Your Daily VMware quiz!

Essendon · April 2014

Answers to my questions provided inline. As before, position your mouse at the end of the question, hold down the left-hand button and drag your mouse up/down to reveal the answer.

I'll hold off on answering tomtom1's questions to let everyone else have a go at 'em.

WascallyWabbit83 · April 2014

27 I) Expanding on the answer provided, using something like the following should return the VM name and array of IP addresses for VMs in <<clustername>>:

Get-cluster <<clustername>> | Get-VM | Select Name, @{N="IPAddresses";E={$_.Guest.IPAddress }} | Export-CSV -NoTypeInformation C:\temp\VMs.csv

Of course, this relies on VMware tools running.

28 a) Use the esxcfg-route command in < 5.1, or "esxcli network ip route" in in 5.1+to add the route.

If you're using <5.1 this will need to be added to startup scripts as routes are not persistant across reboots.

28 b) Set das.ignoreRedundantNetWarning to true in HA Advanced Options

Essendon · April 2014

tomtom1 wrote: »

Question 28

a) A static route on your ESXi hosts is necessary to allow traffic flow between the local site and a remote site via an IPSec VPN connection. How would you create the static route (N.B. Setting the default gateway will not suffice).

b) You have a cluster host which shows the following error:

Since you will be adding extra NICs to the hosts next month, the warning can be ignored for now. How would you make this warning temporarily go away?

a). Did not know the exact syntax so had to look it up. But there are slightly different commands depending on the version of ESXi. Check the following link > VMware KB: Configuring static routes for vmkernel ports on an ESXi host

b). Add the following advanced setting to your cluster's HA >

das.ignoreRedundantNetWarning = True

There was an escalated ticket that came in the other day with an admin somewhere in the country complaining his cluster wasnt picking up host isolation incidents. I VPN'd in and it turned out he had unchecked "Enable Host Monitoring, thinking this was what made the "This host has no management network redundancy".... So folks, when should uncheck this? Only when you are performing network maintenance activities which might cause the host to become isolated (though this normally shouldn't happen in a well-architected network).

Essendon · April 2014

Question 29

A company has hired you as their Virtualization Administrator. In your first few days at work, you are asked to build a few Virtual Machines and add new disks to 1 Windows VM called Win7-001. The datastore that this VM (it has several vmdk's attached) currently sits in only has 50GB of free space left, but there's another datastore that has over 1TB of free space. How will you non-disruptively move the vmdk's to this other datastore?

You also discover that there's a datastore that holds various ISO files. You see that some of these files have been sitting in the datastore for about 2 years and they look like they have something to do with Windows XP. You ask around if you can delete these iso's and your manager advises you to get rid of them. Elated, you walk back to your desk at the thought of being able to free up 10GB of space. When you attempt to delete the files, your hopes come crashing down when you get a big red error message telling you that some files are in use. How do you determine which VM's are using these files and how will you ensure you can delete them?

This same company is looking at a command line solution to manage their ESXi infrastructure. Upon speaking to the junior admins you find that they have generally never used Linux and are more comfortable with Windows. Your manager insists they use the vMA to manage the infrastructure, would you recommend that and why?

WascallyWabbit83 · April 2014

Essendon wrote: »

Question 29

A company has hired you as their Virtualization Administrator. In your first few days at work, you are asked to build a few Virtual Machines and add new disks to 1 Windows VM called Win7-001. The datastore that this VM (it has several vmdk's attached) currently sits in only has 50GB of free space left, but there's another datastore that has over 1TB of free space. How will you non-disruptively move the vmdk's to this other datastore?

Storage vMotion either the entire VM to the other datastore, or select the Advanced option in the vMotion wizard to select the new datastore per VMDK.

Essendon wrote: »

You also discover that there's a datastore that holds various ISO files. You see that some of these files have been sitting in the datastore for about 2 years and they look like they have something to do with Windows XP. You ask around if you can delete these iso's and your manager advises you to get rid of them. Elated, you walk back to your desk at the thought of being able to free up 10GB of space. When you attempt to delete the files, your hopes come crashing down when you get a big red error message telling you that some files are in use. How do you determine which VM's are using these files and how will you ensure you can delete them?

For a datastore with few VMs: Select the datastore in Datastores and Clusters view, then go to related VMs. Check each one
Otherwise, use tools like RVTools or PowerCLI to identify files in use. It's quittin' time so might follow this up tomorrow

Essendon wrote: »

This same company is looking at a command line solution to manage their ESXi infrastructure. Upon speaking to the junior admins you find that they have generally never used Linux and are more comfortable with Windows. Your manager insists they use the vMA to manage the infrastructure, would you recommend that and why?

Use PowerCLI. Seriously, it's awesome

And because you can install it on a Windows host, rather than use the Linux-based vMA appliance, which fits better with the requirements (comfort level of users).

jibbajabba · April 2014

Check for ISOs mounted

Get-VM | Get-CDDrive | select @{N="VM";E="Parent"},IsoPath | where {$_.IsoPath -ne $null}

tomtom1 · April 2014

WascallyWabbit83 wrote: »

Use PowerCLI. Seriously, it's awesome And because you can install it on a Windows host, rather than use the Linux-based vMA appliance, which fits better with the requirements (comfort level of users).

Well, actually the requirement is to use the VMA. Also, if you need to run some specific esxcli commands (not everything is in PowerCLI yet) you might need the VMA.

WascallyWabbit83 · April 2014

tomtom1 wrote: »

Well, actually the requirement is to use the VMA. Also, if you need to run some specific esxcli commands (not everything is in PowerCLI yet) you might need the VMA.

