ESXi - 6.7
Table of contents
Loading...
VMware ESXi Installation
and Setup
17 APR 2018
VMware vSphere 6.7
VMware ESXi 6.7
VMware ESXi Installation and Setup
VMware, Inc. 2
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
Copyright
©
2018 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Contents
1
About VMware ESXi Installation and Setup 4
2
Introduction to vSphere Installation and Setup 5
3
Overview of the vSphere Installation and Setup Process 6
4
About ESXi Evaluation and Licensed Modes 9
5
Installing and Setting Up ESXi 10
ESXi Requirements 10
Preparing for Installing ESXi 19
Installing ESXi 70
Setting Up ESXi 188
After You Install and Set Up ESXi 208
6
Troubleshooting ESXi Booting 212
Host Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host 212
Host Fails to Boot After You Install ESXi in UEFI Mode 213
7
Decommission an ESXi Host 214
VMware, Inc. 3
About VMware ESXi Installation
and Setup 1
VMware ESXi Installation and Setup describes how to install and configure VMware ESXi™.
Intended Audience
VMware ESXi Installation and Setup is intended for experienced administrators who want to install and
configure ESXi.
This information is written for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and data center operations. The information about using the Image Builder
and VMware vSphere
®
Auto Deploy™ is written for administrators who have experience with Microsoft
PowerShell and VMware vSphere
®
PowerCLI™.
vSphere Web Client and vSphere Client
Task instructions in this guide are based on the vSphere Web Client. You can also perform most of the
tasks in this guide by using the new vSphere Client. The new vSphere Client user interface terminology,
topology, and workflow are closely aligned with the same aspects and elements of the
vSphere Web Client user interface. You can apply the vSphere Web Client instructions to the new
vSphere Client unless otherwise instructed.
Note In vSphere 6.7, most of the vSphere Web Client functionality is implemented in the vSphere Client.
For an up-to-date list of the unsupported functionality, see Functionality Updates for the vSphere Client.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For
definitions of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.
VMware, Inc.
4
Introduction to vSphere
Installation and Setup 2
vSphere 6.7 provides various options for installation and setup. To ensure a successful vSphere
deployment, understand the installation and setup options, and the sequence of tasks.
The two core components of vSphere are ESXi and vCenter Server. ESXi is the virtualization platform on
which you can create and run virtual machines and virtual appliances. vCenter Server is a service that
acts as a central administrator for ESXi hosts connected in a network. vCenter Server lets you pool and
manage the resources of multiple hosts.
You can install vCenter Server on a Windows virtual machine or physical server, or deploy the
vCenter Server Appliance. The vCenter Server Appliance is a preconfigured Linux-based virtual machine
optimized for running vCenter Server and the vCenter Server components. You can deploy the
vCenter Server Appliance on ESXi hosts 6.0 or later, or on vCenter Server instances 6.0 or later.
Starting with vSphere 6.0, all prerequisite services for running vCenter Server and the vCenter Server
components are bundled in the VMware Platform Services Controller™. You can deploy vCenter Server
with an embedded or external Platform Services Controller, but you must always install or deploy the
Platform Services Controller before installing or deploying vCenter Server.
For detailed information about the vCenter Server installation process, see vCenter Server Installation
and Setup.
VMware, Inc.
5
Overview of the vSphere
Installation and Setup Process 3
vSphere is a sophisticated product with multiple components to install and set up. To ensure a successful
vSphere deployment, understand the sequence of tasks required.
Installing vSphere includes the following tasks:
VMware, Inc. 6
Figure 3‑1. vSphere Installation and Setup Workflow
Start the vSphere
installation and setup
End of the vSphere
installation and setup
Small envrionment with one
vCenter Server Instance
Large envrionment with multiple
vCenter Server Instances
Install ESXi
on at least one host
Set up ESXi
Deploy or install vCenter Server
with an embedded Platform
Services Controller
Log in to the vSphere Web
Client to create and organize
your vCenter Server inventory
Log in to the vSphere Web
Client to create and organize
your vCenter Server inventories
Start the vSphere
installation and setup
End of the vSphere
installation and setup
Install ESXi
on at least one host
Set up ESXi
Deploy or install the Platform
Services Controller instances
in a sequence
Deploy or install the vCenter Server
instances and register them with the
external Platform Services
Controller instances
1 Read the vSphere release notes.
2 Install ESXi.
a Verify that your system meets the minimum hardware requirements. See ESXi Requirements.
b Determine the ESXi installation option to use. See Options for Installing ESXi.
VMware ESXi Installation and Setup
VMware, Inc. 7
c Determine where you want to locate and boot the ESXi installer. See Media Options for Booting
the ESXi Installer. If you are using PXE to boot the installer, verify that your network PXE
infrastructure is properly set up. See PXE Booting the ESXi Installer.
d Create a worksheet with the information you will need when you install ESXi. See Required
Information for ESXi Installation.
e Install ESXi.
n
Installing ESXi Interactively
n
Installing or Upgrading Hosts by Using a Script
Note You can also provision ESXi hosts by using vSphere Auto Deploy, but vSphere Auto
Deploy is installed together with vCenter Server. To provision ESXi hosts by using Auto Deploy,
you must deploy the vCenter Server Appliance or install vCenter Server.
3 Configure the ESXi boot and network settings, the direct console, and other settings. See Setting Up
ESXi and After You Install and Set Up ESXi.
4 Consider setting up a syslog server for remote logging, to ensure sufficient disk storage for log files.
Setting up logging on a remote host is especially important for hosts with limited local storage. See
Required Free Space for System Logging and Configure Syslog on ESXi Hosts.
5 Determine the vCenter Server and Platform Services Controller deployment model that is suitable for
your environment.
6 Deploy or install vCenter Server and Platform Services Controller.
For detailed information, see the vCenter Server Installation and Setup guide.
