Adding iSCSI Datastore to my lab

Home-Lab, iSCSI Datastore, VCP6-DCV
So we finish the networking part of the blue print and now we are going to get into the storage part. To be prepared i will need to install iSCSI datastore in addition to the NFS datastore that we already created in previous post .(In this post i am assuming you already have the networking part done , i already configured VMkernel and vDS for storage in my previous posts). I will be using my lab Microsoft 2012R2 to serve as my iSCSI target and will connect all of my three host to it, so lets get started. The plan : Enable Windows 2012R2 iSCSI Target Server Configure Hosts to support iSCSI Add iSCSI software adapter on each ESXi host Configure iSCSI targets on VMware iSCSI software adapter on each ESXi host…
Read More

VCP6-DCV blueprint section 2:Configure and Administer Advanced vSphere 6.x Networking– Objective 2.2

blueprint, Networking, study guide, VCP6-DCV
In this post we will cover the objective from the blue print regrading NIOC, i will also use my Lab to demonstrate The following are the blueprint objective: Knowledge Define NIOC Explain NIOC capabilities Configure NIOC shares/limits based on VM requirements Explain the behavior of a given NIOC setting Determine Network I/O Control requirements Differentiate Network I/O Control capabilities Enable/Disable Network I/O Control Monitor Network I/O Control Define NIOC and  Explain NIOC capabilities: With Network I/O Control version 3 you will be able to reserve bandwidth for system traffic based on the capacity of the physical adapters on a host.Network I/O Control version 3 provisions bandwidth to the network adapters of virtual machines by using constructs of shares, reservation and limit. We can use Network I/O Control on vDS to configure bandwidth allocation for…
Read More

Updating my lab to use vDS only

Home-Lab, Networking, VCP6-DCV
At this point of my learning i will like to remove all vSS and use only vDS. i will like to migrate first my storage network and than i will migrate my management network . The plan:(Per vDS) Create a new  Switch with new DPortGroup Add hosts to the Switch i also make sure to check the configure identical network setting box Manage the physical adapters Manage the VMkerenl adapters: make sure you have dvport available. Make sure you have available uplink on you new vDS. Move the associate management vmnic to the management dvport on your vDS. re-assign the VMkernel adapters and their IP's  to the new dvport group and apply to all hosts.   Here are the screenshots: Creating new vDS Adding all of my three hosts Selecting to manage…
Read More

VCP6-DCV blueprint section 2:Configure and Administer Advanced vSphere 6.x Networking– Objective 2.1 – Part 3

blueprint, Networking, study guide, VCP6-DCV
In this post we will continue implement vDS in for our lab configuration and cover the blueprint objective. Describe vDS Security Polices/Settings: vDS security policies can be applied to the switch in several locations: Apply policy per DPortGroup Apply policy per individual port When you apply policy on a port group you will have the ability to give overwrite access to the ports too. for example if you like allow a specific port to use NetFlow you will need to allow NetFlow option on the DportGroup.   The following are the security polices that you can apply on the DPortGroup and on Individual port Promiscuous Mode Operation – Promiscuous mode eliminates any reception filtering that the virtual machine adapter performs so that the guest operating system receives all traffic observed on the wire. (Mostly…
Read More

VCP6-DCV blueprint section 2:Configure and Administer Advanced vSphere 6.x Networking– Objective 2.1 – Part 2

blueprint, Networking, study guide, VCP6-DCV
In this post we will continue implement vDS in for our lab configuration and cover the blueprint objective. Migrate virtual machines to/from a vSphere Distributed Switch: Now lets move our Linux VM to use the new vDS We will continue where we left off from the previous post , click on the migrate VM networking button Choose the source network to migrate the VM's from Choose the destination network Chooe the VM's (in my case only one VM) Finish and verify   Below are screenshots for the above process Add/Configure/Remove dvPort groups From Networking click on the dVS switch >> manage >> setting >> Topology click on the icon to add / delete To edit the configuration click on the edit Icon   Add/Remove uplink adapters to dvUplink groups To…
Read More

VCP6-DCV blueprint section 2:Configure and Administer Advanced vSphere 6.x Networking– Objective 2.1 – Part 1

blueprint, Networking, study guide, VCP6-DCV
In this post we will cover the objective from the blue print regrading vDS , i will also use my Lab to demonstrate the objective.To cover all the objectives i will need to split this post in to two parts since its going to cover a lot of material. Note : I will NOT follow the order of blueprint objective but i will cover all of them. The following are the blueprint objective: Knowledge Create/Delete a vSphere Distributed Switch Add/Remove ESXi Hosts from a vSphere Distributed Switch Add/Configure/Remove dvPort groups Add/Remove uplink adapters to dvUplink groups Configure vSphere Distributed Switch general and dvPort group settings Create/Configure/Remove virtual adapters Migrate virtual machines to/from a vSphere Distributed Switch Configure LACP on vDS given design parameters Describe vDS Security Polices/Settings Configure dvPort group…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.3

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Knowledge Describe SSO architecture and components Differentiate available authentication methods with VMware vCenter Perform a multi-site SSO installation Configure/Manage Active Directory Authentication Configure/Manage Platform Services Controller (PSC) Configure/Manage VMware Certificate Authority (VMCA) Enable/Disable Single Sign-On (SSO) Users Upgrade a single/multi-site SSO installation Configure SSO policies Add/Edit/Remove SSO identity sources Add an ESXi Host to an AD domain Describe SSO architecture and components vCenter Single Sign-On is an authentication broker and security token exchange infrastructure. Vcenter SSO is part of the Platform Services Controller(PSC) vCenter SSO roles: Allow vSphere components to communicate securely Use combination of STS and SSL for secure traffic and user authentication via AD or LDAP via…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 2

blueprint, study guide, VCP6-DCV
In this post we will continue to follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert   Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications: In this section I think that VMware refers to the networking security , since VM's can communicate via the local network.for this section i looks at the VMware Security document and also the Security of the VMware vSphere Hypervisor white paper which listed in the blueprint tools.   From the whitepaper : "Just as a physical machine can communicate with other machines in a network only through a network adapter, a virtual machine can communicate with other virtual machines running…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 1

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Knowledge Harden virtual machine access Control VMware Tools installation Control VM data access Configure virtual machine security policies Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications Control VM device connections Configure network security policies Harden ESXi Hosts Enable/Configure/Disable services in the ESXi firewall Change default account access Add an ESXi Host to a directory service Apply permissions to ESXi Hosts using Host Profiles Enable Lockdown Mode Control access to hosts (DCUI/Shell/SSH/MOB) Harden vCenter Server Control datastore browser access Create/Manage vCenter Server Security Certificates Control MOB access Change default…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 2

blueprint, study guide, VCP6-DCV
In this post we are going to continue with section 1 Objective 1.1 from the VCP-DCV blue print. Create/Clone/Edit vCenter Server Roles From home click on roles you can create/clone/edit server roles but you cannot modify the Administrator/Read Only/No access and Tagging admin , the reset can be modified    Configure VMware Directory Service see my post regarding adding vCenter to AD : http://vpentathlon.com/joining-vcenter6-to-my-lab-active-directory/ Apply a role to a User/Group and to an object or group of objects nothing new from the previous post about permissions Change permission validation settings That was tricky to find :-) , i looked at the VMware doc and it not pointing to the right place.  vCenter Server periodically validates its user and group lists against the users and groups in the user directory. It then removes users…
Read More