Where Are We and What’s Next?

At this point in our lab build we have our ESXi hosts up and connected to some storage but nothing else.  We need a tool to manage all our hosts and provide accss to all the cool features that VMware and Virtualisation is known for such as moving VMs between hosts, advanced networking, HA, load balancing etc.

Within vSphere this is Virtual Center.  Currently available in two formats.  One being an installable that can run on a Windows Server and one being a deployable appliance that is simply pushed out to a host without any other OS requirements.  For this guide we are going to be deploying the appliance version (known as the Virtual Center Server Appliance, VCSA).  This is because it’s now the recomended version to use from VMware and the Windows version is probably going to be phased out sometime in the near future.  The VCSA also doesnt require a Windows licence and the patching that goes with it either.  and finally, for a lab environment, the requirements are a little lower so it’s a better fit.

Virtual Center Server Appliance: It’s More Than One Thing!

One thing to note before we proceed is that the VCSA is actually MORE than one component. but, for the purposes of simplicity I’m refering to the suite as one entity in this beginners guide.  If your curious the VCSA is actually split in two.  The vCenter Management Server (responsible for managing the environment and the ‘thing’ you actually log on to) and the Platform Services Controller [PSC] (which deals with mutiple things like sign on, certificates, licensing etc.)  The PSC can be installed with the VCSA or split out to a seperate box for high load installs.  In this lab we’re goingt o use the embedded PSC.

Before You Start: Sort Out DNS

vSphere in general relies heavily on name resolution to work correctly. Indeed, installing the Virtual Center Server Appliance without having DNS in place first (i.e. using the IP address) can cause issues further down the line such as the inability to change the hostname without the system falling over or other such quirks.

So, before going any further we are going to create a DNS server on your first ESXi host.  In my case I have installed a Windows 2012 R2 Active Directory VM on our first ESXi host and configure a domain and DNS.  I’m not going to cover how to configure Active Directory in this post but before going any further you should ensure that a domain for you lab exists (in this example ‘lab.local’) as well as  forward and reverse DNS lookup zones with entries for your ESXi servers and Virtual Center Server Appliance.  In my case:

Reverse Lookup Zone: Three static entries for ESXi and VCSA and the autocreated entry for the AD server.

Forward Lookup Zone Entries: For the two ESXi servers and the Domain controller.

and  the entry for the VCSA about to be deployed.

If you are starting from scratch and need to create a new VM to install a Windows server / Active Directory to you can follow the steps below.  Otherwise skip to the ‘Deploying the VCSA’ step.

Creating A New VM From Within ESXi

Log on to your first ESXi host via the https://<esxiHost>/ui URL as root and select the Virtual Machines entry on the left.  Now Select Create / Register VM on the right.

This opens a New Virtual Machine Wizard.  Selct Create New Virtual Machine.  Click Next.

Enter a name for your VM and select the Compatibility, Guest OS Family and Guest OS Version.  For Compatibility it is best to select the version that matches you ESXi version.  It is also important to select the right Guest OS family (Windows, Linux etc.) and version as this determines the makeup of key elements of the the virtual hardware of the VM (disk controllers etc).  Selecting incorrect family and /or versions can cause performance issues or, at it’s worst, a failure of the VM to turn on.  Once specified, click Next.

Select your datastore where you would like to store the VM and click Next.

Here you can configure  the VMs resources tot he size you require. CPU, Memory and Disk can all be set here.   For compatibility reasons I would recomend leaving everything as default except for disk space and RAM.  It should be noted that with most VMs, unless they are performing an explicitly parallel workload the rule is ‘1 x vCPU every time’.  WHY is more advanced but, for now. leave it as a 1 CPU VM and click Next.

You’ll be given a summery of the options you specified.  Click Finish and the  wizard will close and the VM will be created.

Notice, back on your main screen, the recent tasks pane at the bottom of the screen will show the progress and, hopefully, success status of the VM creation.  You are now able to start the VM and install an OS to it.

With all of the above in mind and DNS entries set up for you ESXi and to be installed Virtual Center Server Appliance we can deploy the VCSA into our environment and get going.

