel networking for these services. For more information, see vSphere Networking.
Configure storage systems and create datastore inventory objects to provide logical containers for
n
storage devices in your inventory. See vSphere Storage.
VMware, Inc.
35
Page 36
vSphere Administration with the vSphere Client
Create clusters to consolidate the resources of multiple hosts and virtual machines. You can enable
n
vSphere HA and vSphere DRS for increased availability and more flexible resource management. See vSphere Availability for information about configuring vSphere HA and vSphere Resource Management for information about configuring vSphere DRS.
Create resource pools to provide logical abstraction and flexible management of the resources in
n
vSphere. Resource pools can be grouped into hierarchies and used to hierarchically partition available CPU and memory resources. See vSphere Resource Management for details.
This chapter includes the following topics:
“Create Datacenters,” on page 36
n
“Add Hosts,” on page 37
n
“Create Clusters,” on page 38
n
“Create Resource Pools,” on page 38
n
“Create Datastores,” on page 39
n
“Create Host-Wide Networks,” on page 40
n
“Create Datacenter-Wide Networks,” on page 40
n
Create Datacenters
A virtual datacenter is a container for all the inventory objects required to complete a fully functional environment for operating virtual machines. You can create multiple datacenters to organize sets of environments. For example, you might create a datacenter for each organizational unit in your enterprise or create some datacenters for high performance environments and others for less demanding virtual machines.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Verify that you have sufficient permissions to create a datacenter object.
n
NOTE Inventory objects can interact within a datacenter, but interaction across datacenters is limited. For example, you can hot migrate virtual machines from one host to another host in the same datacenter, but not from a host in one datacenter to a host in a different datacenter.
Procedure
1 Go to Home > Inventory > Hosts and Clusters.
2 Select File > New > Datacenter.
3 Rename the datacenter.
What to do next
Add hosts, clusters, resource pools, vApps, networking, datastores, and virtual machines to the datacenter.
36 VMware, Inc.
Page 37
Add Hosts
You can add hosts under a datacenter object, folder object, or cluster object. If a host contains virtual machines, those virtual machines are added to the inventory together with the host. Information about configuring hosts is located in the vSphere Networking, vSphere Storage, vSphere Security, and vSphere Host Profiles documentation.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Verify that you have sufficient permissions to create a host object.
n
Verify that a Datacenter, folder, or cluster exists in the inventory.
n
Obtain the user name and password for an account with administrative privileges on the host.
n
Verify that hosts behind a firewall are able to communicate with the vCenter Server system and all
n
other hosts through port 902 or other custom-configured port.
Verify that all NFS mounts on the host are active.
n
Procedure
1 Select Home > Inventory > Hosts and Clusters.
Chapter 3 Organizing Your Inventory
2 Select a datacenter, cluster, or folder within a datacenter.
3 Select File > New > Add Host.
4 Enter host name or IP address and administrator credentials and click Next.
5 (Optional) Select Enable Lockdown Mode to disable remote access for the administrator account after
vCenter Server takes control of this host.
Selecting this check box ensures that the host is managed only through vCenter Server. You can perform certain management tasks while in lockdown mode by logging into the local console on the host.
6 Review host information and click Next.
7 (Optional) Assign a license key to the host if needed and click Next.
8 Do one of the following:
Option Description
If you are adding the host to a cluster
If you are not adding the host to a cluster
Select a resource pool option and click Next.
Select a location where you want to place virtual machines that already exist on the host and click Next.
9 Review the summary information and click Finish.
The host and its virtual machines are added to the inventory.
VMware, Inc. 37
Page 38
vSphere Administration with the vSphere Client
Create Clusters
A cluster is a group of hosts. When a host is added to a cluster, the host's resources become part of the cluster's resources. The cluster manages the resources of all hosts within it. Clusters enable the vSphere High Availability (HA) and vSphere Distributed Resource Scheduler (DRS) solutions.
Prerequisites
Open vSphere Client session to a vCenter Server.
n
Verify that you have sufficient permissions to create a cluster object.
n
Verify that a Datacenter, or folder within a datacenter, exists in the inventory.
n
Procedure
1 Right-click a datacenter or folder in the vSphere Client and select New Cluster.
2 Enter a name for the cluster.
3 Choose cluster features.
Option Description
If you chose to use DRS with this cluster
If you chose to use HA with this cluster
4 Select an Enhanced vMotion Compatibility (EVC) setting and click Next.
a Click the vSphere DRS box.
b Select an automation level and a migration level and click Next.
c Select a default power management setting and a DPM threshold, and
click Next.
a Click vSphere HA.
b Select whether to enable host monitoring and admission control.
c If admission control is enabled, specify a policy.
d Click Next.
e Specify cluster default behavior and click Next.
f Specify virtual machine monitoring settings and click Next.
EVC ensures that all hosts in a cluster present the same CPU feature set to virtual machines, even if the actual CPUs on the hosts differ. This prevents migrations with vMotion from failing due to incompatible CPUs.
5 Select a swap file policy and click Next.
6 Review the options you selected for the cluster and click Finish.
The cluster is added to the inventory.
What to do next
Add hosts and resource pools to the cluster.
Create Resource Pools
You can use resource pools to hierarchically partition available CPU and memory resources of a standalone host or a cluster. Use resource pools to aggregate resources and set allocation policies for multiple virtual machines, without the need to set resources on each virtual machine.
Prerequisites
Verify that the vSphere Client is connected to a vCenter Server system.
n
Make sure you have permissions sufficient to create a resource pool object.
n
38 VMware, Inc.
Page 39
Verify that a cluster, vApp, or other resource pool object is parent to the resource pool.
n
Procedure
1 Select Home > Inventory > Hosts and Clusters.
2 Select a cluster, vApp, or resource pool.
3 Select File > New > Resource Pool.
4 Enter a name and specify resource settings.
5 Click OK.
The resource pool is added to the inventory.
What to do next
Add virtual machines and vApps to your resource pool.
Create Datastores
A datastore is a logical container that holds virtual machine files and other files necessary for virtual machine operations. Datastores can exist on different types of physical storage, including local storage, iSCSI, Fibre Channel SAN, or NFS. A datastore can be VMFS-based or NFS-based.
Chapter 3 Organizing Your Inventory
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Verify that you have sufficient permissions to create a datastore object.
n
Verify that at least one host in the inventory has access to physical storage.
n
Procedure
1 Select Home > Inventory > Datastores.
2 Right-click on a datacenter and select Add Datastore.
3 Select a host and click Next.
4 Select a type of storage and click Next.
Option Description
Disk or LUN
Network File System
a Select a disk or LUN and click Next.
b Review the disk layout information and click Next.
c Enter a name for the datastore and click Next.
d Specify maximum file and block sizes.
e Specify disk or LUN capacity and click Next.
a Enter server and folder information.
b Select whether clients should mount the NFS as read-only.
c Enter a name and click Next.
5 Review summary information and click Finish.
A datastore is added to the inventory.
VMware, Inc. 39
Page 40
vSphere Administration with the vSphere Client
Create Host-Wide Networks
In vSphere, you can create standard networks and distributed networks. Standard networks provide a method of communication among the virtual machines on a standalone host and consist of standard switches and port groups. Distributed networks aggregate the networking capabilities of multiple hosts and enable virtual machines to keep consistent network configuration as they migrate across hosts. Distributed networks consist of vSphere Distributed Switches, uplink port groups, and port groups.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to create a standard switch.
n
Verify that a host exists in the inventory.
n
Procedure
1 Select a host from the inventory.
2 Click the Configuration tab.
3 In the Hardware section, click Networking.
4 Click vSphere Standard Switch.
5 Click Add Networking.
6 Select a connection type and click Next.
7 Select an existing virtual switch or create one and click Next.
8 Enter a display label for the port group on the switch.
9 Select a VLAN ID and click Next.
10 Review your settings and click Finish.
If you chose to use an existing standard switch, a new port group is added to it. If you chose to create a standard switch, it is added with a port group.
Create Datacenter-Wide Networks
In vSphere, you can create standard networks and distributed networks. Standard networks provide a method of communication among the virtual machines on a standalone host and consist of standard switches and port groups. Distributed networks aggregate the networking capabilities of multiple hosts and enable virtual machines to keep consistent network configuration as they migrate across hosts. Distributed networks consist of vSphere Distributed Switches, uplink port groups, and port groups.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to create a distributed switch.
n
Verify that a host exists in the inventory.
n
Procedure
1 Select Home > Inventory > Networking view, and select a data center.
2 Right-click on the data center and select New vSphere Distributed Switch.
3 Select the vSphere Distributed Switch Version and click Next.
40 VMware, Inc.
Page 41
Chapter 3 Organizing Your Inventory
4 In the General section, type a name for the switch.
5 Specify the maximum number of uplink ports (physical adapters per host) and click Next.
6 Select Add now to add hosts and their physical adapters to the switch.
Select Add later to add hosts and their physical adapters to the switch after the vSphere Distributed Switch has been created.
7 Select the hosts to add in the Host/Physical adapters section and click Next.
8 Select Automatically create a default port group to automatically create a port group and click Finish.
A vSphere Distributed Switch, with its associated uplink ports and port groups, is added to the inventory.
What to do next
Add hosts to the switch.
n
Add port groups to the switch.
n
Edit switch properties.
n
Edit General vSphere Distributed Switch Settings
You can edit the general settings for a vSphere distributed switch, such as the distributed switch name and the number of uplink ports on the distributed switch.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
3 Select General to edit the vSphere distributed switch settings.
Option Description
Name
Number of Uplink Ports
Notes
Type the name for the distributed switch.
Select the number of uplink ports for the distributed switch.
Type any notes for the distributed switch.
4 (Optional) Edit uplink port names.
a Click Edit uplink names.
b Type new names for one or more uplink ports.
c Click OK.
5 Click OK.
Edit Advanced vSphere Distributed Switch Settings
You can change advanced vSphere distributed switch settings such as Cisco Discovery Protocol and the maximum MTU for the vSphere distributed switch.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
VMware, Inc. 41
Page 42
vSphere Administration with the vSphere Client
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
3 Select Advanced to edit the following vSphere distributed switch settings.
Option Description
Maximum MTU
Discovery Protocol Status
Admin Contact Info
4 Click OK.
Maximum MTU size for the vSphere distributed switch.
Choose the status for discovery protocol on the vSphere distributed switch.
Enabled. Enabled discovery protocol for the vSphere distributed
n
switch.
1 Select Cisco Discovery Protocol or Link Layer Discovery Protocol
from the Type drop-down menu.
2 Set Operation to Listen, Advertise, or Both.
Disabled.
n
Enter the Name and Other Details for the vSphere distributed switch administrator.
Add Hosts to a vSphere Distributed Switch
You can add hosts and physical adapters to a vSphere distributed switch at the distributed switch level after it is created.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane, and select Add Host.
3 Select the hosts to add.
4 Under the selected hosts, select the physical adapters to add and click Next.
You can select physical adapters that are not being used and physical adapters that are being used.
NOTE Moving a physical adapter to a distributed switch without moving any associated virtual adapters can cause those virtual adapters to lose network connectivity.
5 For each virtual adapter, select Destination port group and select a port group from the drop-down
menu to migrate the virtual adapter to the distributed switch or select Do not migrate.
6 (Optional) Set the maximum number of ports on a host.
a Click View Details for the host.
b Select the maximum number of ports for the host from the drop-down menu.
c Click OK.
7 Click Next.
42 VMware, Inc.
Page 43
Chapter 3 Organizing Your Inventory
8 (Optional) Migrate virtual machine networking to the distributed switch.
a Select Migrate virtual machine networking.
b For each virtual machine, select Destination port group and select a port group from the drop-
down menu or select Do not migrate.
9 Click Next.
10 (Optional) If you need to make any changes, click Back to the appropriate screen.
11 Review the settings for the distributed switch and click Finish.
Add a Distributed Port Group
Add a distributed port group to a vSphere distributed switch to create a distributed switch network for your virtual machines.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane and select New Port Group.
3 Enter a Name and the Number of Ports for your new distributed port group.
4 Select a VLAN Type.
Option Description
None
VLAN
VLAN Trunking
Private VLAN
Do not use VLAN.
In the VLAN ID field, enter a number between 1 and 4094.
Enter a VLAN trunk range.
Select a private VLAN entry. If you did not create any private VLANs, this menu is empty.
5 Click Next.
6 Click Finish.
Edit General Distributed Port Group Settings
You can edit general distributed port group settings such as the distributed port group name and port group type.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the distributed port group in the inventory pane, and select Edit Settings.
VMware, Inc. 43
Page 44
vSphere Administration with the vSphere Client
3 Select General to edit the following distributed port group settings.
Option Action
Name
Description
Number of Ports
Port binding
Type the name for the distributed port group.
Type a brief description of the distributed port group.
Type the number of ports on the distributed port group.
Choose when ports are assigned to virtual machines connected to this distributed port group.
Select Static binding to assign a port to a virtual machine when the
n
virtual machine connects to the distributed port group. This option is not available when the vSphere Client is connected directly to ESXi.
Select Dynamic binding to assign a port to a virtual machine the first
n
time the virtual machine powers on after it is connected to the distributed port group. Dynamic binding is deprecated in ESXi 5.x.
Select Ephemeral for no port binding. This option is not available
n
when the vSphere Client is connected directly to ESXi.
4 Click OK.
Edit Advanced Distributed Port Group Settings
You can edit advanced distributed port group settings, such as override settings and reset at disconnect.
Prerequisites
Open a vSphere Client connection to a vCenter Server.
n
Verify that you have sufficient permissions to edit a distributed switch.
n
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the distributed port group in the inventory pane, and select Edit Settings.
3 Select Advanced to edit the distributed port group properties.
Option Description
Allow override of port policies
Edit Override Settings
Configure reset at disconnect
Select this option to allow distributed port group policies to be overridden on a per-port level. Click Edit Override Settings to select which policies can be overridden at the port level.
Select which policies can be overridden at the port level.
When a distributed port is disconnected from a virtual machine, the configuration of the distributed port is reset to the distributed port group setting. Any per-port overrides are discarded.
4 Click OK.
44 VMware, Inc.
Page 45
Managing License Keys in the
vSphere Client 4
Use the vSphere Client to manage license keys directly on individual ESXi hosts or centrally in the license inventory of a vCenter Server system.
This chapter includes the following topics:
“Licensing Limitations in the vSphere Client,” on page 45
n
“Managing License Keys on ESXi Hosts,” on page 45
n
“Managing License Keys on vCenter Server,” on page 47
n

Licensing Limitations in the vSphere Client

The licensing tasks that you can perform when you connect directly to an ESXi host or vCenter Server system with the vSphere Client are limited
The following licensing features are unavailable in the vSphere Client:
License Reporting
n
Use the vSphere Web Client as the primary interface for managing the full range of licensing functions available in your vSphere 6.0 environment.
Managing License Keys on ESXi Hosts
When you connect the vSphere Client directly to an ESXi host, you can view and assign license keys, see which features are licensed on the host, and put the host in evaluation mode.

