VCP 2019 Study Guide Section 4 (No objectives in 3)

Section 4 – Installing, Configuring, and Setting Up a VMware vSphere Solution

Objective 4.1 – Understand basic log output from vSphere products

VMware has come a long way from when I started troubleshooting their products. Their logs have gotten easier to get to, and improved in their quality. What I will do here is give you a quick overview of where to find the logs and how to read them.

ESXi Logs

Where before the easiest option was to open a SSH session to the host and look at the logs, you can easily do that from within the host UI now. If you go to Monitor you can see a list of all the logs available to peruse.


Here in the screenshot, you can see

  1. Monitor menu and the tab for logs
  2. Logs available
  3. Log output

And here is a list of the logs on the ESXi host along with a description for what the log keeps track of.


You can still access these logs through the DCUI or a SSH session as well.

Alright so you got the log now… How do you use it? Here is a sample taken from a VMKernel.log. This was after shutting down a switch port using a Software ISCSI controller to a SAN LUN.

2013-12-05T21:42:47.944Z cpu25:8753)<3>bnx2x 0000:04:00.0: vmnic4: NIC Link is Down

2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: vmhba45:CH:0 T:0 CN:0: iSCSI connection is being marked “OFFLINE” (Event:4)

2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Sess [ISID: 00023d000001 TARGET: iqn.2001-05.com.equallogic:0-8a0906-0f6407f09-1173c8a93ab4f0f6-aim-2tb-1 TPGT: 1 TSIH: 0]

2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Conn [CID: 0 L: 192.168.3.123:61632 R: 192.168.3.3:3260]

2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 248: APD Timer started for ident [naa.6090a098f007640ff6f0b43aa9c87311]

2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 395: Device or filesystem with identifier [naa.6090a098f007640ff6f0b43aa9c87311] has entered the All Paths Down state.

Let’s decipher this a bit more.


  1. This part is the time stamp of the log entry.
  2. This is what is the reporter. In this case it is the bn2x driver
  3. This is what it is reporting on, specifically vmnic4 at the hardware address referenced 0000:04:00:0
  4. This is data about what it saw. Namely the NIC link went down.

Some entries are a bit more difficult to read than others but the structure stays pretty close. You can also use something like Log Insight to help search through the logs and decipher them.

vCenter Server Logs

We have logs we may need to retrieve for vCenter Server as well. Unfortunately, it doesn’t have a browser like the hosts. (Hint Hint VMware) Here is where you can get to them though.


This is accessing the Appliance Config at port 5480.

Once this is done downloading you have a decent size .tar file. You will need to unzip this a couple times. When you finally have a regular directory structure all the logs will be under the /var/log/vmware folder. Here is a list of the files and locations and what they do.

Windows vCenter Server vCenter Server Appliance Description
vmware-vpx\vpxd.log vpxd/vpxd.log The main vCenter Serverlog
vmware-vpx\vpxd-profiler.log vpxd/vpxd-profiler.log Profile metrics for operations performed in vCenter Server
vmware-vpx\vpxd-alert.log vpxd/vpxd-alert.log Non-fatal information logged about the vpxd process
perfcharts\stats.log perfcharts/stats.log VMware Performance Charts
eam\eam.log eam/eam.log VMware ESX Agent Manager
invsvc invsvc VMware Inventory Service
netdump netdumper VMware vSphere ESXi Dump Collector
vapi vapi VMware vAPI Endpoint
vmdird vmdird VMware Directory Service daemon
vmsyslogcollector syslog vSphere Syslog Collector
vmware-sps\sps.log vmware-sps/sps.log VMware vSphere Profile-Driven Storage Service
vpostgres vpostgres vFabric Postgres database service
vsphere-client vsphere-client VMware vSphere Web Client
vws vws VMware System and Hardware Health Manager
workflow workflow VMware vCenter Workflow Manager
SSO SSO VMware Single Sign-On

It would be simpler again to use a program like Log Insight to help you parse through the logs. And you wouldn’t need to download them as they are being streamed to Log Insight. You’ll see output similar to what I mentioned above.

Objective 4.2 – Create and configure vSphere objects

Creating and configuring objects can be done several ways. You can do this through the HTML5 client, or you can do this from the CLI using PowerCLI or use commands at the ESXi SSH prompt. Inside the HTML5 client it is as simple as right clicking on the parent object (such as a cluster) and then selecting Add Host or New Virtual Machine. This is the window you may see when you right click on the parent object:

Configuring an object depends on the object. Configuring a VM is as simple as right clicking on it and Configuring Settings. You can also select the object and then use the center pane to bring up the Configure pane. This may give you different options to configure based on the object. Here is a screenshot of the Configure pane for a ESXi host.