Deploying The VCSA (Automated)

In vSphere 6 the VCSA can be deployed the traditional way, clicking through wizards etc.  or using a configfile and a simple command line to automate the whole process.  We’re going to be using the automated method for this guide as I firmly believe that Automation is the way forward and the principals followed here carry forward in to the more advanced areas of vSphere and are worth exploring right away.

NOTE: The following is shown using a Windows PC as the client.  This can also be done via a Mac.  It’s just the kick off command that changes.

What You’ll Need

For this section of the guide you’ll need:

• A Windows PC on the same network as the ESXi hosts previously set up.
• Windows Powershell
• The VCSA ISO file (I used VMware-VCSA-all-6.0.0-3634788.iso from VMware site).
• The ability to mount .iso images (Native to Windows 10).

Optionally, if you want to follow the command line driven configuration of datacenters and hosts you will need.

• VMware PowerCLI (installed on your Windows PC)

Step 1: Mount the VCSA ISO and Configure Settings.

Mount your VCSA ISO.  In Windows this is done by Right-Clicking the VCSA .iso file and selecting Mount.

Navigate to <CD Drive>:\vcsa-cli-installer\templates\install and copy the embedded_vCSA_on_ESXi.json file to somewhere simple to access (such as c:\temp)

Open the .json file and edit in the values as you require for your environment.  I’ll explain the requirements for the values after this example (shown).

NOTE: The files here are slightly different between vSphere 6.0 and 6.5.  Both are shown below.

JSON Config For vCenter 6.0

{
    "__version": "1.1",
    "__comments": "Sample template to deploy a vCenter Server with an embedded Platform Services Controller to an ESXi host.",
    "target.vcsa": {
        "appliance": {
            "deployment.network": "VM Network",
            "deployment.option": "small",
            "name": "VCSA6",
            "thin.disk.mode": true
        },
        "esx": {
            "hostname": "192.168.1.10",
            "username": "root",
            "password": "aRandomPassword",
            "datastore": "Datastore1"
        },
        "network": {
            "hostname": "192.168.1.15",
            "dns.servers": [
                "192.168.1.254",
                "192.168.1.20"
            ],
            "gateway": "192.168.1.254",
            "ip": "192.168.1.15",
            "ip.family": "ipv4",
            "mode": "static",
            "prefix": "24"
        },
        "os": {
            "password": "anotherPassword",
            "ssh.enable": true
        },
        "sso": {
            "password": "evenMorePasswords",
            "domain-name": "vsphere.local",
            "site-name": "Home-Lab-SSO"
        }
    }
}

So, what are the values that need filling in?  From the top:

appliance:deployment.network - This is the name of the network created in part 1 of the guide.  If you didn't change anything it's 'VM Network'.

appliance:deployment.option - This dictates the amount of CPU, DISK and RAM allocated to the VCSA based on VMware's t-Shirt sizes.  Small is good for up to 100 hosts and 1000 VMs and is perfect for a lab.  There is a Tiny option but you can hit the VM limit in a lab quite quickly.

appliance:name - The text name that you wan to call the VCSA.

appliance:thin.disk.mode - Either true or false.  vSPhere can, simplistically, allocate all disk space requested to a VM at creation or as it is used (more efficient).  I recomend true in this instance.

esx:hostname - This field is populated with the IP address / hostname of the ESXi server you want to deploy this VCSA to.  NOTE: Use IP if DNS is not set up corretly at this stage but preferably use DNS as this can stop known issues arising later if you want to rename the appliance or do anything that relies on FQDN.

esx:username - The username you want to use to connect to the specified ESXi host.  Usually root.

esx:password - The password for the account specified in the field above. Note this is stored in plain text.

esx:datastore - Then EXACT name of the datastore on the ESXi host to deploy the VCSA on. NOTE: This is case and space sensitive.