Access the ESXi License Key and Licensed Features in the vSphere Client

If you are not local to the host and cannot access the direct console, use the vSphere Client to access the ESXi license key.
Procedure
1 From the vSphere Client, select the host in the inventory.
2 Click the Configuration tab.
3 In the Software section, click Licensed Features.
The license key and a list of features that you can configure on the host appears. The license key appears in the form XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
VMware, Inc.
45
Page 46
vSphere Administration with the vSphere Client
Assign a License Key to an ESXi Host
Using the vSphere Client, you can assign an existing or new license key to an ESXi host.
If the vSphere Client is connected directly to the host, on the host Configuration tab, click Licensed Features > Edit to change the license key.
Prerequisites
Verify that you have the Global.Licenses privilege.
Procedure
1 In the vSphere Client, select the host in the inventory and click the Configuration tab.
2 In the Software section, click Licensed Features and click Edit.
3 Assign a license key.
Select Assign an existing license key to this host and select a license key from the Product list.
n
Select Assign a new license key to this host, click Enter Key, and specify a license key in the form
n
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
4 Click OK.
Set an ESXi Host to Evaluation Mode
If you have assigned a license key to an ESXi host, you can switch to evaluation mode to explore the full set of features that are available for the host.
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Click the Configuration tab.
3 In the Software section, click Licensed Features.
4 Click Edit next to ESX Server License Type.
5 Click Product Evaluation.
6 Click OK to save your changes.
The host is in evaluation mode and you can explore the entire set of features for ESXi. If you have already used the host in evaluation mode, the time that remains in the evaluation period is decreased by the time already used. For example, suppose you have used the host in evaluation mode for 20 days and then assigned a vSphere Standard license key to the host. If you set the host back in evaluation mode, you can explore the entire set of features that are available for the host for the remaining evaluation period of 40 days. You can track the remaining days from the evaluation period of a host in the host's page in the vSphere Client.
NOTE After the evaluation period of the host expires, you receive a warning message, and the host cannot be connected to a vCenter Server system. All powered-on virtual machines continue to work, but you cannot power on any new virtual machines. You cannot change the current configuration of the features that are already in use. You cannot use the features that remained unused while the host was in evaluation mode.
46 VMware, Inc.
Page 47
Chapter 4 Managing License Keys in the vSphere Client
The License Key of an ESXi Host is Replaced
The license key that you assigned through a direct connection with the vSphere Client to an ESXi host changes.
Problem
You use the vSphere Client to connect directly to an ESXi host. You use the Configuration > Licensed Features > Edit operation to assign a license key to the host. Later, a different license key replaces the license
key you assigned to the host.
Cause
If a vCenter Server system manages an ESXi host, changes made to the host license through direct connection to the host do not persist, because the license key assigned through vCenter Server overwrites the changes.
If you use the Configuration > Licensed Features > Edit operation, any license assignment operation that you perform in vCenter Server overrides the host license configuration.
Solution
If you use vCenter Server to manage the host, use either the Home > Administration > Licensing interface or the Add Host operation to configure host licensing.
Managing License Keys on vCenter Server
vSphere license management is centralized. You can use the vSphere Client to manage all licenses that are available in the license inventory of a vCenter Server system.
Access vCenter Server License Keys and Features
You can access the license keys and features available in the vCenter Server license inventory from the Licensing page in the vSphere Client.
Prerequisites
Verify that you have the Global.Licenses privilege.
n
Ensure that the vSphere Client is connected to the vCenter Server system.
n
Procedure
1 In the vSphere Client, select View > Administration > Licensing.
You can view and manage the license keys available in the vCenter Server inventory from the Management tab.
2 (Optional) Click Refresh.
3 In the Management tab, select a sorting option for the license information.
Option Description
Product
License key
Asset
Displays the available license keys listed by product.
Displays the available license keys listed by license key.
Displays the available license keys listed by the asset to which they are assigned: host, vCenter Server, or solution.
VMware, Inc. 47
Page 48
vSphere Administration with the vSphere Client
The Management tab displays the available license keys listed by product, license key, or asset. You can right-click any of the listed items to add, assign, and remove license keys and copy license information to your clipboard.
What to do next
If you have a license key with zero assigned capacity, you can:
Assign the license key to assets that require licensing.
n
Remove the license key if the key is no longer required.
n
You should not keep unassigned license keys in the vCenter Server license inventory.
Add License Keys to the vCenter Server License Inventory
After you obtain license keys, you can add them to the vCenter Server license inventory. You can add multiple license keys at the same time.
Prerequisites
Verify that you have the Global.Licenses privilege.
n
Ensure that the vSphere Client is connected to the vCenter Server system.
n
Procedure
1 In the vSphere Client, select Home > Administration > Licensing.
2 Click Manage vSphere Licenses.
3 In the Add License Keys text area, specify license keys one per line.
You can specify a list of keys in one operation.
4 (Optional) Type a brief label of the keys.
5 Click Add License Keys.
If you specify any invalid license keys, you receive an error message that lists only the invalid keys. You can either delete the invalid keys, or add them after correcting them.
6 If you are not ready to assign the license keys to assets, click Next through the remaining wizard
screens and click Finish to save your changes.
The license keys are added to the vCenter Server license inventory.
What to do next
Assign the license keys to assets that require licensing. You should not keep unassigned license keys in the vCenter Server license inventory.
Assign a License Key to Assets
You can assign license keys to single or multiple assets, individually, or in batches.
NOTE If an ESXi host disconnects from vCenter Server immediately after you assign a license key, the license assignment operation does not complete but the host appears as licensed. The host is licensed after it reconnects to vCenter Server.
Prerequisites
Verify that you have the Global.Licenses privilege.
n
Ensure that the vSphere Client is connected to the vCenter Server system.
n
48 VMware, Inc.
Page 49
Chapter 4 Managing License Keys in the vSphere Client
Procedure
1 In the vSphere Client, select Home > Administration > Licensing.
2 Click Manage vSphere Licenses.
3 Click Next to go to the Assign Licenses page.
4 Click the ESX, vCenter Server, or Solutions tab to display the available assets.
5 Select the assets to show.
6 In the Asset window, select one or more assets to license.
To select multiple assets, use Ctrl-click or Shift-click.
7 In the Product window, select an appropriate license key and click Next.
If the license key you assign has a strong limit, the license capacity must be greater than or equal to the required license use for the asset. Otherwise, you cannot assign the license key. Check the EULA of the license to determine whether it has a strong limit.
8 (Optional) If you are not ready to remove any license keys, click Next to skip the Remove License Keys
page and click Finish to save your changes.
Add a License Key and Assign It to an Asset
After you obtain a license key, you can add it to the vCenter Server license inventory and assign the license key to assets.
Prerequisites
Verify that you have the Global.Licenses privilege.
n
Ensure that the vSphere Client is connected to the vCenter Server system.
n
Procedure
1 In the vSphere Client, select Home > Administration > Licensing.
2 In the Management tab, select Asset as a primary entity for sorting the license information.
3 Right-click an asset and select Change license key.
4 Select Assign a new license key and click Enter Key.
5 Specify the license key, type an optional label for the key, and click OK.
6 Click OK.
The license key is added to the vCenter Server license inventory and assigned to the corresponding asset.
What to do next
Assign the license key to other assets of the same type in case the license key has available capacity.
Export License Information
You can export license information in a file that you can later open with third-party applications.
Prerequisites
Verify that you have the Global.Licenses privilege.
n
Ensure that the vSphere Client is connected to the vCenter Server system.
n
VMware, Inc. 49
Page 50
vSphere Administration with the vSphere Client
Procedure
1 In the vSphere Client, select Home > Administration > Licensing.
2 In the Management tab, select the view that you want to export.
Product
n
License key
n
Asset
n
3 Click Export.
4 In the Save As dialog box, select a folder, a filename, and a format for the exported license data and
click Save.
50 VMware, Inc.
Page 51
Managing Tasks 5
Tasks represent system activities that do not complete immediately, such as migrating a virtual machine. They are initiated by high-level activities that you perform with the vSphere Client in real time and activities that you schedule to occur at a later time or on a recurring basis.
For example, powering off a virtual machine is a task. You can perform this task manually every evening, or you can set up a scheduled task to power off the virtual machine every evening for you.
NOTE The functionality available in the vSphere Client depends on whether the vSphere Client is connected to a vCenter Server system or an ESXi host. Unless indicated, the process, task, or description applies to both kinds of vSphere Client connections. When the vSphere Client is connected to an ESXi host, the Tasks option is not available; however, you can view recent tasks in the Status Bar at the bottom of the vSphere Client.
This chapter includes the following topics:
“Viewing Tasks,” on page 51
n
“Cancel a Task,” on page 53
n
“Schedule Tasks,” on page 53
n
“Policy Rules for Task Operations,” on page 57
n
Viewing Tasks
You can view tasks that are associated with a single object or all objects in the vSphere Client inventory. The Tasks & Events tab lists completed tasks and tasks that are currently running.
By default, the tasks list for an object also includes tasks performed on its child objects. You can filter the list by removing tasks performed on child objects and by using keywords to search for tasks.
View All Tasks
You view completed tasks and running tasks in the vSphere Client Tasks & Events tab.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Procedure
1 In the vSphere Client, select the object in the inventory.
VMware, Inc.
51
Page 52
vSphere Administration with the vSphere Client
2 Display the tasks for a single object or the entire vCenter Server.
To display the tasks for a single object, select the object.
n
To display the tasks in the vCenter Server, select the root folder.
n
3 Click the Tasks & Events tab.
The task list contains tasks performed on the object and its children.
4 (Optional) To view detailed information for a task, select the task in the list.
The Task Details pane displays details such as task status, any error messages in the error stack, and any related events.
View Recent Tasks
You view recent tasks for an ESXi host in the vSphere Client Recent Tasks pane.
Procedure
1 In the vSphere Client, select the host from the inventory.
2 If necessary, select View > Status Bar to display the status bar at the bottom of the vSphere Client.
The list of tasks appears in the Recent Tasks pane of the Status Bar.
View Scheduled Tasks
You view scheduled tasks in the vSphere Client Scheduled Tasks pane. The scheduled task list includes tasks that are scheduled to run and those that have already run.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Procedure
In the vSphere Client, select Home > Management > Scheduled Tasks.
u
Filter Tasks for a Host or Datacenter
Filtering the task list removes tasks performed on child objects.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Procedure
1 In the vSphere Client, select the host or datacenter in the inventory and click the Tasks & Events tab.
2 In View, click Tasks to display the tasks list.
3 If the Show all entries list and the search field are not displayed under the Tasks and Events buttons,
select View > Filtering.
4 Click Show all entries and select Show host entries or Show datacenter entries, depending on the
object selected.
52 VMware, Inc.
Page 53
Use Keywords to Filter the Tasks List
You can filter the tasks list based on any task attribute, including task name, target, status, initiator, change history, and time. Filtering is inclusive, not exclusive. If the keyword is found in any of the selected columns, the task is included in the filtered list.
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Procedure
1 In the vSphere Client, select the object in the inventory.
2 If the Name, Target or Status contains search field is not displayed above the Recent Tasks pane, select
View > Filtering.
3 Click the search field arrow and select the attributes to include in the search.
4 Type a keyword into the box and press Enter.
Cancel a Task
Canceling a task stops a running task from occurring. Canceling a scheduled task does not cancel subsequent runs. To cancel a scheduled task that has not run, reschedule it.
Chapter 5 Managing Tasks
NOTE You can only cancel a subset of tasks by using the vSphere Client.
Required privileges:
Manual tasks: Tasks.Update Task
n
Scheduled tasks:Scheduled Task.Remove Task
n
Appropriate permissions on the host where the task is running
n
Prerequisites
Open a vSphere Client session to a vCenter Server.
n
Procedure
1 Locate the task in the Recent Tasks pane of the Status Bar.
By default, the Status Bar is displayed at the bottom of the vSphere Client. If it is not visible, select View > Status Bar.
2 Right-click the appropriate task and select Cancel.
If the cancel option is unavailable, the selected task cannot be canceled.
The vCenter Server system or ESXi host stops the progress of the task and returns the object to its previous state. The vSphere Client displays the task with a Canceled status.
Schedule Tasks
You can schedule tasks to run once in the future or multiple times, at a recurring interval.
The tasks you can schedule are listed in the following table.
VMware, Inc. 53
Page 54
vSphere Administration with the vSphere Client
Table 51. Scheduled Tasks
Scheduled Task Description
Add a host Adds the host to the specified data center or cluster.
Change the power state of a virtual machine
Change cluster power settings Enable or disable DPM for hosts in a cluster.
Change resource settings of a resource pool or virtual machine
Check compliance of a profile Checks that a host's configuration matches the configuration specified in a
Clone a virtual machine Makes a clone of the virtual machine and places it on the specified host or
Create a virtual machine Creates a new virtual machine on the specified host.
Deploy a virtual machine Creates a new virtual machine from a template on the specified host or
