VMware vSphere - 6.0.2 Installation Manual
vSphere Installation and Setup
Update 2
vSphere 6.0
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions of
this document, see http://www.vmware.com/support/pubs.
EN-001986-04
vSphere Installation and Setup
You can find the most up-to-date technical documentation on the VMware Web site at:
hp://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About vSphere Installation and Setup 7
Updated Information 9
Introduction to vSphere Installation and Setup 11
1
vCenter Server Components and Services 11
vCenter Server Deployment Models 13
Overview of the vSphere Installation and Setup Process 16
vSphere Security Certicates Overview 17
Enhanced Linked Mode Overview 20
System Requirements 23
2
ESXi Requirements 23
vCenter Server for Windows Requirements 29
vCenter Server Appliance Requirements 31
Required Ports for vCenter Server and Platform Services Controller 33
vSphere DNS Requirements 37
vSphere Web Client Software Requirements 38
Client Integration Plug-In Software Requirements 38
vSphere Client Requirements 39
Required Free Space for System Logging 40
Before You Install ESXi 41
3
Options for Installing ESXi 41
Media Options for Booting the ESXi Installer 44
Using Remote Management Applications 55
Required Information for ESXi Installation 55
Download the ESXi Installer 56
VMware, Inc.
Installing ESXi 57
4
Installing ESXi Interactively 57
Installing or Upgrading Hosts by Using a Script 60
Installing ESXi Using vSphere Auto Deploy 74
Using vSphere ESXi Image Builder 139
Seing Up ESXi 163
5
ESXi Autoconguration 164
About the Direct Console ESXi Interface 164
Set the Password for the Administrator Account 167
Conguring the BIOS Boot Seings 167
Host Fails to Boot After You Install ESXi in UEFI Mode 168
3
vSphere Installation and Setup
Network Access to Your ESXi Host 169
Congure the Network Seings on a Host That Is Not Aached to the Network 169
Managing ESXi Remotely 170
Conguring Network Seings 170
Storage Behavior 175
Enable ESXi Shell and SSH Access with the Direct Console User Interface 177
View System Logs 178
Congure Syslog on ESXi Hosts 178
Congure Log Filtering on ESXi Hosts 179
Set the Host Image Prole Acceptance Level 180
Reset the System Conguration 181
Remove All Custom Packages on ESXi 181
Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names 182
Decommission an ESXi Host 182
After You Install and Set Up ESXi 183
6
Managing the ESXi Host 183
Licensing ESXi Hosts 183
Install the vSphere Client 185
Before You Install vCenter Server or Deploy the vCenter Server Appliance 187
7
Preparing vCenter Server Databases 187
How vCenter Single Sign-On Aects Installation 207
Synchronizing Clocks on the vSphere Network 211
Using a User Account for Running vCenter Server 211
Installing vCenter Server on IPv6 Machines 212
Running the vCenter Server Installer from a Network Drive 212
Required Information for Installing vCenter Server 212
Required Information for Deploying the vCenter Server Appliance 216
Installing vCenter Server on a Windows Virtual Machine or Physical Server 225
8
Download the vCenter Server for Windows Installer 225
Install vCenter Server with an Embedded Platform Services Controller 226
Installing vCenter Server with an External Platform Services Controller 228
Installing vCenter Server in an Environment with Multiple NICs 233
Deploying the vCenter Server Appliance 235
9
Download the vCenter Server Appliance Installer 236
Install the Client Integration Plug-In 236
Deploy the vCenter Server Appliance with an Embedded Platform Services Controller 237
Deploying a vCenter Server Appliance with an External Platform Services Controller 240
Troubleshooting vCenter Server Installation or Deployment 247
10
Collecting Logs for Troubleshooting a vCenter Server Installation or Upgrade 247
Aempt to Install a Platform Services Controller After a Prior Installation Failure 249
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server
Installation or Upgrade to Fail 250
4 VMware, Inc.
After You Install vCenter Server or Deploy the vCenter Server Appliance 251
11
Log in to vCenter Server by Using the vSphere Web Client 251
Collect vCenter Server Log Files 252
Install or Upgrade vSphere Authentication Proxy 252
Uninstall vCenter Server 254
Repoint the Connections Between vCenter Server and Platform Services Controller 254
Recongure a Standalone vCenter Server with an Embedded Platform Services Controller to a
vCenter Server with an External Platform Services Controller 256
Recongure Multiple Joined Instances of vCenter Server with an Embedded
Platform Services Controller to vCenter Server with an External Platform Services Controller 259
Contents
Backing Up and Restoring a vCenter Server Environment 269
12
General vSphere Data Protection Workow 270
Backing Up and Restoring vCenter Server with an Embedded Platform Services Controller 277
Backing Up and Restoring a vCenter Server Environment with a Single External
Platform Services Controller 278
Backing Up and Restoring a vCenter Server Environment with Multiple
Platform Services Controller Instances 281
Index 291
VMware, Inc. 5
vSphere Installation and Setup
6 VMware, Inc.
About vSphere Installation and Setup
vSphere Installation and Setup describes how to install and congure VMware® vCenter Server, deploy the
vCenter Server Appliance, and ESXi.
Intended Audience
vSphere Installation and Setup is intended for experienced administrators who want to install and congure
vCenter Server, deploy and congure the vCenter Server Appliance, and install and congure ESXi.
This information is wrien for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and data center operations. The information about using the Image Builder and
Auto Deploy is wrien for administrators who have experience with Microsoft PowerShell and PowerCLI.
VMware, Inc.
7
vSphere Installation and Setup
8 VMware, Inc.
Updated Information
This vSphere Installation and Setup is updated with each release of the product or when necessary.
This table provides the update history of the vSphere Installation and Setup.
Revision Description
EN-001986-04
EN-001986-03
EN-001986-02
EN-001986-01
EN-001986-00 Initial release.
Updated “vCenter Server for Windows Hardware Requirements,” on page 30 and “vCenter Server
n
Appliance Hardware Requirements,” on page 31 to state that the hardware requirements for
vCenter Server with an embedded Platform Services Controller and vCenter Server with an external
Platform Services Controller are the same.
