VCP6.7-DCV Objective 4.4 – Set up ESXi hosts

Hello students and readers. This is our first post covering the new upcoming VCP6.7-DCV Study Guide. It is a work in progress and we're just started. I hope it will help VMware admins to successfully pass their VCP6.7-DCV 2019 certification. This post's title is VCP6.7-DCV Objective 4.4 – Set up ESXi hosts and we'll have a look at how to setup ESXi.

Note that it's impossible to cover all knowledge for this topic in a single blog post. Please use official VMware documentation for this exam. We have published a list of PDFs which are needed at our VCP6.7-DCV Study Guide page.

VMware calls this exam officially “Professional vSphere 6.7 Exam 2019“. The VCP-DCV 2019 certification will be based on 2V0-21.19 exam number and it will have 70 questions with a duration of 115 minutes. The passing score is 300 which is a traditional VMware standard.

If you're new to VMware or with expired VCP (Note: expired VCP 2/3/4 only, because VCP 5 and VCP 6 does not need to sit a class), you will need to sit (or attend VMware Online On-Demand Training) VMware class to fulfill the requirements. You can also use VCP Vouchers to pay for the exam ahead of time and plan the exam cost.

Note: You can also use VMware learning credits or get more knowledge through VMware learning Zone as preparation for the exam. Check also our post What Are VMware Exam Vouchers?

If you are already VCP and your certification has not expired, you can pick either VCP6.7-DCV 2019 or you can pick a “Delta” exam which is shorter (40 questions only).

As usual, we will plan to work on VCP6.7-DCV Study guide and the WordPress page, but at this point in time, we’re still in the early stage of the work. Make sure to check back regularly. -:).

This guide is available as Free PDF!

Free Download at Nakivo – VCP6.7-DCV Study Guide.

VCP6.7-DCV Objective 4.4 – Set up ESXi hosts

ESXi requirements:

You'll need to check VMware compatibility guide and check your hardware if it's compatible with ESXi 6.7. ESXi needs at least:

• Double-core CPU
• 64 bit CPU
• ESXi needs the NX/XD bit to be enabled for the CPU in the BIOS
• Minimum 4Gb of RAM (8 recommended)
• Intel VT-x or AMD RVI if you want to use x64 virtual machines
• At least one 1GBe physical Network interface card (NIC)
• SCSI disk or local, non-network, RAID LUN with unpartitioned space for virtual machine

ESXi supports boot from UEFI (Unified Extensible Firmware Interface).

From ESXi 6.7 VMware supports UEFI also for auto deploy (network booting and provisioning).

Storage requirements: 

ESXi 6.7 needs a boot device which is at least 1Gb in size. If you're booting from USB stick, local disk, SAN or iSCSI LUN, you'll need 2-5 Gb of space due to a VMFS volume and scratch partition (4Gb) on the boot device.

While 1Gb is sufficient, VMware recommends using a 4Gb or larger devices due to coredump partition location. Best is 16Gb high-quality USB sticks.

For USB and SD the ESXi does not create the scratch partition automatically because those devices are IO sensible and can wreck faster than traditional storage. The ESXi installer tries to find a local disk and if a local disk is not found, the scratch partition is placed on the ramdisk.

For configs “Boot from SAN” or Autodeploy, you can allocate a shared LUN for scratch partitions of many ESXi hosts.

You should NOT use local datastore and VMFS partition to run VMs for M2 and non-USB low-end and low-quality flash media. It's because the high I/Os generated by VMs will destroy those devices in no time. It's recommended to delete this local datastore right after the end of the installation.

Required Firewall ports:

Check page 14-15 of the “vSphere ESXi Installation PDF” for required firewall ports. This is the PDF we're working with and which you'll need to read ANYWAY if you want to get all the information about setting up ESXi hosts. This blog post gives you the guidance and the main info but we cannot squeeze everything…

Required free space for System Logging

While hosts deployed with AutoDeploy stores logs on a RAM disk, the configuration may vary for hosts configured to boot from local storage. VMware recommends redirecting logs for hosts deployed with Auto Deploy like this:

• Redirect logs to a remote collector
• Redirect logs to a NAS or NFS datastore

ESXi Password and Account Lockout

You have to use a password with predefined requirements, which can be changed in the advanced option Security.PasswordQualityControl 

Click to enlarge…

• By default, you have to include a mix of characters from four character classes: lowercase letters,
  uppercase letters, numbers, and special characters such as underscore or dash when you create a
  password.
• By default, password length is more than 7 and less than 40.
• Passwords cannot contain a dictionary word or part of a dictionary word.

ESXi account lockout behavior

account locking is supported for access through SSH and through the vSphere Web Services SDK. The Direct Console Interface (DCUI) and the ESXi Shell do not support account
lockout. By default, a maximum of ten failed attempts is allowed before the account is locked. The account is unlocked after two minutes by default.

Configuring Login Behavior – You can configure the login behavior for your ESXi host with the following advanced options:

• Security.AccountLockFailures – Maximum number of failed login attempts before a user's account is locked. Zero disables account locking.
• Security.AccountUnlockTime – Number of seconds that a user is locked out.

