Professional Documents
Culture Documents
Table of Contents
HOL-2011-91-SDC-vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale 2
Overview - vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale ... 3
Lifecycle Management Operations ......................................................................... 4
Getting Started with Update Manager ................................................................. 11
Embedded Linked Mode ....................................................................................... 25
Lightning Lab Conclusion ..................................................................................... 26
Appendix - Lab Guidance ..................................................................................... 27
Appendix - Enhanced vCenter Server Appliance ................................................... 31
HOL-2011-91-SDC Page 1
HOL-2011-91-SDC
HOL-2011-91-SDC-
vSphere 6.7 Lightning
Lab: Simple & Efficient
Management at Scale
HOL-2011-91-SDC Page 2
HOL-2011-91-SDC
We have developed Lightning Labs to help you learn about VMware products in small
segments of time.
In this lab, you will explore vSphere 6.7 Update 2 improvements and new features in
ESXi and vCenter Server management and lifecycle:
• Lifecycle Management
• Getting Started with Update Manager
• Embedded Linked Mode
Lab Captain:
Interested in learning what else you can do with vSphere 6.7 Update 2? Explore the full
lab: vSphere - Getting Started
• https://labs.hol.vmware.com
Below are the lab modules included in the complete vSphere - Getting Started lab:
If you have never taken a lab, view the to see best practices and tips on how to use the
lab environment console.
HOL-2011-91-SDC Page 3
HOL-2011-91-SDC
Before starting the lab, we recommend taking a moment to review vSphere 6.7 new
features and enhancements developed around vCenter Server Appliance.
1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.
HOL-2011-91-SDC Page 4
HOL-2011-91-SDC
Using the Chrome web browser, navigate to the URL for the Web client. For this lab, you
can use the shortcut in the address bar.
Please Note: All of the user credentials used in this lab are listed in the README.TXT file
on the desktop.
The lab desktop is limited to 1280x800 screen resolution. It might be helpful to zoom
out the browser for better readability.
This will provide more viewing space while still allowing you to read the text.
HOL-2011-91-SDC Page 5
HOL-2011-91-SDC
HOL-2011-91-SDC Page 6
HOL-2011-91-SDC
1. Click on Updates
2. Filter on the ID
3. Enter 2018
The results will be filtered for any patches released in 2018. You can also filter by the
version, under releases, category and type.
With the introduction of embedded linked mode in vSphere 6.7, you can now manage
Update Manager instances through the same interface.
HOL-2011-91-SDC Page 7
HOL-2011-91-SDC
Hosts that are currently on ESXi 6.5 will be upgraded to 6.7 significantly faster than ever
before. This is because several optimizations have been made for that upgrade path,
including eliminating one of two reboots traditionally required for a host upgrade. In the
past, hosts that were upgraded with Update Manager were rebooted a first time in order
to initiate the upgrade process, and then rebooted once again after the upgrade was
complete. Modern server hardware, equipped with hundreds of gigabytes of RAM,
typically take several minutes to initialize and perform self-tests. Doing this hardware
initialization twice during an upgrade really adds up, so this new optimization will
significantly shorten the maintenance windows required to upgrade clusters of vSphere
infrastructure.
These new improvements reduce the overall time required to upgrade clusters,
shortening maintenance windows so that valuable efforts can be focused elsewhere.
Recall that, because of DRS and vMotion, applications are never subject to downtime
during hypervisor upgrades VMs are moved seamlessly from host to host, as needed.
What is the Quick Boot functionality? Quick Boot functionality allows restarting only the
hypervisor instead of going through a full reboot of the host hardware including
POSTing, etc. This functionality is utilized with vSphere Update Manager so that
patching and upgrades are completed much more quickly. A note here before getting
excited about potential backwards compatibility, this functionality is only available for
hosts that are running ESXi 6.7. Even if your hardware is compatible with the new Quick
Boot, if you are running a legacy version of ESXi, this won't be available.
Host reboots occur infrequently but are typically necessary after activities such as
applying a patch to the hypervisor or installing a third-party component or driver.
Modern server hardware that is equipped with large amounts of RAM may take many
minutes to perform device initialization and self-tests.
Due to the nature of our lab, we can't demonstrate Quick Boot because ESXi running on
ESXi! Click on this video to watch Quick Boot in action!
HOL-2011-91-SDC Page 8
HOL-2011-91-SDC
While we can't watch the reboot go any faster in this lab, let's go check where we
enable this setting.
HOL-2011-91-SDC Page 9
HOL-2011-91-SDC
HOL-2011-91-SDC Page 10
HOL-2011-91-SDC
vSphere Update Manager is installed and running by default in the vCenter Server
Appliance. Each vCenter Appliance will have a single vSphere Update Manager paired
with it.