Migrate a virtual machine Migrate a virtual machine to the specified host or datastore by using
Make a snapshot of a virtual machine Captures the entire state of the virtual machine at the time the snapshot is
Scan for Updates Scans templates, virtual machines, and hosts for available updates.
Remediate Installs missing patches from the baselines selected for remediation on the
Powers on, powers off, suspends, or resets the state of the virtual machine.
Changes the following resource settings:
CPU – Shares, Reservation, Limit.
n
Memory – Shares, Reservation, Limit.
n
host profile.
cluster.
cluster.
migration or migration with vMotion.
taken.
This task is available only when vSphere Update Manager is installed.
hosts discovered during the scan operation and applies the newly configured settings.
This task is available only when vSphere Update Manager is installed.
You create scheduled tasks by using the Scheduled Task wizard. For some scheduled tasks, this wizard opens the wizard used specifically for that task. For example, if you create a scheduled task that migrates a virtual machine, the Scheduled Task wizard opens the Migrate Virtual Machine wizard, which you use to set up the migration details.
Scheduling one task to run on multiple objects is not possible. For example, you cannot create one scheduled task on a host that powers on all virtual machines on that host. You must create a separate scheduled task for each virtual machine.
After a scheduled task runs, you can reschedule it to run again at another time.
Create a Scheduled Task
To schedule a task, use the Scheduled Task wizard.
Required privilege: Schedule Task.Create Tasks
You can schedule a limited number of tasks by using the vSphere Client. If the task to schedule is not available, use the vSphere API. See the vSphere SDK Programming Guide.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are unpredictable.
Prerequisites
The vSphere Client must be connected to a vCenter Server system to schedule tasks.
54 VMware, Inc.
Page 55
Chapter 5 Managing Tasks
Procedure
1 In the navigation bar, click Home > Management > Scheduled Tasks.
The current list of scheduled tasks appears.
2 In the toolbar, click New.
3 In the Select a Task to Schedule dialog box, select a task and click OK to open the wizard for that task.
NOTE For some scheduled tasks, the wizard opens the wizard used specifically for that task. For example, to migrate a virtual machine, the Scheduled Task wizard opens the Migrate Virtual Machine Wizard, which you use to set up the migration details.
4 Complete the wizard that opens for the task.
5 In the Schedule Task section, enter a task name and task description.
6 Select a Frequency and specify a Start Time.
You can schedule a task to run only once during a day. To set up a task to run multiple times in one day, set up additional scheduled tasks.
Table 52. Scheduled Task Frequency Options
Frequency Action
Once
After Startup
Hourly 1 In Start Time, enter the number of minutes after the hour to run the task.
Daily
Weekly 1 Enter the Interval and Start Time.
Monthly 1 Enter the Start Time.
To run the scheduled task immediately, select Now and click Next.
n
To run the scheduled task at a later time and date, select Later and enter a Time. Click
n
the Date arrow to display the calendar and click a date.
In Delay, enter the number of minutes to delay the task.
n
2 In Interval, enter the number of hours after which to run the task. For example, to start a task at the half-hour mark of every 5th hour, enter 30 and 5.
Enter the Start Time and Interval.
n
For example, to run the task at 2:30 pm every four days, enter 2:30 and 4.
2 Select each day on which to run the task. For example, to run the task at 6 am every Tuesday and Thursday, enter 1 and 6 am, and
select Tuesday and Thursday.
2 Specify the days by using one of the following methods.
Enter a specific date of the month.
n
Select first, second, third, fourth, or last, and select the day of the week.
n
last runs the task on the last week in the month that the day occurs. For example, if you select the last Monday of the month and the month ends on a Sunday, the task runs six days before the end of the month.
3 In Interval, enter the number of months between each task run.
7 Click Next.
8 Set up email notifications and click Next.
9 Click Finish.
The vCenter Server system adds the task to the list in the Scheduled Tasks window.
VMware, Inc. 55
Page 56
vSphere Administration with the vSphere Client
Change or Reschedule a Task
After a scheduled task is created, you can change the timing, frequency, and specifics of the task. You can edit and reschedule tasks before or after they run.
Required privilege:Schedule Task.Modify Task
Prerequisites
Open a vSphere Client session to a vCenter Server system.
n
Procedure
1 In the vSphere Client, click Home > Management > Scheduled Tasks.
2 Select the task.
3 In the toolbar, click Properties.
4 Change task attributes as necessary.
5 Click Next to advance through the wizard.
6 Click Finish.
Remove a Scheduled Task
Removing a scheduled task removes all future occurrences of the task. The history associated with all completed occurrences of the task remains in the vCenter Server database.
Prerequisites
To remove scheduled tasks, the vSphere Client must be connected to the vCenter Server system.
Required privilege:Scheduled Task.Remove Task
Procedure
1 In the vSphere Client, click Home > Management > Scheduled Tasks.
2 Select the task.
3 Select Inventory > Scheduled Task > Remove.
4 Click OK.
The task is removed from the list of scheduled tasks.
Canceling Scheduled Tasks
Canceling a task stops a running task from occurring, regardless of whether the task was a real-time task or a scheduled task. The operation cancels only the running task. If the task being canceled is a scheduled task, subsequent runs are not canceled.
Tasks that aren’t running can be cleared when they are in a queued or scheduled state. In such cases, because the cancel operation is not available, either remove the task or reschedule it to run at a different time. Removing a scheduled task requires that you recreate it to run it in the future, rescheduling does not.
You can cancel the following tasks:
Connecting to a host
n
Cloning a virtual machine
n
Deploying a virtual machine
n
56 VMware, Inc.
Page 57
Migrating a powered off virtual machine. This task is cancelable only when the source disks have not
n
been deleted.
If your vSphere environment uses virtual services, you can also cancel the following scheduled tasks:
Change the power state of a virtual machine
n
Make a snapshot of a virtual machine
n
Policy Rules for Task Operations
The vCenter Server system and ESXi hosts adhere to certain rules when managing tasks.
The vCenter Server system and ESXi hosts use the following rules to process tasks:
The user performing the task in the vSphere Client must have the correct permissions on the relevant
n
objects. After a scheduled task is created, it will be performed even if the user no longer has permission to perform the task.
When the operations required by manual tasks and scheduled tasks conflict, the activity due first is
n
started first.
When a virtual machine or host is in an incorrect state to perform any activity, manual or scheduled,
n
vCenter Server or the ESXi host does not perform the task. A message is recorded in the log.
When an object is removed from the vCenter Server or the ESXi host, all associated tasks are also
n
removed.
Chapter 5 Managing Tasks
The vSphere Client and vCenter Server system use UTC time to determine the start time of a scheduled
n
task. This ensures vSphere Client users in different time zones see the task scheduled to run at their local time.
Events are logged in the event log at start and completion of a task. Any errors that occur during a task are also recorded in the event log.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are unpredictable.
VMware, Inc. 57
Page 58
vSphere Administration with the vSphere Client
58 VMware, Inc.
Page 59
Securing the Management Interface 6
Secure the management Interface of an ESXi host and the virtual machine guest operating system by restricting the services and management agents that are allowed to interface directly with the host or virtual machine.
This chapter includes the following topics:
“Securing ESXi Hosts,” on page 59
n
“Securing Virtual Machines,” on page 63
n
Securing ESXi Hosts
The ESXi hypervisor architecture has many built-in security features such as CPU isolation, memory isolation, and device isolation. You can configure additional features such as lockdown mode, certificate replacement, and smart card authentication for enhanced security.
An ESXi host is also protected with a firewall. You can open ports for incoming and outgoing traffic as needed, but should restrict access to services and ports. Using the ESXi lockdown mode and limiting access to the ESXi Shell can further contribute to a more secure environment. Starting with vSphere 6.0, ESXi hosts participate in the certificate infrastructure. Hosts are provisioned with certificate that are signed by the VMware Certificate Authority (VMCA) by default.
See the VMware white paper Security of the VMware vSphere Hypervisor for additional information on ESXi security.
Allow or Deny Access to an ESXi Service or Management Agent
You can configure firewall properties to allow or deny access for a service or management agent.
You add information about allowed services and management agents to the host configuration file. You can enable or disable these services and agents using the vSphere Client or at the command line.
NOTE If different services have overlapping port rules, enabling one service might implicitly enable overlapping services. To minimize the effects of this behavior, you can specify which IP addresses are allowed to access each service on the host.
Procedure
1 Select the host in the inventory panel.
2 Click the Configuration tab, then in the Software section, click Security Profile.
The vSphere Client displays a list of active incoming and outgoing connections with the corresponding firewall ports.
VMware, Inc.
59
Page 60
vSphere Administration with the vSphere Client
3 In the Firewall section, click Properties.
The Firewall Properties dialog box lists all the rule sets that you can configure for the host.
4 Select the rule sets to enable, or deselect the rule sets to disable.
The Incoming Ports and Outgoing Ports columns indicate the ports that the vSphere Client opens for the service. The Protocol column indicates the protocol that the service uses. The Daemon column indicates the status of daemons associated with the service.
5 Click OK.
Add Allowed IP Addresses
You can specify which networks are allowed to connect to each service that is running on the host.
You can use the vSphere Client or the command line to update the Allowed IP list for a service. By default, all IP addresses are allowed.
Procedure
1 Select the host in the inventory panel.
2 Click the Configuration tab and click Security Profile.
3 In the Firewall section, click Properties.
4 Select a service in the list and click Firewall.
5 Select Only allow connections from the following networks and enter the IP addresses of networks
that are allowed to connect to the host.
You can enter IP addresses in the following formats: 192.168.0.0/24, 192.168.1.2, 2001::1/64, or fd3e: 29a6:0a81:e478::/64.
6 Click OK.
Set Service or Client Startup Options
By default, daemon processes start when any of their ports are opened and stop when all of their ports are closed. You can change this startup policy for the selected service or client.
Procedure
1 In the vSphere Client, select the host in the inventory.
2 Click the Configuration tab, then under Software click Security Profile.
3 In the Firewall section, click Properties.
All the firewall services and management agents that you can configure for the host are listed.
4 Select the service or management agent to configure and click Options.
You can set the service start policy, verify the status of the service, and manually start, stop, or restart the service through this configuration.
5 Select a policy from the Startup Policy list.
6 Click OK.
60 VMware, Inc.
Page 61
Chapter 6 Securing the Management Interface
Using the ESXi Shell
The ESXi Shell (formerly Tech Support Mode or TSM) is disabled by default on ESXi hosts. You can enable local and remote access to the shell if necessary.
Enable the ESXi Shell for troubleshooting only. The ESXi Shell can be enabled and disabled whether or not the host is running in lockdown mode. See the vSphere Security publication for more information on lockdown mode behavior.
ESXi Shell
SSH
Direct Console UI (DCUI)
The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root user can execute system commands (such as vmware -v) using the ESXi Shell.
NOTE Do not enable the ESXi Shell until you actually need access.
Enable this service to access the ESXi Shell locally.
Enable this service to access the ESXi Shell remotely using SSH. You can upload SSH keys to your hosts. See the vSphere Security publication for more information on SSH keys.
When you enable this service while running in lockdown mode, you can log in locally to the direct console user interface as the root user and disable lockdown mode. You can then access the host using a direct connection to the vSphere Client or by enabling the ESXi Shell.
Use the vSphere Client to Enable Access to the ESXi Shell
Use the vSphere Client to enable local and remote access to the ESXi Shell.
Procedure
1 Select the host in the inventory panel.
2 Click the Configuration tab and click Security Profile.
3 In the Services section, click Properties.
4 Select a service from the list.
ESXi Shell
n
SSH
n
Direct Console UI
n
5 Click Options and select Start and stop manually.
When you select Start and stop manually, the service does not start when you reboot the host. If you want the service to start when you reboot the host, select Start and stop with host.
6 Select Start to enable the service.
7 Click OK.
Create a Timeout for ESXi Shell Availability
The ESXi Shell is disabled by default. You can set an availability timeout for the ESXi Shell to increase security when you enable the shell.
The availability timeout setting is the amount of time that can elapse before you must log in after the ESXi Shell is enabled. After the timeout period, the service is disabled and users are not allowed to log in.
VMware, Inc. 61
Page 62
vSphere Administration with the vSphere Client
Procedure
1 Select the host in the inventory and click the Configuration tab.
2 Under Software, select Advanced Settings.
3 In the left panel, select UserVars.
4 In the UserVars.ESXiShellTimeOut field, enter the availability timeout setting.
You must restart the SSH service and the ESXi Shell service for the timeout to take effect.
5 Click OK.
If you are logged in when the timeout period elapses, your session will persist. However, after you log out or your session is terminated, users are not allowed to log in.
Create a Timeout for Idle ESXi Shell Sessions
If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this by setting a timeout for idle sessions.
The idle timeout is the amount of time that can elapse before the user is logged out of an idle interactive sessions. Changes to the idle timeout apply the next time a user logs in to the ESXi Shell and do not affect existing sessions.
Procedure
1 Select the host in the inventory and click the Configuration tab.
2 Under Software, select Advanced Settings.
3 In the left panel, select UserVars.
4 In the UserVars.ESXiShellInteractiveTimeOut field, enter the availability timeout setting.
You must restart the SSH service and the ESXi Shell service for the timeout to take effect.
5 Click OK.
If you are logged in when the timeout period elapses, your session will persist. However, after you log out or your session is terminated, users are not allowed to log in.

