Understanding Core Vsphere Components and Technologies Slides

Understanding Core vSphere
Components and Technologies
Matt Allford
DevOps Engineer
@mattallford www.mattallford.com
Components for a vSphere Implementation
ESXi
The virtualization platform on
which you can create and run
virtual workloads
ESXi Requirements
Supported server platform
At least 2 CPU cores, and 4GB ram
NX/XD bit enabled for the CPU
To support 64-bit VMs, hardware virtualization must

be enabled on x64 CPUs
One or more Gigabit or faster ethernet controllers
A boot disk
- 8GB for USB or SD
- 32GB for other types such as HDD, SSD or NVMe
- Boot from SAN
Components for a vSphere Implementation
ESXi vCenter Server

The virtualization platform on Provides centralized administration
which you can create and run and management for ESXi servers
virtual workloads and virtual workloads
vCenter Server
vCenter Server is a preconfigured appliance

- Photon OS
- PostgreSQL
- vSphere authentication services
- vSphere client
- vSphere lifecycle manager
- vSphere auto deploy
Deployed after ESXi

- Can be deployed to an ESXi 6.5 host or later
Can be deployed using a GUI or CLI
vCenter Hardware Requirements
Number of
Memory
vCPUs
Tiny (10 hosts, 100 VMs) 2 12 GB
Small (100 hosts, 1,000 VMs) 4 19 GB
Medium (400 hosts, 4,000 VMs) 8 28 GB
Large (1,000 hosts, 10,000 VMs) 16 37 GB
X-Large (2,500 hosts, 45,000 VMs) 24 56 GB

Prerequisites
General vCenter Server

Download the installation media If deploying to a host, verify the host isn't
in lockdown or maintenance mode, or part
Physical network configuration of a fully automated DRS cluster
ESXi host cabled, firmware upgraded Verify forward and reverse DNS records
are in place
DNS and NTP services
If using NTP servers for time
Firewall rules synchronization, verify the servers are
running and synced
If deploying a vCenter Server as part of
Enhanced Linked Mode, create an image-
based backup of existing vCenter nodes
vCenter Server
Deployed as a self-contained appliance

(VCSA)
All services run in a single machine
- External Platform Services Controller (PSC)
no longer supported
- The vSphere Authentication publication
replaces the Platform Services Controller
Administration publication
Every vCenter Server joins a Single Sign On

(SSO) domain
Single Sign On and Linked Mode
vsphere.local vsphere.local
vCenter Server vCenter Server

vsphere.local
vCenter Server
vsphere.local
vmdir replication
Linked
Mode
vsphere.local
vmdir replication vmdir replication
vCenter Server vCenter Server Up to 15

vCenter Servers
vCenter Server High Availability Architecture
vCenter Server
(Witness)
vCenter HA
Network

(Active) replication (Passive)
API / Web client traffic

vCenter Server
(Witness)
vCenter HA
Network

(Active) (Passive)

vCenter Server
(Witness)
vCenter HA
Network

(Active) (Active)

ESXi Cluster Concepts
VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM
VM VM VM VM VM VM
VM VM VM
Pool resources from
VM VM VM VM all hosts together
High availability
Distributed resource
scheduler
vSphere High Availability
Cluster1
VM VM VM VM VM VM
VM VM VM VM VM VM VM VM VM
Primary Secondary Secondary

Cluster1
VM VM VM VM VM VM
VM VM VM VM VM VM VM VM VM

Cluster1
VM VM VM VM
VM VM VM VM VM VM

Cluster1
VM VM VM VM VM VM VM VM
VM VM VM VM VM VM

Enable a collection of ESXi hosts to work
together to provide workload availability
Failures and responses

- Host failure
vSphere High - Host isolation
Availability - VM monitoring
Admission control
Advanced options
vSphere proactive high availability