Updated “Recongure Each vCenter Server Instance and Repoint It from an Embedded to External
n
Platform Services Controller Instance,” on page 265 to add a step for creating direct replication
agreement between the embedded and the external Platform Services Controller instances if not
present.
Revised the prerequisites and steps in “Format a USB Flash Drive to Boot the ESXi Installation or
n
Upgrade,” on page 44.
Updated “Install the Client Integration Plug-In,” on page 236 to improve the information about the
n
location of the executable le.
Updated information on ports 389, 636, 11711, and 11712 in “Required Ports for vCenter Server and
n
Platform Services Controller,” on page 33.
Minor revisions of the examples in “Create an Installer ISO Image with a Custom Installation or
n
Upgrade Script,” on page 47 and “Boot Options,” on page 61.
Updated topics “Set the Scratch Partition from the vSphere Web Client,” on page 176 and “Host
n
Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host,” on page 177 to add an
example for seing a directory path for the scratch partition.
n
Updated the psc_restore script name in Chapter 12, “Backing Up and Restoring a vCenter Server
Environment,” on page 269 section.
Updated topic “Auto Deploy Best Practices,” on page 114 to state that Auto Deploy is deployed
n
together with the vCenter Server system.
Corrected URL in topic “Create a Backup Job in vSphere Data Protection,” on page 273.
n
Updated information on number of vCenter Server instances in “How vCenter Single Sign-On
n
Aects Installation,” on page 207.
Updated topic “Recongure a Standalone vCenter Server with an Embedded Platform Services
n
Controller to a vCenter Server with an External Platform Services Controller,” on page 256 and
added “Recongure Multiple Joined Instances of vCenter Server with an Embedded Platform
Services Controller to vCenter Server with an External Platform Services Controller,” on page 259 to
improve the information about reconguring a standalone and multiple instances of vCenter Server
with an embedded Platform Services Controller.
VMware, Inc. 9
vSphere Installation and Setup
10 VMware, Inc.
Introduction to vSphere Installation
and Setup 1
vSphere 6.0 provides various options for installation and setup. To ensure a successful vSphere deployment,
understand the installation and setup options, and the sequence of tasks.
The two core components of vSphere are VMware ESXi® and VMware vCenter Server®. ESXi is the
virtualization platform on which you can create and run virtual machines and virtual appliances.
vCenter Server is a service that acts as a central administrator for ESXi hosts connected in a network.
vCenter Server lets you pool and manage the resources of multiple hosts.
You can install vCenter Server on a Windows virtual machine or physical server, or deploy the
vCenter Server Appliance. The vCenter Server Appliance is a precongured Linux-based virtual machine
optimized for running vCenter Server and the vCenter Server components. You can deploy the
vCenter Server Appliance on ESXi hosts 5.0 or later, or on vCenter Server instances 5.0 or later.
Starting with vSphere 6.0, all prerequisite services for running vCenter Server and the vCenter Server
components are bundled in the VMware Platform Services Controller. You can deploy vCenter Server with
an embedded or external Platform Services Controller, but you must always install or deploy the
Platform Services Controller before installing or deploying vCenter Server.
This chapter includes the following topics:
“vCenter Server Components and Services,” on page 11
n
“vCenter Server Deployment Models,” on page 13
n
“Overview of the vSphere Installation and Setup Process,” on page 16
n
“vSphere Security Certicates Overview,” on page 17
n
“Enhanced Linked Mode Overview,” on page 20
n
vCenter Server Components and Services
vCenter Server provides a centralized platform for management, operation, resource provisioning, and
performance evaluation of virtual machines and hosts.
When you install vCenter Server with an embedded Platform Services Controller, or deploy the
vCenter Server Appliance with an embedded Platform Services Controller, vCenter Server, the
vCenter Server components, and the services included in the Platform Services Controller are deployed on
the same system.
When you install vCenter Server with an external Platform Services Controller, or deploy the
vCenter Server Appliance with an external Platform Services Controller, vCenter Server and the
vCenter Server components are deployed on one system, and the services included in the
Platform Services Controller are deployed on another system.
VMware, Inc.
11
vSphere Installation and Setup
The following components are included in the vCenter Server and vCenter Server Appliance installations:
The VMware Platform Services Controller group of infrastructure services contains vCenter Single Sign-
n
On, License service, Lookup Service, and VMware Certicate Authority.
The vCenter Server group of services contains vCenter Server, vSphere Web Client, Inventory Service,
n
vSphere Auto Deploy, vSphere ESXi Dump Collector, VMware vSphere Syslog Collector on Windows
and VMware Sphere Syslog Service for the vCenter Server Appliance.
Services Installed with VMware Platform Services Controller
vCenter Single Sign-On
vSphere License
Service
VMware Certificate
Authority
The vCenter Single Sign-On authentication service provides secure
authentication services to the vSphere software components. By using
vCenter Single Sign-On, the vSphere components communicate with each
other through a secure token exchange mechanism, instead of requiring each
component to authenticate a user separately with a directory service like
Active Directory. vCenter Single Sign-On constructs an internal security
domain (for example, vsphere.local) where the vSphere solutions and
components are registered during the installation or upgrade process,
providing an infrastructure resource. vCenter Single Sign-On can
authenticate users from its own internal users and groups, or it can connect
to trusted external directory services such as Microsoft Active Directory.
Authenticated users can then be assigned registered solution-based
permissions or roles within a vSphere environment.
vCenter Single Sign-On is available and required with vCenter Server 5.1.x
and later.
The vSphere License service provides common license inventory and
management capabilities to all vCenter Server systems that are connected to
a Platform Services Controller or multiple linked
Platform Services Controllers.
VMware Certicate Authority (VMCA) provisions each ESXi host with a
signed certicate that has VMCA as the root certicate authority, by default.
Provisioning occurs when the ESXi host is added to vCenter Server explicitly
or as part of the ESXi host installation process. All ESXi certicates are stored
locally on the host.
Services Installed with vCenter Server
These additional components are installed silently when you install vCenter Server. The components cannot
be installed separately as they do not have their own installers.
vCenter Inventory
Service
PostgreSQL
vSphere Web Client
vSphere ESXi Dump
Collector
12 VMware, Inc.
Inventory Service stores vCenter Server conguration and inventory data,
enabling you to search and access inventory objects across vCenter Server
instances.
