VMware vSphere - 6.0.2 Installation Manual

vSphere Installation and Setup

Update 2

vSphere 6.0

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-001986-04

vSphere Installation and Setup

You can ﬁnd the most up-to-date technical documentation on the VMware Web site at:

hp://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About vSphere Installation and Setup 7

Updated Information 9

Introduction to vSphere Installation and Setup 11

vCenter Server Components and Services 11

vCenter Server Deployment Models 13

Overview of the vSphere Installation and Setup Process 16

vSphere Security Certicates Overview 17

Enhanced Linked Mode Overview 20

System Requirements 23

ESXi Requirements 23

vCenter Server for Windows Requirements 29

vCenter Server Appliance Requirements 31

Required Ports for vCenter Server and Platform Services Controller 33

vSphere DNS Requirements 37

vSphere Web Client Software Requirements 38

Client Integration Plug-In Software Requirements 38

vSphere Client Requirements 39

Required Free Space for System Logging 40

Before You Install ESXi 41

Options for Installing ESXi 41

Media Options for Booting the ESXi Installer 44

Using Remote Management Applications 55

Required Information for ESXi Installation 55

Download the ESXi Installer 56

VMware, Inc.

Installing ESXi 57

Installing ESXi Interactively 57

Installing or Upgrading Hosts by Using a Script 60

Installing ESXi Using vSphere Auto Deploy 74

Using vSphere ESXi Image Builder 139

Seing Up ESXi 163

ESXi Autoconguration 164

About the Direct Console ESXi Interface 164

Set the Password for the Administrator Account 167

Conguring the BIOS Boot Seings 167

Host Fails to Boot After You Install ESXi in UEFI Mode 168

vSphere Installation and Setup

Network Access to Your ESXi Host 169

Congure the Network Seings on a Host That Is Not Aached to the Network 169

Managing ESXi Remotely 170

Conguring Network Seings 170

Storage Behavior 175

Enable ESXi Shell and SSH Access with the Direct Console User Interface 177

View System Logs 178

Congure Syslog on ESXi Hosts 178

Congure Log Filtering on ESXi Hosts 179

Set the Host Image Prole Acceptance Level 180

Reset the System Conguration 181

Remove All Custom Packages on ESXi 181

Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names 182

Decommission an ESXi Host 182

After You Install and Set Up ESXi 183

Managing the ESXi Host 183

Licensing ESXi Hosts 183

Install the vSphere Client 185

Before You Install vCenter Server or Deploy the vCenter Server Appliance 187

Preparing vCenter Server Databases 187

How vCenter Single Sign-On Aects Installation 207

Synchronizing Clocks on the vSphere Network 211

Using a User Account for Running vCenter Server 211

Installing vCenter Server on IPv6 Machines 212

Running the vCenter Server Installer from a Network Drive 212

Required Information for Installing vCenter Server 212

Required Information for Deploying the vCenter Server Appliance 216

Installing vCenter Server on a Windows Virtual Machine or Physical Server 225

Download the vCenter Server for Windows Installer 225

Install vCenter Server with an Embedded Platform Services Controller 226

Installing vCenter Server with an External Platform Services Controller 228

Installing vCenter Server in an Environment with Multiple NICs 233

Deploying the vCenter Server Appliance 235

Download the vCenter Server Appliance Installer 236

Install the Client Integration Plug-In 236

Deploy the vCenter Server Appliance with an Embedded Platform Services Controller 237

Deploying a vCenter Server Appliance with an External Platform Services Controller 240

Troubleshooting vCenter Server Installation or Deployment 247

Collecting Logs for Troubleshooting a vCenter Server Installation or Upgrade 247

Aempt to Install a Platform Services Controller After a Prior Installation Failure 249

Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server

Installation or Upgrade to Fail 250

4 VMware, Inc.

After You Install vCenter Server or Deploy the vCenter Server Appliance 251

Collect vCenter Server Log Files 252

Install or Upgrade vSphere Authentication Proxy 252

Uninstall vCenter Server 254

Repoint the Connections Between vCenter Server and Platform Services Controller 254

Recongure a Standalone vCenter Server with an Embedded Platform Services Controller to a

vCenter Server with an External Platform Services Controller 256

Recongure Multiple Joined Instances of vCenter Server with an Embedded

Platform Services Controller to vCenter Server with an External Platform Services Controller 259

Contents

Backing Up and Restoring a vCenter Server Environment 269

General vSphere Data Protection Workow 270

Backing Up and Restoring vCenter Server with an Embedded Platform Services Controller 277

Backing Up and Restoring a vCenter Server Environment with a Single External

Platform Services Controller 278

Backing Up and Restoring a vCenter Server Environment with Multiple

Platform Services Controller Instances 281

Index 291

VMware, Inc. 5

vSphere Installation and Setup

6 VMware, Inc.

About vSphere Installation and Setup

vSphere Installation and Setup describes how to install and congure VMware® vCenter Server, deploy the vCenter Server Appliance, and ESXi.

Intended Audience

vSphere Installation and Setup is intended for experienced administrators who want to install and congure vCenter Server, deploy and congure the vCenter Server Appliance, and install and congure ESXi.

This information is wrien for experienced Windows or Linux system administrators who are familiar with virtual machine technology and data center operations. The information about using the Image Builder and Auto Deploy is wrien for administrators who have experience with Microsoft PowerShell and PowerCLI.

VMware, Inc.

vSphere Installation and Setup

8 VMware, Inc.

Updated Information

This vSphere Installation and Setup is updated with each release of the product or when necessary.

This table provides the update history of the vSphere Installation and Setup.

Revision Description

EN-001986-04

EN-001986-03

EN-001986-02

EN-001986-01

EN-001986-00 Initial release.

Updated “vCenter Server for Windows Hardware Requirements,” on page 30 and “vCenter Server

Appliance Hardware Requirements,” on page 31 to state that the hardware requirements for

vCenter Server with an embedded Platform Services Controller and vCenter Server with an external Platform Services Controller are the same.

