Transcription of Server Configuration Guide - VMware
1 Server Configuration Guide ESX Server and VirtualCenter Server Configuration Guide Server Configuration Guide Revision: 20090814. Item: VI-ENG-Q206-215. You can find the most up-to-date technical documentation on the VMware Web site at: The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: 2007 2009 VMware , Inc. All rights reserved. This product is protected by and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at VMware , the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware , Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
2 VMware , Inc. 3401 Hillview Ave. Palo Alto, CA 94304. 2 VMware , Inc. Contents Preface 11. 1 Introduction 15. Networking 15. Storage 16. Security 16. Appendixes 17. Networking 2 Networking 21. Networking Concepts 22. Concepts Overview 22. Virtual Switches 23. Port Groups 26. Network Services 27. Viewing Networking Information in the VI Client 27. Networking Tasks 29. Virtual Network Configuration for Virtual Machines 29. VMkernel Configuration 33. TCP/IP Stack at the Virtual Machine Monitor Level 34. Implications and Guidelines 34. Service Console Configuration 37. Basic Service Console Configuration Tasks 37. Using DHCP for the Service Console 43. 3 Advanced Networking 45. Advanced Networking Tasks 46. Virtual Switch Configuration 46. Virtual Switch Properties 46. Editing Virtual Switch Properties 46.
3 VMware , Inc. 3. Server Configuration Guide Virtual Switch Policies 53. Layer 2 Security Policy 53. Traffic Shaping Policy 55. Load Balancing and Failover Policy 56. Port Group Configuration 60. DNS and Routing 62. Setting Up MAC Addresses 64. MAC Addresses Generation 65. Setting MAC Addresses 66. Using MAC Addresses 66. Networking Tips and Best Practices 67. Networking Best Practices 67. Mounting NFS Volumes 67. Networking Tips 68. 4 Networking Scenarios and Troubleshooting 69. Networking Configuration for Software iSCSI Storage 70. configuring Networking on Blade Servers 76. Troubleshooting 80. Troubleshooting Service Console Networking 80. Troubleshooting Network Adapter Configuration 82. Troubleshooting Physical Switch Configuration 82. Troubleshooting Port Group Configuration 82. Storage 5 Introduction to Storage 87.
4 Storage Concepts 88. Storage Overview 89. Datastores and File Systems 90. File System Formats 91. Types of Storage 91. Supported Storage Adapters 92. How Virtual Machines Access Storage 92. Viewing Storage Information in the Virtual Infrastructure Client 93. Displaying Datastores 94. Viewing Storage Adapters 95. understanding Storage Device Naming in the Display 96. 4 VMware , Inc. Contents VMware File System 97. VMFS Versions 97. Creating and Growing VMFS 98. Considerations when Creating VMFS 98. VMFS Sharing Capabilities 99. Storing Multiple Virtual Machines on a VMFS Volume 99. Sharing a VMFS Volume Across ESX Servers 100. configuring and Managing Storage 101. 6 configuring Storage 103. Local SCSI Disk Storage 104. Adding Local SCSI Storage 104. Fibre Channel Storage 106. Adding Fibre Channel Storage 108.
5 ISCSI Storage 110. About iSCSI Storage 110. iSCSI Initiators 110. Naming Requirements 112. Discovery Methods 112. iSCSI Security 112. configuring Hardware Initiated iSCSI Storage 113. Installing iSCSI Hardware Initiator 113. Viewing iSCSI Hardware Initiator 113. configuring iSCSI Hardware Initiator 115. Adding Hardware Initiated iSCSI Storage 120. configuring Software Initiated iSCSI Storage 121. Viewing Software iSCSI Initiator 122. configuring iSCSI Software Initiator 124. Adding Software Initiated iSCSI Storage 129. Performing a Rescan 131. Network Attached Storage 132. Shared Storage Capabilities 133. How Virtual Machines Use NFS 133. NFS Volumes and Virtual Machine Delegate Users 134. configuring ESX Server to Access NFS Volumes 135. Creating an NFS Based Datastore 135. VMware , Inc. 5. Server Configuration Guide 7 Managing Storage 137.