VMware ESXi Installation and Setup
VMware, Inc. 8
About ESXi Evaluation and
Licensed Modes 4
You can use evaluation mode to explore the entire set of features for ESXi hosts. The evaluation mode
provides the set of features equal to a vSphere Enterprise Plus license. Before the evaluation mode
expires, you must assign to your hosts a license that supports all the features in use.
For example, in evaluation mode, you can use vSphere vMotion technology, the vSphere HA feature, the
vSphere DRS feature, and other features. If you want to continue using these features, you must assign a
license that supports them.
The installable version of ESXi hosts is always installed in evaluation mode. ESXi Embedded is
preinstalled on an internal storage device by your hardware vendor. It might be in evaluation mode or
prelicensed.
The evaluation period is 60 days and begins when you turn on the ESXi host. At any time during the 60-
day evaluation period, you can convert from licensed mode to evaluation mode. The time available in the
evaluation period is decreased by the time already used.
For example, suppose that you use an ESXi host in evaluation mode for 20 days and then assign a
vSphere Standard Edition license key to the host. If you set the host back in evaluation mode, you can
explore the entire set of features for the host for the remaining evaluation period of 40 days.
For information about managing licensing for ESXi hosts, see the vCenter Server and Host Management
documentation.
VMware, Inc.
9
Installing and Setting Up ESXi 5
You can install and set up ESXi on your physical hardware so that it acts as a platform for virtual
machines.
This chapter includes the following topics:
n
ESXi Requirements
n
Preparing for Installing ESXi
n
Installing ESXi
n
Setting Up ESXi
n
After You Install and Set Up ESXi
ESXi Requirements
To install or upgrade ESXi, your system must meet specific hardware and software requirements.
ESXi Hardware Requirements
Make sure the host meets the minimum hardware configurations supported by ESXi6.7.
Hardware and System Resources
To install or upgrade ESXi, your hardware and system resources must meet the following requirements:
n
Supported server platform. For a list of supported platforms, see the VMware Compatibility Guide at
http://www.vmware.com/resources/compatibility.
n
ESXi 6.7 requires a host machine with at least two CPU cores.
n
ESXi 6.7 supports 64-bit x86 processors released after September 2006. This includes a broad range
of multi-core processors. For a complete list of supported processors, see the VMware compatibility
guide at http://www.vmware.com/resources/compatibility.
n
ESXi 6.7 requires the NX/XD bit to be enabled for the CPU in the BIOS.
n
ESXi 6.7 requires a minimum of 4 GB of physical RAM. It is recommended to provide at least 8 GB of
RAM to run virtual machines in typical production environments.
n
To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must
be enabled on x64 CPUs.
VMware, Inc.
10
n
One or more Gigabit or faster Ethernet controllers. For a list of supported network adapter models,
see the VMware Compatibility Guide at http://www.vmware.com/resources/compatibility.
n
SCSI disk or a local, non-network, RAID LUN with unpartitioned space for the virtual machines.
n
For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board
SATA controllers. SATA disks are considered remote, not local. These disks are not used as a scratch
partition by default because they are seen as remote.
Note You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 6.7 host. To use
the SATA CD-ROM device, you must use IDE emulation mode.
Storage Systems
For a list of supported storage systems, see the VMware Compatibility Guide at
http://www.vmware.com/resources/compatibility. For Software Fibre Channel over Ethernet (FCoE), see
Installing and Booting ESXi with Software FCoE.
ESXi Booting Requirements
vSphere 6.7 supports booting ESXi hosts from the Unified Extensible Firmware Interface (UEFI). With
UEFI, you can boot systems from hard drives, CD-ROM drives, or USB media.
Starting with vSphere 6.7, VMware Auto Deploy supports network booting and provisioning of ESXi hosts
with UEFI.
ESXi can boot from a disk larger than 2 TB if the system firmware and the firmware on any add-in card
that you are using support it. See the vendor documentation.
Note Changing the boot type from legacy BIOS to UEFI after you install ESXi 6.7 might cause the host
to fail to boot. In this case, the host displays an error message similar to Not a VMware boot bank.
Changing the host boot type between legacy BIOS and UEFI is not supported after you install ESXi 6.7.
Storage Requirements for ESXi 6.7 Installation or Upgrade
Installing ESXi 6.7 or upgrading to ESXi 6.7 requires a boot device that is a minimum of 1 GB. When
booting from a local disk, SAN or iSCSI LUN, a 5.2-GB disk is required to allow for the creation of the
VMFS volume and a 4-GB scratch partition on the boot device. If a smaller disk or LUN is used, the
installer attempts to allocate a scratch region on a separate local disk. If a local disk cannot be found the
scratch partition, /scratch, is on the ESXi host ramdisk, linked to /tmp/scratch. You can
reconfigure /scratch to use a separate disk or LUN. For best performance and memory optimization, do
not leave /scratch on the ESXi host ramdisk.
To reconfigure /scratch, see Set the Scratch Partition from the vSphere Web Client.
Due to the I/O sensitivity of USB and SD devices, the installer does not create a scratch partition on these
devices. When installing or upgrading on USB or SD devices, the installer attempts to allocate a scratch
region on an available local disk or datastore. If no local disk or datastore is found, /scratch is placed on
the ramdisk. After the installation or upgrade, you should reconfigure /scratch to use a persistent
VMware ESXi Installation and Setup
VMware, Inc. 11
datastore. Although a 1GB USB or SD device suffices for a minimal installation, you should use a 4GB or
larger device. The extra space is used for an expanded coredump partition on the USB/SD device. Use a
high-quality USB flash drive of 16 GB or larger so that the extra flash cells can prolong the life of the boot
media, but high-quality drives of 4 GB or larger are sufficient to hold the extended coredump partition.
See Knowledge Base article http://kb.vmware.com/kb/2004784.
In Auto Deploy installations, the installer attempts to allocate a scratch region on an available local disk or
datastore. If no local disk or datastore is found, /scratch is placed on ramdisk. You should
reconfigure /scratch to use a persistent datastore following the installation.