As you can see there are a number of ways to accomplish this task.

Objective. 4.3 – Set up a content library

Setting up a content library is straightforward. To do this:

  1. Click on Menu at the top of your screen and then select Content Libraries
  2. Click on the ‘+’ to add a new Content Library
  3. Specify a Name for the library and any notes. Also if needed change what vCenter Server you will host this off of.
  4. This screen has options for how you want to use it. This can be setup as a Local or you can Subscribe to someone else’s library. If you do create a local library, do you want others to be able to subscribe to it. If publishing, will they need to authenticate.
  5. You need to store the Content Library somewhere. You do that on this screen.
  6. That’s it! Click Finish

Objective 4.4 – Set up ESXi hosts

Pre-requisites was gone over in Section 1, so I imagine if you got to this point you already know those. You can install ESXi several different ways.

  • Interactive Installation – this is you sitting at a console or in front of the server and running the installation. This can be installed from an ISO file, USB stick, CD-ROM, or PXE. The actual installation is fast and straightforward, taking about 15 min or so.
  • Scripted Installation – This is more efficient than the interactive as you can do many more at the same time and you aren’t required to answer prompts. The prompts are filled out automatically by an unattended file. The installation script needs to be stored in a location that the host can access with HTTP, HTTPS, FTP, NFS, CD-ROM, or USB.
  • Auto Deploy Installation – This can provision hundreds of machines at the same time. This can be setup to use a remote disk and can store that setup locally or pull it down every time the machine boots. These options are known as Stateless Caching and stateful installations. With Auto Deploy you create a host profile that allows you to configure the host with specific things like Virtual Standard Switches with a specific name etc. This is great for enterprise because it allows you to keep a standard image and settings.

Once the machine is setup you can further configure it using the configure pane as we saw in Objective 4.2 (screenshot). This allows you to change options such as NTP and more. These settings could be setup if using host profiles.

  1. To add hosts in vCenter Server, you first must have a Datacenter. You create that by right clicking on the vCenter Server and choose New Datacenter

  2. After that is created, you can right click on the Datacenter and Add Host.

  3. Enter the IP or Fully Qualified Domain Name (FQDN). Make sure it can be resolved by DNS

  4. Enter connection details for username and password

  5. You are asked to check the certificate and after approving it, you will be given a summary

  6. Assign a license to it

  7. Assign a lockdown mode if you want to use it


  8. Assign where you want to put the VMs from this host (if there are any on it)

  9. Click Finish and Complete it.

Objective 4.5 – Configure virtual networking

You configure virtual networking different ways, depending on your environment. Configuring VSSs can be done using the ESXi HTML5 client as seen here


Physical NICs are how you access your Physical Network. You create VMKernel ports which are how ESXi accesses the internal switch for management tasks and you have Virtual switches to connect both together. Finally, you have port groups which is a grouping of vNICs or the virtual machine NICs. A better way to show this is with a picture.

  1. These are the VMKernel ports – These are used for management tasks such as vMotion etc.
  2. pNICS or Physical Network cards are on the other side and how you reach the physical network.
  3. VM Network is the name of my Port Group which is how I group all the NICs from the VMs underneath. I group them to easier perform tasks on all of them.
  4. The construct in the middle is my Virtual Switch. This one is a VSS

The picture above can be accessed on the host page under the configure tab. You can also make changes there. A VDS is accessed under the sub category networking by using the menu up top or corresponding icon.


The picture for VDS looks much like the one for VSS but will mention all the different uplinks on each host.


You can make changes there as well. Or by right-clicking on the actual switch on the navigation pane on the left.

Objective 4.6 – Deploy and configure VMware vCenter Server Appliance (VCSA)

This objective is the installation and configuration of vCenter Server Appliance. The installation may vary a tad depending on the type of installation you do. Here is a workflow. I am going to assume you already have at least one ESXi host setup since we covered that a couple of objectives ago. There are two workflows. One for large environments and one for smaller.


The vCenter Server UI install, whether for a vCenter Server or PSC, is a two-stage process. The installer contains files for both GUI and CLI deployments so you only need the one ISO. The first stage is deployment of the OVA file into your environment. The second stage configures and starts all the services of your shiny new appliance. The CLI is slightly different. You run a CLI command against a JSON file you have inputted your configuration parameters in. This in turn creates an OVF Tool command that deploys and configures the appliance in one go.

Once setup, you log into the appliance with the username “root” and whatever password you set while deploying. Single Sign On comes later. Lets see what the install looks like.