Updated “Recongure Each vCenter Server Instance and Repoint It from an Embedded to External

Platform Services Controller Instance,” on page 265 to add a step for creating direct replication

agreement between the embedded and the external Platform Services Controller instances if not present.

Revised the prerequisites and steps in “Format a USB Flash Drive to Boot the ESXi Installation or

Upgrade,” on page 44.

Updated “Install the Client Integration Plug-In,” on page 236 to improve the information about the

location of the executable le.

Updated information on ports 389, 636, 11711, and 11712 in “Required Ports for vCenter Server and

Platform Services Controller,” on page 33.

Minor revisions of the examples in “Create an Installer ISO Image with a Custom Installation or

Upgrade Script,” on page 47 and “Boot Options,” on page 61.

Updated topics “Set the Scratch Partition from the vSphere Web Client,” on page 176 and “Host

Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host,” on page 177 to add an

example for seing a directory path for the scratch partition.

Updated the psc_restore script name in Chapter 12, “Backing Up and Restoring a vCenter Server

Environment,” on page 269 section.

Updated topic “Auto Deploy Best Practices,” on page 114 to state that Auto Deploy is deployed

together with the vCenter Server system.

Corrected URL in topic “Create a Backup Job in vSphere Data Protection,” on page 273.

Updated information on number of vCenter Server instances in “How vCenter Single Sign-On

Aects Installation,” on page 207.

Updated topic “Recongure a Standalone vCenter Server with an Embedded Platform Services

Controller to a vCenter Server with an External Platform Services Controller,” on page 256 and

added “Recongure Multiple Joined Instances of vCenter Server with an Embedded Platform

Services Controller to vCenter Server with an External Platform Services Controller,” on page 259 to

improve the information about reconguring a standalone and multiple instances of vCenter Server with an embedded Platform Services Controller.

VMware, Inc. 9

vSphere Installation and Setup

10 VMware, Inc.

Introduction to vSphere Installation

and Setup 1

vSphere 6.0 provides various options for installation and setup. To ensure a successful vSphere deployment, understand the installation and setup options, and the sequence of tasks.

The two core components of vSphere are VMware ESXi® and VMware vCenter Server®. ESXi is the virtualization platform on which you can create and run virtual machines and virtual appliances. vCenter Server is a service that acts as a central administrator for ESXi hosts connected in a network. vCenter Server lets you pool and manage the resources of multiple hosts.

You can install vCenter Server on a Windows virtual machine or physical server, or deploy the vCenter Server Appliance. The vCenter Server Appliance is a precongured Linux-based virtual machine optimized for running vCenter Server and the vCenter Server components. You can deploy the vCenter Server Appliance on ESXi hosts 5.0 or later, or on vCenter Server instances 5.0 or later.

Starting with vSphere 6.0, all prerequisite services for running vCenter Server and the vCenter Server components are bundled in the VMware Platform Services Controller. You can deploy vCenter Server with an embedded or external Platform Services Controller, but you must always install or deploy the Platform Services Controller before installing or deploying vCenter Server.

This chapter includes the following topics:

“vCenter Server Components and Services,” on page 11

“vCenter Server Deployment Models,” on page 13

“Overview of the vSphere Installation and Setup Process,” on page 16

“vSphere Security Certicates Overview,” on page 17

“Enhanced Linked Mode Overview,” on page 20

vCenter Server Components and Services

vCenter Server provides a centralized platform for management, operation, resource provisioning, and performance evaluation of virtual machines and hosts.

When you install vCenter Server with an embedded Platform Services Controller, or deploy the vCenter Server Appliance with an embedded Platform Services Controller, vCenter Server, the vCenter Server components, and the services included in the Platform Services Controller are deployed on the same system.

When you install vCenter Server with an external Platform Services Controller, or deploy the vCenter Server Appliance with an external Platform Services Controller, vCenter Server and the vCenter Server components are deployed on one system, and the services included in the Platform Services Controller are deployed on another system.

VMware, Inc.

vSphere Installation and Setup

The following components are included in the vCenter Server and vCenter Server Appliance installations:

The VMware Platform Services Controller group of infrastructure services contains vCenter Single Sign-

On, License service, Lookup Service, and VMware Certicate Authority.

The vCenter Server group of services contains vCenter Server, vSphere Web Client, Inventory Service,

vSphere Auto Deploy, vSphere ESXi Dump Collector, VMware vSphere Syslog Collector on Windows and VMware Sphere Syslog Service for the vCenter Server Appliance.

Services Installed with VMware Platform Services Controller

vCenter Single Sign-On

vSphere License Service

VMware Certificate Authority

The vCenter Single Sign-On authentication service provides secure authentication services to the vSphere software components. By using vCenter Single Sign-On, the vSphere components communicate with each other through a secure token exchange mechanism, instead of requiring each component to authenticate a user separately with a directory service like Active Directory. vCenter Single Sign-On constructs an internal security domain (for example, vsphere.local) where the vSphere solutions and components are registered during the installation or upgrade process, providing an infrastructure resource. vCenter Single Sign-On can authenticate users from its own internal users and groups, or it can connect to trusted external directory services such as Microsoft Active Directory. Authenticated users can then be assigned registered solution-based permissions or roles within a vSphere environment.

vCenter Single Sign-On is available and required with vCenter Server 5.1.x and later.

The vSphere License service provides common license inventory and management capabilities to all vCenter Server systems that are connected to a Platform Services Controller or multiple linked Platform Services Controllers.

VMware Certicate Authority (VMCA) provisions each ESXi host with a signed certicate that has VMCA as the root certicate authority, by default. Provisioning occurs when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation process. All ESXi certicates are stored locally on the host.

Services Installed with vCenter Server

These additional components are installed silently when you install vCenter Server. The components cannot be installed separately as they do not have their own installers.

vCenter Inventory Service

PostgreSQL

vSphere Web Client

vSphere ESXi Dump Collector

12 VMware, Inc.

Inventory Service stores vCenter Server conguration and inventory data, enabling you to search and access inventory objects across vCenter Server instances.

