ESX Configuration Guide
ESX 4.1
vCenter Server 4.1
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000328-04
ESX Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com
Copyright © 2009–2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
2 |
VMware, Inc. |
Contents
Updated Information 7
About This Book 9
1 Introduction to ESX Configuration 11
Networking
2 Introduction to Networking |
15 |
Networking Concepts Overview |
15 |
Network Services 16 |
|
View Networking Information in the vSphere Client 16 |
|
View Network Adapter Information in the vSphere Client 17 |
|
3 Basic Networking with vNetwork Standard Switches 19 |
||
vNetwork Standard Switches |
19 |
|
Port Groups 20 |
|
|
Port Group Configuration for Virtual Machines 20 |
||
VMkernel Networking Configuration |
21 |
|
Service Console Configuration |
23 |
|
vNetwork Standard Switch Properties |
26 |
|
4 Basic Networking with vNetwork Distributed Switches |
29 |
||
vNetwork Distributed Switch Architecture |
30 |
|
|
Configuring a vNetwork Distributed Switch |
30 |
|
|
dvPort Groups |
34 |
|
|
dvPorts 35 |
|
|
|
Private VLANs |
36 |
|
|
Configuring vNetwork Distributed Switch Network Adapters |
38 |
||
Configuring Virtual Machine Networking on a vNetwork Distributed Switch 42 |
|||
Network I/O Control 43 |
|
|
|
5 Advanced Networking |
45 |
|
||
Internet Protocol Version 6 |
45 |
|
||
VLAN Configuration |
46 |
|
|
|
Networking Policies |
46 |
|
|
|
Change the DNS and Routing Configuration |
60 |
|||
MAC Addresses |
61 |
|
|
|
TCP Segmentation Offload and Jumbo Frames |
62 |
|||
NetQueue and Networking Performance 65 |
|
|||
VMDirectPath I/O |
66 |
|
|
|
VMware, Inc. |
3 |
ESX Configuration Guide
6 Networking Best Practices, Scenarios, and Troubleshooting 67 |
|
Networking Best Practices |
67 |
Mounting NFS Volumes |
68 |
Networking Configuration for Software iSCSI and Dependent Hardware iSCSI 68 |
|
Configuring Networking on Blade Servers 72 |
|
Troubleshooting 74 |
|
Storage
7 Introduction to Storage |
79 |
|
|
About ESX Storage 79 |
|
|
|
Types of Physical Storage |
80 |
|
|
Supported Storage Adapters |
81 |
||
Target and Device Representations 81 |
|||
About ESX Datastores |
83 |
|
|
Comparing Types of Storage |
86 |
||
Displaying Storage Adapters |
87 |
||
Viewing Storage Devices |
88 |
|
|
Displaying Datastores |
89 |
|
|
8 Configuring ESX Storage |
91 |
|
Local SCSI Storage 91 |
|
|
Fibre Channel Storage |
92 |
|
iSCSI Storage 92 |
|
|
Datastore Refresh and Storage Rescan Operations 105 |
||
Create VMFS Datastores |
106 |
|
Network Attached Storage |
107 |
|
Creating a Diagnostic Partition 109 |
||
9 Managing Storage |
111 |
|
|
Managing Datastores 111 |
|
|
|
Changing VMFS Datastore Properties |
113 |
||
Managing Duplicate VMFS Datastores |
115 |
||
Using Multipathing with ESX |
117 |
|
|
Storage Hardware Acceleration |
125 |
|
|
Thin Provisioning |
126 |
|
|
Turn off vCenter Server Storage Filters |
129 |
||
10 Raw Device Mapping 131
About Raw Device Mapping 131
Raw Device Mapping Characteristics 134
Managing Mapped LUNs 136
Security
4 |
VMware, Inc. |
Contents
11 |
Security for ESX Systems |
141 |
|
|
|
ESX Architecture and Security Features |
141 |
||
|
Security Resources and Information |
149 |
|
|
12 |
Securing an ESX Configuration |
151 |
|
|
|
Securing the Network with Firewalls |
151 |
||
|
Securing Virtual Machines with VLANs |
160 |
||
|
Securing Virtual Switch Ports 165 |
|
|
|
|
Internet Protocol Security |
167 |
|
|
Securing iSCSI Storage 170
13 Authentication and User Management |
173 |
Securing ESX Through Authentication and Permissions 173 |
|
About Users, Groups, Permissions, and Roles |
174 |
Working with Users and Groups on ESX Hosts 178 |
|
Encryption and Security Certificates for ESX |
183 |
14 Service Console Security |
191 |
|
General Security Recommendations 191 |
||
Log In to the Service Console |
192 |
|
Service Console Firewall Configuration 192 |
||
Password Restrictions |
196 |
|
Cipher Strength 201 |
|
|
setuid and setgid Flags |
202 |
|
SSH Security 204 |
|
|
Security Patches and Security Vulnerability Scanning Software 205
15 Security Best Practices and Scenarios 207
Security Approaches for Common ESX Deployments 207 Virtual Machine Recommendations 211
Host Profiles
16 Managing Host Profiles |
219 |
||
Host Profiles Usage Model |
219 |
||
Access Host Profiles View |
220 |
||
Creating a Host Profile |
220 |
||
Export a Host Profile |
221 |
|
|
Import a Host Profile |
221 |
|
|
Edit a Host Profile |
222 |
|
|
Manage Profiles |
223 |
|
|
Checking Compliance |
226 |
|
|
Appendixes
A ESX Technical Support Commands 231
VMware, Inc. |
5 |
ESX Configuration Guide
B |
Linux Commands Used with ESX 235 |
|
C |
Using vmkfstools |
237 |
|
vmkfstools Command Syntax 237 |
|
|
vmkfstools Options |
238 |
Index 247
6 |
VMware, Inc. |