A bundled version of the VMware distribution of PostgreSQL database for
vSphere and vCloud Hybrid Services.
The vSphere Web Client lets you connect to vCenter Server instances by
using a Web browser, so that you can manage your vSphere infrastructure.
The vCenter Server support tool. You can congure ESXi to save the
VMkernel memory to a network server, rather than to a disk, when the
system encounters a critical failure. The vSphere ESXi Dump Collector
collects such memory dumps over the network.
Chapter 1 Introduction to vSphere Installation and Setup
VMware vSphere Syslog
Collector
VMware Syslog Service
vSphere Auto Deploy
The vCenter Server on Windows support tool that enables network logging
and combining of logs from multiple hosts. You can use the vSphere Syslog
Collector to direct ESXi system logs to a server on the network, rather than to
a local disk. The recommended maximum number of supported hosts to
collect logs from is 30. For information about conguring vSphere Syslog
Collector, see hp://kb.vmware.com/kb/2021652.
The vCenter Server Appliance support tool that provides a unied
architecture for system logging, network logging and collecting logs from
hosts. You can use the VMware Syslog Service to direct ESXi system logs to a
server on the network, rather than to a local disk. The recommended
maximum number of supported hosts to collect logs from is 30. For
information about conguring VMware Syslog Service, see vCenter Server
Appliance Conguration.
The vCenter Server support tool that can provision hundreds of physical
hosts with ESXi software. You can specify the image to deploy and the hosts
to provision with the image. Optionally, you can specify host proles to
apply to the hosts, and a vCenter Server location (folder or cluster) for each
host.
vCenter Server Deployment Models
You can install vCenter Server on a virtual machine or a physical server running Microsoft Windows Server
2008 SP2 or later, or can deploy the vCenter Server Appliance. The vCenter Server Appliance is a
precongured Linux-based virtual machine, optimized for running vCenter Server.
vSphere 6.0 introduces vCenter Server with an embedded Platform Services Controller and vCenter Server
with an external Platform Services Controller.
I This documentation provides information about the basic deployment models. For information
about the recommended topologies, see List of recommended topologies for vSphere 6.0.x.
vCenter Server with an
embedded
Platform Services
Controller
vCenter Server with an
external
Platform Services
Controller
N After you deploy vCenter Server with an embedded Platform Services Controller, you can
recongure your topology and switch to vCenter Server with an external Platform Services Controller. This
is a one-way process after which you cannot switch back to vCenter Server with an embedded
Platform Services Controller. You can repoint the vCenter Server instance only to an external
Platform Services Controller that is congured to replicate the infrastructure data within the same domain.
All services bundled with the Platform Services Controller are deployed on
the same virtual machine or physical server as vCenter Server.
The services bundled with the Platform Services Controller and
vCenter Server are deployed on dierent virtual machines or physical
servers.
You rst must deploy the Platform Services Controller on one virtual
machine or physical server and then deploy vCenter Server on another
virtual machine or physical server.
vCenter Server with an Embedded Platform Services Controller
vCenter Server and the Platform Services Controller are deployed on a single virtual machine or physical
server.
VMware, Inc. 13
Platform Services
Controller
Virtual Machine
or Physical Server
vCenter Server
Platform Services
Controller
Virtual Machine
or Physical Server
Virtual Machine
or Physical Server
vCenter Server
Virtual Machine
or Physical Server
vCenter Server
vSphere Installation and Setup
Figure 1‑1. vCenter Server with an Embedded Platform Services Controller
Installing vCenter Server with an embedded Platform Services Controller has the following advantages:
The connection between vCenter Server and the Platform Services Controller is not over the network,
n
and vCenter Server is not prone to outages because of connectivity and name resolution issues between
vCenter Server and the Platform Services Controller.
If you install vCenter Server on Windows virtual machines or physical servers, you will need fewer
n
Windows licenses.
You will have to manage fewer virtual machines or physical servers.
n
You do not need a load balancer to distribute the load across Platform Services Controller.
n
Installing with an embedded Platform Services Controller has the following disadvantages:
There is a Platform Services Controller for each product which might be more than required. This
n
consumes more resources.
The model is suitable for small-scale environments.
n
vCenter Server with an External Platform Services Controller
vCenter Server and the Platform Services Controller are deployed on separate virtual machine or physical
server. The Platform Services Controller can be shared across several vCenter Server instances. You can
install a Platform Services Controller and then install several vCenter Server instances and register them
with the Platform Services Controller. You can then install another Platform Services Controller, congure it
to replicate data with the rst Platform Services Controller, and then install vCenter Server instances and
register them with the second Platform Services Controller.
Figure 1‑2. vCenter Server with an External Platform Services Controller
14 VMware, Inc.
Installing vCenter Server with an external Platform Services Controller has the following advantages:
Less resources consumed by the combined services in the Platform Services Controllers enables a
n
n
reduced footprint and reduced maintenance.
Your environment can consist of more vCenter Server instances.
Platform Services
Controller on Windows
Windows Virtual Machine
or Physical Server
Virtual Machine
vCenter Server
Appliance
Virtual Machine
or Physical Server
vCenter Server
on Windows
Platform Services
Controller Appliance
Linux Virtual Machine
Virtual Machine
vCenter Server
Appliance
Virtual Machine
or Physical Server
vCenter Server
on Windows
Chapter 1 Introduction to vSphere Installation and Setup
Installing vCenter Server with an external Platform Services Controller has the following disadvantages:
The connection between vCenter Server and Platform Services Controller is over the network and is
n
prone to connectivity and name resolution issues.
If you install vCenter Server on Windows virtual machines or physical servers, you need more
n
Microsoft Windows licenses.
You must manage more virtual machines or physical servers.
n
Mixed Operating Systems Environment
A vCenter Server instance installed on Windows can be registered with either a Platform Services Controller
installed on Windows or a Platform Services Controller appliance. A vCenter Server Appliance, can be
registered with either a Platform Services Controller installed on Windows or a Platform Services Controller
appliance. Both vCenter Server and the vCenter Server Appliance can be registered with the same
Platform Services Controller within a domain.