1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.
HOL-2011-91-SDC Page 11
HOL-2011-91-SDC
Using the Chrome web browser, navigate to the URL for the Web client. For this lab, you
can use the shortcut in the address bar.
Please Note: All of the user credentials used in this lab are listed in the README.TXT file
on the desktop.
HOL-2011-91-SDC Page 12
HOL-2011-91-SDC
The lab desktop is limited to 1280x800 screen resolution. It might be helpful to zoom
out the browser for better readability.
This will provide more viewing space while still allowing you to read the text.
HOL-2011-91-SDC Page 13
HOL-2011-91-SDC
Select vcsa-01b.corp.local
HOL-2011-91-SDC Page 14
HOL-2011-91-SDC
Baseline groups are assembled from existing baselines, and might contain one upgrade
baseline per type of upgrade baseline, and one or more patch and extension baselines.
When you scan hosts, virtual machines, and virtual appliances, you evaluate them
against baselines and baseline groups to determine their level of compliance.
• Critical Host Patches - Checks ESXi hosts for compliance with all critical
patches
• Non-Critical Host Patches - Checks ESXi hosts for compliance with all optional
patches
We are going to create a new baseline, which we will then use to scan a vSphere host so
that we can make sure that it has the latest patches.
HOL-2011-91-SDC Page 15
HOL-2011-91-SDC
Create Baseline
HOL-2011-91-SDC Page 16
HOL-2011-91-SDC
This screen gives the baseline the ability to continually update itself based on the
criteria you select. You can use these options to narrow the scope of the patches added
to this baseline (selecting embeddedEsx 6.5.0 would limit this baseline to only those
patches relevant to ESXi 6.5).
• Vendor
• Product
• Severity (Critical, Important, Moderate, Low)
• Category (Security, BugFix, Enhancement, Other)
1. For our example, we will leave the default setting to automatically update the
baseline as new patches become available. We will also leave the default Criteria
settings of Any for all options.
2. Click Next
HOL-2011-91-SDC Page 17
HOL-2011-91-SDC
From this screen you have the ability to manually select patches for the baseline to
include. Since we have selected the option to have this baseline automatically updated,
this screen will appear without patches to select. If you disable the automatic option in
the previous screen, you would now be presented with a listing of all patches available
which you could manually select to include in this baseline.
1. Click Next
HOL-2011-91-SDC Page 18
HOL-2011-91-SDC
Summary
Review the settings of the patch baseline you created before finishing the wizard
Next, we are going to attach the baseline we just created to a host. This makes sure that
scanning and remediation happens for the host.
HOL-2011-91-SDC Page 19
HOL-2011-91-SDC
HOL-2011-91-SDC Page 20
HOL-2011-91-SDC
1. Select HOL Host Baseline - this is the new Baseline that we just created
2. Click Attach
HOL-2011-91-SDC Page 21
HOL-2011-91-SDC
Before we scan the host for compliance against our new baseline, let's verify the new
baseline is attached and see what the current status of its compliance is.
In the next step, we will scan the host and see if it is in compliance with the attached
baseline.
HOL-2011-91-SDC Page 22
HOL-2011-91-SDC
We will now scan this host to see if it is compliant with the baseline.
Had this host been missing any patches identified in the baseline criteria, the status
would have shown "Not Compliant" indicating the host is missing a patch identified in
the baseline, you could then remediate this host using the Remediate option on this
screen.
HOL-2011-91-SDC Page 23
HOL-2011-91-SDC
vSphere Update Manager can also be used to update the VMware tools on a virtual
machine. The following video outlines the process.
HOL-2011-91-SDC Page 24
HOL-2011-91-SDC
With vCenter Embedded Linked Mode, you can connect multiple vCenter Server
Appliances with embedded Platform Services Controllers together to form a domain.
vCenter Embedded Linked Mode is not supported for Windows vCenter Server
installations. vCenter Embedded Linked Mode is supported starting with vSphere 6.5
Update 2 and suitable for most deployments.
HOL-2011-91-SDC Page 25
HOL-2011-91-SDC
Thank you for taking the vSphere 6.7 Lightning Lab: Simple & Efficient Management at
Scale
Interested in learning what else you can do with vSphere 6.7? Explore the full lab:
vSphere - Getting Started
• https://labs.hol.vmware.com
Below are the lab modules included in the complete vSphere - Getting Started lab:
HOL-2011-91-SDC Page 26
HOL-2011-91-SDC
1. The area in the RED box contains the Main Console. The Lab Manual is on the tab
to the Right of the Main Console.