  1. For a Microsoft Windows admin station, you will mount the ISO and go to <CD-ROM Drive Letter>\vcsa-ui-installer\win32\installer.exe and double-click.
  2. You are then presented with this screen

  3. We are going to Install so click on that box. The first stage then begins.

  4. Click Next and Accept the End User Agreement. The next screen is where we decide what type of installation we want to perform.

  5. I am going to choose embedded. Notice the External PSC model will soon not be supported.
  6. We now need to choose the ESXi host to install to (or vCenter Server). Generally the port will be 443 unless you have changed your environment.

  7. Accept the Certificate warning
  8. Enter in the name you want to give your vCenter Server that will appear in the VM inventory. Type in a password that you want to use for the vCenter Server.

  9. Decide on Deployment Size and Storage Size. Keep in mind if this vCenter will be doing heavy processing you may want to upsize it. This will give it more vCPUs and memory to use.

  10. Select the datastore you want to install to and if you want to use Thin Disk Mode or Thick. You can also create a vSAN datastore to install to.

  11. Network settings now need to be entered in.

  12. It is now ready to complete stage 1. Let it finish.


  13. Stage 2 begins. You need to decide how to synchronize time and if SSH access will be open.

  14. You then need to create a SSO domain or join an existing one. If you create one, make sure it is not the same name as your Windows Domain as that can cause all sorts of issues. This is also where to set the password for Administrator@SSODomainyoumakeup.something.

  15. Decide if you and your company want to share anonymized data with VMware.

  16. Finish and watch it work.

That’s all there is to the setup. You can configure it when its done through the appliance setup page. This is the normal address for the vCenter Server but put :5480 at the end. For example https://vCenter.vsphere.local:5480

That page will allow you make changes to many of the parameters as you can see here.


There are quite a few setting you can set through the HTML5 UI as well as seen here.

Objective 4.7 – Set up identity sources

You can setup additional identity sources in your VMware environment to allow more granular control of permissions and for better management. You can set them up by going to the Menu at the top and clicking on Administration. Then going to configuration and adding the identity source.

An Active Directory, AD over LDAP, or OpenLDAP identity source can be used. You can use a machine account in Active Directory or a Service Principle Name to authenticate.

Objective 4.8 – Configure an SSO domain

The only real way of configuring SSO that I can find is just users. This is done from within the same place as our identity sources. Instead of configuration menu item, you click on Users and Groups right above that. This allows you to see the Users for your SSO. You then click on the 3 dots in front of the user to change/edit/delete them.

That’s it. Moving on!

VMworld 2018 post-summary

Wow, so there was a ton of activity that happened last week. VMworld 2018 US edition has now passed and was amazing. This particular one was pretty sweet for me as this marked a number of firsts for me. While I’ve been before, this is the first time I’ve played a role other than just visiting sessions and HOL’s. While that was enjoyable and a great learning experience, being able to experience the setup, breakdown and behind the scenes of what goes on for a company’s booth, was completely eye-opening. The sheer amount of work involved was completely exhausting. Not to mention the work continued after hours as well. There were parties, customer dinners, and planning sessions non-stop. I can’t even begin to say how much I enjoyed working with the Rubrik marketing team and also being able to socialize with all the great community that is always there at these events. But what actually went on? I will describe some of the activities I was able to be part of, but also some of the highlights that happened.

Saturday – I arrived mid-morning and was able to get to my hotel, through check-in, and back to the expo around 10:30-11am. This is where some of the work began for our team. I helped setup the servers and environment for the booth that would be used for demos. Other members of our team were already there and working hard before I even got there. The expo floor looks really weird at this point as there is not much put together and just lots of equipment and building blocks lying around. While the construction crew worked on the booth itself, we continued working on the demo environment until about 6ish (with the 2hr time change for me, ended up being a long day having started around 5am CST). We were well taken care of as most nights we had dinners already planned for us.

Sunday – We continued working on finishing the demo environment and worked on setting up the demo stations. The construction on the booth was nearing completion and things were really starting to take shape. As a side note, the team that worked on our booth did really considering I think our booth was one of the best-looking and ambitious ones there – no bias of course . Everything was ready to go when the expo floor opened up at 5pm for the Welcome Reception. The welcome reception went well and I was able to mill around a bit finding friends I haven’t seen for a while. After dinner I pretty much passed out.