A bundled version of the VMware distribution of PostgreSQL database for vSphere and vCloud Hybrid Services.

The vSphere Web Client lets you connect to vCenter Server instances by using a Web browser, so that you can manage your vSphere infrastructure.

The vCenter Server support tool. You can congure ESXi to save the VMkernel memory to a network server, rather than to a disk, when the system encounters a critical failure. The vSphere ESXi Dump Collector collects such memory dumps over the network.

Chapter 1 Introduction to vSphere Installation and Setup

VMware vSphere Syslog Collector

VMware Syslog Service

vSphere Auto Deploy

The vCenter Server on Windows support tool that enables network logging and combining of logs from multiple hosts. You can use the vSphere Syslog Collector to direct ESXi system logs to a server on the network, rather than to a local disk. The recommended maximum number of supported hosts to collect logs from is 30. For information about conguring vSphere Syslog Collector, see hp://kb.vmware.com/kb/2021652.

The vCenter Server Appliance support tool that provides a unied architecture for system logging, network logging and collecting logs from hosts. You can use the VMware Syslog Service to direct ESXi system logs to a server on the network, rather than to a local disk. The recommended maximum number of supported hosts to collect logs from is 30. For information about conguring VMware Syslog Service, see vCenter Server Appliance Conguration.

The vCenter Server support tool that can provision hundreds of physical hosts with ESXi software. You can specify the image to deploy and the hosts to provision with the image. Optionally, you can specify host proles to apply to the hosts, and a vCenter Server location (folder or cluster) for each host.

vCenter Server Deployment Models

You can install vCenter Server on a virtual machine or a physical server running Microsoft Windows Server 2008 SP2 or later, or can deploy the vCenter Server Appliance. The vCenter Server Appliance is a precongured Linux-based virtual machine, optimized for running vCenter Server.

vSphere 6.0 introduces vCenter Server with an embedded Platform Services Controller and vCenter Server with an external Platform Services Controller.

I This documentation provides information about the basic deployment models. For information about the recommended topologies, see List of recommended topologies for vSphere 6.0.x.

vCenter Server with an embedded Platform Services Controller

vCenter Server with an external Platform Services Controller

N After you deploy vCenter Server with an embedded Platform Services Controller, you can

recongure your topology and switch to vCenter Server with an external Platform Services Controller. This is a one-way process after which you cannot switch back to vCenter Server with an embedded Platform Services Controller. You can repoint the vCenter Server instance only to an external Platform Services Controller that is congured to replicate the infrastructure data within the same domain.

All services bundled with the Platform Services Controller are deployed on the same virtual machine or physical server as vCenter Server.

The services bundled with the Platform Services Controller and vCenter Server are deployed on dierent virtual machines or physical servers.

You rst must deploy the Platform Services Controller on one virtual machine or physical server and then deploy vCenter Server on another virtual machine or physical server.

vCenter Server with an Embedded Platform Services Controller

vCenter Server and the Platform Services Controller are deployed on a single virtual machine or physical server.

VMware, Inc. 13

Platform Services

Controller

Virtual Machine

or Physical Server

vCenter Server

Platform Services

Controller

Virtual Machine

or Physical Server

Virtual Machine

or Physical Server

vCenter Server

Virtual Machine

or Physical Server

vCenter Server

vSphere Installation and Setup

Figure 1‑1. vCenter Server with an Embedded Platform Services Controller

Installing vCenter Server with an embedded Platform Services Controller has the following advantages:

The connection between vCenter Server and the Platform Services Controller is not over the network,

and vCenter Server is not prone to outages because of connectivity and name resolution issues between vCenter Server and the Platform Services Controller.

If you install vCenter Server on Windows virtual machines or physical servers, you will need fewer

Windows licenses.

You will have to manage fewer virtual machines or physical servers.

You do not need a load balancer to distribute the load across Platform Services Controller.

Installing with an embedded Platform Services Controller has the following disadvantages:

There is a Platform Services Controller for each product which might be more than required. This

consumes more resources.

The model is suitable for small-scale environments.

vCenter Server with an External Platform Services Controller

vCenter Server and the Platform Services Controller are deployed on separate virtual machine or physical server. The Platform Services Controller can be shared across several vCenter Server instances. You can install a Platform Services Controller and then install several vCenter Server instances and register them with the Platform Services Controller. You can then install another Platform Services Controller, congure it to replicate data with the rst Platform Services Controller, and then install vCenter Server instances and register them with the second Platform Services Controller.

Figure 1‑2. vCenter Server with an External Platform Services Controller

14 VMware, Inc.

Installing vCenter Server with an external Platform Services Controller has the following advantages:

Less resources consumed by the combined services in the Platform Services Controllers enables a

reduced footprint and reduced maintenance.

Your environment can consist of more vCenter Server instances.

Platform Services

Controller on Windows

Windows Virtual Machine

or Physical Server

Virtual Machine

vCenter Server

Appliance

Virtual Machine

or Physical Server

vCenter Server

on Windows

Platform Services

Controller Appliance

Linux Virtual Machine

Virtual Machine

vCenter Server

Appliance

Virtual Machine

or Physical Server

vCenter Server

on Windows

Chapter 1 Introduction to vSphere Installation and Setup

Installing vCenter Server with an external Platform Services Controller has the following disadvantages:

The connection between vCenter Server and Platform Services Controller is over the network and is

prone to connectivity and name resolution issues.

If you install vCenter Server on Windows virtual machines or physical servers, you need more

Microsoft Windows licenses.

You must manage more virtual machines or physical servers.

Mixed Operating Systems Environment

A vCenter Server instance installed on Windows can be registered with either a Platform Services Controller installed on Windows or a Platform Services Controller appliance. A vCenter Server Appliance, can be registered with either a Platform Services Controller installed on Windows or a Platform Services Controller appliance. Both vCenter Server and the vCenter Server Appliance can be registered with the same Platform Services Controller within a domain.

Figure 1‑3. Example of a Mixed Operating Systems Environment with an External Platform Services Controller on Windows

Figure 1‑4. Example of a Mixed Operating Systems Environment with an External Platform Services Controller Appliance

Having many Platform Services Controllers that replicate their infrastructure data, allows you to ensure high availability of your system.

