Securing virtual machines in a virtualized environment is equally important as securing physical servers. In this post we will learn a few techniques for hardening a virtual machine security. Although its not possible to cover everything in a single post. 

1: Remove Unnecessary Hardware Devices

If you have work inside a datacenter, you might have noticed none of the physical servers are equipped with CD RM/Floppy drive. This is done intentionally so that no one can use these removeable devices to perfor actions for which they are not authorized to.

Virtual machines are no different than physical servers and its equally important to make sure external devices are attached to a VM when its actually needed and as soon as work is completed, make sure to dismount/remove any Floppy drives or CD-ROM drives.

Force a VM to boot into Bios and disable any Serial ports, Parallel ports or Floppy disk controller.  … Read More

Objective 4.3 of VCAP6-Deploy exam covers following topics:

• Analyze and resolve DRS/HA faults
• Troubleshoot DRS/HA configuration issues
• Troubleshoot Virtual SAN/HA interoperability
• Resolve vMotion and storage vMotion issues
• Troubleshoot VMware Fault Tolerance

We will discuss each topic one by one.

                                             Analyze and resolve DRS/HA faults

DRS faults can be viewed from Web Client by selecting Cluster > Monitor > vSphere DRS > Faults

HA issues can be viewed from Web Client by selecting Cluster > Monitor > vSphere HA > Configuration issue

Also if you look into issues tab, it will tell you HA and DRS issues collelctively. 

Common DRS Faults are :

• Virtual Machine is Pinned: When DRS can’t move a VM because DRS is disabled on the VM.
• Virtual Machine Not Compatible with ANY Host: Fault occurs when DRS can’t find a host that can run the VM. This might mean that there are not enough physical compute resources or disk available to satisfy the VM’s requirements.

Objective 6.2 of VCAP6-Deploy exam covers following topics:

• Adjust Virtual Machine properties according to a deployment plan:
  • Network configurations
  • CPU configurations
  • Storage configurations
• Troubleshoot Virtual Machine performance issues based on application workload
• Modify Transparent Page Sharing and large memory page settings
• Optimize a Virtual Machine for latency sensitive workloads
• Configure Flash Read Cache reservations

We will discuss these topics one by one

                             Adjust Virtual Machine properties according to a deployment plan

This topic could mean a lot of things. A lot of  information on this topic can be found in vSphere 6 Resource Management Guide. We will start with networking topic.

Networking Configurations

Esxi networking features provide communication between virtual machines on the same host, between virtual machines on different hosts, and between other virtual and physical machines. Virtual machines are equipped with vNIC’s and the type of vNIC is dependent on guest os chosen at the time of VM creation.… Read More

Objective 6.1 of VCAP6-Deploy exam covers following topics:

• Configure esxtop / resxtop custom profiles
• Evaluate use cases for and apply esxtop / resxtop Interactive, Batch and Replay modes
• Use esxtop / resxtop to collect performance data
• Given esxtop / resxtop output, identify relative performance data for capacity planning purposes

Before starting discussing on these topics, I want to cover a few basics of vSphere Management Assistant (vMA) as we will be using it for performing few tasks listed in this objective.

What is vSphere Management Assistant (vMA)?

The vSphere Management Assistant (vMA) is a virtual machine that includes prepackaged software such as a Linux distribution, the vSphere command‐line interface, and the vSphere SDK for Perl. Basically it is the missing service console for ESXi. But it’s more than that too.

This allows administrators to run scripts or agents that interact with ESX/ESXi and vCenter Server systems without having to explicitly authenticate each time.… Read More