Monday – This was another great day, lots of check in’s through the day back at the booth and seeing great friends and getting ready for that night. I had my first ever booth presentation at the Pure booth as well. Been a while since I’ve spoke in front of strangers in this capacity so it was a bit unnerving. In full disclosure, even when I was an Instructor at Dell, I still was a bundle of nerves. Always been a bit of an introvert but constantly working on trying to change that. What made it even more exciting was that I was allowed to raffle a couple of VIP passes to bypass the line getting into our party later that night. The presentation went well and was able to present Rubrik’s tech and how we integrate with Pure to about 50 attendees.

Moving on from there we had the big party that night. Run DMC and The Roots were the main attraction. Even the DJ music leading up to it was good. Everyone had a lot of fun and we ended up with about 1500+ attendees for the party. There were large lines waiting to get in so the employee bands came in handy.

Tuesday – Recovering from the night before was a little difficult but was able to get up and checked on demo machines to make sure everything was running smooth for the demos. Then I went to see more people I haven’t seen in forever. Evening was taken up with team meetings and other fun stuff.

Wednesday – Brought an end to the solutions expo. That meant we could start packing everything up. Which we did. We ended up needing to run over some to the next day, but we were able to get the majority of equipment turned off and organized for packing. Later that night I went to what started as a LAN party but ended up as a Cards Against Humanity. There may have been a few incidents that involved security being called .

Thursday – We finished up and then I was able to grab a flight out at 1.50pm and made it home around 9pm-ish. Ended up inside for the weekend as I caught some sort of flu or cold bug (yay planes and conferences) and still trying to get over it as I’m writing this. Some of the things I enjoyed as far as announcements:

Announcements:

20TH Anniversary for VMware!

Tattoos on Pat G./Sanjay P./Yanbing Li. – Though the permanence of some of them is questioned

vSphere 6.7 Update 1 – This is bringing a bunch of updates most notable Full Featured HTML5 client and vMotion and snapshot capabilities for vGPUs.

vSphere Platinum Edition – This new licensing includes AppDefense

New versions of vRealize Operations (7.0) and Automation (7.5)

Amazon RDS on vSphere – Relational DBs on VMware AWS. This will allow companies to run RDS and not have to worry about the management of it. Management can be done through a single, simple interface. You can also use it to create a hybrid setup between on-site and cloud enabling all sorts of use cases. SQL, Oracle, PostgreSQL, MySQL, and MariaDB will all be supported.

Amazon AWS expansion to Asia Pacific Region and Sydney – This marks that VMware’s presence extends to all major geographies.

Lower price of Entry for VMC on AWS – 3 Host min, license optimization for MS/Oracle apps. There is also a single host SDDC to test with and play around with. (This was intro’d a bit before VMworld.) You can specify host affinity for VMs and number of cores that an application requires.

VSAN on EBS – Scale from 15-35TB per host in increments of 5TB.

Accelerated live migration – VMware HCX now allows you to migrate just about any VM from on-premises to VMC

Project Dimension – Combines VMware Cloud Foundation (in HCI) with a Cloud Control Plane. So far this is looking like something like Azure Dev Stack, where VMware will take care of the hardware and software patching for the SDDC and the customer worries about apps at the customer site.

ESXi on 64-Bit ARM – details are still light.

These are not every single one of the announcements but the ones I most relate to.

My info was sourced from the following places and …. Being there.

https://www.vmware.com/radius/vmworld-2018-innovation/

https://www.cio.co.nz/article/645860/amazon-relational-database-service-on-vmware-launched-at-vmworld/

https://www.forbes.com/sites/patrickmoorhead/2018/09/04/aws-dell-arm-and-edge-announcements-dominate-vmworld-2018/#31ffd25536c4

Pre-Filled Credentials for vSphere 6.5+ Web/HTML5 client

So I can’t take really any credit for this blog post as the original work was all done by William Lam. I have my own homelab and also maintain a few labs at work that are hidden off in their own networks. This little trick comes in real handy. Mainly because I have quite a few environments to log into and it makes it simple when I don’t need to remember which domain they are under. The location of the file has changed under 6.5 and 6.7 so I just figured I would update his original post with the location in the new versions.

The file in question is unpentry.jsp that needs to be modified. In version 6.0 the file is located at  /usr/lib/vmware-sso/vmware-sts/webapps/websso/WEB-INF/views/unpentry.jsp. The new file is located at /usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/views/unpentry.jsp.

When you use vi to open the file on the VCSA (assuming that’s what pretty much everyone is using these days) the area to be modified is the same. The lines should look like the following:

Obviously, the actual login info will match your environment. Once those are modified and saved, you will see the wonderful screen when pulling up your environment:

You may need to click on the fields for the Login button to light up, but hey….no more typing username and passwords in!

Thanks again to William for the info. Now if we could just get a skin creator/ theme engine for the HTML5 client………