For environments that boot from a SAN or use Auto Deploy, you need not allocate a separate LUN for
each ESXi host. You can co-locate the scratch regions for many ESXi hosts onto a single LUN. The
number of hosts assigned to any single LUN should be weighed against the LUN size and the I/O
behavior of the virtual machines.
ESXi 6.7 Installation on M.2 and other Non-USB Low-end Flash Media
Unlike USB flash devices, the ESXi installer creates a VMFS datastore on M.2 and other non-USB low-
end flash media. If you deploy a virtual machine or migrate a virtual machine to this boot device
datastore, the boot device can be worn out quickly depending on the endurance of the flash device and
the characteristics of the workload. Even read-only workloads can cause problems on low-end flash
devices.
Important If you install ESXi on M.2 or other non-USB low-end flash media, delete the VMFS datastore
on the device immediately after installation. See vSphere Storage for more information on removing
VMFS datastores.
Supported Remote Management Server Models and Firmware
Versions
You can use remote management applications to install or upgrade ESXi, or to manage hosts remotely.
Table 5‑1. Supported Remote Management Server Models and Minimum Firmware Versions
Remote Management Server Model Firmware Version Java
Dell DRAC 7 1.30.30 (Build 43) 1.7.0_60-b19
Dell DRAC 6 1.54 (Build 15), 1.70 (Build 21) 1.6.0_24
Dell DRAC 5 1.0, 1.45, 1.51 1.6.0_20,1.6.0_203
Dell DRAC 4 1.75 1.6.0_23
HP ILO 1.81, 1.92 1.6.0_22, 1.6.0_23
HP ILO 2 1.8, 1.81 1.6.0_20, 1.6.0_23
HP ILO 3 1.28 1.7.0_60-b19
HP ILO 4 1.13 1.7.0_60-b19
IBM RSA 2 1.03, 1.2 1.6.0_22
VMware ESXi Installation and Setup
VMware, Inc. 12
Recommendations for Enhanced ESXi Performance
To enhance performance, install or upgrade ESXi on a robust system with more RAM than the minimum
required and with multiple physical disks.
For ESXi system requirements, see ESXi Hardware Requirements.
Table 5‑2. Recommendations for Enhanced Performance
System Element Recommendation
RAM ESXi hosts require more RAM than typical servers. Provide at
least 8GB of RAM to take full advantage of ESXi features and
run virtual machines in typical production environments. An ESXi
host must have sufficient RAM to run concurrent virtual
machines. The following examples are provided to help you
calculate the RAM required by the virtual machines running on
the ESXi host.
Operating four virtual machines with Red Hat Enterprise Linux or
Windows XP requires at least 3GB of RAM for baseline
performance. This figure includes approximately 1024MB for the
virtual machines, 256MB minimum for each operating system as
recommended by vendors.
Running these four virtual machines with 512MB RAM requires
that the ESXi host have approximately 4GB RAM, which
includes 2048MB for the virtual machines.
These calculations do not take into account possible memory
savings from using variable overhead memory for each virtual
machine. See vSphere Resource Management.
Dedicated Fast Ethernet adapters for virtual machines Place the management network and virtual machine networks
on different physical network cards. Dedicated Gigabit Ethernet
cards for virtual machines, such as Intel PRO 1000 adapters,
improve throughput to virtual machines with high network traffic.
Disk location Place all data that your virtual machines use on physical disks
allocated specifically to virtual machines. Performance is better
when you do not place your virtual machines on the disk
containing the ESXi boot image. Use physical disks that are
large enough to hold disk images that all the virtual machines
use.
VMFS5 partitioning The ESXi installer creates the initial VMFS volumes on the first
blank local disk found. To add disks or modify the original
configuration, use the vSphere Web Client. This practice
ensures that the starting sectors of partitions are 64K-aligned,
which improves storage performance.
Note For SAS-only environments, the installer might not format
the disks. For some SAS disks, it is not possible to identify
whether the disks are local or remote. After the installation, you
can use the vSphere Web Client to set up VMFS.
VMware ESXi Installation and Setup
VMware, Inc. 13
Table 5‑2. Recommendations for Enhanced Performance (Continued)
System Element Recommendation
Processors Faster processors improve ESXi performance. For certain
workloads, larger caches improve ESXi performance.
Hardware compatibility Use devices in your server that are supported by ESXi 6.7
drivers. See the Hardware Compatibility Guide at
http://www.vmware.com/resources/compatibility.
Incoming and Outgoing Firewall Ports for ESXi Hosts
The vSphere Web Client and the VMware Host Client allow you to open and close firewall ports for each
service or to allow traffic from selected IP addresses.
The following table lists the firewalls for services that are installed by default. If you install other VIBs on
your host, additional services and firewall ports might become available. The information is primarily for
services that are visible in the vSphere Web Client but the table includes some other ports as well.
Table 5‑3. Incoming Firewall Connections
Port
Protoc
ol Service Description
5988 TCP CIM Server Server for CIM (Common Information Model).
5989 TCP CIM Secure Server Secure server for CIM.
427 TCP,
UDP
CIM SLP The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find
CIM servers.
546 DHCPv6 DHCP client for IPv6.
8301, 8302 UDP DVSSync DVSSync ports are used for synchronizing states of distributed virtual ports
between hosts that have VMware FT record/replay enabled. Only hosts that
run primary or backup virtual machines must have these ports open. On hosts
that are not using VMware FT these ports do not have to be open.
902 TCP NFC Network File Copy (NFC) provides a file-type-aware FTP service for vSphere
components. ESXi uses NFC for operations such as copying and moving data
between datastores by default.
12345, 23451 UDP vSANClustering
Service
VMware vSAN Cluster Monitoring and Membership Directory Service. Uses
UDP-based IP multicast to establish cluster members and distribute vSAN
metadata to all cluster members. If disabled, vSAN does not work.