network:hostname - This is the hostname this VCSA server. NOTE: vSphere is very, very picky about DNS.  In this example I assume you have deployed a domain controller or have DNS set up WITH an entry for this VCSA server alreaddy created. e.g. labvcas.lab.local pointing to the IP address you want to give this appliance.  If DNS resolution is not ready yet an IP address MUST be used here otherwise the install will fail.  However, this will trigger known issues if you ever want to rename your apliance or change its identity. It is HIGHLY recomended to get DNS sorted at this stage.

network:DNS.servers - This setting requires a list (can be one) of DNS servers for name resolution.  I have set these to be my default gateway (for internet name resolution) and then the IP address of the AD server i intend to build in the lab.

network:gateway - This is the default gateway to the internet in IP format.

network:ip - This is the IP address of this VCSA server you're going to be deploying. 

network:ip.family - specifies wether the above address is in IPv4 or IPv6 format.  Default is IPv4.

network:mode - Choose between static or DHCP.  Static is prefered for predictability.

network:prefix - This field is the subnet mask of the network for the VCSA in slash notation. (i.e. 24 = 255.255.255.0).

os:password - This specifies the root password for the VCSA and is needed for access to the console or SSH access. NOTE: stored in plain text.
os:ssh.enable - A true or false value specifying wether you want to enable SSH access to the VCSA.  AS this is a lab I have enabled it in the example.

sso:password - This sets the default password for the administrator SSO (the in built authentication system) account.

sso:domain-name - The domain name for the SSO component install. NOTE: This cannot be the same as an existing orsoon to be existing Windows domain.  I have used vsphere.local (so the admin account is administrator@vsphere.local). 

sso:sso-name - The name of the SSO site.  NOTE: Spaces not allowed.

Once all of the values have been filled in for your envionment you are ready to deploy the VCSA and automatically configure it with the settings in the JSON  file.

JSON Config for vCenter 6.5

Note that the value you will need to fill in stay the same but the filehas additional sections at the end that are required for the install to sucessfully complete.

{
 "__version": "2.3.0",
 "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
 "new.vcsa": {
 "esxi": {
 "hostname": "esxi01.lab.local",
 "username": "root",
 "password": "Password1!",
 "deployment.network": "VM Network",
 "datastore": "Datastore1"
 },
 "appliance": {
 "thin.disk.mode": true,
 "deployment.option": "small",
 "name": "LABVCSA"
 },
 "network": {
 "ip.family": "ipv4",
 "mode": "static",
 "ip": "192.168.1.15",
 "dns.servers": [
 "192.168.1.20"
 ],
 "prefix": "23",
 "gateway": "192.168.1.254",
 "system.name": "labvcsa.lab.local"
 },
 "os": {
 "password": "Password1!",
 "ssh.enable": true
 },
 "sso": {
 "password": "Password1!",
 "domain-name": "vsphere.local",
 "site-name": "HomeLabSSO"
 }
 },
 "ceip": {
 "description": {
 "__comments": [
 "++++VMware Customer Experience Improvement Program (CEIP)++++",
 "VMware's Customer Experience Improvement Program (CEIP) ",
 "provides VMware with information that enables VMware to ",
 "improve its products and services, to fix problems, ",
 "and to advise you on how best to deploy and use our ",
 "products. As part of CEIP, VMware collects technical ",
 "information about your organization's use of VMware ",
 "products and services on a regular basis in association ",
 "with your organization's VMware license key(s). This ",
 "information does not personally identify any individual. ",
 "",
 "Additional information regarding the data collected ",
 "through CEIP and the purposes for which it is used by ",
 "VMware is set forth in the Trust & Assurance Center at ",
 "http://www.vmware.com/trustvmware/ceip.html . If you ",
 "prefer not to participate in VMware's CEIP for this ",
 "product, you should disable CEIP by setting ",
 "'ceip.enabled': false. You may join or leave VMware's ",
 "CEIP for this product at any time. Please confirm your ",
 "acknowledgement by passing in the parameter ",
 "--acknowledge-ceip in the command line.",
 "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
 ]
 },
 "settings": {
 "ceip.enabled": true
 }
 }
}

Step 2: Deploy the VCSA

Open a PowerShell window and run the vcsa-deploy.exe from the  VCSA ISO with the path to the JSON file appended to the end (as shown).

