vSphere 5 has been available for a couple of months now so now is an ideal time to look at upgrading your infrastructure and also to start the upgrade path for the VCP 4s out there to the VCP5. This is by no means a complete study guide, rather an introduction into the various new features and components of vSphere 5 over and above what was already available in vSphere 4. To really understand all the new features of vSphere 5 you need to work with it, so if you don’t have one already, go build a home lab. Any PC will do with VMware workstation as you can run virtual machine versions of ESXi, it is supported by VMware, you may need a RAM upgrade though. An alternative is to build a whitebox server. Ray Heffer has written a good whitebox home lab guide, I suggest checking it out if you are not sure where to start. Also check out the whitebox HCL at vm-help.com for ideas. The site only lists support for vSphere 4 and earlier but most components should work with ESXi 5.
Vsphere 5 Enhancements
There have been a few changes in the requirements for installing and upgrading to vSphere 5. I am working on an upgrade guide which will contain further information on the steps required to perform an upgrade, but for now I will just go over the requirements. If you are eager to get installing then you can check out the vSphere Upgrade Guide.
vCenter Server Requirements
|Processor||Intel or AMD x86 processor with two or more logical cores, each with a speed of at least 2GHz. The Intel Itanium (IA64) processor is not supported. Processor requirements might be higher if the database runs on the same machine.|
|Memory||4GB RAM. RAM requirements may be higher if your database runs on the same machine. VMware VirtualCenter Management WebServices requires 512Mb to 4.4GB of additional memory. The maximum Webservices JVM memory can be specified during the installation depending on the inventory size.|
|Disk storage||4GB. Disk requirements may be higher if the vCenter Server database runs on the same machine.In vCenter Server 5.0, the default size for vCenter Server logs is 450MB, which is larger than in vCenter Server 4.x. Make sure the disk space allotted to the log folder is sufficient for this increase.|
|vCenter supported Databases||Microsoft SQL Server 2008 R2 Express (Up to 2GB free disk space to decompress the installation archive. Approximately 1.5GB of these files are deleted after the installation is complete.)
SQL Server 2005
SQL Server 2008
SQL Server 2008 R2
Oracle 10g R2
|Networking||1Gbit connection highly recommended.|
Update Manager has been optimised for cluster remediation, rather than per host. It includes the ability to schedule a reboot after VMware tools have been installed or after a VM hardware upgrade. Support is also included for Update Manager download service 5.0 (UMDS 5.0) the command line driven update utility.
It also adds a nifty migrate ESX to ESXi function, allowing existing ESX servers to be migrated to ESXi without loosing all existing datastores and virtual machines. IVOBEERENS.NL has a guide explaining the steps involved.
It’s not all good news though as VMware have now removed VM patching functionality. Update manager needs to be installed on a 64-bit OS, like vCenter Server.
vSphere 4.1 represented the last ESX version available. Now it is purely ESXi. ESXi is now a stateless OS, capable of running only in memory, removing the requirements for an existing local storage device. This is only possible when PXE booting using Auto Deploy. (Auto Deploy will be explained in part 3)
|Processor||2Ghz 64 bit Intel or AMD x86 processor with two or more logical cores|
|Disk storage||Dedicated SAN (iSCSI or Fibre) SCSI, SATA or USB disk for storage (Unless using a stateless install)|
|Networking||1 or more 1Gbps NIC|
Advanced licensing is no more, it is now only Standard, Enterprise and Enterprise plus. All license models are based on vRAM usage. (Amount of RAM currently active)
Each license type entitles you to a specific amount of vRAM per license you purchase.
|License Type||Standard||Enterprise||Enterprise Plus|
|Processor Entitlement||Per 1 CPU||Per 1 CPU||Per 1 CPU|
|vRAM (Per License)||32GB||64GB||96GB|
The web client (server) needs to be installed in order to see the reporting of the vRAM pooled pricing in the licensing tab on vCenter.
VMware have introduced some new management tools in vSphere 5. Most notably the vCenter Server Appliance and the Web Client.
vCenter Server Appliance
The new vCenter Server Appliance (vCSA) is based on SUSE linux enterprise server (SLES 11). It supports pretty much all the features available through the standard vCenter Server, which makes you wonder how long it will be until VMware will stop making a Windows OS based vCenter Server. This will of course mean no requirement for a Windows OS license or ‘standard’ vCenter Server install needs to be done, which will make deployment much quicker.
There is an optional embedded database, DB2 Express which supports 5 hosts/50 virtual machines and it also supports external Oracle database which adds support for 300 hosts/3000 virtual machines. It doesn’t support Microsoft SQL however. It also doesn’t support Linked Mode, vCenter Heartbeat, plug-ins or single sign on using Windows session credentials. Also the vCenter Storage Appliance (VSA) isn’t currently compatible with the vCSA.