If an external Platform Services Controller with which your vCenter Server instance or vCenter Server Appliance was initially registered, stops responding, you can repoint your vCenter Server or vCenter Server Appliance to another external Platform Services Controller in the domain. For more information, see “Repoint the Connections Between vCenter Server and Platform Services Controller,” on page 254.

VMware, Inc. 15

vSphere Installation and Setup

Overview of the vSphere Installation and Setup Process

vSphere is a sophisticated product with multiple components to install and set up. To ensure a successful vSphere deployment, understand the sequence of tasks required.

Installing vSphere includes the following tasks:

1 Read the vSphere release notes.

2 Verify that your system meets vSphere hardware and software requirements. See Chapter 2, “System

Requirements,” on page 23.

3 Install ESXi.

a Verify that your system meets the minimum hardware requirements. See “ESXi Requirements,” on

page 23.

b Determine the ESXi installation option to use. See “Options for Installing ESXi,” on page 41.

c Determine where you want to locate and boot the ESXi installer. See “Media Options for Booting

the ESXi Installer,” on page 44. If you are PXE-booting the installer, verify that your network PXE

infrastructure is properly set up. See “PXE Booting the ESXi Installer,” on page 48.

d Create a worksheet with the information you will need when you install ESXi. See “Required

Information for ESXi Installation,” on page 55.

e Install ESXi.

“Installing ESXi Interactively,” on page 57

“Installing or Upgrading Hosts by Using a Script,” on page 60

“Installing ESXi Using vSphere Auto Deploy,” on page 74

I In vSphere 6.0, Auto Deploy is installed together with vCenter Server. To provision ESXi hosts by using Auto Deploy, you must install vCenter Server or deploy the vCenter Server Appliance.

4 Congure ESXi boot and network seings, the direct console, and other seings. See Chapter 5, “Seing

Up ESXi,” on page 163 and Chapter 6, “After You Install and Set Up ESXi,” on page 183.

5 Consider seing up a syslog server for remote logging, to ensure sucient disk storage for log les.

Seing up logging on a remote host is especially important for hosts with limited local storage. See

“Required Free Space for System Logging,” on page 40 and “Congure Syslog on ESXi Hosts,” on

page 178.

6 Install vCenter Server on a Windows virtual machine or physical server or deploy the

vCenter Server Appliance.

In vSphere 6.0, you can install vCenter Server or deploy the vCenter Server Appliance, and connect them in Enhanced Linked Mode conguration by registering the vCenter Server instance and the vCenter Server Appliance to Platform Services Controllers that replicate their infrastructure data.

Concurrent installations are not supported. After you install or deploy a Platform Services Controller, you must install vCenter Server instances or deploy vCenter Server Appliance sequentially.

Install vCenter Server on a Windows virtual machine or physical server.

1 Verify that your system meets the hardware and software requirements for installing

vCenter Server. See “vCenter Server for Windows Requirements,” on page 29.

2 (Optional) Set up an external vCenter Server database. See “Preparing vCenter Server

Databases,” on page 187.

16 VMware, Inc.

Chapter 1 Introduction to vSphere Installation and Setup

For an environment with up to 20 hosts and 200 virtual machines, you can use the bundled PostgreSQL database. For production and large scale environments, set up an external database, because the migration from the embedded PostgreSQL database to an external database is not a trivial manual process.

3 Create a worksheet with the information you need for installation. See “Required Information

for Installing vCenter Server,” on page 212.

4 Install vCenter Server and the Platform Services Controller. See Chapter 8, “Installing vCenter

Server on a Windows Virtual Machine or Physical Server,” on page 225.

You can install vCenter Server with an embedded or with an external Platform Services Controller.

vCenter Server with an embedded Platform Services Controller deployment is suitable for small-scale environments. vCenter Server with an external Platform Services Controller deployment is suitable for environments with several vCenter Server instances. See “vCenter

Server Deployment Models,” on page 13 .

Deploy the vCenter Server Appliance.

1 Review the topics in “vCenter Server Appliance Requirements,” on page 31 and verify that

your system meets the hardware and software requirements for deploying the vCenter Server Appliance.

2 (Optional) Set up an external Oracle database. The vCenter Server Appliance supports only

Oracle database as an external database. See “Preparing vCenter Server Databases,” on page 187.

You can also use the bundled PostgreSQL database, which is suitable for environments that contain up to 1,000 hosts and 10,000 virtual machines.

3 Use the topic “Required Information for Deploying the vCenter Server Appliance,” on

page 216 to create a worksheet with the information you need for installation.

4 Deploy the vCenter Server Appliance with an embedded Platform Services Controller or with

an external Platform Services Controller. See Chapter 9, “Deploying the vCenter Server

Appliance,” on page 235.

Server Deployment Models,” on page 13 .

7 Connect to vCenter Server from the vSphere Web Client. See Chapter 11, “After You Install vCenter

Server or Deploy the vCenter Server Appliance,” on page 251.

8 Congure vCenter Server and the vCenter Server Appliance. See vCenter Server and Host Management

and vCenter Server Appliance Conguration.

vSphere Security Certificates Overview

ESXi hosts and vCenter Server communicate securely over SSL to ensure condentiality, data integrity and authentication.

In vSphere 6.0, the VMware Certicate Authority (VMCA) provisions each ESXi host with a signed certicate that has VMCA as the root certicate authority, by default. Provisioning happens when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation. All ESXi certicates are stored locally on the host.

You can also use custom certicates with a dierent root Certicate Authority (CA). For information about managing certicates for ESXi hosts, see the vSphere Security documentation.

VMware, Inc. 17

CA-Cert

VECS

Machine-Cert

Signed

VMCA

vSphere Installation and Setup

All certicates for vCenter Server and the vCenter Server services are stored in the VMware Endpoint Certicate Store (VECS).

