Saturday 19 June 2021

Limiting the Number of VMware Virtual Machine Snapshots

 Snapshots have their uses; we can use them to repeatably return back to a virtual machines previous state.

When we take a snapshot we capture the virtual machines hard disk, hardware and optionally the memory state.

Within VMware, we create three state files

·         Disk files                          -Delta.VMDK VMFS5 less than 2TB virtual disk

·         Hardware state                 .vmsn

·         Memory State                  .vmem

These snapshots then allow us to revert back to a previous state if something goes wrong, for example a software update fails

However, VMware has some best practices for using Snapshots.

  • Do not use snapshots as backups
  • Do not use a single snapshot for more than 72 hours
  • When using a third-party backup software, ensure that snapshots are deleted after a successful backup.
  • Maximum of 32 snapshots are supported in a chain. However, for a better performance use only 2 to 3 snapshots.

The last point is quite interesting, the more snapshots we take, the slower, potentially the VM will run, but most importantly, the VM will take up a lot of additional disk space, as the snapshot disk file increases in size.

VMware however, have a setting we can add to the VMs .vmx file, we set the maximum number of snapshots for a virtual machine by editing the snapshot.maxSnapshots = n variable of the configuration file. 

Once we are in the vSphere Client, right click and edit your VM settings, select VM options and then select Advanced, then locate Configuaration Parameters, and select EDIT CONFIGURATION

Then select ADD CONFIGURATION PARAMS

Then type for max of 2 snapshots, and click OK

Snapshot.maxSnapshots              2


 

 Now we can only take a maximum of 2 snapshots against this machine.

 


Friday 18 June 2021

Managing User Accounts VMware vSphere: Best Practices

 

One of the recommendations for managing vSphere is to add your ESXi hosts to Active Directory and authentication to the client by using an AD account.

VMware give us some best practices for managing user accounts

On an ESXi host, the root user account is the most powerful user account on the system. The user root can access all files and all commands. Securing this account is the most important step that you can take to secure an ESXi host.

Whenever possible, use the vSphere Client to log in to the vCenter Server system and manage your ESXi hosts. In some unusual circumstances, for example, when the vCenter Server system is down, you use VMware Host Client to connect directly to the ESXi host.


Although you can log in to your ESXi host through the vSphere CLI or through vSphere ESXi Shell, these access methods should be reserved for troubleshooting or configuration that cannot be accomplished by using VMware Host Client.

 
If a host must be managed directly, avoid creating local users on the host. If possible, join the host to a Windows domain and log in with domain credentials instead.

To add an ESXi host to Active Directory, authenticate to your ESXi host via the host client and highlight Manage, select the Security& Users tab, then select Authentication, and then select Join Domain and fill in relevant information for your domain.



 

When we add the ESXi hosts to Active Directory, by default anyone who is a member of the AD group ESX Admins automatically have root privileges on ESXi hosts.

If we split AD and VMware into different IT departments, this could mean that our AD administrators could also manage our ESXi hosts by creating a group called ESX Admins and adding themselves to that group.

However, we can modify this functionality. We achieve this through the advanced configuration on an ESXi host

Login to the vSphere Host Client, once authenticated go to your ESXi host and highlight Manage, select Advanced settings and then search for admins


You’ll be presented with three options and they are:

Config.HostAgent.plugins.hostsvc.esxAdminsGroup       This option specifies the Active Directory group name that is automatically granted Administrator privileges on the ESXi host.

Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd     This option controls whether the group specified by “esxAdminsGroup” is automatically granted administrator permission, values are True or False

Config.HostAgent.plugins.hostsvc.esxAdminsGroupUpdateInterval        This option specifies the interval between checks for whether the group specified by “esxAdminsGroup’ has appeared in Active Directory, value is in minutes.

 


Friday 4 June 2021

The 3 steps to becoming a VCP-DCV 2021

 

The VMware Certified Professional – Data Centre Virtualisation 2021

I won’t lie the last 16 months have been some of the busiest that I’ve known whilst working for QA, and I’m certainly not complaining, I’ve taught 100% virtual courses and this has meant lots of time at home, before lockdown I would spend over 26 weeks away from home per year.

The only downside was that I haven’t been able to sit any exams, just too busy, and I’m working on my work/life balance. I did become a Mental Health First Aider during lockdown and finding you time is also important, that may mean study, just not for me.

Now things are calming down, it’s time to get back on the certification trail and I’m starting with the VMware Certified Professional – Data Centre Virtualisation 2021 exam number VMware vSphere 7.x (2V0-21.20)

Where to Start

There are 3 steps to becoming certified.

1)    Recommended, gain experience with VMware vSphere 7, you will be expected to know how to perform various tasks.

2)    Required, sit on a qualifying VMware course, I’ll mention my three preferred later in this post.

3)    Required, pass the exam, delivered by Pearson Vue testing.

To gain experience can be done in a number of ways.

·         You could play with your work kit, however the rest of the IT department may get a bit upset with this.

·         Build a test lab, I use VMware workstation and create VMs within the product. It works really well.

·         Use VMware Hands on Labs, I also visit this quite a bit, there’s lots of labs covering all aspects of vSphere.

The three courses I would recommend.

·         VMware vSphere: Install, Configure, Manage [V7]

·         VMware vSphere: Fast Track [V7]

·         VMware vSphere: Optimize and Scale [V7] – We don’t run this course that often as it is an advanced course and most people will pick one of the other two, but if you want it, we’ll run it.

 

 

No course can possibly cover all aspects of the product in 5 days, so I’d also recommend looking at the exam guide and if you’re up to it read all the associated documents mentioned, especially the network, storage, security, high availability, and resource management guides.

 

Now the important bit

Pass the exam.

The exam consists of 70 multiple choice questions, and you have 130 minutes, the exam is delivered via Pearson VUE and can be sat either in a Pearson VUE testing centre or can be done as a remotely monitored (proctored) exam from home.

300 is a pass, don’t think of a percentage or how many do I need to get right, that’s not the way it works.

I’ve sat many VMware exams, actually over 20 so far, and if you’ve put the work in, they’re extremely passible, I would recommend, answering all the questions you’re 100% sure of, mark the others, and return back to them, if you run out of time you fail, so try to remove that stress by not sitting for 10 minutes trying to think of an answer.

Finally best wishes for the exam, I never wish good luck, we make our own luck, if you’ve done the work you’ll pass.