For vCenter 6.0

<DRIVE>:\vcsa-cli-installer\win32\vcsa-deploy.exe c:\temp\<json-file> --accept-eula

For vCenter 6.5

<Drive>:\vcsa-cli-installer\win32\vcsa-deploy.exe install C:\temp\<json-file> --accept-eula --acknowledge-ceip

There will be a prompt asking you to accept the SSL certificate of the ESXi host you’re deploying to.  Type yes and press Enter.

The isntaller will now deploy the VCSA image, boot the VM and configure based on your settings.  NOTE: Depending on your storage this can take a VERY long time to deploy and an equally long time to configure and boot for the first time (up to 30 mins).

Once the deployment is complete you should be able to open a browser window to the VCSA and log in using the administrator@vsphere.local account.

https://<IP-Address-VCSA>/vsphere-client/

Ignore the security certificate warning and add it to your exceptions list.

Enter your logon credentials as specified in the JSON file earlier. Press Logon.

You have now deployed and logged on to the VCSA.  The main screen (below, known as the vsphere Web Client) should now be visible.  Next up we need to add the ESXi hosts to the VCSA so it can manage and configure them.

Step 3: Create a Datacenter, Cluster and Add ESXi Hosts to VCSA

Going forward I will be showing the processes to set up the basics of vCenter via the GUI as, at this point, it gives a better understanding on how things fit together.  You sgould know that all these steps are possible via the command line (PowerCLI) which is quicker but requires you to know what you want to do.

Now that you are in the VCSA webclient we can start to configure it to manage our environment.  All vSphere administration and configuration is done via the VCSA.  Indeed, once a host is added to the VCSA it will warn you that nothing should be changed if you log on locally to a host.

First order of bnusiness is to create a new Datacenter.  This is a top level logical container for clusters of ESXi hosts.

Right click on the VCSA in the left hand pane and select New Datacenter from the contexrt menu.

Enter a friendly name for this Datacenter and Press Ok.

You’ll now see that the created Datacenter object appears in the left hand pane of the vSphere web client. Again, right-click and select  New Cluster from the context menu.

This brings up a nicly detailed set of options that can be turned on for a cluster.  Give the cluster a sensible name and make sure you turn on DRS and HA.  EVC is optional but nice.

DRS (Dynamic Resource Scheduling) is VMware’s technology for load balancing VMs across all the hosts in the cluster. It can mopve VMs between hosts to allow better usage of available resources.  It’s an awesome feature and should definitly be turned on.  You can leave the defaults for it’s actual configuration and feel safe it wont break anything.

HA (High Availability) monitors VMs to see if they are responsive.  If a host goes down (for example) and HA is turned on the VMs on the downed host will be powered up on the remaining hosts in a crash consistent state.  Not essential for a LAB environment but worth playing with none the less.

EVC (Enhanced vMotion Compatibility) is a nice little feature that allows the movement of VMs across hosts that have CPUs from different generations with different capabilities.  It does this by limiting the CPU feature set used to the lowest common denominator in teh cluster.  Especially handy in Labs if you’re building them up over a period of months an years and might have different hardware.

After Pressing OK you should now have the Datacenter and Cluster Object visible in Virtual Center.

Now we need to add a host to the cluster.  Right click on the Cluster and select Add Host.  This will bring up a wizard to add in a host.  Type the IP (if no DNS is set up) or the Hostname (if DNS is set up) of the first host you want to add and select Next.

NOTE: As always I reomend using the hostname to add your host in as vSphere is sensitive to DNS working correctly for advance functions and adding by hostname implicitly verifies that everything is working correctly

Type the username (root) and the password for this account and click Next.

You may get the standard certificate warning when connecting to a host for the first time.  Click Yes.

A Summary page is displayed. Click Next.

You now should assign a licence.  As this is a lab we’re going to use the trial period evaluation mode licence.  Select it and click Next.

You now have to chose wether to enable Lockdown mode.  Lockdown mode, as it says, prevents users from logging directly in to the host. i.e. all access has to be via vCenter.  As this is a lab and we’re going to want to play around, keep this disabled.  Click Next.