Enable Lockdown Mode in the vSphere Client

Enable lockdown mode to require that all configuration changes go through vCenter Server. You can also enable or disable lockdown mode through the direct console user interface.
Prerequisites
Open a vSphere Client session to a vCenter Server system.
n
Procedure
1 Select the host in the inventory panel.
2 Click the Configuration tab and click Security Profile.
3 Click the Edit link next to lockdown mode.
The Lockdown Mode dialog box appears.
4 Select Enable Lockdown Mode.
5 Click OK.
62 VMware, Inc.
Page 63
Securing Virtual Machines
The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system. Secure virtual machines as you would secure physical machines.
1 Prevent Virtual Disk Shrinking on page 63
Nonadministrative users in the guest operating system are able to shrink virtual disks. Shrinking a virtual disk reclaims the disk's unused space. However, if you shrink a disk repeatedly, the disk can become unavailable or cause a Denial of Service (DoS). To prevent this, disable the ability to shrink virtual disks.
2 Disable Copy and Paste Operations Between Guest Operating System and Remote Console on
page 64
Copy and paste operations between the guest operating system and remote console are disabled by default. For a secure environment, retain the default setting. If you require copy and paste operations, you must enable them using the vSphere Client.
3 Modify Guest Operating System Variable Memory Limit on page 64
You can increase the guest operating system variable memory limit if large amounts of custom information are being stored in the configuration file.
4 Prevent the Guest Operating System Processes from Sending Configuration Messages to the Host on
page 65
You can prevent guests from writing any name-value pairs to the configuration file that are sent to the host. This is appropriate when guest operating systems must be prevented from modifying configuration settings.
Chapter 6 Securing the Management Interface
5 Prevent a Virtual Machine User or Process from Disconnecting Devices on page 65
Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.
6 Configure Syslog on ESXi Hosts on page 66
All ESXi hosts run a syslog service (vmsyslogd), which logs messages from the VMkernel and other system components to log files.
Prevent Virtual Disk Shrinking
Nonadministrative users in the guest operating system are able to shrink virtual disks. Shrinking a virtual disk reclaims the disk's unused space. However, if you shrink a disk repeatedly, the disk can become unavailable or cause a Denial of Service (DoS). To prevent this, disable the ability to shrink virtual disks.
Prerequisites
Turn off the virtual machine.
Procedure
1 Log in to the vCenter Server system using the vSphere Client.
2 Select the virtual machine in the inventory.
3 On the Summary tab, click Edit Settings.
4 Select Options > Advanced > General and click Configuration Parameters.
VMware, Inc. 63
Page 64
vSphere Administration with the vSphere Client
5 Add or edit the following parameters.
Name Value
isolation.tools.diskWiper.disable
isolation.tools.diskShrink.disable
TRUE
TRUE
6 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual
Machine Properties dialog box.
When you disable this feature, you cannot shrink virtual machine disks when a datastore runs out of space.
Disable Copy and Paste Operations Between Guest Operating System and Remote Console
Copy and paste operations between the guest operating system and remote console are disabled by default. For a secure environment, retain the default setting. If you require copy and paste operations, you must enable them using the vSphere Client.
Prerequisites
Power off the virtual machine.
Procedure
1 In the vSphere Client, select the virtual machine.
2 On the Summary tab, click Edit Settings.
3 Select Options > Advanced > General and click Configuration Parameters.
4 Ensure that the following values are in the Name and Value columns, or click Add Row to add them.
Name Value
isolation.tools.copy.disable
isolation.tools.paste.disable
TRUE
TRUE
These options override any settings made in the guest operating system’s VMware Tools control panel.
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual
Machine Properties dialog box.
6 (Optional) If you made changes to the configuration parameters, restart the virtual machine.
Modify Guest Operating System Variable Memory Limit
You can increase the guest operating system variable memory limit if large amounts of custom information are being stored in the configuration file.
Prerequisites
Power off the virtual machine.
Procedure
1 In the vSphere Client, select the virtual machine in the inventory panel.
2 On the Summary tab, click Edit Settings.
3 Select Options > Advanced > General and click Configuration Parameters.
64 VMware, Inc.
Page 65
Chapter 6 Securing the Management Interface
4 If the size limit attribute is not present, you must add it.
a Click Add Row.
b In the Name column, type tools.setInfo.sizeLimit.
c In the Value column, type Number of Bytes.
If the size limit attribute exists, modify it to reflect the appropriate limits.
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual
Machine Properties dialog box.
Prevent the Guest Operating System Processes from Sending Configuration Messages to the Host
You can prevent guests from writing any name-value pairs to the configuration file that are sent to the host. This is appropriate when guest operating systems must be prevented from modifying configuration settings.
Prerequisites
Power off the virtual machine.
Procedure
1 In the vSphere Client, select the virtual machine in the inventory panel.
2 On the Summary tab, click Edit Settings.
3 Click Options > Advanced > General, and click Configuration Parameters.
4 Click Add Row and type the following values in the Name and Value columns.
In the Name column: isolation.tools.setinfo.disable
n
In the Value column: true
n
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual
Machine Properties dialog box.
Prevent a Virtual Machine User or Process from Disconnecting Devices
Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.
Prerequisites
Turn off the virtual machine.
Procedure
1 Log in to a vCenter Server system using the vSphere Client and select the virtual machine.
2 On the Summary tab, click Edit Settings.
3 Select Options > Advanced > General and click Configuration Parameters.
VMware, Inc. 65
Page 66
vSphere Administration with the vSphere Client
4 Add or edit the following parameters.
Name Value
isolation.device.connectable.disabl e
isolation.device.edit.disable
These options override any settings made in the guest operating system's VMware Tools control panel.
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual
Machine Properties dialog box.
6 (Optional) If you made changes to the configuration parameters, restart the virtual machine.
Configure Syslog on ESXi Hosts
All ESXi hosts run a syslog service (vmsyslogd), which logs messages from the VMkernel and other system components to log files.
You can use the vSphere Client or the esxcli system syslog vCLI command to configure the syslog service.
For more information about using vCLI commands, see Getting Started with vSphere Command-Line Interfaces.
Procedure
true
true
1 In the vSphere Client inventory, select the host.
2 Click the Configuration tab.
3 In the Software panel, click Advanced Settings.
4 Select Syslog in the tree control.
5 To set up logging globally, click global and make changes to the fields on the right.
Option Description
Syslog.global.defaultRotate
Syslog.global.defaultSize
Syslog.global.LogDir
Syslog.global.logDirUnique
Syslog.global.LogHost
Sets the maximum number of archives to keep. You can set this number globally and for individual subloggers.
Sets the default size of the log, in KB, before the system rotates logs. You can set this number globally and for individual subloggers.
Directory where logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the /scratch directory on the local file system is persistent across reboots. The directory should be specified as [datastorename] path_to_file where the path is relative to the root of the volume backing the datastore. For example, the path [storage1] /systemlogs maps to the path /vmfs/volumes/storage1/systemlogs.
Selecting this option creates a subdirectory with the name of the ESXi host under the directory specified by Syslog.global.LogDir. A unique directory is useful if the same NFS directory is used by multiple ESXi hosts.
Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. You can include the protocol and the port, for example, ssl://hostName1:514. UDP (default), TCP, and SSL are supported. The remote host must have syslog installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
66 VMware, Inc.
Page 67
Chapter 6 Securing the Management Interface
6 (Optional) To overwrite the default log size and log rotation for any of the logs.
a Click loggers.
b Click the name of the log you that want to customize and enter the number of rotations and log
size you want.
7 Click OK.
Changes to the syslog options take effect immediately.
VMware, Inc. 67
Page 68
vSphere Administration with the vSphere Client
68 VMware, Inc.
Page 69
ESXi Authentication and User
Management 7
ESXi handles user authentication and supports user permissions.
When you connect directly to an ESXi host with the vSphere Client, you can create users and groups that are local to that ESXi host. You can also assign permissions to these users and groups.
vCenter Server is not aware of users that are local to ESXi, and ESXi is not aware of vCenter Server users. For more information on managing users for ESXi hosts managed by vCenter Server, see the vSphere Security documentation.
This chapter includes the following topics:
“Managing Users with the vSphere Client,” on page 69
n
“Assigning Permissions for ESXi,” on page 72
n
“Managing ESXi Roles,” on page 73
n
“Using Active Directory to Manage ESXi Users,” on page 76
n
“Use vSphere Authentication Proxy to Add a Host to a Domain,” on page 77
n
“Adjust the Search List in Large Domains,” on page 78
n
Managing Users with the vSphere Client
Manage users to control who is authorized to log in to ESXi.
In vSphere 5.1 and later, ESXi user management has the following caveats.
The users created when you connect directly to an ESXi host are not the same as the vCenter Server
n
users. When the host is managed by vCenter Server, vCenter Server ignores users created directly on the host.
You cannot create ESXi users with the vSphere Web Client. You must log directly into the host with the
n
vSphere Client to create ESXi users.
ESXi 5.1 and later does not support local groups. However, Active Directory groups are supported.
n
To prevent anonymous users such as root from accessing the host with the Direct Console User Interface (DCUI) or ESXi Shell, remove the user's administrator privileges on the root folder of the host. This applies to both local users and Active Directory users and groups.
VMware, Inc.
69
Page 70
vSphere Administration with the vSphere Client
Add an ESXi User
Adding a user to the users table updates the internal user list that the host maintains.
Prerequisites
Open a vSphere Client session to an ESXi host.
n
Review the password requirements as described in the vSphere Security publication.
n
Procedure
1 Log in to ESXi using the vSphere Client.
You cannot create ESXi users with the vSphere Web Client. You must directly log into the host with the vSphere Client to create ESXi users.
2 Click Users.
3 Right-click anywhere in the Users table and click Add.
4 Enter a login, a user name, and a password.
NOTE Do not create a user named ALL. Privileges associated with the name ALL might not be available to all users in some situations. For example, if a user named ALL has Administrator privileges, a user with ReadOnly privileges might be able to log in to the host remotely. This is not the intended behavior.
Specifying the user name is optional.
n
Create a password that meets the length and complexity requirements. The host checks for
n
password compliance using the default authentication plug-in, pam_passwdqc.so. If the password is not compliant, the following error appears: A general system error occurred: passwd:
Authentication token manipulation error.
5 Click OK.
Modify the Settings for a User on the Host
You can change the login, user name, and password for a user.
Prerequisites
Open a vSphere Client session to an ESXi host.
n
Procedure
1 Log in to ESXi using the vSphere Client.
You cannot create ESXi users with the vSphere Web Client. You must log directly into the host with the vSphere Client to create ESXi users.
2 Click Users.
3 Right-click the user and click Edit to open the Edit User dialog box.
70 VMware, Inc.
Page 71
4 Enter a login, a user name, and a password.
NOTE Do not create a user named ALL. Privileges associated with the name ALL might not be available to all users in some situations. For example, if a user named ALL has Administrator privileges, a user with ReadOnly privileges might be able to log in to the host remotely. This is not the intended behavior.
Specifying the user name is optional.
n
Create a password that meets the length and complexity requirements. The host checks for
n
password compliance using the default authentication plug-in, pam_passwdqc.so. If the password is not compliant, the following error appears: A general system error occurred: passwd:
Authentication token manipulation error.
5 Click OK.
Remove a Local ESXi User from a Host
You can remove a local ESXi user from the host.
CAUTION Do not remove the root user.
Chapter 7 ESXi Authentication and User Management
If you remove a user from the host, they lose permissions to all objects on the host and cannot log in again.
NOTE Users who are logged in and are removed from the domain keep their host permissions until you restart the host.
Procedure
1 Log in to ESXi using the vSphere Client.
2 Click the Local Users & Groups tab and click Users.
3 Right-click the user to remove and select Remove.
Do not remove the root user for any reason.
Sort, Export, and View Local ESXi Users
You can view, sort, and export lists of a host's local users to a file that is in HTML, XML, Microsoft Excel, or CSV format.
Procedure
1 Log in to ESXi using the vSphere Client.
2 Click the Local Users & Groups tab and click Users .
3 Determine how to sort the table, and hide or show columns according to the information you want to
see in the exported file.
To sort the table by any of the columns, click the column heading.
n
To show or hide columns, right-click any of the column headings and select or deselect the name of
n
the column to hide.
To show or hide columns, right-click any of the column headings and select or deselect the name of
n
the column to hide.
4 Right-click anywhere in the table and click Export List to open the Save As dialog box.
5 Select a path and enter a filename.
VMware, Inc. 71
Page 72
vSphere Administration with the vSphere Client
6 Select the file type and click OK.
Assigning Permissions for ESXi
For ESXi, permissions are defined as access roles that consist of a user and the user’s assigned role for an object such as a virtual machine or ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned.
For example, to configure memory for the host, a user must be granted a role that includes the Host.Configuration.Memory Configuration privilege. By assigning different roles to users for different objects, you can control the tasks that users can perform in your vSphere environment.
When connecting directly to a host with the vSphere Client, the root and vpxuser user accounts have the same access rights as any user assigned the Administrator role on all objects.
All other users initially have no permissions on any objects, which means they cannot view these objects or perform operations on them. A user with Administrator privileges must assign permissions to these users to allow them to perform tasks.
Many tasks require permissions on more than one object. These rules can help you determine where you must assign permissions to allow particular operations:
Any operation that consumes storage space, such as creating a virtual disk or taking a snapshot,
n
requires the Datastore.Allocate Space privilege on the target datastore, as well as the privilege to perform the operation itself.
Moving an object in the inventory hierarchy requires appropriate privileges on the object itself, the
n
source parent object (such as a folder or cluster), and the destination parent object.
Each host and cluster has its own implicit resource pool that contains all the resources of that host or
n
cluster. Deploying a virtual machine directly to a host or cluster requires the Resource.Assign Virtual Machine to Resource Pool privilege.
The list of privileges is the same for both ESXi and vCenter Server.
You can create roles and set permissions through a direct connection to the ESXi host.
Permission Validation
vCenter Server and ESXi hosts that use Active Directory regularly validate users and groups against the Windows Active Directory domain. Validation occurs whenever the host system starts and at regular intervals specified in the vCenter Server settings.
For example, if user Smith was assigned permissions and in the domain the user’s name was changed to Smith2, the host concludes that Smith no longer exists and removes permissions for that user when the next validation occurs.
Similarly, if user Smith is removed from the domain, all permissions are removed when the next validation occurs. If a new user Smith is added to the domain before the next validation occurs, the new user Smith receives all the permissions the old user Smith was assigned.
Change Permissions
After a user and role pair is set for an inventory object, you can change the role paired with the user or change the setting of the Propagate check box. You can also remove the permission setting.
Procedure
1 From the vSphere Client, select an object in the inventory.
2 Click the Permissions tab.
3 Right-click the line item to select the user and role pair.
72 VMware, Inc.
Page 73
Chapter 7 ESXi Authentication and User Management
4 Select Properties.
5 Select a role for the user or group from the drop-down menu.
6 To propagate the privileges to the children of the assigned inventory object, click the Propagate check
box and click OK.
Remove Permissions
Removing a permission for a user does not remove the user from the list of those available. It also does not remove the role from the list of available items. It removes the user and role pair from the selected inventory object.
Prerequisites
Open a vSphere Client session to an ESXi host.
n
Procedure
1 From the vSphere Client, click the Inventory button.
2 Expand the inventory as needed and click the appropriate object.
3 Click the Permissions tab.
4 Click the appropriate line item to select the user and role pair.
5 Select Inventory > Permissions > Delete.
Change Permission Validation Settings
vCenter Server periodically validates its user and group lists against the users and groups in the Windows Active Directory domain. It then removes users or groups that no longer exist in the domain. You can change the interval between validations.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Settings.
2 In the navigation pane, select Active Directory.
3 (Optional) Deselect the Enable Validation check box to disable validation.
Validation is enabled by default. Users and groups are validated when vCenter Server system starts, even if validation is disabled.
4 If validation is enabled, enter a value in the Validation Period text box to specify a time, in minutes,
between validations.
Managing ESXi Roles
ESXi grants access to objects only to users who are assigned permissions for the object. When you assign a user permissions for the object, you do so by pairing the user with a role. A role is a predefined set of privileges.
ESXi hosts provide three default roles, and you cannot change the privileges associated with these roles. Each subsequent default role includes the privileges of the previous role. For example, the Administrator role inherits the privileges of the Read Only role. Roles you create yourself do not inherit privileges from any of the default roles.
VMware, Inc. 73
Page 74
vSphere Administration with the vSphere Client
You can create custom roles by using the role-editing facilities in the vSphere Client to create privilege sets that match your user needs. If you use the vSphere Client connected to vCenter Server to manage ESXi hosts, you have additional roles to choose from in vCenter Server. Also, the roles you create directly on a host are not accessible within vCenter Server. You can work with these roles only if you log in to the host directly from the vSphere Client.
NOTE When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system-defined privileges: System.Anonymous, System.View, and System.Read.
If you manage ESXi hosts through vCenter Server, maintaining custom roles in the host and vCenter Server can result in confusion and misuse. In this type of configuration, maintain custom roles only in vCenter Server.
You can create host roles and set permissions through a direct connection to the ESXi host with the vSphere Client.
Create a Role
VMware recommends that you create roles to suit the access control needs of your environment.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1 On the vSphere Client Home page, click Roles.
