Objective 3.6 – Determine Datacenter Management Options for a vSphere 5 Physical Design

This objective talks about the vCenter Design, the advanced options that are available with Enterprise Plus license and so on…

Let us start with vCenter Design:

vCenter is the heart of vSphere Management layer, you create Virtual Datacenters, Clusters, resource pools, setup Networking, datastores, assign permissions and so on. vCenter Server can be installed on the Windows Operating System or run as an independent appliance (provided by VMware). As of vSphere 4.1, the requirement to install vCenter are windows 64 bit OS’es, so Windows 2008 R2 64bit should be an optimal choice. vCenter Appliance is

Some general guidelines for deploying vCenter:

  • It shouldn’t be installed on AD Domain Controllers
  • Run vCenter and DB Server as a VM, provide redundancy using VMware HA, vCenter Heartbeat
  • Ensure proper redundancy is provided, incase vCenter is unavailable, components like vMotion, DRS, AutoDeploy, FT, Distributed Switch (management) won’t be available as well
  • Place vCenter and DB VM on separate hosts with Affinity rules
  • Under HA, set the restart priority as High for vCenter, but ensure, AD, DNS and DB Servers are available
  • Use Service accounts for vCenter Service startup
  • If possible, deploy firewall between ESXi hosts & vCenter and between VI Client and vCenter server, this will ensure optimal security
  • In most enterprise organizations, the Database is managed centrally, so the vCenter DB is installed on a separate server either physical or virtual, For DB, allocate enough RAM to allow for caching of all the needed data in memory
  • For statistics level, past day/week should be set to 2 and past month/year should be set to 1 so that the DB doesn’t fill up quickly
  •  If it all you plan to install plugins, either VMware provided or third party storage plugins, ensure enough disk space and RAM is available
  • Only vCenter which are part of Domain can be joined to Linked Mode group. If you wish to block certain parts of your environment from other users  then you need to specifically  deny permissions on that section
  • vCenter Appliance can’t be joined into a Linked Mode group and does not support IPv6
  • As a best practice, always have a local security Admin group and a local security admin account so that if the domain isn’t available, vCenter can still be managed
  • Provide a valid certificate for SSL connections, untrusted certificate are vulnerable to man in the middle attacks

You should clearly define how many vCenter Servers will be required to manage the Physical Data Centers. This requirement is usually driven by the Security Policies of an organization.

  • Define how many vDC will be required per vCenter Server, vDC’s serve as name boundary and also they’re the boundary to vMotion as well
  • Define how many Clusters will be required per vDC and similarly ESXi hosts for each cluster
  • Clusters are useful when you have hosts accessing the shared storage and HA/DRS features require a cluster to be setup
  • As a best practice, shared storage should be visible only to the hosts within a cluster
  • Clusters are useful for future planning, consistency across all hosts using host profiles, monitoring and so on…
  • using EVC (Enhanced vMotion Compatibility) Cluster, you can mix the hosts with different CPU types
  • Enable EVC while first creating the cluster, by doing so later on, VM’s need to powered off
Read Duncan Epping’s article on deploying vCenter as a VM
Read Jason Boche’s article on deploying vCenter on vDS

Distributed Resource Scheduling: DRS in vSphere Clusters uses the power of vMotion to optimize cluster resources. It’s primary function is to load balance VM’s across the hosts to provide better resource usage, and, use special rules for initial placement of VMs so that the cluster is balanced. DRS also provides DPM (Distributed Power Management) which uses vMotion to selectively power down hosts servers while they aren’t needed and power them back again once they are required.

  • Use fully automated as the DRS Automation level as DRS is definitely intelligent than humans to load balance the VMs, provide recommendations and move (using vMotion) the VMs as required
  • Use VM-VM Affinity rules to tie VMs on particular host to minimize the amount of inter-host network traffic. For ex. an application that has a web server
  • Anti Affinity rules lets you put VM on separate hosts, this is applicable to applications which have redundancy requirements, such an ex. would be MS NLB web servers
  • If you want group of VMs to be hosted on group of Hosts, then you first need to create VM & hosts groups and then create VM-Host affinity rules
  • Avoid using must rule, this directly impacts VM restarts by HA. HA will anytime respect the “must rule” and will not restart the VM if there are no resources available to satisfy the rule

VMware Update Manager: Update Manager is an add-on that VMware provides in order to update your ESXi hosts (Version upgrade and patch management) and VMs (Hardware version and VMware Tools)

  • For smaller deployments, VUM can share the vCenter Server, but for larger infrastructure it is recommended to install VUM and its DB on their respective server
  • 2GB RAM should be bare minimum so that host can cache patch files, the patches are transferred over the network
  • It is also best to place the patch store and VUM DB on separate physical disks. This will distribute the I/O and improve performance
  • Upgrading VM hardware is faster if the VM is powered off. Also as VMware tools needs to be updated before VM hardware update so it is desirable if the VM is powered on
  • Upgrade VMware tools while VM is powered on, otherwise update manager needs to power on the VM and then upgrade, this increases the overall time to upgrade
  • Limiting the remediation concurrency level (that is, the maximum number of hosts that can be simultaneously updated) to half the number of hosts in the cluster can reduce vMotion intensity, often resulting in better overall host remediation performance
  • If the cluster utilization is above 80%, it’s best to update hosts during non peak hours, or it’s advisable to suspend or power off some VMs
  • Upgrade your VUM to 4.0 U2, 4.1 or 5.0 if you are updating hosts over slow WAN network
  • With Slow networks, the time taken to remediate the host can be longer than usual, do not interrupt ongoing operations

vCenter Server Heartbeat:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s