Figure 1‑3. Example of a Mixed Operating Systems Environment with an External Platform Services
Controller on Windows
Figure 1‑4. Example of a Mixed Operating Systems Environment with an External Platform Services
Controller Appliance
Having many Platform Services Controllers that replicate their infrastructure data, allows you to ensure
high availability of your system.
If an external Platform Services Controller with which your vCenter Server instance or
vCenter Server Appliance was initially registered, stops responding, you can repoint your vCenter Server or
vCenter Server Appliance to another external Platform Services Controller in the domain. For more
information, see “Repoint the Connections Between vCenter Server and Platform Services Controller,” on
page 254.
VMware, Inc. 15
vSphere Installation and Setup
Overview of the vSphere Installation and Setup Process
vSphere is a sophisticated product with multiple components to install and set up. To ensure a successful
vSphere deployment, understand the sequence of tasks required.
Installing vSphere includes the following tasks:
1 Read the vSphere release notes.
2 Verify that your system meets vSphere hardware and software requirements. See Chapter 2, “System
Requirements,” on page 23.
3 Install ESXi.
a Verify that your system meets the minimum hardware requirements. See “ESXi Requirements,” on
page 23.
b Determine the ESXi installation option to use. See “Options for Installing ESXi,” on page 41.
c Determine where you want to locate and boot the ESXi installer. See “Media Options for Booting
the ESXi Installer,” on page 44. If you are PXE-booting the installer, verify that your network PXE
infrastructure is properly set up. See “PXE Booting the ESXi Installer,” on page 48.
d Create a worksheet with the information you will need when you install ESXi. See “Required
Information for ESXi Installation,” on page 55.
e Install ESXi.
“Installing ESXi Interactively,” on page 57
n
“Installing or Upgrading Hosts by Using a Script,” on page 60
n
“Installing ESXi Using vSphere Auto Deploy,” on page 74
n
I In vSphere 6.0, Auto Deploy is installed together with vCenter Server. To provision
ESXi hosts by using Auto Deploy, you must install vCenter Server or deploy the
vCenter Server Appliance.
4 Congure ESXi boot and network seings, the direct console, and other seings. See Chapter 5, “Seing
Up ESXi,” on page 163 and Chapter 6, “After You Install and Set Up ESXi,” on page 183.
5 Consider seing up a syslog server for remote logging, to ensure sucient disk storage for log les.
Seing up logging on a remote host is especially important for hosts with limited local storage. See
“Required Free Space for System Logging,” on page 40 and “Congure Syslog on ESXi Hosts,” on
page 178.
6 Install vCenter Server on a Windows virtual machine or physical server or deploy the
vCenter Server Appliance.
In vSphere 6.0, you can install vCenter Server or deploy the vCenter Server Appliance, and connect
them in Enhanced Linked Mode conguration by registering the vCenter Server instance and the
vCenter Server Appliance to Platform Services Controllers that replicate their infrastructure data.
Concurrent installations are not supported. After you install or deploy a Platform Services Controller,
you must install vCenter Server instances or deploy vCenter Server Appliance sequentially.
Install vCenter Server on a Windows virtual machine or physical server.
n
1 Verify that your system meets the hardware and software requirements for installing
vCenter Server. See “vCenter Server for Windows Requirements,” on page 29.
2 (Optional) Set up an external vCenter Server database. See “Preparing vCenter Server
Databases,” on page 187.
16 VMware, Inc.
Chapter 1 Introduction to vSphere Installation and Setup
For an environment with up to 20 hosts and 200 virtual machines, you can use the bundled
PostgreSQL database. For production and large scale environments, set up an external
database, because the migration from the embedded PostgreSQL database to an external
database is not a trivial manual process.
3 Create a worksheet with the information you need for installation. See “Required Information
for Installing vCenter Server,” on page 212.
4 Install vCenter Server and the Platform Services Controller. See Chapter 8, “Installing vCenter
Server on a Windows Virtual Machine or Physical Server,” on page 225.
You can install vCenter Server with an embedded or with an external
Platform Services Controller.
vCenter Server with an embedded Platform Services Controller deployment is suitable for
small-scale environments. vCenter Server with an external Platform Services Controller
deployment is suitable for environments with several vCenter Server instances. See “vCenter
Server Deployment Models,” on page 13 .
Deploy the vCenter Server Appliance.
n
1 Review the topics in “vCenter Server Appliance Requirements,” on page 31 and verify that
your system meets the hardware and software requirements for deploying the
vCenter Server Appliance.
2 (Optional) Set up an external Oracle database. The vCenter Server Appliance supports only
Oracle database as an external database. See “Preparing vCenter Server Databases,” on
page 187.
You can also use the bundled PostgreSQL database, which is suitable for environments that
contain up to 1,000 hosts and 10,000 virtual machines.
3 Use the topic “Required Information for Deploying the vCenter Server Appliance,” on
page 216 to create a worksheet with the information you need for installation.
4 Deploy the vCenter Server Appliance with an embedded Platform Services Controller or with
an external Platform Services Controller. See Chapter 9, “Deploying the vCenter Server
Appliance,” on page 235.
vCenter Server with an embedded Platform Services Controller deployment is suitable for
small-scale environments. vCenter Server with an external Platform Services Controller
deployment is suitable for environments with several vCenter Server instances. See “vCenter
Server Deployment Models,” on page 13 .
7 Connect to vCenter Server from the vSphere Web Client. See Chapter 11, “After You Install vCenter
Server or Deploy the vCenter Server Appliance,” on page 251.
8 Congure vCenter Server and the vCenter Server Appliance. See vCenter Server and Host Management
and vCenter Server Appliance Conguration.
vSphere Security Certificates Overview
ESXi hosts and vCenter Server communicate securely over SSL to ensure condentiality, data integrity and
authentication.
In vSphere 6.0, the VMware Certicate Authority (VMCA) provisions each ESXi host with a signed
certicate that has VMCA as the root certicate authority, by default. Provisioning happens when the ESXi
host is added to vCenter Server explicitly or as part of the ESXi host installation. All ESXi certicates are
stored locally on the host.
You can also use custom certicates with a dierent root Certicate Authority (CA). For information about
managing certicates for ESXi hosts, see the vSphere Security documentation.