2 Right-click the Roles tab information panel and click Add.
3 Type a name for the new role.
4 Select privileges for the role and click OK.
Clone a Role
You can make a copy of an existing role, rename it, and later edit it. When you make a copy, the new role is not applied to any users or groups and objects. You must assign the role to users or groups and objects.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1 On the vSphere Client Home page, click Roles.
2 To select the role to duplicate, click the object in the list of Roles.
3 To clone the selected role, select Administration > Role > Clone.
A duplicate of the role is added to the list of roles. The name is Copy of rolename.
Edit a Role
When you edit a role, you can change the privileges selected for that role. When completed, these privileges are applied to any user or group assigned the edited role.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
74 VMware, Inc.
Page 75
Chapter 7 ESXi Authentication and User Management
Procedure
1 On the vSphere Client Home page, click Roles.
2 Right-click the role to edit and select Edit Role.
3 Select privileges for the role and click OK.
Rename a Role
When you rename a role, no changes occur to that role’s assignments.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1 On the vSphere Client Home page, click Roles.
2 Click the object in the list of roles that you want rename.
3 Select Administration > Role > Rename.
4 Type the new name.
Remove a Role
When you remove a role that is not assigned to any users or groups, the definition is removed from the list of roles. When you remove a role that is assigned to a user or group, you can remove assignments or replace them with an assignment to another role.
CAUTION You must understand how users will be affected before removing all assignments or replacing them. Users who have no permissions granted to them cannot log in.
Prerequisites
Verify that you are logged in as a user with Administrator privileges, such as root or vpxuser.
Procedure
1 On the vSphere Client Home page, click Roles.
2 Click the object you want to remove in the list of roles.
3 Select Administration > Role > Remove.
4 Click OK.
The role is removed from the list.
If the role is assigned to a user or group, a warning message appears.
5 Select a reassignment option and click OK.
Option Description
Remove Role Assignments
Reassign affected users to
Removes configured user or group and role pairings on the server. If a user or group does not have other permissions assigned, they lose all privileges.
Reassigns any configured user or group and role pairings to the selected new role.
VMware, Inc. 75
Page 76
vSphere Administration with the vSphere Client
Using Active Directory to Manage ESXi Users
You can configure ESXi to use a directory service such as Active Directory to manage users.
Creating local user accounts on each host presents challenges with having to synchronize account names and passwords across multiple hosts. Join ESXi hosts to an Active Directory domain to eliminate the need to create and maintain local user accounts. Using Active Directory for user authentication simplifies the ESXi host configuration and reduces the risk for configuration issues that could lead to unauthorized access.
When you use Active Directory, users supply their Active Directory credentials and the domain name of the Active Directory server when adding a host to a domain.
Configure a Host to Use Active Directory
You can configure the host to use a directory service such as Active Directory to manage users and groups.
Prerequisites
Verify that you have an Active Directory domain. See your directory server documentation.
n
Verify that the host name of ESXi is fully qualified with the domain name of the Active Directory forest.
n
fully qualified domain name = host_name.domain_name
Procedure
1 Synchronize the time between ESXi and the directory service system using NTP.
ESXi supports synchronizing time with an external NTPv3 or NTPv4 server that is compliant with RFC 5905 and RFC 1305. The Microsoft Windows W32Time service does not meet these requirements when running with default settings. See the vSphere Security documentation or the VMware Knowledge Base for information about how to synchronize ESXi time with a Microsoft Domain Controller.
2 Ensure that the DNS servers you configured for the host can resolve the host names for the Active
Directory controllers.
a In the vSphere Client, select the host in the inventory.
b Click the Configuration tab and click DNS and Routing.
c Click the Properties link at the top right of the panel.
d In the DNS and Routing Configuration dialog box, verify that the host name and DNS server
information for the host are correct.
What to do next
Use the vSphere Client to join a directory service domain.
Add a Host to a Directory Service Domain
To use a directory service, you must join the host to the directory service domain.
You can enter the domain name in one of two ways:
name.tld (for example, domain.com): The account is created under the default container.
n
name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular
n
organizational unit (OU).
To use the vSphere Authentication Proxy service (CAM service), see the vSphere Security documentation.
76 VMware, Inc.
Page 77
Chapter 7 ESXi Authentication and User Management
Prerequisites
Verify that the vSphere Client is connected to the host.
Procedure
1 Select a host in the vSphere Client inventory, and click the Configuration tab.
2 Under Software, click Authentication Services.
3 Click Properties.
4 In the User Directory Services dialog box, select the directory service from the drop-down menu.
5 Enter a domain.
Use the form name.tld or name.tld/container/path.
6 Click Join Domain.
7 Enter the user name and password of a directory service user who has permissions to join the host to
the domain, and click OK.
8 Click OK to close the Directory Services Configuration dialog box.
View Directory Service Settings
You can view the type of directory server, if any, the host uses to authenticate users and the directory server settings.
Procedure
1 Select a host in the vSphere Client inventory, and click the Configuration tab.
2 Under Software, select Authentication Services.
The Authentication Services Settings page displays the directory service and domain settings.
Use vSphere Authentication Proxy to Add a Host to a Domain
When you join a host to a directory service domain, you can use the vSphere Authentication Proxy server for authentication instead of transmitting user-supplied Active Directory credentials.
You can enter the domain name in one of two ways:
name.tld (for example, domain.com): The account is created under the default container.
n
name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular
n
organizational unit (OU).
Prerequisites
Verify that the vSphere Client is connected to the host.
n
If ESXi is configured with a DHCP address, set up the DHCP range as described in the vSphere Security
n
documentation..
If ESXi is configured with a static IP address, verify that its associated profile is configured to use the
n
vSphere Authentication Proxy service to join a domain so that the authentication proxy server can trust the ESXi IP address.
If ESXi is using a self-signed certificate, verify that the host has been added to vCenter Server. This
n
allows the authentication proxy server to trust ESXi.
VMware, Inc. 77
Page 78
vSphere Administration with the vSphere Client
If ESXi is using a CA-signed certificate and is not provisioned by Auto Deploy, verify that the CA
n
certificate has been added to the local trust certificate store of the authentication proxy server as described in the vSphere Security documentation.
Authenticate the vSphere Authentication Proxy server to the host as described in the vSphere Security
n
documentation.
Procedure
1 In the vSphere Client inventory, select the host.
2 Select the Configuration tab and click Authentication Services.
3 Click Properties.
4 In the Directory Services Configuration dialog box, select the directory server from the drop-down
menu.
5 Enter a domain.
Use the form name.tld or name.tld/container/path.
6 Select the Use vSphere Authentication Proxy check box.
7 Enter the IP address of the authentication proxy server.
8 Click Join Domain.
9 Click OK.
Adjust the Search List in Large Domains
If you have domains with thousands of users or groups, or if searches take a long time to complete, adjust the search settings in the Select Users or Groups dialog box.
NOTE This procedure applies only to vCenter Server user lists. ESXi host user lists cannot be searched in the same way.
Prerequisites
To configure Active Directory settings, the vSphere Client must be connected to the vCenter Server system.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Settings.
2 In the navigation pane, select Active Directory.
3 Change the values as needed.
Option Description
Active Directory Timeout
Enable Query Limit
Users & Groups value
4 Click OK.
Timeout interval in seconds for connecting to the Active Directory server. This value specifies the maximum amount of time vCenter Server allows a search to run on the selected domain. Searching large domains can take a long time.
Select the check box to limit the number of users and groups that vCenter Server displays in the Add Permissions dialog box for the selected domain.
Specifies the maximum number of users and groups vCenter Server displays from the selected domain in the Select Users or Groups dialog box. If you enter 0 (zero), all users and groups appear.
78 VMware, Inc.
Page 79
Managing Hosts in vCenter Server 8
To access the full capabilities of your hosts and to simplify the management of multiple hosts, you should connect your hosts to a vCenter Server system.
For information about configuration management of ESXihosts, see the vSphere Networking documentation, the vSphere Storage documentation, or the vSphere Security documentation.
The views and capabilities displayed vary depending on whether the vSphere Client is connected to a vCenter Server system or an ESXi host. Unless indicated, the process, task, or description applies to all kinds of vSphere Client connections.
This chapter includes the following topics:
“Disconnecting and Reconnecting a Host,” on page 79
n
“Remove a Host from a Cluster,” on page 80
n
“Remove a Managed Host from vCenter Server,” on page 81
n
Disconnecting and Reconnecting a Host
You can disconnect and reconnect a host that a vCenter Server system manages. Disconnecting a managed host does not remove it from vCenter Server; it temporarily suspends all monitoring activities that vCenter Server performs.
The managed host and its associated virtual machines remain in the vCenter Server inventory. By contrast, removing a managed host from vCenter Server removes the managed host and all its associated virtual machines from the vCenter Server inventory.
Disconnect a Managed Host
Use the vSphere Client to disconnect a managed host from vCenter Server.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to disconnect.
2 Right-click the host and select Disconnect from the pop-up menu.
3 In the confirmation dialog box that appears, click Yes.
If the managed host is disconnected, the word “disconnected” is appended to the object name in parentheses, and the object is dimmed. All associated virtual machines are similarly dimmed and labeled.
VMware, Inc.
79
Page 80
vSphere Administration with the vSphere Client
Reconnect a Managed Host
Use the vSphere Client to reconnect a managed host to a vCenter Server system.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to reconnect.
2 Right-click the host and select Connect from the pop-up menu.
When the managed host’s connection status to vCenter Server is changed, the statuses of the virtual machines on that managed host are updated to reflect the change.
Reconnecting Hosts After Changes to the vCenter Server SSL Certificate
vCenter Server uses an SSL certificate to encrypt and decrypt host passwords stored in the vCenter Server database. If the certificate is replaced or changed, vCenter Server cannot decrypt host passwords, and therefore cannot connect to managed hosts.
If vCenter Server fails to decrypt a host password, the host is disconnected from vCenter Server. You must reconnect the host and supply the login credentials, which will be encrypted and stored in the database using the new certificate.
Remove a Host from a Cluster
When a host is removed from a cluster, the resources it provides are deducted from the total cluster resources. The virtual machines deployed on the host are either migrated to other hosts within the cluster, or remain with the host and are removed from the cluster, depending on the state of the virtual machines when the host is removed from the cluster.
You can remove hosts from a cluster by selecting them in the inventory and dragging them to a new location within the inventory. The new location can be a folder as a standalone host or another cluster.
Prerequisites
Before you can remove a host from a cluster, you must power off all virtual machines that are running on the host, or migrate the virtual machines to a new host using vMotion.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
2 Right-click the appropriate managed host icon in the inventory panel, and select Enter Maintenance
Mode from the pop-up menu.
If all virtual machines on the host are not powered off, the host will not enter maintenance mode.
If the host is inside a DRS-enabled cluster, entering maintenance mode causes DRS to attempt to automatically evacuate powered-on virtual machines from the host using vMotion.
3 In the confirmation dialog that appears, click Yes.
The confirmation dialog also asks if you want to automatically evacuate virtual machines that are not powered on from the host. This is useful if you want those virtual machines to remain registered to a host within the cluster.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
80 VMware, Inc.
Page 81
4 Select the host icon in the inventory panel, and drag it to the new location.
The host can be moved to another cluster or another datacenter. When the new location is selected, a blue box surrounds the cluster or datacenter name.
vCenter Server moves the host to the new location.
5 Right-click the host, and select Exit Maintenance Mode from the pop-up menu.
6 (Optional) Restart any virtual machines, as needed.
Remove a Managed Host from vCenter Server
Remove a managed host from vCenter Server to stop all vCenter Server monitoring and management of that host.
If possible, remove managed hosts while they are connected. Removing a disconnected managed host does not remove the vCenter Server agent from the managed host.
Prerequisites
Make sure NFS mounts are active. If NFS mounts are unresponsive, the operation fails.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
Chapter 8 Managing Hosts in vCenter Server
2 (Optional) If the host is part of a cluster, you must put it in maintenance mode.
a Right-click the managed host in the inventory and select Enter Maintenance Mode from the pop-
up menu.
b On the confirmation dialog, click Yes.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
3 Right-click the appropriate host in the inventory panel, and select Remove from the pop-up menu.
4 In the confirmation dialog that appears, click Yes to remove the managed host.
vCenter Server removes the managed host and associated virtual machines from the vCenter Server environment. vCenter Server then returns the status of all associated processor and migration licenses to available.
VMware, Inc. 81
Page 82
vSphere Administration with the vSphere Client
82 VMware, Inc.
Page 83
Using vCenter Maps 9
A vCenter map is a visual representation of your vCenter Server topology. Maps show the relationships between the virtual and physical resources available to vCenter Server.
Maps are available only when the vSphere Client is connected to a vCenter Server system.
The maps can help you determine such things as which clusters or hosts are most densely populated, which networks are most critical, and which storage devices are being utilized. vCenter Server provides the following map views.
Virtual Machine Resources
Host Resources
Datastore Resources
vMotion Resources
You can use a map view to limit or expand the scope of a map. You can customize all map views, except vMotion Resources maps. If you are accessing map views using the navigation bar, all vCenter Server resources are available for display. If you are using the Maps tab of a selected inventory item, only items related to that item are displayed. For virtual machine inventory items, the vMotion Resources view is the only map view available on the Maps tab.
You can customize a map view by selecting or deselecting objects in the inventory pane or by selecting or deselecting options in the Map Relationships area.
You can reposition the map by dragging it (click and hold anywhere on the map and drag the map to the new location). A grey box in the overview area represents the section of the total map that is viewable and moves as you drag the map. You can resize the grey box to zoom in or out of a section of the map.
You can double-click any object in a map to switch to the Map tab for that item (providing a Map tab is available for that type of object).
Right-click on any object in a map to access its context menu.
This chapter includes the following topics:
Displays virtual machine-centric relationships.
Displays host-centric relationships.
Displays datastore-centric relationships.
Displays hosts available for vMotion migration.
VMware, Inc.
“Set the Maximum Number of Map Objects,” on page 84
n
“View vCenter Maps,” on page 84
n
“Print vCenter Maps,” on page 84
n
“Export vCenter Maps,” on page 84
n
83
Page 84
vSphere Administration with the vSphere Client
Set the Maximum Number of Map Objects
In large environments, maps can be slow to load and difficult to read. You can set the maximum number of objects maps can display so that maps load more quickly and are easier to read.
Procedure
1 In the vSphere Client, select Edit > Client Settings > Maps tab.
2 Enter the maximum number of objects you want maps to display.
3 Click OK.
When a user attempts to view a map that has more objects than the specified limit, the user encounters a message that provides the option to cancel the map or to proceed with displaying it.
View vCenter Maps
Resource maps enable you to view the relationships among hosts, clusters, and virtual machines. You can view a resource map for an entire vCenter Server system or for a specific object, such as a datacenter or cluster. Maps for specific objects show only the object relationships for that object.
Procedure
1 Display the object in the inventory.
2 Select the object and click the Maps tab.
For example, to display the resource map for your entire vCenter Server system, select the vCenter Server in the inventory panel. To display the resource map for a host, select the host in the inventory panel.
Print vCenter Maps
You can print resource maps to any standard printer.
Perform this procedure on the vSphere Client Map tab.
Procedure
1 Select File > Print Maps > Print.
2 In the printer Name list, select the printer.
3 Click Print.
Export vCenter Maps
Exporting a resource map saves the map to an image file.
Perform this procedure on the vSphere Client Map tab.
Procedure
1 If necessary, view the resource map.
2 Select File > Export > Export Maps.
3 Navigate to the location to save the file.
4 Type a name for the file and select a file format.
5 Click Export.
84 VMware, Inc.
Page 85
Creating a Virtual Machine in the
vSphere Client 10
Virtual machines are the key component in a virtual infrastructure. You can create virtual machines to add to the host inventory.
When you create a virtual machine, you associate it to a particular datastore and select an operating system and virtual hardware options. After you turn on the virtual machine, it consumes resources dynamically as the workload increases, or it returns resources dynamically as the workload decreases.
Every virtual machine has virtual devices that provide the same function as physical hardware. A virtual machine gets CPU and memory, access to storage, and network connectivity from the host it runs on.
This chapter includes the following topics:
“Start the Virtual Machine Creation Process in the vSphere Client,” on page 85
n
“Select a Configuration Option for the New Virtual Machine in the vSphere Client,” on page 86
n
“Enter a Name and Location for the Virtual Machine in the vSphere Client,” on page 87
n
“Select a Host or Cluster in the vSphere Client,” on page 87
n
“Select a Resource Pool in the vSphere Client,” on page 88
n
“Select a Datastore in the vSphere Client,” on page 88
n
“Select a Virtual Machine Version in the vSphere Client,” on page 89
n
“Select an Operating System in the vSphere Client,” on page 89
n
“Select the Number of Virtual CPUs in the vSphere Client,” on page 90
n
“Configure Virtual Memory in the vSphere Client,” on page 90
n
“Configure Networks in the vSphere Client,” on page 91
n
“Select a SCSI Controller in the vSphere Client,” on page 92
n
“Selecting a Virtual Disk Type,” on page 92
n
“Complete Virtual Machine Creation in the vSphere Client,” on page 96
n