2. A particular lab may have additional consoles found on separate tabs in the upper
left. You will be directed to open another specific console if needed.
3. Your lab starts with 90 minutes on the timer. The lab cannot be saved. All your
work must be done during the lab session. But you can click the EXTEND to
increase your time. If you are at a VMware event, you can extend your lab time
twice, for up to 30 minutes. Each click gives you an additional 15 minutes.
Outside of VMware events, you can extend your lab time up to 9 hours and 30
minutes. Each click gives you an additional hour.
During this module, you will input text into the Main Console. Besides directly typing it
in, there are two very helpful methods of entering data which make it easier to enter
complex data.
HOL-2011-91-SDC Page 27
HOL-2011-91-SDC
You can also click and drag text and Command Line Interface (CLI) commands directly
from the Lab Manual into the active window in the Main Console.
You can also use the Online International Keyboard found in the Main Console.
1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.
HOL-2011-91-SDC Page 28
HOL-2011-91-SDC
In this example, you will use the Online Keyboard to enter the "@" sign used in email
addresses. The "@" sign is Shift-2 on US keyboard layouts.
HOL-2011-91-SDC Page 29
HOL-2011-91-SDC
Please check to see that your lab is finished all the startup routines and is ready for you
to start. If you see anything other than "Ready", please wait a few minutes. If after 5
minutes your lab has not changed to "Ready", please ask for assistance.
HOL-2011-91-SDC Page 30
HOL-2011-91-SDC
Installation
One significant change for the vCenter Server Appliance is around simplifying the
architecture. vSphere 6.7 Update 2 allows you to deploy the vCenter Server Appliance
with Embedded PSC with Enhanced Link Mode. Now all vCenter Server services are
running on a single instance. Let's take a look at the benefits this deployment model
brings:
• No load balancer required for high availability and fully supports native vCenter
Server High Availability.
• SSO Site boundary removal provides flexibility of placement.
• Supports vSphere scale maximums.
• Allows for 15 deployments in a vSphere Single Sign-On Domain.
• Reduces the number of nodes to manage and maintain.
Migration Tool
vSphere 6.7 is the last release to include vCenter Server for Windows. Customers can
migrate to the vCenter Server Appliance with the built-in Migration Tool. In vSphere 6.7
Update 2, we can select how to import the historical and performance data during a
migration:
Customers will also get an estimated time of how long each option will take when
migrating. Estimated time will vary based on historical and performance data size in
your environment. While importing data in the background, customers have the option
to pause and resume. This new ability is available in the vSphere Appliance
Management Interface (VAMI). Another improvement to the migration process is support
of custom ports. Customers who changed the default Windows vCenter Server ports are
no longer blocked.
HOL-2011-91-SDC Page 31
HOL-2011-91-SDC
We will now log into the vCSA and take a look at some of the enhancements
1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.
HOL-2011-91-SDC Page 32
HOL-2011-91-SDC
This will provide more viewing space while still allowing you to read the text.
HOL-2011-91-SDC Page 33
HOL-2011-91-SDC
However, vSphere 6.7 Update 2 now allows local vSphere SSO users to log into the
VAMI. The local vSphere SSO users must be a member of the
SystemConfiguration.Administrators group. In addition, members of the
SystemConfiguration.BashShellAdministrators group can use their local vSphere SSO
account to log into the VCSA bash shell. From a security perspective, using a local SSO
user account to manage the VAMI makes it easier to audit the user who logged in and
track actions performed by that user.
A lot of investment went into improving monitoring for the vCenter Server Appliance. We
saw these improvements starting in vSphere 6.5, and vSphere 6.7 Update 2 has added
several new enhancements. When accessing the vSphere Appliance Management
Interface (VAMI) on port 5480, the first thing we notice is the VAMI has been updated to
HOL-2011-91-SDC Page 34
HOL-2011-91-SDC
the Clarity UI. We also notice there are several new tabs on the left-hand side compared
to vSphere 6.5.
There is now a tab dedicated to monitoring where we can see CPU, memory, disk,
network, and database utilization.
HOL-2011-91-SDC Page 35
HOL-2011-91-SDC
A new section of the monitoring tab called Disks is now available. Customers can now
see each of the disk partitions for the vCenter Server appliance along with the
remaining space available and utilization.
1. Click the Disks tab. Review the partitions and utilization of the disks for the
vCenter Server appliance
2. Click the Network tab to see transfer rates for network packets
3. Click the Database tab to see space utilization
Firewall
In vSphere 6.7 Update 2, firewall rules can be managed for the vCenter Server
Appliance directly from the VAMI. In the past, this functionality was only available using
the VAMI APIs.