You can replace the VMCA certicate for vCenter Server with a dierent certicate signed by a CA. If you want to use a third party certicate, install the Platform Services Controller, add the new CA-signed root

certicate to VMCA, and then install vCenter Server. For information about managing vCenter Server certicates, see the vSphere Security documentation.

Certificate Replacement Overview

You can perform dierent types of certicate replacement depending on company policy and requirements for the system that you are conguring. You can perform each replacement with the vSphere Certicate Manager utility or manually by using the CLIs included with your installation.

VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA provisions each node, each vCenter Server solution user, and each ESXi host with a certicate that is signed by VMCA as the certicate authority. vCenter Server solution users are groups of vCenter Server services. See vSphere Security for a list of solution users.

You can replace the default certicates. For vCenter Server components, you can use a set of command-line tools included in your installation. You have several options.

See the vSphere Security publication for details on the replacement workows and on the vSphere Certicate Manager utility.

Replace With Certificates Signed by VMCA

If your VMCA certicate expires or you want to replace it for other reasons, you can use the certicate management CLIs to perform that process. By default, the VMCA root certicate expires after ten years, and all certicates that VMCA signs expire when the root certicate expires, that is, after a maximum of ten years.

Figure 1‑5. Certificates Signed by VMCA Are Stored in VECS

18 VMware, Inc.

CA-Cert

VECS

Machine-Cert

Signed

VMware vSphere

VMCA

Root

CA-Cert

Enterprise

CA-Cert

Signed Signed

Chapter 1 Introduction to vSphere Installation and Setup

Make VMCA an Intermediate CA

You can replace the VMCA root certicate with a certicate that is signed by an enterprise CA or third-party CA. VMCA signs the custom root certicate each time it provisions certicates, making VMCA an intermediate CA.

N If you perform a fresh install that includes an external Platform Services Controller, install the Platform Services Controller rst and replace the VMCA root certicate. Next, install other services or add ESXi hosts to your environment. If you perform a fresh install with an embedded Platform Services Controller, replace the VMCA root certicate before you add ESXi hosts. If you do, all certicates are signed by the whole chain, and you do not have to generate new certicates.

Figure 1‑6. Certificates Signed by a Third-Party or Enterprise CA Use VMCA as an Intermediate CA

Do Not Use VMCA, Provision with Custom Certificates

You can replace the existing VMCA-signed certicates with custom certicates. If you use that approach, you are responsible for all certicate provisioning and monitoring.

VMware, Inc. 19

Unused

VECS

Machine-Cert

VMware vSphere

VMCA

External CA

(Commercial or

Enterprise)

Signed

vSphere Installation and Setup

Figure 1‑7. External Certificates are Stored Directly in VECS

Hybrid Deployment

You can have VMCA supply some of the certicates, but use custom certicates for other parts of your infrastructure. For example, because solution user certicates are used only to authenticate to vCenter Single Sign-On, consider having VMCA provision those certicates. Replace the machine SSL certicates with custom certicates to secure all SSL trac.

ESXi Certificate Replacement

For ESXi hosts, you can change certicate provisioning behavior from the vSphere Web Client.

VMware Certificate Authority mode (default)

When you renew certicates from the vSphere Web Client, VMCA issues the certicates for the hosts. If you changed the VMCA root certicate to include a certicate chain, the host certicates include the full chain.

Custom Certificate Authority mode

Thumbprint mode

Allows you to manually update and use certicates that are not signed or issued by VMCA.

Can be used to retain 5.5 certicates during refresh. Use this mode only temporarily in debugging situations.

Enhanced Linked Mode Overview

Enhanced Linked Mode connects multiple vCenter Server systems together by using one or more Platform Services Controllers.

Enhanced Linked Mode lets you view and search across all linked vCenter Server systems and replicate roles, permissions, licenses, policies, and tags.

When you install vCenter Server or deploy the vCenter Server Appliance with an external Platform Services Controller, you must rst install the Platform Services Controller. During installation of the Platform Services Controller, you can select whether to create a new vCenter Single Sign-On domain or join an existing domain. You can select to join an existing vCenter Single Sign-On domain if you have already installed or deployed a Platform Services Controller, and have created a vCenter Single Sign-On domain. When you join an existing vCenter Single Sign-On domain, the data between the existing Platform Services Controller and the new Platform Services Controller is replicated, and the infrastructure data is replicated between the two Platform Services Controllers.

20 VMware, Inc.

Chapter 1 Introduction to vSphere Installation and Setup

With Enhanced Linked Mode, you can connect not only vCenter Server systems running on Windows but also many vCenter Server Appliances. You can also have an environment where multiple vCenter Server systems and vCenter Server Appliances are linked together.

If you install vCenter Server with an external Platform Services Controller, you rst must deploy the Platform Services Controller on one virtual machines or physical server and then deploy vCenter Server on another virtual machines or physical server. While installing vCenter Server, you must select the external Platform Services Controller. Make sure that the Platform Services Controller you select is an external standalone Platform Services Controller. Selecting an existing Platform Services Controller that is a part of an embedded installation is not supported and cannot be recongured after the deployment. For information about the recommended topologies, see hp://kb.vmware.com/kb/2108548.

VMware, Inc. 21

vSphere Installation and Setup

22 VMware, Inc.

System Requirements 2

Systems running vCenter Server on Windows, the vCenter Server Appliance, and ESXi instances must meet specic hardware and operating system requirements.

If you are using Auto Deploy to provision ESXi hosts, see also “Preparing for vSphere Auto Deploy,” on page 84.

This chapter includes the following topics:

“ESXi Requirements,” on page 23

“vCenter Server for Windows Requirements,” on page 29

“vCenter Server Appliance Requirements,” on page 31

“Required Ports for vCenter Server and Platform Services Controller,” on page 33

“vSphere DNS Requirements,” on page 37

“vSphere Web Client Software Requirements,” on page 38

“Client Integration Plug-In Software Requirements,” on page 38

“vSphere Client Requirements,” on page 39

“Required Free Space for System Logging,” on page 40

ESXi Requirements

To install ESXi 6.0 or upgrade to ESXi 6.0, your system must meet specic hardware and software requirements.