Continue now through the wizard to the end accepting the defaults.  This will put any VMs on the host (just vCSA really) in to the clusters default resource pool (this is fine).  When your done, repeat for the other hosts you have installed ESXi on.  You’ll end up with something like this.

Step 4 – Removing those Errors and Warnings

You’ll probably notice that now the cluster is set up there may be some warnings displayed.  Most probably it’s the ones shown below (if you dont have some or all of these, no matter, skip that part).  At this point it’s usually relating to:

SSH Enabled: We deliberatly did this so no worries there.
No CoreDump Target: We need to fix this.
Syslogs on Non persistent storage: We need to fix this also.

Fixing the “Syslogs on non persistent storage” is possible in one step.  Select the first host in the cluster and click:
For vSphere 6.5: Configure > System >Advanced System Settings.
For vSphere 6.0: Manage tab.  Then select the Settings sub-tab and Advanced System Settings from the left hand list.

Scroll down and select the setting labelled Syslog.global.logDir

Right click this setting and select Edit Option

Change the value to match something like that shown below.  I’ve redirected the logs to Datastore1.  NOTE: when editing this value the “[  ]” MUST be kept and the name inside them is case and space sensitive.  It must match EXACTLY the name of the Datastore. Click Save.  Repeat for the other hosts in the cluster.  I like to target each host to a different Datastore.  If you only have the one Datastore target the logs to a seperate folder to avoid confusion.

Now reboot the vCenter appliance and the error relating to the logging should dissappear.

Fixing the CoreDump Error via Command Line

IConfiguring the Coredump location is done via the ESXi command line.  You’ll need to log on to the ESXi Shell via SSH (use PuTTY (Windows) or iTerm (Mac)) and run the following commands to check, look and set the coredump partition.  SSH should be enabled already on your ESXi hosts sa we ensured not to turn it off in setup.

So, if ESXi is complaining that no coredump partition is set you should be able to run the following command and verify this is the case.

esxcli system coredump partition get

This wil show something similar to that shown below (showing that a partition is configured but not active in this case).  NOTE: it may also show a blank entry for both, this is fine.

If the configured partition is not the device you wanted or is blank you can run the following commands to show the available partitions and then set the system to use the desired one.

esxcli system coredump partition list

this will show a list of the available partitions the system can use.  make a note of the “mpx.vmhbaxx.Cx:Tz:Lx” part of the partition you’ll want to use as it is required in the next step.

We can relate this string back to something more physical by checking the storage adapters section on the host in vCenter.  In this case you can see that vmhba33 maps to the USB Storage Controller (i.e. the USB stick ESXi is instalaled on).

If you need to set a new partition as the target (i.e. Configured was blank).  You can now run the command:

esxcli system coredump partition set --partition="mpx.vmhbaxx.Cx.Tz.Ly"
esxcli system coredump partition set -enable true

This will configure the coredump to the partition of your choice.  You’ll need to reboot ESXi to make the change active.

If the correct partition was configured, but not active, simply set it to active by entering the command below and rebooting ESXi:

esxcli system coredump partition set -enable true

After the reboot you can check everything is correct by running:

esxcli system coredump partition get

Now you can see that the active partition is the same as the configured one and everything is ready to carry on.

Fixing the SSH Is Enabled Error

The final warning we see was about the ESXi Secure Shell (SSH) being active.  As mentioned before we probably want this running in a lab but, if you want to know how to remove it, the steps to disable this are shown below.

Simply select the host with the warning in the left pane of the vCenter webclient and then select the Manage tab.   Now select the Security Profile item in the left bar (you’ll need to scroll down), select services area and click edit button.  Select SSH and Stop the service.

Next Steps

Thats the end of the deployment and basic setup of vCenter and ESXI.  You should now have a working ESXi cluster and vCenter and be able to deploy simple VMs all on a single network and get going.  Next up we will cover the configuration of more advanced networking and authentication within vCenter (using a distributed switch over multiple standard switches, joining the lab to a domain) and how to set up vMotion and other cool features of vSphere.