6 Managing Datastores and File Systems 138. Adding New Datastores 138. Removing Existing Datastores 139. Editing Existing VMFS based Datastores 139. Upgrading Datastores 139. Changing the Names of Datastores 140. Adding Extents to Datastores 141. Managing Paths for Fibre Channel and iSCSI 143. Viewing the Current Multipathing State 145. Active Paths 146. Setting Multipathing Policies for LUNs 147. Disabling and Enabling Paths 148. Setting the Preferred Path (Fixed Path Policy Only) 149. The vmkfstools Commands 150. 8 Raw Device Mapping 151. About Raw Device Mapping 152. Terminology 153. Benefits of Raw Device Mapping 153. Limitations of Raw Device Mapping 156. Raw Device Mapping Characteristics 156. Virtual Compatibility Mode Versus Physical Compatibility Mode 157. Dynamic Name Resolution 158.
7 Raw Device Mapping with Virtual Machine Clusters 160. Comparing Raw Device Mapping to Other Means of SCSI Device Access 160. Managing Mapped LUNs 161. VMware Virtual Infrastructure Client 161. Mapping a SAN LUN 161. Managing Paths for a Mapped Raw LUN 163. The vmkfstools Utility 164. File System Operations 164. Security 9 Security for ESX Server Systems 167. ESX Server Architecture and Security Features 168. Security and the Virtualization Layer 168. Security and Virtual Machines 168. 6 VMware , Inc. Contents Security and the Service Console 171. Security and the Virtual Networking Layer 173. Security Resources and Information 179. 10 Securing an ESX Server Configuration 181. Securing the Network with Firewalls 181. Firewalls for Configurations with a VirtualCenter Server 182. Firewalls for Configurations Without a VirtualCenter Server 185.
8 TCP and UDP Ports for Management Access 187. Connecting to VirtualCenter Server Through a Firewall 189. Connecting to the Virtual Machine Console Through a Firewall 189. Connecting ESX Server Hosts Through Firewalls 191. Opening Firewall Ports for Supported Services and Management Agents 192. Securing Virtual Machines with vlans 194. Security Considerations for vlans 197. Virtual Switch Protection and vlans 199. Securing Virtual Switch Ports 201. Securing iSCSI Storage 203. Securing iSCSI Devices Through Authentication 204. Protecting an iSCSI SAN 208. 11 Authentication and User Management 211. Securing ESX Server Through Authentication and Permissions 211. About Users, Groups, Permissions, and Roles 213. understanding Users 214. understanding Groups 215. understanding Permissions 215. understanding Roles 217.
9 Working with Users and Groups on ESX Server Hosts 219. Viewing and Exporting Users and Group Information 219. Working with the Users Table 221. Working with the Groups Table 224. Encryption and Security Certificates for ESX Server 227. Adding Certificates and Modifying ESX Server Web Proxy Settings 227. Regenerating Certificates 232. Virtual Machine Delegates for NFS Storage 232. 12 Service Console Security 237. General Security Recommendations 238. VMware , Inc. 7. Server Configuration Guide Logging On to the Service Console 239. Service Console Firewall Configuration 239. Changing the Service Console Security Level 240. Opening and Closing Ports in the Service Console Firewall 242. Password Restrictions 243. Password Aging 244. Password Complexity 245. Changing the Password Plugin 250. Cipher Strength 251.
10 Setuid and setgid Applications 252. Default setuid Applications 252. Default setgid Applications 254. SSH Security 254. Security Patches and Security Vulnerability Scanning Software 256. 13 Security Deployments and Recommendations 259. Security Approaches for Common ESX Server Deployments 259. Single Customer Deployment 259. Multiple Customer Restricted Deployment 261. Multiple Customer Open Deployment 263. Virtual Machine Recommendations 265. Installing Antivirus Software 265. Disabling Copy and Paste Operations Between the Guest Operating System and Remote Console 265. Removing Unnecessary Hardware Devices 266. Preventing the Guest Operating System Processes from Flooding the ESX Server Host 269. Disabling Logging for the Guest Operating System 270. Appendixes A ESX Technical Support Commands 275.