Start the Virtual Machine Creation Process in the vSphere Client

You use the Create New Virtual Machine wizard to create a virtual machine to place in the vSphere inventory. You open the wizard from the vSphere Client.
The selections you make in the New Virtual Machine wizard are not saved until you click Finish on the Ready to Complete page. If you cancel the wizard without completing all tasks, you cannot resume the wizard where you left off. You must start a new creation task.
You can create a new virtual machine in a datacenter, host, cluster, resource pool, or virtual machine folder.
VMware, Inc.
85
Page 86
vSphere Administration with the vSphere Client
Prerequisites
Verify that you have the following privileges:
Host.Local operations.Create virtual machine
n
Virtual machine.Inventory.Create new on the destination folder or datacenter.
n
Virtual machine.Configuration.Add new disk on the destination folder or datacenter, if you are
n
adding a new disk.
Virtual machine.Configuration.Add existing disk on the destination folder or datacenter, if you are
n
adding an existing disk.
Virtual machine.Configuration.Raw device on the destination folder or datacenter, if you are using a
n
RDM or SCSI pass-through device.
Virtual Machine.Configuration.Network
n
Resource.Assign virtual machine to resource pool on the destination host, cluster, or resource pool.
n
Datastore.Allocate space on the destination datastore or datastore folder.
n
Network.Assign network on the network that the virtual machine will be assigned to.
n
Procedure
1 Display the inventory objects in the vSphere Client by using the Host and Clusters view or the VM and
Templates view.
2 Right-click an object and select New > Virtual Machine.
The New Virtual Machine wizard opens.
What to do next
Select a Typical or Custom configuration option in the New Virtual Machine wizard.

Select a Configuration Option for the New Virtual Machine in the vSphere Client

The Typical option shortens the virtual machine creation process by skipping choices that you rarely need to change from their defaults. The Custom option provides more flexibility and choices.
Several relationships affect the information that you must provide during virtual machine creation. These relationships include the inventory object on which you place the virtual machine, the customization path option you select, the datastore on which the virtual machine and its files reside, and the host or cluster on which it runs.
If you select a Typical configuration, the virtual machine hardware version defaults to that of the host on which you place the virtual machine. If you select a Custom configuration, you can accept the default or select an earlier hardware version. This configuration is useful if maintaining compatibility with an earlier version of an ESX/ESXi host is necessary.
Prerequisites
For a Typical configuration, verify that you have the following information:
Virtual machine name and inventory location.
n
Location in which to place the virtual machine (cluster, host, resource pool).
n
Datastore on which to store the virtual machine's files.
n
Guest operating system and version.
n
86 VMware, Inc.
Page 87
Chapter 10 Creating a Virtual Machine in the vSphere Client
Parameters for the virtual disk size and provisioning settings.
n
In addition to the information for a Typical configuration, for a Custom configuration, verify that you have the following information:
Virtual machine version.
n
Number of CPUs and memory size.
n
Number of NICs, network to connect to, and network adapter types.
n
SCSI controller type.
n
Disk type (new disk, existing disk, RDM, or no disk).
n
Procedure
1 On the Configuration page of the New Virtual Machine wizard, select an option for creating the virtual
machine.
2 Click Next.
The Name and Location page appears.
What to do next
Select a name and location for the virtual machine.

Enter a Name and Location for the Virtual Machine in the vSphere Client

The name you enter is used as the virtual machine’s base name in the inventory. It is also used as the name of the virtual machine’s files.
The name can be up to 80 characters long. Names are not case-sensitive, so the name my_vm is identical to
My_Vm.
Prerequisites
Verify that you have an appropriate naming strategy in place.
Procedure
1 On the Name and Location page of the New Virtual Machine wizard, type a name.
2 Select a folder or the root of the datacenter.
NOTE This option is only available when you are connected to a vCenter Server system.
3 Click Next.
The Host / Cluster or the Resource Pool page opens.

Select a Host or Cluster in the vSphere Client

You can place the virtual machine in a cluster or on a host that is not in a cluster.
A cluster is a collection of ESXi hosts and associated virtual machines with shared resources and a shared management interface. Grouping hosts into clusters allows you to enable many optional features that enhance the availability and flexibility of your infrastructure.
VMware, Inc. 87
Page 88
vSphere Administration with the vSphere Client
Procedure
1 On the Host / Cluster page of the New Virtual Machine wizard, select the host or cluster where you
want to run the virtual machine.
NOTE The Host / Cluster page is only available when you are connected to a vCenter Server system.
2 Click Next.
If resource pools are configured on the host, the Resource Pool page opens. Otherwise, the Datastore page opens.
What to do next
Select a resource pool or a datastore on which to run the virtual machine.