68 UDP DHCP Client DHCP client for IPv4.
53 UDP DNS Client DNS client.
8200, 8100,
8300
TCP,
UDP
Fault Tolerance Traffic between hosts for vSphere Fault Tolerance (FT).
6999 UDP NSX Distributed
Logical Router
Service
NSX Virtual Distributed Router service. The firewall port associated with this
service is opened when NSX VIBs are installed and the VDR module is
created. If no VDR instances are associated with the host, the port does not
have to be open.
This service was called NSX Distributed Logical Router in earlier versions of
the product.
VMware ESXi Installation and Setup
VMware, Inc. 14
Table 5‑3. Incoming Firewall Connections (Continued)
Port
Protoc
ol Service Description
2233 TCP vSAN Transport vSAN reliable datagram transport. Uses TCP and is used for vSAN storage
IO. If disabled, vSAN does not work.
161 UDP SNMP Server Allows the host to connect to an SNMP server.
22 TCP SSH Server Required for SSH access.
8000 TCP vMotion Required for virtual machine migration with vMotion. ESXi hosts listen on port
8000 for TCP connections from remote ESXi hosts for vMotion traffic.
902, 443 TCP vSphere Web Client Client connections
8080 TCP vsanvp vSAN VASA Vendor Provider. Used by the Storage Management Service
(SMS) that is part of vCenter to access information about vSAN storage
profiles, capabilities, and compliance. If disabled, vSAN Storage Profile Based
Management (SPBM) does not work.
80 TCP vSphere Web Access Welcome page, with download links for different interfaces.
5900 -5964 TCP RFB protocol
80, 9000 TCP vSphere Update
Manager
Table 5‑4. Outgoing Firewall Connections
Port Protocol Service Description
427 TCP, UDP CIM SLP The CIM client uses the Service Location Protocol, version 2
(SLPv2) to find CIM servers.
547 TCP, UDP DHCPv6 DHCP client for IPv6.
8301, 8302 UDP DVSSync DVSSync ports are used for synchronizing states of distributed
virtual ports between hosts that have VMware FT record/replay
enabled. Only hosts that run primary or backup virtual machines
must have these ports open. On hosts that are not using VMware
FT these ports do not have to be open.
44046, 31031 TCP HBR Used for ongoing replication traffic by vSphere Replication and
VMware Site Recovery Manager.
902 TCP NFC Network File Copy (NFC) provides a file-type-aware FTP service
for vSphere components. ESXi uses NFC for operations such as
copying and moving data between datastores by default.
9 UDP WOL Used by Wake on LAN.
12345 23451 UDP vSAN Clustering
Service
Cluster Monitoring, Membership, and Directory Service used by
vSAN.
68 UDP DHCP Client DHCP client.
53 TCP, UDP DNS Client DNS client.
80, 8200, 8100, 8300 TCP, UDP Fault Tolerance Supports VMware Fault Tolerance.
3260 TCP Software iSCSI Client Supports software iSCSI.
VMware ESXi Installation and Setup
VMware, Inc. 15
Table 5‑4. Outgoing Firewall Connections (Continued)
Port Protocol Service Description
6999 UDP NSX Distributed
Logical Router
Service
The firewall port associated with this service is opened when NSX
VIBs are installed and the VDR module is created. If no VDR
instances are associated with the host, the port does not have to
be open.
5671 TCP rabbitmqproxy A proxy running on the ESXi host. This proxy allows applications
that are running inside virtual machines to communicate with the
AMQP brokers that are running in the vCenter network domain.
The virtual machine does not have to be on the network, that is,
no NIC is required. Ensure that outgoing connection IP addresses
include at least the brokers in use or future. You can add brokers
later to scale up.
2233 TCP vSAN Transport Used for RDT traffic (Unicast peer to peer communication)
between vSAN nodes.
8000 TCP vMotion Required for virtual machine migration with vMotion.
902 UDP VMware vCenter
Agent
vCenter Server agent.
8080 TCP vsanvp Used for vSAN Vendor Provider traffic.
9080 TCP I/O Filter Service Used by the I/O Filters storage feature
Table 5‑5. Firewall Ports for Services That Are Not Visible in the UI by Default
Port
Proto
col Service Comment
5900 -5964 TCP RFB protocol The RFB protocol is a simple protocol for remote access to graphical user
interfaces.
8889 TCP OpenWSMAN
Daemon
Web Services Management (WS-Management is a DMTF open standard for
the management of servers, devices, applications, and Web services.
Required Free Space for System Logging
If you used Auto Deploy to install your ESXi 6.7 host, or if you set up a log directory separate from the
default location in a scratch directory on the VMFS volume, you might need to change your current log
size and rotation settings to ensure that enough space is available for system logging .
All vSphere components use this infrastructure. The default values for log capacity in this infrastructure
vary, depending on the amount of storage available and on how you have configured system logging.
Hosts that are deployed with Auto Deploy store logs on a RAM disk, which means that the amount of
space available for logs is small.
If your host is deployed with Auto Deploy, reconfigure your log storage in one of the following ways:
n
Redirect logs over the network to a remote collector.
n
Redirect logs to a NAS or NFS store.
VMware ESXi Installation and Setup
VMware, Inc. 16
If you redirect logs to non-default storage, such as a NAS or NFS store, you might also want to
reconfigure log sizing and rotations for hosts that are installed to disk.
You do not need to reconfigure log storage for ESXi hosts that use the default configuration, which stores
logs in a scratch directory on the VMFS volume. For these hosts, ESXi 6.7 configures logs to best suit
your installation, and provides enough space to accommodate log messages.
Table 5‑6. Recommended Minimum Size and Rotation Configuration for hostd, vpxa, and
fdm Logs
Log Maximum Log File Size
Number of Rotations to
Preserve Minimum Disk Space Required
Management Agent (hostd) 10 MB 10 100 MB
VirtualCenter Agent (vpxa) 5 MB 10 50 MB
vSphere HA agent (Fault
Domain Manager, fdm)
5 MB 10 50 MB
For information about setting up a remote log server, see Configure Syslog on ESXi Hosts.