ESXi Hardware Requirements

Make sure the host meets the minimum hardware congurations supported by ESXi 6.0.

Hardware and System Resources

To install or upgrade ESXi 6.0, your hardware and system resources must meet the following requirements:

Supported server platform . For a list of supported platforms, see the VMware Compatibility Guide at

hp://www.vmware.com/resources/compatibility.

ESXi 6.0 requires a host machine with at least two CPU cores.

ESXi 6.0 supports 64-bit x86 processors released after September 2006. This includes a broad range of

multi-core processors. For a complete list of supported processors, see the VMware compatibility guide at hp://www.vmware.com/resources/compatibility.

VMware, Inc.

vSphere Installation and Setup

ESXi 6.0 requires the NX/XD bit to be enabled for the CPU in the BIOS.

ESXi requires a minimum of 4GB of physical RAM. It is recommended to provide at least 8 GB of RAM

to run virtual machines in typical production environments.

To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must

be enabled on x64 CPUs.

One or more Gigabit or faster Ethernet controllers. For a list of supported network adapter models, see

the VMware Compatibility Guide at hp://www.vmware.com/resources/compatibility.

SCSI disk or a local, non-network, RAID LUN with unpartitioned space for the virtual machines.

For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board

SATA controllers. SATA disks will be considered remote, not local. These disks will not be used as a scratch partition by default because they are seen as remote.

N You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 6.0 host. To use the SATA CD-ROM device, you must use IDE emulation mode.

Storage Systems

For a list of supported storage systems, see the VMware Compatibility Guide at

hp://www.vmware.com/resources/compatibility. For Software Fibre Channel over Ethernet (FCoE), see

“Installing and Booting ESXi with Software FCoE,” on page 55.

ESXi Booting Requirements

vSphere 6.0 supports booting ESXi hosts from the Unied Extensible Firmware Interface (UEFI). With UEFI, you can boot systems from hard drives, CD-ROM drives, or USB media. Network booting or provisioning with VMware Auto Deploy requires the legacy BIOS rmware and is not available with UEFI.

ESXi can boot from a disk larger than 2TB provided that the system rmware and the rmware on any addin card that you are using support it. See the vendor documentation.

N Changing the boot type from legacy BIOS to UEFI after you install ESXi 6.0 might cause the host to fail to boot. In this case, the host displays an error message similar to Not a VMware boot bank. Changing the host boot type between legacy BIOS and UEFI is not supported after you install ESXi 6.0.

Storage Requirements for ESXi 6.0 Installation or Upgrade

Installing ESXi 6.0 or upgrading to ESXi 6.0 requires a boot device that is a minimum of 1GB in size. When booting from a local disk, SAN or iSCSI LUN, a 5.2GB disk is required to allow for the creation of the VMFS volume and a 4GB scratch partition on the boot device . If a smaller disk or LUN is used, the installer aempts to allocate a scratch region on a separate local disk. If a local disk cannot be found the scratch partition, /scratch, is located on the ESXi host ramdisk, linked to /tmp/scratch. You can recongure /scratch to use a separate disk or LUN. For best performance and memory optimization, do not leave /scratch on the ESXi host ramdisk.

To recongure /scratch, see “Set the Scratch Partition from the vSphere Web Client,” on page 176.

Due to the I/O sensitivity of USB and SD devices the installer does not create a scratch partition on these devices. When installing or upgrading on USB or SD devices, the installer aempts to allocate a scratch region on an available local disk or datastore. If no local disk or datastore is found, /scratch is placed on the ramdisk. After the installation or upgrade, you should recongure /scratch to use a persistent datastore. Although a 1GB USB or SD device suces for a minimal installation, you should use a 4GB or larger device. The extra space will be used for an expanded coredump partition on the USB/SD device. Use a high quality USB ash drive of 16GB or larger so that the extra ash cells can prolong the life of the boot media, but high quality drives of 4GB or larger are sucient to hold the extended coredump partition. See Knowledge Base article hp://kb.vmware.com/kb/2004784.

24 VMware, Inc.

Chapter 2 System Requirements

In Auto Deploy installations, the installer aempts to allocate a scratch region on an available local disk or datastore. If no local disk or datastore is found, /scratch is placed on ramdisk. You should recongure /scratch to use a persistent datastore following the installation.

For environments that boot from a SAN or use Auto Deploy, you need not allocate a separate LUN for each ESXi host. You can co-locate the scratch regions for many ESXi hosts onto a single LUN. The number of hosts assigned to any single LUN should be weighed against the LUN size and the I/O behavior of the virtual machines.

Supported Remote Management Server Models and Firmware Versions

You can use remote management applications to install or upgrade ESXi, or to manage hosts remotely.

Table 2‑1. Supported Remote Management Server Models and Minimum Firmware Versions

Remote Management Server Model Firmware Version Java

Dell DRAC 7 1.30.30 (Build 43) 1.7.0_60-b19

Dell DRAC 6 1.54 (Build 15), 1.70 (Build 21) 1.6.0_24

Dell DRAC 5 1.0, 1.45, 1.51 1.6.0_20,1.6.0_203

Dell DRAC 4 1.75 1.6.0_23

HP ILO 1.81, 1.92 1.6.0_22, 1.6.0_23

HP ILO 2 1.8, 1.81 1.6.0_20, 1.6.0_23

HP ILO 3 1.28 1.7.0_60-b19

HP ILO 4 1.13 1.7.0_60-b19

IBM RSA 2 1.03, 1.2 1.6.0_22

Recommendations for Enhanced ESXi Performance

To enhance performance, install or upgrade ESXi on a robust system with more RAM than the minimum required and with multiple physical disks.

For ESXi system requirements, see “ESXi Hardware Requirements,” on page 23. See also the technical papers on vSphere performance at

hps://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-perestpractices-vsphere6-0-white-paper.pdf.