Distributed Resource Scheduler
Ensures virtual workloads are

Allows automatic placement of
“happy” and have the resources
workloads in a cluster
they are requesting
vSphere Distributed Resource Scheduler
Cluster1
VM VM
VM VM VM
Cluster1
VM VM
VM VM VM
Cluster1
VM VM VM VM VM

they are requesting
Provides control of the

automation level
DRS Automation Modes
Partially
Manual Fully automated
automated

they are requesting
Provides control of the Provides configuration of affinity

automation level and anti-affinity rules
DRS Affinity Rule
Cluster1
VM VM
DRS Affinity Rule
Cluster1
VM VM
DRS Anti-Affinity Rule
Cluster1
VM VM
DRS Anti-Affinity Rule
Cluster1
VM VM
DRS VM-Host Rule
Cluster1
VM
DRS VM-Host Rule
Cluster1
VM
DRS VM-Host rules have “must”
(mandatory) and “should”
(preferential) options.
Distributed power
Predictive DRS Storage DRS
management
DRS received significant improvements in
vSphere 7
It is DRS’s job to ensure all workloads in the

cluster are happy
DRS measures VM happiness by generating a

DRS Virtual VM DRS score per VM, on all cluster hosts
- This is calculated every minute
Machine Score - If another host can provide a better score
for the VM, including considering the
migration cost, DRS will recommend / move
the VM
The DRS score is the goodness of the VM on

its current host, as a percentage
Enhanced vMotion Compatibility
EVC ensures
workloads in a
cluster can be
migrated between
hosts running
different CPU
generations
Cluster1
VM VM VM VM
VM VM
Skylake Skylake
Cluster1
VM VM VM VM
VM VM
Skylake Skylake
Cluster1
VM VM VM VM
VM VM VM
Skylake Skylake Icelake

Cluster1: EVC Mode – Intel Skylake
VM VM VM VM
VM VM
Skylake Skylake Icelake

VM VM VM VM VM
VM VM VM
Skylake Skylake Skylake

VM VM VM VM VM
VM VM VM
Skylake Skylake Skylake

EVC ensures
workloads in a The general
cluster can be recommendation is Per-VM EVC was
migrated between to enable EVC introduced in
hosts running when the cluster is vSphere 6.7
different CPU created
generations
vSphere Lifecycle Manager Overview
Service that runs on

Used to be called Installing, maintaining
vCenter Server,
VMware Update and decommissioning
and uses the
Manager (VUM) software
vCenter database
Can manage
Included in VCSA, and
host firmware, and
no additional
check compatibility
installation is required
against VCG / HCL
vSphere Lifecycle Manager Overview
ESXi hosts and clusters can be managed with images or baselines
vSphere lifecycle manager depot
Can be used to upgrade VM hardware and VMware Tools

Baselines and Images
Baselines Images
Upgrade and patch ESXi hosts Update and upgrade the ESXi version on
all hosts
Install and update third party software on Install and update third party software on
ESXi hosts all hosts
Install a desired ESXi version on hosts
Update firmware on all hosts within a
cluster
Generate recommendations and use a
recommended image
Check compatibility against the VMware
Compatibility Guide, and vSAN Hardware
Compatibility List
If you are using baselines on a
cluster, you can switch to using
images.
If you are using baselines on a
cluster, you can switch to using
images.
If you are using images to

manage a cluster, you cannot
switch back to using baselines.
If vCenter Server has internet access, online
repositories can be used to sync upgrades,
patches, and extensions
Importing Manually import an offline bundle (ZIP)
Content into Update Manager Download Service (UMDS)