VMware Host Client System Requirements
Make sure that your browser supports the VMware Host Client.
The following guest operating systems and Web browser versions are supported for the
VMware Host Client.
Supported Browsers Mac OS Windows Linux
Google Chrome 50+ 50+ 50+
Mozilla Firefox 45+ 45+ 45+
Microsoft Internet Explorer N/A 11+ N/A
Microsoft Edge N/A 38+ N/A
Safari 9.0+ N/A N/A
ESXi Passwords and Account Lockout
For ESXi hosts, you have to use a password with predefined requirements. You can change the required
length and character class requirement or allow pass phrases using the
Security.PasswordQualityControl advanced option.
ESXi uses the Linux PAM module pam_passwdqc for password management and control. See the man
page for pam_passwdqc for detailed information.
Note The default requirements for ESXi passwords can change from one release to the next. You can
check and change the default password restrictions using the Security.PasswordQualityControl
advanced option.
VMware ESXi Installation and Setup
VMware, Inc. 17
ESXi Passwords
ESXi enforces password requirements for access from the Direct Console User Interface, the ESXi Shell,
SSH, or the VMware Host Client.
n
By default, you have to include a mix of characters from four character classes: lowercase letters,
uppercase letters, numbers, and special characters such as underscore or dash when you create a
password.
n
By default, password length is more than 7 and less than 40.
n
Passwords cannot contain a dictionary word or part of a dictionary word.
Note An uppercase character that begins a password does not count toward the number of character
classes used. A number that ends a password does not count toward the number of character classes
used.
Example ESXi Passwords
The following password candidates illustrate potential passwords if the option is set as follows.
retry=3 min=disabled,disabled,disabled,7,7
With this setting, passwords with one or two character classes and pass phrases are not allowed,
because the first three items are disabled. Passwords from three- and four-character classes require
seven characters. See the pam_passwdqc man page for details.
With these settings, the following passwords are allowed.
n
xQaTEhb!: Contains eight characters from three character classes.
n
xQaT3#A: Contains seven characters from four character classes.
The following password candidates do not meet requirements.
n
Xqat3hi: Begins with an uppercase character, reducing the effective number of character classes to
two. The minimum number of required character classes is three.
n
xQaTEh2: Ends with a number, reducing the effective number of character classes to two. The
minimum number of required character classes is three.
ESXi Pass Phrase
Instead of a password, you can also use a pass phrase; however, pass phrases are disabled by default.
You can change this default or other settings, by using the Security.PasswordQualityControl
advanced option from the vSphere Web Client.
For example, you can change the option to the following.
retry=3 min=disabled,disabled,16,7,7
This example allows pass phrases of at least 16 characters and at least 3 words, separated by spaces.
VMware ESXi Installation and Setup
VMware, Inc. 18
For legacy hosts, changing the /etc/pamd/passwd file is still supported, but changing the file is
deprecated for future releases. Use the Security.PasswordQualityControl advanced option instead.
Changing Default Password Restrictions
You can change the default restriction on passwords or pass phrases by using the
Security.PasswordQualityControl advanced option for your ESXi host. See the vCenter Server and
Host Management documentation for information on setting ESXi advanced options.
You can change the default, for example, to require a minimum of 15 characters and a minimum number
of four words, as follows:
retry=3 min=disabled,disabled,15,7,7 passphrase=4
See the man page for pam_passwdqc for details.
Note Not all possible combinations of the options for pam_passwdqc have been tested. Perform
additional testing after you change the default password settings.
ESXi Account Lockout Behavior
Starting with vSphere 6.0, account locking is supported for access through SSH and through the vSphere
Web Services SDK. The Direct Console Interface (DCUI) and the ESXi Shell do not support account
lockout. By default, a maximum of ten failed attempts is allowed before the account is locked. The
account is unlocked after two minutes by default.
Configuring Login Behavior
You can configure the login behavior for your ESXi host with the following advanced options:
n
Security.AccountLockFailures. Maximum number of failed login attempts before a user's
account is locked. Zero disables account locking.
n
Security.AccountUnlockTime. Number of seconds that a user is locked out.
See the vCenter Server and Host Management documentation for information on setting ESXi advanced
options.
Preparing for Installing ESXi
Before you install ESXi, determine the installation option that is suitable for your environment and prepare
for the installation process.
Download the ESXi Installer
Download the installer for ESXi.
Prerequisites
Create a My VMware account at https://my.vmware.com/web/vmware/.
VMware ESXi Installation and Setup
VMware, Inc. 19
Procedure
1 Download the ESXi installer from the VMware Web site at
https://my.vmware.com/web/vmware/downloads.
ESXi is listed under Datacenter & Cloud Infrastructure.
2 Confirm that the md5sum is correct.
See the VMware Web site topic Using MD5 Checksums at
http://www.vmware.com/download/md5.html.
Options for Installing ESXi
ESXi can be installed in several ways. To ensure the best vSphere deployment, understand the options
thoroughly before beginning the installation.
ESXi installations are designed to accommodate a range of deployment sizes.
Depending on the installation method you choose, different options are available for accessing the
installation media and booting the installer.
Interactive ESXi Installation
Interactive installations are recommended for small deployments of fewer than five hosts.
You boot the installer from a CD or DVD, from a bootable USB device, or by PXE booting the installer
from a location on the network. You follow the prompts in the installation wizard to install ESXi to disk.
See Installing ESXi Interactively.
Scripted ESXi Installation
Running a script is an efficient way to deploy multiple ESXi hosts with an unattended installation.
The installation script contains the host configuration settings. You can use the script to configure multiple
hosts with the same settings. See Installing or Upgrading Hosts by Using a Script.
The installation script must be stored in a location that the host can access by HTTP, HTTPS, FTP, NFS,
CDROM, or USB. You can PXE boot the ESXi installer or boot it from a CD/DVD or USB drive.