VMware, Inc. 25

vSphere Installation and Setup

Table 2‑2. Recommendations for Enhanced Performance

System Element Recommendation

RAM ESXi hosts require more RAM than typical servers. Provide

Dedicated Fast Ethernet adapters for virtual machines Place the management network and virtual machine

Disk location Place all data that your virtual machines use on physical

VMFS5 partitioning The ESXi installer creates the initial VMFS volumes on the

Processors Faster processors improve ESXi performance. For certain

Hardware compatibility Use devices in your server that are supported by ESXi 6.0

at least 8GB of RAM to take full advantage of ESXi features and run virtual machines in typical production environments. An ESXi host must have sucient RAM to run concurrent virtual machines. The following examples are provided to help you calculate the RAM required by the virtual machines running on the ESXi host.

Operating four virtual machines with Red Hat Enterprise Linux or Windows XP requires at least 3GB of RAM for baseline performance. This gure includes approximately 1024MB for the virtual machines, 256MB minimum for each operating system as recommended by vendors.

Running these four virtual machines with 512MB RAM requires that the ESXi host have approximately 4GB RAM, which includes 2048MB for the virtual machines.

These calculations do not take into account possible memory savings from using variable overhead memory for each virtual machine. See vSphere Resource Management.

networks on dierent physical network cards. Dedicated Gigabit Ethernet cards for virtual machines, such as Intel PRO 1000 adapters, improve throughput to virtual machines with high network trac.

disks allocated specically to virtual machines. Performance is beer when you do not place your virtual machines on the disk containing the ESXi boot image. Use physical disks that are large enough to hold disk images that all the virtual machines use.

rst blank local disk found. To add disks or modify the original conguration, use the vSphere Web Client. This practice ensures that the starting sectors of partitions are 64K-aligned, which improves storage performance.

N For SAS-only environments, the installer might not format the disks. For some SAS disks, it is not possible to identify whether the disks are local or remote. After the installation, you can use the vSphere Web Client to set up VMFS.

workloads, larger caches improve ESXi performance.

drivers. See the Hardware Compatibility Guide at

hp://www.vmware.com/resources/compatibility.

Incoming and Outgoing Firewall Ports for ESXi Hosts

The vSphere Web Client allows you to open and close rewall ports for each service or to allow trac from selected IP addresses.

The following table lists the rewalls for services that are usually installed. If you install other VIBs on your host, additional services and rewall ports might become available.

26 VMware, Inc.

Chapter 2 System Requirements

Table 2‑3. Incoming Firewall Connections

Service Port Comment

CIM Server 5988 (TCP) Server for CIM (Common Information Model).

CIM Secure Server 5989 (TCP) Secure server for CIM.

CIM SLP 427 (TCP, UDP) The CIM client uses the Service Location Protocol,

version 2 (SLPv2) to nd CIM servers.

DHCPv6 546 (TCP, UDP) DHCP client for IPv6.

DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states

of distributed virtual ports between hosts that have VMware FT record/replay enabled. Only hosts that run primary or backup virtual machines must have these ports open. On hosts that are not using VMware FT these ports do not have to be open.

NFC 902 (TCP) Network File Copy (NFC) provides a le-type-

aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default.

Virtual SAN Clustering Service 12345, 23451 (UDP) Virtual SAN Cluster Monitoring and Membership

Directory Service. Uses UDP-based IP multicast to establish cluster members and distribute Virtual SAN metadata to all cluster members. If disabled, Virtual SAN does not work.

DHCP Client 68 (UDP) DHCP client for IPv4.

DNS Client 53 (UDP) DNS client.

Fault Tolerance 8200, 8100, 8300 (TCP, UDP) Trac between hosts for vSphere Fault Tolerance

(FT).

NSX Distributed Logical Router Service

Virtual SAN Transport 2233 (TCP) Virtual SAN reliable datagram transport. Uses

SNMP Server 161 (UDP) Allows the host to connect to an SNMP server.

SSH Server 22 (TCP) Required for SSH access.

vMotion 8000 (TCP) Required for virtual machine migration with

vSphere Web Client 902, 443 (TCP) Client connections

vsanvp 8080 (TCP) VSAN VASA Vendor Provider. Used by the

vSphere Web Access 80 (TCP) Welcome page, with download links for dierent

6999 (UDP) NSX Virtual Distributed Router service. The

rewall port associated with this service is opened when NSX VIBs are installed and the VDR module is created. If no VDR instances are associated with the host, the port does not have to be open.

This service was called NSX Distributed Logical Router in earlier versions of the product.

TCP and is used for Virtual SAN storage IO. If disabled, Virtual SAN does not work.

vMotion.

Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage proles, capabilities, and compliance. If disabled, Virtual SAN Storage Prole Based Management (SPBM) does not work.

interfaces.

VMware, Inc. 27

vSphere Installation and Setup

Table 2‑4. Outgoing Firewall Connections

Service Port Comment

CIM SLP 427 (TCP, UDP) The CIM client uses the Service Location Protocol,

DHCPv6 547 (TCP, UDP) DHCP client for IPv6.

DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states

HBR 44046, 31031 (TCP) Used for ongoing replication trac by vSphere

NFC 902 (TCP) Network File Copy (NFC) provides a le-type-

WOL 9 (UDP) Used by Wake on LAN.

Virtual SAN Clustering Service 12345 23451 (UDP) Cluster Monitoring, Membership, and Directory

DHCP Client 68 (UDP) DHCP client.

DNS Client 53 (TCP, UDP) DNS client.

Fault Tolerance 80, 8200, 8100, 8300 (TCP, UDP) Supports VMware Fault Tolerance.

Software iSCSI Client 3260 (TCP) Supports software iSCSI.

NSX Distributed Logical Router Service

rabbitmqproxy 5671 (TCP) A proxy running on the ESXi host that allows

Virtual SAN Transport 2233 (TCP) Used for RDT trac (Unicast peer to peer

vMotion 8000 (TCP) Required for virtual machine migration with

VMware vCenter Agent 902 (UDP) vCenter Server agent.

vsanvp 8080 (TCP) Used for Virtual SAN Vendor Provider trac.

version 2 (SLPv2) to nd CIM servers.

Replication and VMware Site Recovery Manager.

aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default.