We will create a new firewall rule for the vCenter Server appliance.
HOL-2011-91-SDC Page 36
HOL-2011-91-SDC
The firewall rule is now displayed. We will now delete this rule.
1. In the Firewall section, click the radio button next to the firewall rule that will be
deleted
2. Click Delete
HOL-2011-91-SDC Page 37
HOL-2011-91-SDC
1. Click Delete to confirm that you want to remove the firewall rule
Services
The Services tab is now located in the VAMI and provides out-of-band troubleshooting.
All of the services that make up the vCenter Server Appliance, their startup type, health,
and state are visible here. We are also given the option to start, stop, and restart
services if needed.
HOL-2011-91-SDC Page 38
HOL-2011-91-SDC
While the Syslog and Update tabs are not new to the VAMI, there are improvements in
these areas. Syslog now supports up to three syslog forwarding targets. There is now
more flexibility in patching and updating. From the Update tab, we will now have the
option to select which patch or update to apply. Customers will also have more
information including type, severity, and if a reboot is necessary. Expanding a patch or
update in the view will display more information about what is included. Finally, we can
now stage and install a patch or update from the VAMI. This capability was previously
only available from the CLI.
In vSphere 6.7 Update 2, the vCenter Server Appliance (vCSA) has an out-of-the-box file-
based backup and restore solution. You can back up all of vCenter Server’s core
configuration, inventory, and historical data to a single folder. The newest supported
protocols for built-in file-based Backup and Restore include Network File System
(NFS) & Samba (SMB). The addition of NFS and SMB now brings the protocol choices
up to 7 total (HTTP, HTTPS, FTP, FTPS, SCP, NFS, and SMB) when configuring a vCenter
Server for file-based Backup or Restore. Currently supported versions of these new
protocols are NFSv3 and SMB2. When it is time to restore to a previous backup, you can
deploy a new appliance, point to the folder location of the vCenter Server backup files,
and restore all of the vCenter server's configuration and inventory data (with optional
historical data) from the backup. Improvements to the Backup functionality in vCenter
6.7 Update 2 include a scheduling option!
HOL-2011-91-SDC Page 39
HOL-2011-91-SDC
Create Backup
HOL-2011-91-SDC Page 40
HOL-2011-91-SDC
Backup Wizard
HOL-2011-91-SDC Page 41
HOL-2011-91-SDC
Backup Status
This step provides a backup status summary which gives you a confirmation of your
backup protocol, location, credentials, encryption, and optional data.
NOTE: Due to the lack of storage in the lab, the transfer will error out.
New to vCenter 6.7 is the ability to create a recurring backup schedule. We will walk
through setting up a schedule to finish off this part of the lab.
HOL-2011-91-SDC Page 42
HOL-2011-91-SDC
HOL-2011-91-SDC Page 43
HOL-2011-91-SDC
1. Click on the small chevron beside the Status to expand the Schedule selection.
2. Confirm that the schedule has been created. You can use the Edit, Disable, or
Delete buttons to manage the scheduled backup job.
The vCenter Server Appliance 6.7 Update 2 CLI also has some new enhancements. Here
we will discuss the repointing enhancements using cmsso-util. While not a new feature,
it was not available in vSphere 6.5 and makes a return in vSphere 6.7.
Customers can now repoint their vCenter Server Appliance across vSphere SSO
domains. Can you say consolidation? The domain repoint feature supports both
embedded and external deployments running vSphere 6.7 Update 2. The domain
HOL-2011-91-SDC Page 44
HOL-2011-91-SDC
repoint feature has a pre-check option and it is highly recommended to use this. The
pre-check compares the two vSphere SSO domains and lists any discrepancies in a JSON
file. This provides the opportunity to resolve any discrepancies before running the
domain repoint tool. The repoint tool can migrate licenses, tags, categories, and
permissions from one vSphere SSO Domain to another.
HOL-2011-91-SDC Page 45
HOL-2011-91-SDC
Another CLI enhancement includes using the CLI installer to manage the vCenter Server
Appliance lifecycle. The vCenter Server Appliance ISO file comes with JSON template
examples. These JSON templates are a way to ensure consistency across installs,
upgrades, and migrations. Usually, we would have to run the JSON template from the
CLI installer one at a time in the correct order. This manual per-node deployment is now
a thing of the past with batch operations. With batch operations, several JSON templates
can be run in sequence from a single directory without intervention. Before running, use
the pre-checks option on the directory to verify the templates including sequence.
HOL-2011-91-SDC Page 46
HOL-2011-91-SDC
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Version: 20200624-163227
HOL-2011-91-SDC Page 47