VMware ESXi Installation and Setup
VMware, Inc. 20
Figure 5‑1. Scripted Installation
Scripted
HTTP
HTTPS
FTP
NFS
CDROM
USB
Create installation script (kickstart file)
and copy to appropriate location.
PXE boot
Boot from USB
Issues command to specify
location of installation script
and start installation.
Start installation
Boot from CD
vSphere Auto Deploy ESXi Installation
vSphere 5.x and later provide several ways to install ESXi with vSphere Auto Deploy.
vSphere Auto Deploy can provision hundreds of physical hosts with ESXi software. You can specify the
image to deploy and the hosts to provision with the image. Optionally, you can specify host profiles to
apply to the hosts, a vCenter Server location (datacenter, folder, or cluster), and script bundle for each
host.
vCenter Server makes ESXi updates and patches available for download in the form of an image profile.
The host configuration is provided in the form of a host profile. You can create host profiles by using the
vSphere Web Client. You can create custom image profiles by using vSphere ESXi Image Builder. See
Customizing Installations with vSphere ESXi Image Builder and vSphere Host Profiles.
When you provision hosts by using vSphere Auto Deploy, vCenter Server loads the ESXi image directly
into the host memory. vSphere Auto Deploy does not store the ESXi state on the host disk. The vSphere
Auto Deploy server continues to provision this host every time the host boots.
You can also use vSphere Auto Deploy to install an ESXi host, and set up a host profile that causes the
host to store the ESXi image and configuration on the local disk, a remote disk, or a USB drive.
Subsequently, the ESXi host boots from this local image and vSphere Auto Deploy no longer provisions
the host. This process is similar to performing a scripted installation. With a scripted installation, the script
provisions a host and the host then boots from disk. For this case, vSphere Auto Deploy provisions a host
and the host then boots from disk. For more information, see Using vSphere Auto Deploy for Stateless
Caching and Stateful Installs.
Media Options for Booting the ESXi Installer
The ESXi installer must be accessible to the system on which you are installing ESXi.
The following boot media are supported for the ESXi installer:
n
Boot from a CD/DVD. See Download and Burn the ESXi Installer ISO Image to a CD or DVD.
n
Boot from a USB flash drive. See Format a USB Flash Drive to Boot the ESXi Installation or Upgrade.
VMware ESXi Installation and Setup
VMware, Inc. 21
n
PXE boot from the network. PXE Booting the ESXi Installer
n
Boot from a remote location using a remote management application. See Using Remote
Management Applications
Download and Burn the ESXi Installer ISO Image to a CD or DVD
If you do not have an ESXi installation CD/DVD, you can create one.
You can also create an installer ISO image that includes a custom installation script. See Create an
Installer ISO Image with a Custom Installation or Upgrade Script.
Procedure
1 Download the ESXi installer from the VMware Web site at
https://my.vmware.com/web/vmware/downloads.
ESXi is listed under Datacenter & Cloud Infrastructure.
2 Confirm that the md5sum is correct.
See the VMware Web site topic Using MD5 Checksums at
http://www.vmware.com/download/md5.html.
3 Burn the ISO image to a CD or DVD.
Format a USB Flash Drive to Boot the ESXi Installation or Upgrade
You can format a USB flash drive to boot the ESXi installation or upgrade.
The instructions in this procedure assume that the USB flash drive is detected as /dev/sdb.
Note The ks.cfg file that contains the installation script cannot be located on the same USB flash drive
that you are using to boot the installation or upgrade.
Prerequisites
n
Linux machine with superuser access to it
n
USB flash drive that can be detected by the Linux machine
n
The ESXi ISO image, VMware-VMvisor-Installer-version_number-
build_number.x86_64.iso, which includes the isolinux.cfg file
n
Syslinux package
VMware ESXi Installation and Setup
VMware, Inc. 22
Procedure
1 If your USB flash drive is not detected as /dev/sdb, or you are not sure how your USB flash drive is
detected, determine how it is detected.
a At the command line, run the command for displaying the current log messages.
tail -f /var/log/messages
b Plug in your USB flash drive.
You see several messages that identify the USB flash drive in a format similar to the following
message.
Oct 25 13:25:23 ubuntu kernel: [ 712.447080] sd 3:0:0:0: [sdb] Attached SCSI removable disk
In this example, sdb identifies the USB device. If your device is identified differently, use that
identification, in place of sdb.
2 Create a partition table on the USB flash device.
/sbin/fdisk /dev/sdb
a Enter d to delete partitions until they are all deleted.
b Enter n to create a primary partition 1 that extends over the entire disk.
c Enter t to set the type to an appropriate setting for the FAT32 file system, such as c.
d Enter a to set the active flag on partition 1.
e Enter p to print the partition table.
The result should be similar to the following message.
Disk /dev/sdb: 2004 MB, 2004877312 bytes
255 heads, 63 sectors/track, 243 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 243 1951866 c W95 FAT32 (LBA)
f Enter w to write the partition table and exit the program.
3 Format the USB flash drive with the Fat32 file system.
/sbin/mkfs.vfat -F 32 -n USB /dev/sdb1
VMware ESXi Installation and Setup
VMware, Inc. 23
4 Install the Syslinux bootloader on the USB flash drive.
The locations of the Syslinux executable file and the mbr.bin file might vary for the different Syslinux
versions. For example, if you downloaded Syslinux 6.02, run the following commands.
/usr/bin/syslinux /dev/sdb1
cat /usr/lib/syslinux/mbr/mbr.bin > /dev/sdb
5 Create a destination directory and mount the USB flash drive to it.
mkdir /usbdisk
mount /dev/sdb1 /usbdisk
6 Create a destination directory and mount the ESXi installer ISO image to it.
mkdir /esxi_cdrom
mount -o loop VMware-VMvisor-Installer-6.x.x-XXXXXX.x86_64.iso /esxi_cdrom
7 Copy the contents of the ISO image to the USB flash drive.
cp -r /esxi_cdrom/* /usbdisk
8 Rename the isolinux.cfg file to syslinux.cfg.
mv /usbdisk/isolinux.cfg /usbdisk/syslinux.cfg
9 In the /usbdisk/syslinux.cfg file, edit the APPEND -c boot.cfg line to APPEND -c boot.cfg -p
1.