Prepare for Installing ESXi

• Get the ISO for installation of ESXi at VMware. You'll need myVMware account.

Several Ways of installing ESXi:

• Interactive ESXi installation (CD/DVD, Bootable USB or PXE booting the installer over the network.
• Scripted ESXi installation (the installation script must be stored in a location that the host can access by HTTP, HTTPS, FTP, NFS, CDROM, or USB. You can PXE boot the ESXi installer or boot it from a CD/DVD or USB drive.)
• Autodeploy ESXi installation – you can provision a lot of hosts by using a single image. You can specify host profiles to apply to the hosts and store the ESXi image a configuration on local disk, remote disk or USB drive. vCenter Server loads the ESXi image directly into the host memory. vSphere Auto Deploy does not store the ESXi state on the host disk. The vSphere Auto Deploy server continues to provision this host every time the host boots.  We have covered Autodeploy in details in our post – VCP6.5-DCV Objective 8.1 – Configure Auto Deploy for ESXi Hosts.

ESXi installer can boot from:

• USB flash drive – (check the steps and procedure of creating USB boot installer on a Linux machine on the “VMware ESXi Installation and Setup – VMware vSphere 6.7” PDF.)
• Boot from CD/DVD drive

TIP: Top 3 Free Tools To Create ESXi 6.7 Installer USB Flash Drive

PXE Booting the ESXi installer – setup a DHCP server which sends the address of the TFTP server and the filename of the Initial boot loader to the ESXi host.

Note:  PXE booting with legacy BIOS firmware is possible only over IPv4. PXE booting with UEFI firmware is possible with either IPv4 or IPv6.

If your TFTP server will run on a Microsoft Windows host, use tftpd32 version 2.11 or later. Linux distros do have a copy of tftp-hpa server.

ESXi Image Builder – You can use vSphere ESXi Image Builder with the vSphere Client or with PowerCLI to create an ESXi installation image with a customized set of ESXi updates and patches. You can also include third-party network or storage drivers that are released between vSphere releases.

You can watch a video from VMware tech marketing here.

Different types of VIBs?

Quote:

VIB – A VIB is an ESXi software package. VMware and its partners package solutions, drivers, CIM providers, and applications that extend the ESXi platform as VIBs. VIBs are available in software depots. You can use VIBs to create and customize ISO images or to upgrade ESXi hosts by installing VIBs asynchronously onto the hosts.

Image Profile – An image profile defines an ESXi image and consists of VIBs. An image profile always includes a base VIB, and might include more VIBs. You examine and define an image profile using the Image Builder PowerCLI.

Software Depot –  A software depot is a collection of VIBs and image profiles. The software depot is a hierarchy of files and folders and can be available through an HTTP URL (online depot) or a ZIP file (offline depot). VMware and VMware partners make depots available. Companies with large VMware installations might create internal depots to provision ESXi hosts with vSphere Auto Deploy, or to export an ISO for ESXi installation.

There are VIBs that needs a reboot (base ESXi patches, drivers or esxcli extensions) and there are ones that don’t. Some examples of VIBs which do not require reboot are:

• CIM providers
• Cisco Nexus
• vShield Plugins
• Lab Manager
• HA agents

A VIB has 3 parts:

• File Archive – the main file. The file which gets deployed to the ESXi host.
• XML descriptor file – has inportant info about requirements for installing the VIB. (dependencies, compatibility, reboot necessary? )
• Signature File – a signature which verifies the level of trust (Integrity, Information about the creator and verifications that has been done).

The different VIBs can be installed in a different way as you see. In addition, there are VIBs that are VMware certified, VMware accepted, Partner supported or community supported

Read more about image builder cmdlets at page 35-42

Required space for System Logging

The default values for log capacity in this infrastructure vary, depending on the amount of storage available and on how you have configured system logging. Hosts that are deployed with Auto Deploy store logs on a RAM disk, which means that the amount of space available for logs is small.

If your host is deployed with Auto Deploy, reconfigure your log storage in one of the following ways:

• Redirect logs over the network to a remote collector.
• Redirect logs to a NAS or NFS store.

By default, ESXi hosts use the default configuration, which stores logs in a scratch directory on the VMFS volume. For these hosts, ESXi 6.7 configures logs to best suit your installation and provides enough space to accommodate log messages.

Make sure that you read the whole PDF vSphere ESXi Installation PDF as we won't be able to squeeze all the information contained on the 214 page PDF here.

More posts from ESX Virtualization:

• VCP6.7-DCV Study Guide Page
• VMware vCSA 6.7 Appliance Backup Setup and Schedule
• Prepare the DHCP Server for vSphere Auto Deploy Provisioning – VMware vSphere 6.5
• How VMware HA Works?
• Free Tools
• VMware Tools Offline VIB for ESXi Host – Bundle Download and Install
• Upgrade Windows Server 2012R2 AD to Server 2016

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)