VMware, Inc. 17
CA-Cert
VECS
Machine-Cert
Signed
VMCA
vSphere Installation and Setup
All certicates for vCenter Server and the vCenter Server services are stored in the VMware Endpoint
Certicate Store (VECS).
You can replace the VMCA certicate for vCenter Server with a dierent certicate signed by a CA. If you
want to use a third party certicate, install the Platform Services Controller, add the new CA-signed root
certicate to VMCA, and then install vCenter Server. For information about managing vCenter Server
certicates, see the vSphere Security documentation.
Certificate Replacement Overview
You can perform dierent types of certicate replacement depending on company policy and requirements
for the system that you are conguring. You can perform each replacement with the vSphere Certicate
Manager utility or manually by using the CLIs included with your installation.
VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA
provisions each node, each vCenter Server solution user, and each ESXi host with a certicate that is signed
by VMCA as the certicate authority. vCenter Server solution users are groups of vCenter Server services.
See vSphere Security for a list of solution users.
You can replace the default certicates. For vCenter Server components, you can use a set of command-line
tools included in your installation. You have several options.
See the vSphere Security publication for details on the replacement workows and on the vSphere Certicate
Manager utility.
Replace With Certificates Signed by VMCA
If your VMCA certicate expires or you want to replace it for other reasons, you can use the certicate
management CLIs to perform that process. By default, the VMCA root certicate expires after ten years, and
all certicates that VMCA signs expire when the root certicate expires, that is, after a maximum of ten
years.
Figure 1‑5. Certificates Signed by VMCA Are Stored in VECS
18 VMware, Inc.
CA-Cert
VECS
Machine-Cert
Signed
VMware vSphere
VMCA
Root
CA-Cert
Enterprise
CA-Cert
Signed Signed
Chapter 1 Introduction to vSphere Installation and Setup
Make VMCA an Intermediate CA
You can replace the VMCA root certicate with a certicate that is signed by an enterprise CA or third-party
CA. VMCA signs the custom root certicate each time it provisions certicates, making VMCA an
intermediate CA.
N If you perform a fresh install that includes an external Platform Services Controller, install the
Platform Services Controller rst and replace the VMCA root certicate. Next, install other services or add
ESXi hosts to your environment. If you perform a fresh install with an embedded
Platform Services Controller, replace the VMCA root certicate before you add ESXi hosts. If you do, all
certicates are signed by the whole chain, and you do not have to generate new certicates.
Figure 1‑6. Certificates Signed by a Third-Party or Enterprise CA Use VMCA as an Intermediate CA
Do Not Use VMCA, Provision with Custom Certificates
You can replace the existing VMCA-signed certicates with custom certicates. If you use that approach,
you are responsible for all certicate provisioning and monitoring.
VMware, Inc. 19
Unused
VECS
Machine-Cert
VMware vSphere
VMCA
External CA
(Commercial or
Enterprise)
Signed
vSphere Installation and Setup
Figure 1‑7. External Certificates are Stored Directly in VECS
Hybrid Deployment
You can have VMCA supply some of the certicates, but use custom certicates for other parts of your
infrastructure. For example, because solution user certicates are used only to authenticate to vCenter Single
Sign-On, consider having VMCA provision those certicates. Replace the machine SSL certicates with
custom certicates to secure all SSL trac.
ESXi Certificate Replacement
For ESXi hosts, you can change certicate provisioning behavior from the vSphere Web Client.
VMware Certificate
Authority mode (default)
When you renew certicates from the vSphere Web Client, VMCA issues the
certicates for the hosts. If you changed the VMCA root certicate to include
a certicate chain, the host certicates include the full chain.
Custom Certificate
Authority mode
Thumbprint mode
Allows you to manually update and use certicates that are not signed or
issued by VMCA.
Can be used to retain 5.5 certicates during refresh. Use this mode only
temporarily in debugging situations.
Enhanced Linked Mode Overview
Enhanced Linked Mode connects multiple vCenter Server systems together by using one or more
Platform Services Controllers.
Enhanced Linked Mode lets you view and search across all linked vCenter Server systems and replicate
roles, permissions, licenses, policies, and tags.
When you install vCenter Server or deploy the vCenter Server Appliance with an external
Platform Services Controller, you must rst install the Platform Services Controller. During installation of
the Platform Services Controller, you can select whether to create a new vCenter Single Sign-On domain or
join an existing domain. You can select to join an existing vCenter Single Sign-On domain if you have
already installed or deployed a Platform Services Controller, and have created a vCenter Single Sign-On
domain. When you join an existing vCenter Single Sign-On domain, the data between the existing
Platform Services Controller and the new Platform Services Controller is replicated, and the infrastructure
data is replicated between the two Platform Services Controllers.
20 VMware, Inc.
Chapter 1 Introduction to vSphere Installation and Setup
With Enhanced Linked Mode, you can connect not only vCenter Server systems running on Windows but
also many vCenter Server Appliances. You can also have an environment where multiple vCenter Server
systems and vCenter Server Appliances are linked together.
If you install vCenter Server with an external Platform Services Controller, you rst must deploy the
Platform Services Controller on one virtual machines or physical server and then deploy vCenter Server on
another virtual machines or physical server. While installing vCenter Server, you must select the external
Platform Services Controller. Make sure that the Platform Services Controller you select is an external
standalone Platform Services Controller. Selecting an existing Platform Services Controller that is a part of
an embedded installation is not supported and cannot be recongured after the deployment. For
information about the recommended topologies, see hp://kb.vmware.com/kb/2108548.
VMware, Inc. 21
vSphere Installation and Setup
22 VMware, Inc.
System Requirements 2
Systems running vCenter Server on Windows, the vCenter Server Appliance, and ESXi instances must meet
specic hardware and operating system requirements.
If you are using Auto Deploy to provision ESXi hosts, see also “Preparing for vSphere Auto Deploy,” on
page 84.
This chapter includes the following topics:
“ESXi Requirements,” on page 23
n
“vCenter Server for Windows Requirements,” on page 29
n
“vCenter Server Appliance Requirements,” on page 31
n
“Required Ports for vCenter Server and Platform Services Controller,” on page 33
n
“vSphere DNS Requirements,” on page 37
n
“vSphere Web Client Software Requirements,” on page 38
n
“Client Integration Plug-In Software Requirements,” on page 38
n
“vSphere Client Requirements,” on page 39
n
“Required Free Space for System Logging,” on page 40
n
ESXi Requirements
To install ESXi 6.0 or upgrade to ESXi 6.0, your system must meet specic hardware and software
requirements.