10 Unmount the USB flash drive.
umount /usbdisk
11 Unmount the installer ISO image.
umount /esxi_cdrom
The USB flash drive can boot the ESXi installer.
Create a USB Flash Drive to Store the ESXi Installation Script or Upgrade
Script
You can use a USB flash drive to store the ESXi installation script or upgrade script that is used during
scripted installation or upgrade of ESXi.
When multiple USB flash drives are present on the installation machine, the installation software
searches for the installation or upgrade script on all attached USB flash drives.
VMware ESXi Installation and Setup
VMware, Inc. 24
The instructions in this procedure assume that the USB flash drive is detected as /dev/sdb.
Note Do not store the ks file containing the installation or upgrade script on the same USB flash drive
that you are using to boot the installation or upgrade.
Prerequisites
n
Linux machine
n
ESXi installation or upgrade script, the ks.cfg kickstart file
n
USB flash drive
Procedure
1 Attach the USB flash drive to a Linux machine that has access to the installation or upgrade script.
2 Create a partition table.
/sbin/fdisk /dev/sdb
a Type d to delete partitions until they are all deleted.
b Type n to create primary partition 1 that extends over the entire disk.
c Type t to set the type to an appropriate setting for the FAT32 file system, such as c.
d Type p to print the partition table.
The result should be similar to the following text:
Disk /dev/sdb: 2004 MB, 2004877312 bytes
255 heads, 63 sectors/track, 243 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 243 1951866 c W95 FAT32 (LBA)
e Type w to write the partition table and quit.
3 Format the USB flash drive with the Fat32 file system.
/sbin/mkfs.vfat -F 32 -n USB /dev/sdb1
4 Mount the USB flash drive.
mount /dev/sdb1 /usbdisk
5 Copy the ESXi installation script to the USB flash drive.
cp ks.cfg /usbdisk
6 Unmount the USB flash drive.
The USB flash drive contains the installation or upgrade script for ESXi.
VMware ESXi Installation and Setup
VMware, Inc. 25
What to do next
When you boot the ESXi installer, point to the location of the USB flash drive for the installation or
upgrade script. See Enter Boot Options to Start an Installation or Upgrade Script and PXELINUX
Configuration Files.
Create an Installer ISO Image with a Custom Installation or Upgrade Script
You can customize the standard ESXi installer ISO image with your own installation or upgrade script.
This customization enables you to perform a scripted, unattended installation or upgrade when you boot
the resulting installer ISO image.
See also About Installation and Upgrade Scripts and About the boot.cfg File.
Prerequisites
n
Linux machine
n
The ESXi ISO image VMware-VMvisor-Installer-6.x.x-XXXXXX.x86_64.iso,where 6.x.x is the
version of ESXi you are installing, and XXXXXX is the build number of the installer ISO image
n
Your custom installation or upgrade script, the ks_cust.cfg kickstart file
Procedure
1 Download the ESXi ISO image from the VMware Web site.
2 Mount the ISO image in a folder:
mount -o loop VMware-VMvisor-Installer-6.x.x-XXXXXX.x86_64.iso /esxi_cdrom_mount
XXXXXX is the ESXi build number for the version that you are installing or upgrading to.
3 Copy the contents of cdrom to another folder:
cp -r /esxi_cdrom_mount /esxi_cdrom
4 Copy the kickstart file to /esxi_cdrom.
cp ks_cust.cfg /esxi_cdrom
5 (Optional) Modify the boot.cfg file to specify the location of the installation or upgrade script by
using the kernelopt option.
You must use uppercase characters to provide the path of the script, for example,
kernelopt=runweasel ks=cdrom:/KS_CUST.CFG
The installation or upgrade becomes completely automatic, without the need to specify the kickstart
file during the installation or upgrade.
VMware ESXi Installation and Setup
VMware, Inc. 26
6 Recreate the ISO image using the mkisofs or the genisoimage command.
Command Syntax
mkisofs mkisofs -relaxed-filenames -J -R -o custom_esxi.iso -b
isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-
info-table -eltorito-alt-boot -eltorito-platform efi -b
efiboot.img -no-emul-boot /esxi_cdrom
genisoimage genisoimage -relaxed-filenames -J -R -o custom_esxi.iso -b
isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-
info-table -eltorito-alt-boot -e efiboot.img -no-emul-
boot /esxi_cdrom
You can use this ISO image for regular boot or UEFI secure boot.
The ISO image includes your custom installation or upgrade script.
What to do next
Install ESXi from the ISO image.
PXE Booting the ESXi Installer
You can use the preboot execution environment (PXE) to boot a host. Starting with vSphere 6.0, you can
PXE boot the ESXi installer from a network interface on hosts with legacy BIOS or using UEFI.
ESXi is distributed in an ISO format that is designed to install to flash memory or to a local hard drive. You
can extract the files and boot by using PXE.
PXE uses Dynamic Host Configuration Protocol (DHCP) and Trivial File Transfer Protocol (TFTP) to boot
an operating system over a network.
PXE booting requires some network infrastructure and a machine with a PXE-capable network adapter.
Most machines that can run ESXi have network adapters that can PXE boot.
Note PXE booting with legacy BIOS firmware is possible only over IPv4. PXE booting with UEFI
firmware is possible with either IPv4 or IPv6.
Sample DHCP Configurations
To PXE boot the ESXi installer, the DHCP server must send the address of the TFTP server and the
filename of the initial boot loader to the ESXi host.
When the target machine first boots, it broadcasts a packet across the network requesting information to
boot itself. The DHCP server responds. The DHCP server must be able to determine whether the target
machine is allowed to boot and the location of the initial boot loader binary, typically a file on a TFTP
server.