Select a Resource Pool in the vSphere Client

Resource pools let you manage your computing resources within a host or cluster by setting them up in a meaningful hierarchy. Virtual machines and child resource pools share the resources of the parent resource pool.
The Resource Pool page appears only when resource pools are configured on the host.
Procedure
1 On the Resource Pool page of the New Virtual Machine wizard, navigate to the resource pool where
you want to run the virtual machine.
2 Select the resource pool and click Next.
The virtual machine is placed in the resource pool you selected.
What to do next
Select a datastore in which to store the virtual machine files.

Select a Datastore in the vSphere Client

Datastores are logical containers that hide specifics of each storage device and provide a uniform model for storing virtual machine files. You can use datastores to store ISO images and virtual machine templates.
You can select from datastores already configured on the destination host or cluster.
Procedure
1 On the Storage page of the New Virtual Machine wizard, select a datastore in which to store the virtual
machine files.
2 (Optional) To turn off Storage DRS for the virtual machine, select Disable Storage DRS for this virtual
machine.
3 Click Next.
If you selected a Typical configuration path, the Guest Operating System page appears. If you selected a Custom configuration path, the Virtual Machine Version page appears.
88 VMware, Inc.
Page 89
Chapter 10 Creating a Virtual Machine in the vSphere Client

Select a Virtual Machine Version in the vSphere Client

If the host or cluster where you place the virtual machine supports more than one VMware virtual machine version, you can select a version for the virtual machine.
For virtual machine and host compatibility options, see “Virtual Machine Hardware Versions,” on page 139.
Procedure
1 Select a virtual machine hardware version.
Option Description
Virtual machine version 11
Virtual machine version 10
Virtual machine version 9
Virtual machine version 8
Virtual machine version 7
Virtual machine version 4
2 Click Next.
Compatible with ESXi 6.0 hosts. Provides the latest virtual machine features including improved accelerated 3D graphics rendering. Recommended for virtual machines that do not need to migrate to ESX/ESXi 4.x and 5.x hosts.
Compatible with ESXi 5.5 and later hosts. Recommended for virtual machines that do not need to migrate to ESX/ESXi 4.x and 5.1 hosts.
Compatible with ESXi 5.1 and later hosts. Recommended for virtual machines that do not need to migrate to ESX/ESXi 4.x and 5.0 hosts.
Compatible with ESXi 5.0 and later hosts. Recommended for virtual machines that do not need to migrate to ESX/ESXi 4.x hosts.
Compatible with ESX/ESXi 4, 4.x, and later hosts. Recommended for sharing storage or virtual machines with ESX/ESXi versions 3.5 to 4.1.
Compatible with ESX/ESXi 4 and later hosts. Recommended for virtual machines that need to run on ESX/ESXi versions 4.
The Guest Operating System page opens.
What to do next
Select a guest operating system for the virtual machine.

Select an Operating System in the vSphere Client

The guest operating system that you select affects the supported devices and number of virtual CPUs available to the virtual machine.
The New Virtual Machine wizard does not install the guest operating system. The wizard uses this information to select appropriate default values, such as the amount of memory needed.
When you select a guest operating system, BIOS or Extensible Firmware Interface (EFI) is selected by default, depending on the firmware supported by the operating system. Mac OS X Server guest operating systems support only EFI. If the operating system supports BIOS and EFI, you can change the default from the Options tab of the Virtual Machine Properties editor after you create the virtual machine and before you install the guest operating system. If you select EFI, you cannot boot an operating system that supports only BIOS, and the reverse.
IMPORTANT Do not change the firmware after the guest operating system is installed.
The Mac OS X Server must run on Apple hardware. You cannot power on a Mac OS X Server if it is running on other hardware.
VMware, Inc. 89
Page 90
vSphere Administration with the vSphere Client
Procedure
1 On the Guest Operating System page of the New Virtual Machine wizard, select an operating system
family.
2 Select an operating system and version from the drop-down menu and click Next.
If any of the total cores available on the host, the maximum virtual CPUs supported by the virtual machine hardware version, or the maximum supported CPUs on the guest operating system equal 1, the virtual machine CPU count is set to 1 and the Memory page opens.
3 If you selected Other (32-bit) or Other (64-bit), enter a name for the operating system in the text box.
4 Click Next.
What to do next
You can add memory or CPUs for the virtual machine.

Select the Number of Virtual CPUs in the vSphere Client

You can configure a virtual machine to have up to 128 virtual CPUs. The number of licensed CPUs on the host, the number of CPUs that the guest operating system supports, and the virtual machine hardware version determine the number of virtual CPUs that you can add.
VMware Virtual Symmetric Multiprocessing (Virtual SMP) enables a single virtual machine to use multiple physical processors simultaneously. You must have Virtual SMP to power on multiprocessor virtual machines.
Procedure
1 On the CPUs page of the New Virtual Machine wizard, select a value from the Number of virtual
sockets drop-down menu.
2 Select a value from the Number of cores per socket drop-down menu.
To determine the total number of cores, multiply the number of cores per socket by the number of virtual sockets. The resulting total number of cores is a number equal to or less than the number of logical CPUs on the host.
The total number of cores appears.
3 Click Next.
The Memory page opens.
What to do next
Select the memory for the virtual machine.

Configure Virtual Memory in the vSphere Client

The amount of memory that you allocate for a virtual machine is the amount of memory that the guest operating system detects.
The minimum memory size is 4 MB for virtual machines that use BIOS firmware. Virtual machines that use EFI firmware require at least 96 MB of RAM or they cannot power on.
The maximum memory size for a virtual machine depends on the host's physical memory and the virtual machine's hardware version.
90 VMware, Inc.
Page 91
Chapter 10 Creating a Virtual Machine in the vSphere Client
If the virtual machine memory is greater than the host memory size, swapping occurs, which can have a severe effect on virtual machine performance. The memory size must be a multiple of 4 MB. The maximum for best performance represents the threshold above which the host’s physical memory is insufficient to run the virtual machine at full speed. This value fluctuates as conditions on the host change, for example, as virtual machines are powered on or off.
Table 101. Maximum Virtual Machine Memory
Introduced in Host Version Virtual Machine Version Maximum Memory Size
ESXi 6.0 11 4080 GB
ESXi 5.5 10 1011 GB
ESXi 5.1 9 1011 GB
ESXi 5.0 8 1011 GB
ESX/ESXi 4.x 7 255 GB
ESX/ESXi 3.x 4 65,532 MB
The ESXi host version indicates when support began for the increased memory size. For example, the memory size of a version 7 virtual machine that is running on ESXi 5.0 is restricted to 255 GB.
Procedure
1 On the Memory page of the New Virtual Machine wizard, select a size for the virtual memory.
You can use the slider or use the up and down arrows to select the number. To access the predefined default or recommended setting, click the colored triangles on the right side of the memory bar.
2 Click Next.
The Network page opens.
What to do next
Select network adapters for the virtual machine.

Configure Networks in the vSphere Client

You can select the virtual network interface cards (NICs) to create on the virtual machine so that the virtual machine can communicate with other hosts and virtual machines. For each NIC, select the network and adapter type.
CAUTION Because virtual machines share their physical network hardware with the host, the accidental or malicious bridging of two networks by a virtual machine can occur. Spanning Tree protocol cannot protect against these occurrences.
You can select only four NICs during virtual machine creation. You can add more virtual NICs by selecting Edit the virtual machine settings before completion on the Ready to Complete page of the wizard, or by editing the virtual machine after it is created.
For more information about networking, see the vSphere Networking documentation.
Procedure
1 On the Network page of the New Virtual Machine wizard, select the number of NICs to connect from
the drop-down menu.
VMware, Inc. 91
Page 92
vSphere Administration with the vSphere Client
2 For each NIC, select a network and adapter type from the drop-down menus
Depending on the host version and the guest operating system, a choice of adapter types for each virtual NIC might not be available. In many cases, only one type of adapter is supported. If more than one type of adapter is supported, the recommended type for the guest operating system is selected by default.
3 (Optional) Click Connect at Power On to connect the NIC when the virtual machine is powered on.
4 Click Next to add a SCSI Controller.

Select a SCSI Controller in the vSphere Client

To access virtual disks, a virtual machine uses virtual SCSI controllers. Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the VMFS datastore, NFS-based datastore, or on a raw disk. The choice of SCSI controller does not affect whether your virtual disk is an IDE or SCSI disk.
The wizard preselects the correct default controller based on the guest operation system you selected on the Guest Operating System page.
LSI Logic SAS and VMware Paravirtual controllers are available only for virtual machines with hardware version 7 or later. For details about VMware Paravirtual controllers, including conditions for use and limitations, see “About VMware Paravirtual SCSI Controllers,” on page 166.
Disks with snapshots might not experience performance gains when used on LSI Logic SAS and LSI Logic Parallel controllers.
Procedure
1 On the SCSI Controller page of the New Virtual Machine wizard, accept the default or select a SCSI
controller type.
BusLogic Parallel
n
LSI Logic Parallel
n
LSI Logic SAS
n
VMware Paravirtual
n
2 Click Next.
The Select a Disk page opens.
What to do next
Select a disk on which to store the guest operating system files and data.
Selecting a Virtual Disk Type
You can create a virtual disk, use an existing virtual disk, or create Raw Device Mappings (RDMs), which give your virtual disk direct access to SAN. A virtual disk comprises one or more files on the file system that appear as a single hard disk to the guest operating system. These disks are portable among hosts.
You use the Create Virtual Machine wizard to add virtual disks during virtual machine creation. To add disks later, select the Do Not Create Disk option and use the Add Hardware wizard in the Virtual Machine Properties dialog box.
NOTE You cannot reassign virtual disks to a different controller type.
You can select from the following options:
92 VMware, Inc.
Page 93
Chapter 10 Creating a Virtual Machine in the vSphere Client
Create a Virtual Disk in the vSphere Client on page 93
n
When you create a virtual disk, you can specify disk properties such as size, format, clustering features, and more.
Use an Existing Virtual Disk in the vSphere Client on page 94
n
You can use an existing disk that is configured with an operating system or other virtual machine data. This choice allows you to freely move the virtual hard drive from virtual machine to virtual machine.
Add an RDM Disk to a Virtual Machine in the vSphere Client on page 95
n
You can store virtual machine data directly on a SAN LUN instead of storing it in a virtual disk file. This ability is useful if you are running applications in your virtual machines that must detect the physical characteristics of the storage device. Mapping a SAN LUN allows you to use existing SAN commands to manage storage for the disk.

Create a Virtual Disk in the vSphere Client

When you create a virtual disk, you can specify disk properties such as size, format, clustering features, and more.
For detailed information about disk types, see the vSphere Storage publication.
Procedure
1 On the Create a Disk page of the New Virtual Machine wizard, select the disk size.
You can increase the disk size later or add disks in the Virtual Machine Properties dialog box.
2 Select the format for the virtual machine's disks and click Next.
Option Action
Thick Provision Lazy Zeroed
Thick Provision Eager Zeroed
Thin Provision
Create a virtual disk in a default thick format. Space required for the virtual disk is allocated during creation. Any data remaining on the physical device is not erased during creation, but is zeroed out on demand at a later time on first write from the virtual machine.
Create a thick disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the flat format, the data remaining on the physical device is zeroed out during creation. It might take much longer to create disks in this format than to create other types of disks.
Use the thin provisioned format. At first, a thin provisioned disk uses only as much datastore space as the disk initially needs. If the thin disk needs more space later, it can grow to the maximum capacity allocated to it.
3 Select a location to store the virtual disk files and click Next.
Option Description
Store with the virtual machine
Specify a datastore or datastore cluster
Stores the files with the configuration and other virtual machine files. This option makes file management easier.
Stores the file separately from other virtual machine files.
The Advanced Options page opens.
4 Accept the default or select a different virtual device node.
In most cases, you can accept the default device node. For a hard disk, a nondefault device node is useful to control the boot order or to have different SCSI controller types. For example, you might want to boot from an LSI Logic controller and share a data disk with another virtual machine using a BusLogic controller with bus sharing turned on.
VMware, Inc. 93
Page 94
vSphere Administration with the vSphere Client
5 (Optional) To change the way disks are affected by snapshots, click Independent and select an option.
Option Description
Independent - Persistent
Independent - Nonpersistent
Disks in persistent mode behave like conventional disks on your physical computer. All data written to a disk in persistent mode are written permanently to the disk.
Changes to disks in nonpersistent mode are discarded when you power off or reset the virtual machine. With nonpersistent mode, you can restart the virtual machine with a virtual disk in the same state every time. Changes to the disk are written to and read from a redo log file that is deleted when you power off or reset.
6 Click Next.
Your changes are recorded and the Ready to Complete page opens.
What to do next
View the selections for your virtual machine on the Ready to Complete page.