ESXi Hardware Requirements
Make sure the host meets the minimum hardware congurations supported by ESXi 6.0.
Hardware and System Resources
To install or upgrade ESXi 6.0, your hardware and system resources must meet the following requirements:
Supported server platform . For a list of supported platforms, see the VMware Compatibility Guide at
n
hp://www.vmware.com/resources/compatibility.
ESXi 6.0 requires a host machine with at least two CPU cores.
n
ESXi 6.0 supports 64-bit x86 processors released after September 2006. This includes a broad range of
n
multi-core processors. For a complete list of supported processors, see the VMware compatibility guide
at hp://www.vmware.com/resources/compatibility.
VMware, Inc.
23
vSphere Installation and Setup
ESXi 6.0 requires the NX/XD bit to be enabled for the CPU in the BIOS.
n
ESXi requires a minimum of 4GB of physical RAM. It is recommended to provide at least 8 GB of RAM
n
to run virtual machines in typical production environments.
To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must
n
be enabled on x64 CPUs.
One or more Gigabit or faster Ethernet controllers. For a list of supported network adapter models, see
n
the VMware Compatibility Guide at hp://www.vmware.com/resources/compatibility.
SCSI disk or a local, non-network, RAID LUN with unpartitioned space for the virtual machines.
n
For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board
n
SATA controllers. SATA disks will be considered remote, not local. These disks will not be used as a
scratch partition by default because they are seen as remote.
N You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 6.0 host. To use the
SATA CD-ROM device, you must use IDE emulation mode.
Storage Systems
For a list of supported storage systems, see the VMware Compatibility Guide at
hp://www.vmware.com/resources/compatibility. For Software Fibre Channel over Ethernet (FCoE), see
“Installing and Booting ESXi with Software FCoE,” on page 55.
ESXi Booting Requirements
vSphere 6.0 supports booting ESXi hosts from the Unied Extensible Firmware Interface (UEFI). With UEFI,
you can boot systems from hard drives, CD-ROM drives, or USB media. Network booting or provisioning
with VMware Auto Deploy requires the legacy BIOS rmware and is not available with UEFI.
ESXi can boot from a disk larger than 2TB provided that the system rmware and the rmware on any addin card that you are using support it. See the vendor documentation.
N Changing the boot type from legacy BIOS to UEFI after you install ESXi 6.0 might cause the host to
fail to boot. In this case, the host displays an error message similar to Not a VMware boot bank. Changing the
host boot type between legacy BIOS and UEFI is not supported after you install ESXi 6.0.
Storage Requirements for ESXi 6.0 Installation or Upgrade
Installing ESXi 6.0 or upgrading to ESXi 6.0 requires a boot device that is a minimum of 1GB in size. When
booting from a local disk, SAN or iSCSI LUN, a 5.2GB disk is required to allow for the creation of the VMFS
volume and a 4GB scratch partition on the boot device . If a smaller disk or LUN is used, the installer
aempts to allocate a scratch region on a separate local disk. If a local disk cannot be found the scratch
partition, /scratch, is located on the ESXi host ramdisk, linked to /tmp/scratch. You can
recongure /scratch to use a separate disk or LUN. For best performance and memory optimization, do not
leave /scratch on the ESXi host ramdisk.
To recongure /scratch, see “Set the Scratch Partition from the vSphere Web Client,” on page 176.
Due to the I/O sensitivity of USB and SD devices the installer does not create a scratch partition on these
devices. When installing or upgrading on USB or SD devices, the installer aempts to allocate a scratch
region on an available local disk or datastore. If no local disk or datastore is found, /scratch is placed on the
ramdisk. After the installation or upgrade, you should recongure /scratch to use a persistent datastore.
Although a 1GB USB or SD device suces for a minimal installation, you should use a 4GB or larger device.
The extra space will be used for an expanded coredump partition on the USB/SD device. Use a high quality
USB ash drive of 16GB or larger so that the extra ash cells can prolong the life of the boot media, but high
quality drives of 4GB or larger are sucient to hold the extended coredump partition. See Knowledge Base
article hp://kb.vmware.com/kb/2004784.
24 VMware, Inc.
Chapter 2 System Requirements
In Auto Deploy installations, the installer aempts to allocate a scratch region on an available local disk or
datastore. If no local disk or datastore is found, /scratch is placed on ramdisk. You should
recongure /scratch to use a persistent datastore following the installation.
For environments that boot from a SAN or use Auto Deploy, you need not allocate a separate LUN for each
ESXi host. You can co-locate the scratch regions for many ESXi hosts onto a single LUN. The number of
hosts assigned to any single LUN should be weighed against the LUN size and the I/O behavior of the
virtual machines.
Supported Remote Management Server Models and Firmware Versions
You can use remote management applications to install or upgrade ESXi, or to manage hosts remotely.
Table 2‑1. Supported Remote Management Server Models and Minimum Firmware Versions
Remote Management Server
Model Firmware Version Java
Dell DRAC 7 1.30.30 (Build 43) 1.7.0_60-b19
Dell DRAC 6 1.54 (Build 15), 1.70 (Build 21) 1.6.0_24
Dell DRAC 5 1.0, 1.45, 1.51 1.6.0_20,1.6.0_203
Dell DRAC 4 1.75 1.6.0_23
HP ILO 1.81, 1.92 1.6.0_22, 1.6.0_23
HP ILO 2 1.8, 1.81 1.6.0_20, 1.6.0_23
HP ILO 3 1.28 1.7.0_60-b19
HP ILO 4 1.13 1.7.0_60-b19
IBM RSA 2 1.03, 1.2 1.6.0_22
Recommendations for Enhanced ESXi Performance
To enhance performance, install or upgrade ESXi on a robust system with more RAM than the minimum
required and with multiple physical disks.
For ESXi system requirements, see “ESXi Hardware Requirements,” on page 23. See also the technical
papers on vSphere performance at
hps://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-perestpractices-vsphere6-0-white-paper.pdf.