- Optional module of Lifecycle Manager
Lifecycle
- Installed on a server that has internet access
Manager - Becomes a shared repository of patch and
upgrade files
- vCenter Server can be configured to get
patch and upgrade files from UMDS
vSphere Lifecycle Manager Operations
Compliance Remediation Staging Remediation

check pre-check
Enables you to set up and maintain a secure
infrastructure
Ensures ESXi hosts are running trusted

software
Restrict encryption key management by

releasing keys only to attested ESXi hosts
vSphere Trust Trust Authority Cluster
Authority - Attestation of other ESXi hosts
- Distribution of encryption keys from the KMS
Trusted Cluster
- Trusted ESXi hosts that are remoted attested
by the Trust Authority Cluster
Requires a Trusted Platform Module (TPM) 2.0
chip in the trusted cluster hosts
vSphere Trust Authority Architecture
ESXi hosts TPM 2.0

running trust attested hosts
authority service (trusted hosts)
Trust Authority Cluster

Workload
VMs
Key Servers
Trusted Cluster
Software Guard Extensions Overview
Intel Software Guard Extensions SGX allows user-level code to

(SGX) offers hardware-based allocate private regions of
memory encryption memory, called enclaves
The enclave contents remain

protected, as code running vSGX enables virtual machines
outside the enclave cannot to use the Intel SGX technology
access the enclave contents
vSGX Requirements and Unsupported Features
Requirements for vSGX Unsupported Features on vSGX

vCenter Server 7 vMotion/DRS migration
ESXi 7 Virtual machine suspend and resume
Intel Coffee Lake CPU Virtual machine snapshots which
or later include memory
VM EFI firmware and hardware version 17 Fault tolerance
Linux, Windows server 2016 (64 bit), Guest integrity
Windows 10 (64 bit)
Up Next:
Understanding vSphere Networking

Understanding Core Vsphere Components and Technologies Slides

Uploaded by

Copyright:

Available Formats

You might also like

Understanding Core Vsphere Components and Technologies Slides

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Understanding Core Vsphere Components and Technologies Slides

Uploaded by

Copyright:

Available Formats

Understanding Core vSphere

Components and Technologies

Supported server platform

At least 2 CPU cores, and 4GB ram

NX/XD bit enabled for the CPU

To support 64-bit VMs, hardware virtualization must

One or more Gigabit or faster ethernet controllers

ESXi vCenter Server

vCenter Server is a preconfigured appliance

Deployed after ESXi

Tiny (10 hosts, 100 VMs) 2 12 GB

Small (100 hosts, 1,000 VMs) 4 19 GB

Medium (400 hosts, 4,000 VMs) 8 28 GB

Large (1,000 hosts, 10,000 VMs) 16 37 GB

X-Large (2,500 hosts, 45,000 VMs) 24 56 GB

General vCenter Server

Deployed as a self-contained appliance

Every vCenter Server joins a Single Sign On

vCenter Server vCenter Server

vCenter Server vCenter Server

vmdir replication vmdir replication

vCenter Server vCenter Server Up to 15

vCenter Server vCenter Server

API / Web client traffic

vCenter Server vCenter Server

API / Web client traffic

vCenter Server vCenter Server

API / Web client traffic

Primary Secondary Secondary

Primary Secondary Secondary

Primary Secondary Secondary

Primary Secondary Secondary

Failures and responses

vSphere proactive high availability

Ensures virtual workloads are

Ensures virtual workloads are

Provides control of the

Ensures virtual workloads are

Provides control of the Provides configuration of affinity

It is DRS’s job to ensure all workloads in the

DRS measures VM happiness by generating a

The DRS score is the goodness of the VM on

Skylake Skylake Icelake

Cluster1: EVC Mode – Intel Skylake

Skylake Skylake Icelake

Cluster1: EVC Mode – Intel Skylake

Skylake Skylake Skylake

Cluster1: EVC Mode – Intel Skylake

Skylake Skylake Skylake

Service that runs on

ESXi hosts and clusters can be managed with images or baselines

vSphere lifecycle manager depot

Can be used to upgrade VM hardware and VMware Tools

If you are using images to

Importing Manually import an offline bundle (ZIP)

Content into Update Manager Download Service (UMDS)

Compliance Remediation Staging Remediation