Caution Do not set up a second DHCP server if your network already has one. If multiple DHCP servers
respond to DHCP requests, machines can obtain incorrect or conflicting IP addresses, or can fail to
receive the proper boot information. Talk to a network administrator before setting up a DHCP server. For
support on configuring DHCP, contact your DHCP server vendor.
VMware ESXi Installation and Setup
VMware, Inc. 27
Many DHCP servers can PXE boot hosts. If you are using a version of DHCP for Microsoft Windows, see
the DHCP server documentation to determine how to pass the next-server and filename arguments to
the target machine.
Example of Booting Using TFTP with IPv4
This example shows how to configure an ISC DHCP server to boot ESXi using a TFTP server at IPv4
address xxx.xxx.xxx.xxx.
#
# ISC DHCP server configuration file snippet. This is not a complete
# configuration file; see the ISC server documentation for details on
# how to configure the DHCP server.
#
allow booting;
allow bootp;
option client-system-arch code 93 = unsigned integer 16;
class "pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server xxx.xxx.xxx.xxx;
if option client-system-arch = 00:07 or option client-system-arch = 00:09 {
filename = "mboot.efi";
} else {
filename = "pxelinux.0";
}
}
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
pxelinux.0 or mboot.efi binary file on the TFTP server.
Example of Booting Using TFTP with IPv6
This example shows how to configure an ISC DHCPv6 server to boot ESXi using a TFTP server at IPv6
address xxxx:xxxx:xxxx:xxxx::xxxx.
#
# ISC DHCPv6 server configuration file snippet. This is not a complete
# configuration file; see the ISC server documentation for details on
# how to configure the DHCP server.
#
allow booting;
allow bootp;
option dhcp6.bootfile-url code 59 = string;
option dhcp6.bootfile-url "tftp://[xxxx:xxxx:xxxx:xxxx::xxxx]/mboot.efi";
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
mboot.efi binary file on the TFTP server.
VMware ESXi Installation and Setup
VMware, Inc. 28
Example of Booting Using HTTP with IPv4
This example shows how to configure an ISC DHCP server to boot ESXi using a Web server at IPv4
address xxx.xxx.xxx.xxx. The example uses gPXELINUX for legacy BIOS hosts and iPXE for UEFI hosts.
#
# ISC DHCPv6 server configuration file snippet. This is not a complete
# configuration file; see the ISC server documentation for details on
# how to configure the DHCP server.
#
allow booting;
allow bootp;
option client-system-arch code 93 = unsigned integer 16;
class "pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server xxx.xxx.xxx.xxx;
if option client-system-arch = 00:07 or option client-system-arch = 00:09 {
if exists user-class and option user-class = "iPXE" {
# Instruct iPXE to load mboot.efi as secondary bootloader
filename = "mboot.efi";
} else {
# Load the snponly.efi configuration of iPXE as initial bootloader
filename = "snponly.efi";
}
} else {
filename "gpxelinux.0";
}
}
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
gpxelinux.0 or snponly.efi binary file on the TFTP server. In the UEFI case, iPXE then asks the
DHCP server for the next file to load, and this time the server returns mboot.efi as the filename.
Example of Booting Using HTTP with IPv6
This example shows how to configure an ISC DHCPv6 server to boot ESXi using a TFTP server at IPv6
address xxxx:xxxx:xxxx:xxxx::xxxx.
#
# ISC DHCPv6 server configuration file snippet. This is not a complete
# configuration file; see the ISC server documentation for details on
# how to configure the DHCP server.
#
allow booting;
allow bootp;
option dhcp6.bootfile-url code 59 = string;
if exists user-class and option user-class = "iPXE" {
# Instruct iPXE to load mboot.efi as secondary bootloader
option dhcp6.bootfile-url "tftp://[xxxx:xxxx:xxxx:xxxx::xxxx]/mboot.efi";
VMware ESXi Installation and Setup
VMware, Inc. 29
} else {
# Load the snponly.efi configuration of iPXE as initial bootloader
option dhcp6.bootfile-url "tftp://[xxxx:xxxx:xxxx:xxxx::xxxx]/snponly.efi";
}
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
snponly.efi (iPXE) binary file on the TFTP server. iPXE then asks the DHCP server for the next file to
load, and this time the server returns mboot.efi as the filename.
PXELINUX Configuration Files
You need a PXELINUX configuration file to boot the ESXi installer on a legacy BIOS system. The
configuration file defines the menu displayed to the target ESXi host as it boots up and contacts the TFTP
server for all SYSLINUX configurations, including PXELINUX and gPXELINUX.
This section gives general information about PXELINUX configuration files. For examples, see Sample
DHCP Configurations.
For syntax details, see the SYSLINUX web site at http://www.syslinux.org/.
Required Files
In the PXE configuration file, you must include paths to the following files:
n
mboot.c32 is the boot loader.
n
boot.cfg is the boot loader configuration file.
See About the boot.cfg File
File Name for the PXE Configuration File
For the file name of the PXE configuration file, select one of the following options:
n
01-mac_address_of_target_ESXi_host. For example, 01-23-45-67-89-0a-bc
n
The target ESXi host IP address in hexadecimal notation.
n
default
The initial boot file, pxelinux.0 or gpxelinux.0, tries to load a PXE configuration file in the following
order:
1 It tries with the MAC address of the target ESXi host, prefixed with its ARP type code, which is 01 for
Ethernet.
2 If that attempt fails, it tries with the hexadecimal notation of target ESXi system IP address.
3 Ultimately, it tries to load a file named default.
File Location for the PXE Configuration File
Save the file in /tftpboot/pxelinux.cfg/ on the TFTP server.
For example, you might save the file on the TFTP server at /tftpboot/pxelinux.cfg/01-00-21-5a-
ce-40-f6. The MAC address of the network adapter on the target ESXi host is 00-21-5a-ce-40-f6.
VMware ESXi Installation and Setup
VMware, Inc. 30
Loading...