Use an Existing Virtual Disk in the vSphere Client

You can use an existing disk that is configured with an operating system or other virtual machine data. This choice allows you to freely move the virtual hard drive from virtual machine to virtual machine.
Procedure
1 On the Select Existing Disk page of the New Virtual Machine wizard, browse for a virtual disk file, click
OK, and click Next.
2 Accept the default or select a different virtual device node.
In most cases, you can accept the default device node. For a hard disk, a nondefault device node is useful to control the boot order or to have different SCSI controller types. For example, you might want to boot from an LSI Logic controller and share a data disk with another virtual machine using a BusLogic controller with bus sharing turned on.
3 (Optional) To change the way disks are affected by snapshots, click Independent and select an option.
Option Description
Independent - Persistent
Independent - Nonpersistent
Disks in persistent mode behave like conventional disks on your physical computer. All data written to a disk in persistent mode are written permanently to the disk.
Changes to disks in nonpersistent mode are discarded when you power off or reset the virtual machine. With nonpersistent mode, you can restart the virtual machine with a virtual disk in the same state every time. Changes to the disk are written to and read from a redo log file that is deleted when you power off or reset.
4 Click Next.
Your changes are recorded and the Ready to Complete page opens.
What to do next
Review the virtual machine configuration.
94 VMware, Inc.
Page 95
Chapter 10 Creating a Virtual Machine in the vSphere Client

Add an RDM Disk to a Virtual Machine in the vSphere Client

You can store virtual machine data directly on a SAN LUN instead of storing it in a virtual disk file. This ability is useful if you are running applications in your virtual machines that must detect the physical characteristics of the storage device. Mapping a SAN LUN allows you to use existing SAN commands to manage storage for the disk.
When you map a LUN to a VMFS volume, vCenter Server creates a Raw Device Mapping (RDM) file that points to the raw LUN. Encapsulating disk information in a file allows vCenter Server to lock the LUN so that only one virtual machine can write to it at a time. For details about RDM, see the vSphere Storage documentation.
The RDM file has a .vmdk extension, but the file contains only disk information that describes the mapping to the LUN on the ESXi host. The actual data is stored on the LUN.
You can create the RDM as an initial disk for a new virtual machine or add it to an existing virtual machine. When you create the RDM, you specify the LUN to be mapped and the datastore on which to put the RDM.
NOTE You cannot deploy a virtual machine from a template and store its data on a LUN. You can only store its data in a virtual disk file.
Procedure
1 On the Select a Disk page of the New Virtual Machine wizard, select Raw Device Mapping and click
Next.
2 From the list of SAN disks or LUNs, select a LUN for your virtual machine to access directly and click
Next.
3 Select a datastore for the LUN mapping file and click Next.
You can place the RDM file on the same datastore where your virtual machine configuration file resides, or select a different datastore.
NOTE To use vMotion for virtual machines with enabled NPIV, make sure that the RDM files of the virtual machines are located on the same datastore. You cannot perform Storage vMotion or vMotion between datastores when NPIV is enabled.
4 Select a compatibility mode and click Next.
Option Description
Physical
Virtual
Allows the guest operating system to access the hardware directly. Physical compatibility is useful if you are using SAN-aware applications on the virtual machine. However, a virtual machine with a physical compatibility RDM cannot be cloned, made into a template, or migrated if the migration involves copying the disk.
Allows the RDM to behave as if it were a virtual disk, so you can use such features as taking a snapshot, cloning, and so on. When you clone the disk or make a template from it, the contents of the LUN are copied into a .vmdk virtual disk file. When you migrate a virtual compatibility mode RDM, you can migrate the mapping file or copy the contents of the LUN into a virtual disk.
5 Accept the default or select a different virtual device node.
In most cases, you can accept the default device node. For a hard disk, a nondefault device node is useful to control the boot order or to have different SCSI controller types. For example, you might want to boot from an LSI Logic controller and share a data disk with another virtual machine using a BusLogic controller with bus sharing turned on.
VMware, Inc. 95
Page 96
vSphere Administration with the vSphere Client
6 (Optional) To change the way disks are affected by snapshots, click Independent and select an option.
Option Description
Independent - Persistent
Independent - Nonpersistent
Disks in persistent mode behave like conventional disks on your physical computer. All data written to a disk in persistent mode are written permanently to the disk.
Changes to disks in nonpersistent mode are discarded when you power off or reset the virtual machine. With nonpersistent mode, you can restart the virtual machine with a virtual disk in the same state every time. Changes to the disk are written to and read from a redo log file that is deleted when you power off or reset.
7 Click Next.
Your changes are recorded and the Ready to Complete page opens.
What to do next
Review the virtual machine configuration.

Complete Virtual Machine Creation in the vSphere Client

The Ready to Complete page lets you review the configuration selections that you made for the virtual machine. You can change existing settings, configure resources, add hardware, and more.
You can configure additional virtual machine settings before or after completing the wizard.
Procedure
1 On the Ready to Complete page of the New Virtual Machine wizard, review the configuration settings
for the virtual machine.
2 (Optional) Select Edit the virtual machine settings before completion and click Continue.
The Virtual Machine Properties editor opens. After you complete your changes and click Finish, both the Virtual Machine Properties editor and the New Virtual Machine wizard close. You cannot go back to review the wizard settings unless you click Cancel.
3 (Optional) Click Cancel to go back and review the wizard settings.
4 Click Finish to complete the creation task and close the wizard.
The virtual machine appears in the vSphere Client Inventory view.
What to do next
Before you can use the new virtual machine, you must partition and format the virtual drive, install a guest operating system, and install VMware Tools. Typically, the operating system’s installation program handles partitioning and formatting the virtual drive.
96 VMware, Inc.
Page 97
Working with Templates and Clones
in the vSphere Client 11
A clone is a copy of a virtual machine. A template is a master copy of a virtual machine that can be used to create many clones.
When you clone a virtual machine, you create a copy of the entire virtual machine, including its settings, any configured virtual devices, installed software, and other contents of the virtual machine's disks. You also have the option to use guest operating system customization to change some of the properties of the clone, such as the computer name and networking settings.
Cloning a virtual machine can save time if you are deploying many similar virtual machines. You can create, configure, and install software on a single virtual machine, and then clone it multiple times, rather than creating and configuring each virtual machine individually.
If you create a virtual machine that you want to clone frequently, make that virtual machine a template. A template is a master copy of a virtual machine that can be used to create and provision virtual machines. Templates cannot be powered on or edited, and are more difficult to alter than ordinary virtual machine. A template offers a more secure way of preserving a virtual machine configuration that you want to deploy many times.
When you clone a virtual machine or deploy a virtual machine from a template, the resulting cloned virtual machine is independent of the original virtual machine or template. Changes to the original virtual machine or template are not reflected in the cloned virtual machine, and changes to the cloned virtual machine are not reflected in the original virtual machine or template.
This chapter includes the following topics:
“Clone a Virtual Machine in the vSphere Client,” on page 97
n
“Create a Scheduled Task to Clone a Virtual Machine in the vSphere Client,” on page 100
n
“Create a Template in the vSphere Client,” on page 100
n
“Deploy a Virtual Machine from a Template in the vSphere Client,” on page 103
n
“Change Template Name in the vSphere Client,” on page 105
n
“Deleting Templates,” on page 106
n
“Convert a Template to a Virtual Machine in the vSphere Client,” on page 107
n
Clone a Virtual Machine in the vSphere Client
Cloning a virtual machine creates a duplicate of the virtual machine with the same configuration and installed software as the original.
Optionally, you can customize the guest operating system of the clone to change the virtual machine name, network settings, and other properties. This prevents conflicts that can occur if a virtual machine and a clone with identical guest operating system settings are deployed simultaneously.
VMware, Inc.
97
Page 98
vSphere Administration with the vSphere Client
Prerequisites
You must be connected to vCenter Server in order to clone a virtual machine. You cannot clone virtual
n
machines if you connect directly to an ESXi host.
To customize the guest operating system of the virtual machine, check that your guest operating system
n
meets the requirements for customization. See “Guest Operating System Customization Requirements,” on page 109.
To use a customization specification, you must first create or import the customization specification.
n
To use a custom script to generate the host name or IP address for the new virtual machine, configure
n
the script. See “Configure a Script to Generate Computer Names and IP Addresses During Guest
Operating System Customization in the vSphere Client,” on page 110.
Procedure
1 Right-click the virtual machine and select Clone.
2 Enter a virtual machine name, select a location, and click Next.
3 Select a host or cluster on which to run the new virtual machine.
Option Action
Run the virtual machine on a standalone host.
Run the virtual machine in a cluster with DRS automatic placement.
Run the virtual machine in a cluster without DRS automatic placement.
4 Select a resource pool in which to run the virtual machine and click Next.
Select the host and click Next.
Select the cluster and click Next.
a Select the cluster and click Next.
b Select a host within the cluster and click Next.
5 Select the datastore location where you want to store the virtual machine files.
Option Action
Store all virtual machine files in the same location on a datastore.
Store all virtual machine files in the same datastore cluster.
Store virtual machine configuration files and disk in separate locations.
a Apply a virtual machine storage policy for the virtual machine home
files and the virtual disks from the VM storage policy drop-down menu.
The list shows which datastores are compatible and which are incompatible with the selected virtual machine storage policy.
b Select a datastore and click Next.
a Apply a virtual machine storage policy for the virtual machine home
files and the virtual disks from the VM storage policy drop-down menu.
The list shows which datastores are compatible and which are incompatible with the selected virtual machine storage policy.
b Select a datastore and click Next.
a Click Advanced.
b For the virtual machine configuration file and for each virtual disk,
click Browse and select a datastore or datastore cluster.
c Click Next.
98 VMware, Inc.
Page 99
Chapter 11 Working with Templates and Clones in the vSphere Client
6 Select the format for the virtual machine's disks.
Option Action
Same format as source
Thick Provision Lazy Zeroed
Thick Provision Eager Zeroed
Thin Provision
Use the same format as the source virtual machine.
Create a virtual disk in a default thick format. Space required for the virtual disk is allocated during creation. Any data remaining on the physical device is not erased during creation, but is zeroed out on demand at a later time on first write from the virtual machine.
Create a thick disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the thick provision lazy zeroed format, the data remaining on the physical device is zeroed out during creation. It might take longer to create disks in this format than to create other types of disks.
Use the thin provisioned format. At first, a thin provisioned disk uses only as much datastore space as the disk initially needs. If the thin disk needs more space later, it can grow to the maximum capacity allocated to it.
7 Select a guest operating system customization option.
Option Description
Do not customize
Customize using the Customization Wizard
Customize using an existing customization specification
Select Do not customize and click Next.
Does not customize any of the guest operating system settings. All settings remain identical to those of the source virtual machine.
Opens the Customization Wizard so that you can select customization options for the guest operating system.
Select this option and click Next to launch the Customization Wizard.
To customize a Linux guest operating system, see “Customize Linux
n
During Cloning or Deployment in the vSphere Client,” on page 113.
To customize a Windows guest operating system, see “Customize
n
Windows During Cloning or Deployment in the vSphere Client,” on
page 111.
Uses the settings in a saved customization specification to customize the guest operating system.
a Select Customize using an existing customization specification.
b Select the customization specification that you want to use.
c (Optional) Select Use the Customization Wizard to temporarily
adjust the specification before deployment if you want to make changes to the specification for this deployment only.
d Click Next.
8 Review your selections and select whether to power on the virtual machine or edit virtual machine
settings.
Option Action
Power on this virtual machine after creation.
Edit virtual hardware.
Select this option and click Finish.
The virtual machine powers on after the deployment task completes.
a Select this option and click Continue.
b Make any changes and click OK.
The cloned virtual machine is deployed. You cannot use or edit the virtual machine until the cloning is complete. This might take several minutes if the cloning involves creating a virtual disk. You can cancel the cloning at any point before the customization stage.
VMware, Inc. 99
Page 100
vSphere Administration with the vSphere Client

Create a Scheduled Task to Clone a Virtual Machine in the vSphere Client

This procedure creates a scheduled task to clone a virtual machine.
Prerequisites
You must be connected to a vCenter Server system with the vSphere Client.
n
Procedure
1 From the Home page, click Scheduled Tasks.
2 Select File > New > Scheduled Task, or click New.
The Select a Task to Schedule dialog box appears.
3 Select Clone a virtual machine from the drop-down menu, and click OK.
The Clone Virtual Machine wizard appears.
4 Select the virtual machine to clone and click Next.
5 Follow the wizard through the same steps as those in the previous task in which you cloned a virtual
machine.
6 Enter a name and a task description in the text box.
7 Select the frequency of the task.
8 Select Now or Later. If later, enter the time and date when you want the virtual machine to be
deployed, and click Next.
To see the calendar, click Later, and click the drop-down arrow to select a date from the calendar. A red circle indicates today’s date, and a dark circle indicates the scheduled date.
9 Review the information on the Ready to Complete New Virtual Machine page, and click Finish.
Optionally, you can select the check box to power on the new virtual machine after it is created.
vCenter Server adds the new task to the scheduled task list and completes it at the designated time. When it is time to perform the task, vCenter Server first verifies that the user who created the task still has permission to complete the task. If the permission levels are not acceptable, vCenter Server sends a message to the log and the task is not performed.

Create a Template in the vSphere Client

Create a template to create a master image of a virtual machine from which you can deploy many virtual machines.
You can create a template by converting a virtual machine to a template, cloning a virtual machine to a template, or cloning another template.

Convert a Virtual Machine to a Template in the vSphere Client

You can convert a virtual machine directly to a template instead of making a copy by cloning.
When you convert a virtual machine to a template, you cannot edit or power on the template unless you convert it back to a virtual machine.
Prerequisites
You must be connected to vCenter Server to convert a virtual machine to a template. You cannot create
n
templates if you connect the vSphere Client directly to an ESXi host.
100 VMware, Inc.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use