The vCSA is configured through Web interface and can authenticate with Active Directory, you can also do initial configuration through a text based console, initial configuration such as network and time zone settings.
The vCenter Server Appliance default login is
The vCSA is made available as an OVF template. It is made up of an appliance data disk and an appliance system disk.
Setting it up is very simple just go to vCenter Inventory Service on the console, click test settings and save settings on the vCenter database settings then start the vCenter Services on the vCSA virtual machine.
Further information see Configuring the VMware vCenter Server Appliance on the vSphere 5 Documentation Center
The all new web client is built using Adobe Flex, the web client will be the future interface of vSphere administration, the current vSphere Client which is built with C# will be discontinued. To run it requires Internet Explorer version 7 or 8 or Firefox 3.5 or 3.6 and adobe flash 10 on both the client and server side.
At this moment in time no plug-ins are currently supported, however as this will be the client of the future I am certain that it will be added in a future update.
The web client is required on the vCenter Server in order to be able to view the vRAM pool utilisation report in the regular vSphere Client.
Once installed and configured you can do pretty much everything you can in the standard vSphere Client.
During setup you can create a syslog server, in fact ESXi will alert you to the fact that it hasn’t been configured until you set one.This can be any location and you can use the same location for multiple ESXi hosts. Just make sure it is somewhere off of the virtual infrastructure you are logging!
To ensure protection from would-be hackers ESXi 5 now includes a firewall. Unlike the firewall previously used with ESX, this firewall is not based on iptables.
The new firewall is service-oriented and stateless. Users restrict access to specific services and ESXi maps the appropriate ports. This is configurable through the firewall section of the software settings area of the configuration tab is the vSphere Client.
It is also possible to configure firewall settings and apply those to multiple hosts using host profiles.
The firewall can be configured through the command line using the five main options. Get, set, refresh, load and unload. It is now possible to restrict access from individual IPs or ranges rather than opening ports up to any traffic sources as was the case with previous versions.
New Esxcli Network Firewall commands
get – Returns the status of the firewall
set-defaultaction – Updates default actions
set-enabled – Enables or disables the ESXi firewall
load – Loads the firewall module and rules
refresh – Refresh firewall configuration by reading the rule set files if the firewall module is loaded
unload – Destroy filters and unloads the firewall modules (Use with caution!)
ruleset list – List rule set information
ruleset set-allowedall – Sets the allowed all flag
ruleset set-enabled – Enables or disables the specified rule set
ruleset allowedip list – Lists the allowed IP addresses of the specified rule set
ruleset allowedip add – Allows access to the rule set from the specified IP address or range of IP addresses
ruleset allowedip remove – Removes access to the rule set from the specified IP address or range of IP addresses
A few changes have been made to the port requirements. They required ports are shown in the table below.
|902||Heartbeat, ESXi management and virtual machine console|
|Web Services and HTTPS web services|
|389||LDAP - This can be changed (1024-65535)|
|636||vCenter Linked Mode - This can be changed (1024-65535)|
|60099||Web Service Change Service notification port|
|10443||vCenter Inventory Service (HTTPS)|
|10109||vCenter Inventory Service Management|
|10111||vCenter Inventory Service Linked Mode communications|
The dvswitch now supports Link Layer Discovery Protocol (LLDP), Netflow and Port Mirroring.
LLDP enables VMware admins to see the configuration of physical switches. LLDP is set through the advanced settings of the dvswitch by choosing the options listen, advertise or both.
Netflow helps to monitor the network to gain visibility of VM traffic. It can be used for profiling and billing purposes. It allows intrusion detection, network forensics and compliance. It sends networking data to a third party analyser. A flow is a unidirectional sequence of packets that share the same properties.
Netflow catches two types of flows:
Internal flows – that is traffic on the same host
External flows – traffic on different hosts, i.e. physical to virtual machines.
To configure go to dvSwitch settings and click on the Netflow tab and enter the Netflow collector settings.
Once configured go to dvPortgroup settings>Monitoring>Netflow Status and set to enabled.
Port mirroring also referred to as Switch Port Analyser (SPAN) on Cisco switches send a copy of network packets seen on a switch port to a another switch port, i.e. sending mirrored data to a network monitoring device attached to a different port. Port mirroring overcomes the limitations associated with promiscuous mode. This can be useful for admins who need granular network information to troubleshoot network issues. This works in the same way as it does for the physical switches in the environment.
Network IO Control (NIOC) Enhancements
Network IO Control splits traffic into resource pools which can be prioritised. This was introduced in vSphere 4.1, however vSphere 5 has introduced features such as user-defined resource pools, IP tagging and a bandwidth ‘cop’ for HBR (Host Based Replication) traffic. (See Site Recovery Manager for more info on HBR)
User-defined network resource pools are similar to CPU and memory resource pools in that you can proiritise traffic I/O based on various requirements. These pools are set in the resource allocation tab of the dvSwitch.