VMware, Inc. 25
vSphere Installation and Setup
Table 2‑2. Recommendations for Enhanced Performance
System Element Recommendation
RAM ESXi hosts require more RAM than typical servers. Provide
Dedicated Fast Ethernet adapters for virtual machines Place the management network and virtual machine
Disk location Place all data that your virtual machines use on physical
VMFS5 partitioning The ESXi installer creates the initial VMFS volumes on the
Processors Faster processors improve ESXi performance. For certain
Hardware compatibility Use devices in your server that are supported by ESXi 6.0
at least 8GB of RAM to take full advantage of ESXi features
and run virtual machines in typical production
environments. An ESXi host must have sucient RAM to
run concurrent virtual machines. The following examples
are provided to help you calculate the RAM required by
the virtual machines running on the ESXi host.
Operating four virtual machines with
Red Hat Enterprise Linux or Windows XP requires at least
3GB of RAM for baseline performance. This gure includes
approximately 1024MB for the virtual machines, 256MB
minimum for each operating system as recommended by
vendors.
Running these four virtual machines with 512MB RAM
requires that the ESXi host have approximately 4GB RAM,
which includes 2048MB for the virtual machines.
These calculations do not take into account possible
memory savings from using variable overhead memory for
each virtual machine. See vSphere Resource Management.
networks on dierent physical network cards. Dedicated
Gigabit Ethernet cards for virtual machines, such as Intel
PRO 1000 adapters, improve throughput to virtual
machines with high network trac.
disks allocated specically to virtual machines.
Performance is beer when you do not place your virtual
machines on the disk containing the ESXi boot image. Use
physical disks that are large enough to hold disk images
that all the virtual machines use.
rst blank local disk found. To add disks or modify the
original conguration, use the vSphere Web Client. This
practice ensures that the starting sectors of partitions are
64K-aligned, which improves storage performance.
N For SAS-only environments, the installer might not
format the disks. For some SAS disks, it is not possible to
identify whether the disks are local or remote. After the
installation, you can use the vSphere Web Client to set up
VMFS.
workloads, larger caches improve ESXi performance.
drivers. See the Hardware Compatibility Guide at
hp://www.vmware.com/resources/compatibility.
Incoming and Outgoing Firewall Ports for ESXi Hosts
The vSphere Web Client allows you to open and close rewall ports for each service or to allow trac from
selected IP addresses.
The following table lists the rewalls for services that are usually installed. If you install other VIBs on your
host, additional services and rewall ports might become available.
26 VMware, Inc.
Chapter 2 System Requirements
Table 2‑3. Incoming Firewall Connections
Service Port Comment
CIM Server 5988 (TCP) Server for CIM (Common Information Model).
CIM Secure Server 5989 (TCP) Secure server for CIM.
CIM SLP 427 (TCP, UDP) The CIM client uses the Service Location Protocol,
version 2 (SLPv2) to nd CIM servers.
DHCPv6 546 (TCP, UDP) DHCP client for IPv6.
DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states
of distributed virtual ports between hosts that
have VMware FT record/replay enabled. Only
hosts that run primary or backup virtual machines
must have these ports open. On hosts that are not
using VMware FT these ports do not have to be
open.
NFC 902 (TCP) Network File Copy (NFC) provides a le-type-
aware FTP service for vSphere components. ESXi
uses NFC for operations such as copying and
moving data between datastores by default.
Virtual SAN Clustering Service 12345, 23451 (UDP) Virtual SAN Cluster Monitoring and Membership
Directory Service. Uses UDP-based IP multicast to
establish cluster members and distribute Virtual
SAN metadata to all cluster members. If disabled,
Virtual SAN does not work.
DHCP Client 68 (UDP) DHCP client for IPv4.
DNS Client 53 (UDP) DNS client.
Fault Tolerance 8200, 8100, 8300 (TCP, UDP) Trac between hosts for vSphere Fault Tolerance
(FT).
NSX Distributed Logical Router
Service
Virtual SAN Transport 2233 (TCP) Virtual SAN reliable datagram transport. Uses
SNMP Server 161 (UDP) Allows the host to connect to an SNMP server.
SSH Server 22 (TCP) Required for SSH access.
vMotion 8000 (TCP) Required for virtual machine migration with
vSphere Web Client 902, 443 (TCP) Client connections
vsanvp 8080 (TCP) VSAN VASA Vendor Provider. Used by the
vSphere Web Access 80 (TCP) Welcome page, with download links for dierent
6999 (UDP) NSX Virtual Distributed Router service. The
rewall port associated with this service is opened
when NSX VIBs are installed and the VDR module
is created. If no VDR instances are associated with
the host, the port does not have to be open.
This service was called NSX Distributed Logical
Router in earlier versions of the product.
TCP and is used for Virtual SAN storage IO. If
disabled, Virtual SAN does not work.
vMotion.
Storage Management Service (SMS) that is part of
vCenter to access information about Virtual SAN
storage proles, capabilities, and compliance. If
disabled, Virtual SAN Storage Prole Based
Management (SPBM) does not work.
interfaces.
VMware, Inc. 27
vSphere Installation and Setup
Table 2‑4. Outgoing Firewall Connections
Service Port Comment
CIM SLP 427 (TCP, UDP) The CIM client uses the Service Location Protocol,
DHCPv6 547 (TCP, UDP) DHCP client for IPv6.
DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states
HBR 44046, 31031 (TCP) Used for ongoing replication trac by vSphere
NFC 902 (TCP) Network File Copy (NFC) provides a le-type-
WOL 9 (UDP) Used by Wake on LAN.
Virtual SAN Clustering Service 12345 23451 (UDP) Cluster Monitoring, Membership, and Directory
DHCP Client 68 (UDP) DHCP client.
DNS Client 53 (TCP, UDP) DNS client.
Fault Tolerance 80, 8200, 8100, 8300 (TCP, UDP) Supports VMware Fault Tolerance.
Software iSCSI Client 3260 (TCP) Supports software iSCSI.
