What is ESXi?
ESXi is the virtualization platform on which you can create and run virtual machines. Proper configuration of the ESXi host ensures that virtual machines run in an environment that is reliable, secure, and performance; ESXi is a bare-metal hypervisor that is licensed as a part of vSphere
What are some of the features of ESXi?
1) high security
- host based firewall
- memory hardening
- kernel module integrity
- Trusted Platform Module (TPM 2.0)
- UEFI secure boot
- encrypted core dumps
2) small disk footprint
3) quick boot for faster patching and upgrades
4) installable on hard disks, SAN LUNs, SSD, SATADOM, and diskless hosts
What are ESXi’s installation requirements?
1) supported server platform
2) at least 2 CPU cores
3) at least 8 GB of physical RAM, 12 GB for a production environment
4) one or more Gigabit or faster Ethernet controllers
5) Boot disk of at least 32 GB of persistent storage
What is the Direct Console User Interface (DCUI)?
the Direct Console User Interface (DCUI) is used to configure certain ESXi hosts; the DCUI is a low-level configuration and management interface, accessible through the console of the server, that is used primarily for initial basic configuration
What management network configuration tasks are performed from the DCUI?
You can perform the following management network configuration tasks from the DCUI:
— Configure VLAN settings
— Configure IPv4 addressing
— Configure IPv6 addressing
— Set custom DNS suffixes
— Restart the management network (without rebooting the system)
— Test the management network (using ping and DNS requests)
— Restore the original network configuration (useful if you misconfigure something)
How would an administrator use the DCUI?
Administrators use the DCUI to configure the root access settings:
— Change the root password (complex passwords only)
— Activate or deactivate the lockdown mode:
— Limits the management of the host to vCenter
— Can be configured only for hosts managed by a vCenter instance
The administrative username for the ESXi host is root. The root password must be configured during the ESXi installation process, but can be changed from the DCUI.
What other settings can be configured from the DCUI?
Using the DCUI, you can configure the keyboard layout, activate troubleshooting services, view support information, and view system logs.
Why is time synchronization important in a vSphere network?
time synchornization is important because it allows for accurate performance graphs, accurate time stamps in log messages, and so that VMs have a source to synchronize
Benefits of syncing an ESXi’s host time include:
- performance data can be displayed and interpreted properly
- accurate time stamps appear in log messages, which make audit logs and troubleshooting meaningful
- VMs can synchronize their time with the ESXi host. Time synchronization benefits applications, for example database applications running on VMs
What are methods for synchronizing time in an ESXi host?
- Manual configuration
- NTP, Network Time Protocol, providing millisecond timing accuracy
- PTP, Precision Time Protocol, providing microsecond timing accuracy
You can configure NTP or PTP using VMware Host Client or the vSphere Client.
The NTP and PTP services cannot run simultaneously.
Explain Network Time Protocol (NTP).
NTP is a client-server protocol. An ESXi host can be configured as an NTP client. It can synchronize time with an NTP server on the Internet or your corporate NTP server. NTP client uses UDP over port 123.
Explain Precision Time Protocol (PTP).
PTP provisions hardware-based timestamping for the virtual machines and the hosts within a network. PTP client uses UDP over ports 319 and 320. PTP provides highly accurate time synchronization and allows both software-based and hardware-based timestamping on ESXi hosts:
– For configuring hardware timestamping, select PCI passthrough as the network adapter type.
– For configuring software timestamping, select VMkernel Adapter as the network adapter type.
What are best practices when managing User Accounts on ESXi hosts and vCenter systems?
– Strictly control root access to the ESXi hosts.
– Create strong root account passwords that have at least eight characters. Use special characters, case changes, and numbers. Change passwords periodically.
– Manage the ESXi hosts centrally through vCenter Server by using the vSphere Client.
– Minimize the use of local users on the ESXi hosts:
— Add the ESXi hosts to a domain and add the relevant administrator users to the ESXi Admins domain group. Users in the domain group have root privileges on the ESXi hosts.
On an ESXi host, the root user account is the most powerful user account on the system. The root user can access all files and all commands. Securing this account is the most important step that you can take to secure an ESXi host.
Describe the ESXi host architecture.
- Hypervisor Layer:
– VMkernel: The core component of ESXi, responsible for managing hardware resources and providing virtualization services. It abstracts physical hardware and presents it to virtual machines.
– Device Drivers: VMkernel includes drivers for various hardware components such as network adapters, storage controllers, and other peripherals. - Management Layer:
– Management Console (vSphere Client or HTML5 Client): The interface for administrators to manage and monitor ESXi hosts, virtual machines, and other VMware infrastructure components.
– vCenter Server (optional): For managing multiple ESXi hosts and providing centralized management, vCenter Server integrates with ESXi hosts to provide features like vMotion, High Availability (HA), Distributed Resource Scheduler (DRS), and others. - Virtualization Layer:
– Virtual Machines (VMs): Guest operating systems and applications run within VMs. Each VM has its own virtual hardware, including virtual CPU, memory, storage, and network interfaces.
– Virtual Hardware: The virtualized hardware presented to VMs, including virtual CPUs (vCPUs), virtual memory (vRAM), virtual network adapters, and virtual disks (VMDKs). - Storage:
– Datastores: Storage repositories where VM files, such as virtual disks (VMDKs) and VM configuration files, are stored. ESXi hosts connect to datastores over storage protocols like Fibre Channel, iSCSI, NFS, or local storage.
– Storage Multipathing: ESXi hosts support multiple paths to storage devices for redundancy and load balancing. Multipathing ensures high availability and performance. - Networking:
– Virtual Switches: ESXi hosts have virtual switches that connect VMs to physical networks. Virtual switches handle traffic between VMs, between VMs and the physical network, and between different ESXi hosts.
– Network Adapters: Virtualized network interfaces that connect VMs to virtual switches or physical networks. - Security:
– Security Features: ESXi hosts include features such as firewall, Secure Boot, lockdown mode, and role-based access control (RBAC) to ensure the security of the virtual infrastructure. - Scalability:
– Cluster Support: ESXi hosts can be clustered together to form a vSphere cluster. Clustering enables features like vMotion, DRS, and HA for workload mobility, resource optimization, and high availability.
– Resource Pools: Administrators can group and allocate CPU and memory resources to VMs using resource pools for better resource management. - Monitoring and Management:
– Performance Monitoring: ESXi hosts include monitoring tools to track resource usage, performance metrics, and health status.
– Alarms and Alerts: Administrators can set up alarms and receive alerts for events such as high CPU usage, low disk space, or hardware failures.
This architecture provides a flexible and efficient platform for running virtualized workloads, with features for resource management, scalability, high availability, and security.
What are the key points of Installing and Configuring ESXi hosts?
– The DCUI allows you to configure certain settings for ESXi hosts
– Securing the root user account is very important to secure an ESXi host, as the user is the host’s most powerful user
– NTP provides millisecond timing accuracy and PTP provides microsecond timing accuracy for EXSi hosts