Service used by Virtual SAN.

6999 (UDP) The rewall port associated with this service is

opened when NSX VIBs are installed and the VDR module is created. If no VDR instances are associated with the host, the port does not have to be open.

applications running inside virtual machines to communicate to the AMQP brokers running in the vCenter network domain. The virtual machine does not have to be on the network, that is, no NIC is required. The proxy connects to the brokers in the vCenter network domain. Therefore, the outgoing connection IP addresses should at least include the current brokers in use or future brokers. Brokers can be added if customer would like to scale up.

communication) between Virtual SAN nodes.

vMotion.

28 VMware, Inc.

vCenter Server for Windows Requirements

To install vCenter Server on a Windows virtual machine or physical server, your system must meet specic hardware and software requirements.

Synchronize the clocks of the virtual machines on which you plan to install vCenter Server and the

Platform Services Controller. See “Synchronizing Clocks on the vSphere Network,” on page 211.

Verify that the DNS name of the virtual machine or physical server matches the actual full computer

name.

Verify that the host name of the virtual machine or physical server that you are installing or upgrading

vCenter Server on complies with RFC 1123 guidelines.

Verify that the system on which you are installing vCenter Server is not an Active Directory domain

controller.

If your vCenter Server service is running in a user account other than the Local System account, verify

that the user account in which the vCenter Server service is running has the following permissions:

Member of the Administrators group

Log on as a service

Act as part of the operating system (if the user is a domain user)

Chapter 2 System Requirements

If the system that you use for your vCenter Server installation belongs to a workgroup rather than a

domain, not all functionality is available to vCenter Server. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and systems available on the network when using some features. Your host machine must be connected to a domain if you want to add Active Directory identity sources after the installation.

Verify that the LOCAL SERVICE account has read permission on the folder in which vCenter Server is

installed and on the HKLM registry.

Verify that the connection between the virtual machine or physical server and the domain controller is

working.

vCenter Server for Windows Pre-Install Checks

When you install vCenter Server and the Platform Services Controller, the installer does a pre-install check, for example, to verify that enough space is available on the virtual machine or physical server where you are installing vCenter Server, and veries that the external database, if any, can be successfully accessed.

When you deploy vCenter Server with an embedded Platform Services Controller, or an external Platform Services Controller, vCenter Single Sign-On is installed as part of the Platform Services Controller. At the time of installation, the installer provides you with the option to join an existing vCenter Single SignOn server domain. When you provide the information about the other vCenter Single Sign-On service, the installer uses the administrator account to check the host name and password, to verify that the details of the vCenter Single Sign-On server you provided can be authenticated before proceeding with the installation process.

The pre-install checker performs checks for the following aspects of the environment:

Windows version

Minimum processor requirements

Minimum memory requirements

Minimum disk space requirements

Permissions on the selected install and data directory

VMware, Inc. 29

vSphere Installation and Setup

Internal and external port availability

External database version

External database connectivity

Administrator privileges on the Windows machine

Any credentials that you enter

For information about the minimum storage requirements, see “vCenter Server for Windows Storage

Requirements,” on page 30. For information about the minimum hardware requirements, see “vCenter Server for Windows Hardware Requirements,” on page 30.

vCenter Server for Windows Hardware Requirements

When you install vCenter Server on a virtual machine or physical server running Microsoft Windows, your system must meet specic hardware requirements.

You can install vCenter Server and the Platform Services Controller on the same virtual machine or physical server or on dierent virtual machines or physical servers. When you install vCenter Server with an embedded Platform Services Controller, you install vCenter Server and the Platform Services Controller on the same virtual machine or physical server. When you install the vCenter Server with an external Platform Services Controller, rst install the Platform Services Controller that contains all of the required services on one virtual machine or physical server, and then install vCenter Server and the vCenter Server components on another virtual machine or physical server.

N Installing vCenter Server on a network drive or USB ash drive is not supported.

Table 2‑5. Minimum Recommended Hardware Requirements for Installing vCenter Server and Platform Services Controller on Windows

vCenter Server with an Embedded or External Platform Services Controller for a Tiny Environment (up to 10

Hosts, 100 Platform Services Controller

Number of CPUs 2 2 4 8 16

Memory 2 GB RAM 8 GB RAM 16 GB RAM 24 GB RAM 32 GB RAM

Virtual

Machines)

vCenter Server with an Embedded or External Platform Services Controller for a Small Environment (up to 100 Hosts, 1000 Virtual Machines)

vCenter Server with an Embedded or External Platform Services Controller for a Medium Environment (up to 400 Hosts, 4,000 Virtual Machines)

For the hardware requirements of your database, see the database documentation. The database requirements are in addition to the vCenter Server requirements if the database and vCenter Server run on the same machine.

vCenter Server for Windows Storage Requirements

When you install vCenter Server, your system must meet minimum storage requirements.

vCenter Server with an Embedded or External Platform Services Controller for a Large Environment (up to 1,000 Hosts, 10,000 Virtual Machines)

The storage requirements per folder depend on the deployment model that you decide to install. During installation, you can select a folder other than the default C:\Program Files\VMware folder to install vCenter Server and the Platform Services Controller. You can also select a folder other than the default

C:\ProgramData\VMware\vCenterServer\ in which to store data.

30 VMware, Inc.

+ 270 hidden pages

VMware vSphere - 6.0.2 Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About vSphere Installation and Setup

Updated Information

vCenter Server Components and Services

vCenter Server Deployment Models

Overview of the vSphere Installation and Setup Process

vSphere Security Certificates Overview

Certificate Replacement Overview

Enhanced Linked Mode Overview

System Requirements 2

ESXi Requirements

ESXi Hardware Requirements

Supported Remote Management Server Models and Firmware Versions

Recommendations for Enhanced ESXi Performance

Incoming and Outgoing Firewall Ports for ESXi Hosts

vCenter Server for Windows Requirements

vCenter Server for Windows Pre-Install Checks

vCenter Server for Windows Hardware Requirements

vCenter Server for Windows Storage Requirements