NSX Distributed Logical Router
Service
rabbitmqproxy 5671 (TCP) A proxy running on the ESXi host that allows
Virtual SAN Transport 2233 (TCP) Used for RDT trac (Unicast peer to peer
vMotion 8000 (TCP) Required for virtual machine migration with
VMware vCenter Agent 902 (UDP) vCenter Server agent.
vsanvp 8080 (TCP) Used for Virtual SAN Vendor Provider trac.
version 2 (SLPv2) to nd CIM servers.
of distributed virtual ports between hosts that
have VMware FT record/replay enabled. Only
hosts that run primary or backup virtual machines
must have these ports open. On hosts that are not
using VMware FT these ports do not have to be
open.
Replication and VMware Site Recovery Manager.
aware FTP service for vSphere components. ESXi
uses NFC for operations such as copying and
moving data between datastores by default.
Service used by Virtual SAN.
6999 (UDP) The rewall port associated with this service is
opened when NSX VIBs are installed and the VDR
module is created. If no VDR instances are
associated with the host, the port does not have to
be open.
applications running inside virtual machines to
communicate to the AMQP brokers running in the
vCenter network domain. The virtual machine
does not have to be on the network, that is, no NIC
is required. The proxy connects to the brokers in
the vCenter network domain. Therefore, the
outgoing connection IP addresses should at least
include the current brokers in use or future
brokers. Brokers can be added if customer would
like to scale up.
communication) between Virtual SAN nodes.
vMotion.
28 VMware, Inc.
vCenter Server for Windows Requirements
To install vCenter Server on a Windows virtual machine or physical server, your system must meet specic
hardware and software requirements.
Synchronize the clocks of the virtual machines on which you plan to install vCenter Server and the
n
Platform Services Controller. See “Synchronizing Clocks on the vSphere Network,” on page 211.
Verify that the DNS name of the virtual machine or physical server matches the actual full computer
n
name.
Verify that the host name of the virtual machine or physical server that you are installing or upgrading
n
vCenter Server on complies with RFC 1123 guidelines.
Verify that the system on which you are installing vCenter Server is not an Active Directory domain
n
controller.
If your vCenter Server service is running in a user account other than the Local System account, verify
n
that the user account in which the vCenter Server service is running has the following permissions:
Member of the Administrators group
n
Log on as a service
n
Act as part of the operating system (if the user is a domain user)
n
Chapter 2 System Requirements
If the system that you use for your vCenter Server installation belongs to a workgroup rather than a
n
domain, not all functionality is available to vCenter Server. If assigned to a workgroup, the
vCenter Server system is not able to discover all domains and systems available on the network when
using some features. Your host machine must be connected to a domain if you want to add Active
Directory identity sources after the installation.
Verify that the LOCAL SERVICE account has read permission on the folder in which vCenter Server is
n
installed and on the HKLM registry.
Verify that the connection between the virtual machine or physical server and the domain controller is
n
working.
vCenter Server for Windows Pre-Install Checks
When you install vCenter Server and the Platform Services Controller, the installer does a pre-install check,
for example, to verify that enough space is available on the virtual machine or physical server where you are
installing vCenter Server, and veries that the external database, if any, can be successfully accessed.
When you deploy vCenter Server with an embedded Platform Services Controller, or an external
Platform Services Controller, vCenter Single Sign-On is installed as part of the Platform Services Controller.
At the time of installation, the installer provides you with the option to join an existing vCenter Single SignOn server domain. When you provide the information about the other vCenter Single Sign-On service, the
installer uses the administrator account to check the host name and password, to verify that the details of
the vCenter Single Sign-On server you provided can be authenticated before proceeding with the
installation process.
The pre-install checker performs checks for the following aspects of the environment:
Windows version
n
Minimum processor requirements
n
Minimum memory requirements
n
Minimum disk space requirements
n
Permissions on the selected install and data directory
n
VMware, Inc. 29
vSphere Installation and Setup
Internal and external port availability
n
External database version
n
External database connectivity
n
Administrator privileges on the Windows machine
n
Any credentials that you enter
n
For information about the minimum storage requirements, see “vCenter Server for Windows Storage
Requirements,” on page 30. For information about the minimum hardware requirements, see “vCenter
Server for Windows Hardware Requirements,” on page 30.
vCenter Server for Windows Hardware Requirements
When you install vCenter Server on a virtual machine or physical server running Microsoft Windows, your
system must meet specic hardware requirements.
You can install vCenter Server and the Platform Services Controller on the same virtual machine or physical
server or on dierent virtual machines or physical servers. When you install vCenter Server with an
embedded Platform Services Controller, you install vCenter Server and the Platform Services Controller on
the same virtual machine or physical server. When you install the vCenter Server with an external
Platform Services Controller, rst install the Platform Services Controller that contains all of the required
services on one virtual machine or physical server, and then install vCenter Server and the vCenter Server
components on another virtual machine or physical server.
N Installing vCenter Server on a network drive or USB ash drive is not supported.
Table 2‑5. Minimum Recommended Hardware Requirements for Installing vCenter Server and
Platform Services Controller on Windows
vCenter
Server with an
Embedded or
External
Platform
Services
Controller for
a Tiny
Environment
(up to 10
Hosts, 100
Platform Services
Controller
Number of CPUs 2 2 4 8 16
Memory 2 GB RAM 8 GB RAM 16 GB RAM 24 GB RAM 32 GB RAM
Virtual
Machines)
vCenter
Server with an
Embedded or
External
Platform
Services
Controller for
a Small
Environment
(up to 100
Hosts, 1000
Virtual
Machines)
vCenter
Server with an
Embedded or
External
Platform
Services
Controller for
a Medium
Environment
(up to 400
Hosts, 4,000
Virtual
Machines)
For the hardware requirements of your database, see the database documentation. The database
requirements are in addition to the vCenter Server requirements if the database and vCenter Server run on
the same machine.
vCenter Server for Windows Storage Requirements
When you install vCenter Server, your system must meet minimum storage requirements.
vCenter Server
with an
Embedded or
External
Platform
Services
Controller for a
Large
Environment
(up to 1,000
Hosts, 10,000
Virtual
Machines)
The storage requirements per folder depend on the deployment model that you decide to install. During
installation, you can select a folder other than the default C:\Program Files\VMware folder to install
vCenter Server and the Platform Services Controller. You can also select a folder other than the default
C:\ProgramData\VMware\vCenterServer\ in which to store data.
30 VMware, Inc.
Loading...