Not true, the requirement was a command line management tool. One of the conditions was the vMA, which I would not recommend a as there are tools that fit better. If PowerCLI and Get-ESXCLI don't work for you, you could also install vCLI on Windows...

tomtom1 · April 2014

WascallyWabbit83 wrote: »

Not true, the requirement was a command line management tool. One of the conditions was the vMA, which I would not recommend a as there are tools that fit better. If PowerCLI and Get-ESXCLI don't work for you, you could also install vCLI on Windows...

From the question:
Your manager insists they use the vMA to manage the infrastructure

WascallyWabbit83 · April 2014

You missed the end off that sentence from the question:

Essendon wrote: »

would you recommend that and why?

No, because there are tools that better fit the need of the company. I'd be more likely to keep the techs who will use the tools happy than the non-technical manager with arbitrary requirements.

There's more than one way to answer this question, interesting to see how people approach this

Essendon · April 2014

Yeah I made that question a little ambiguous to encourage reasoning and discussion. It could go either way, vMA or PowerCLI. If this was a question on exam, I'd go with "your manager insists" and get the team to learn using the vMA. But to be fair to VMware, they wouldnt ask a question which could have two equally likely answers.

Essendon · April 2014

Question 30

Your company has built a new proprietary application that is absolutely critical to their revenue targets and they would like to ensure this application is available at all times. The company however is not buying new hosts for this application and are re-purposing 2 servers from another project. They want this application to be available even if the host it is running on fails. You investigate the hardware this application will run on and discover that the two ESXi 5 hosts will have shared storage but one's a HP G7 and the other's a HP G6. Will you be able to make this application available at all times using VMware FT? Make fair assumptions where necessary.

Essendon · April 2014

I reckon a Design question warrants its own space, so here it is

Question 31

You are the Virtualization Consultant hired by a company to lead a DMZ virtualization design. The company, ABC Industries, has a few physical servers that currently sit in the DMZ rack at their primary datacenter:

- TMG box that acts as the proxy. This is an internet facing machine with multiple NIC's, one with an IP address that's able to talk to their Service Provider's DNS server and the other with an IP address on the same subnet as the Domain Controllers.
- Domain Controller, DC1.
- Domain Controller, DC2.
- An extranet Windows machine that their customers can use to access some locally placed documents. This is not joined to the domain.
- A Symantec Brightmail appliance.
- A Windows machine with some kind of backups software, this machine is joined to the domain hosted on the two DC's. It backs up the Domain Controllers, the extranet machine and itself.

Company requirements:

- There must be no communication at any time between the the extranet box, the Brightmail appliance and the Domain Controllers.
- The ESXi design must be able to scale as needed. There will be a need in the near future to add 4 more VM's for the company's new website. Each VM will need 8GB RAM with reservations.
- Separate physical switches be used for your storage network. The management network needs to have its own redundant uplinks.
- The TMG box will need 2 vCPU's and 8GB RAM.
- The DC's will each need 1 vCPU and 4GB RAM.
- The Brightmail and extranet machine will need 1 vCPU and 6GB RAM each.
- The backups machine will need 2 vCPU's and 12GB RAM.

Constraints:

- The company only has enough money to buy a single 2-way, 8 core 3 GHz machine with 96GB RAM. This machine has 6 x 10 GbE ports.
- The TMG box must continue to perform its internet duties. The company depends on this machine for connectivity to the outside world.
- An FC array has already been bought for this project.
- Use vShield Endpoint for their virtual firewall needs. No physical firewalls be used except between the management network and vCenter.
- Use a minimum number of virtual switches (vSS or vDS, you choose).

Assumptions:

- A 2 man team will assist you with the P2V of the physical servers
- There are no expansion slots available in the servers the company is purchasing.
- The current physical servers are close to EOL.
- Enterprise Plus vSphere 5.1 license is available.
- The VM's you will build a few months down the track will need reservations.
- Use VLAN's at your discretion.
- You will build a new vCenter server.

Architect a DMZ Virtualization networking design for them. Make fair assumptions where necessary.

Also talk about the P2V of the domain controllers, if this is a good/bad thing and how you would approach this particular aspect. In addition, would you recommend the company buy a new host as soon as possible and why?

Essendon · April 2014

Bringing the difficulty down a couple of notches

Question 32

There's a vApp that your customer has been complaining about. There are 5 machines and their boot order is critical to the proper operation of this multi-tier application. The customer says that they have put in a delay of 2 minutes between the boot-up of 2nd and 3rd VM's, but the application doesnt start correctly. You check the Settings of the vApp and discover the following:

What can you do to best make sure the application works properly.

Answer

I'd find out how long it takes for the appropriate services to come up in the Group 2 VM(s) and chuck that time (plus a few more seconds) in there. Some services are set to start on a delay, so you got to account for that too.

tomtom1 · April 2014

Allright, my take on question 31. First off, a question. vShield Endpoint is an antivirus and antimalware solution. I think you meant vShield Edge? I need to update it a bit more, but this is a first go.

Assumptions:
-> The fibre channel infrastructure needs to be FCoE, since host HBA's are not possible.
-> The new workload (VM based) will be sized on 1 vCPU. RAM requirements are provided.
-> The physical CPU is ready for virtualization (support of HT, VT).
-> The physical switches are capable of 802.1q VLAN trunking

Risks:
-> Recoverability from host failures cannot be reached with only 1 host in a cluster.
-> A logical separation between the networks (VLAN-based) will be used. This is a less "hard" separation then a physical separation, using dedicated uplinks for the networks.

Capacity planning:
-> CPU current workload: 8 vCPU's
-> CPU new workload: 4 vCPU's
-> RAM current workload: 40 GB
-> RAM new workload: 32 GB

Logical design of the virtual network design:

Based on the current requirements, we have 3 types of traffic:

VM traffic
Mangement traffic
FCoE traffic

Since the requirement states that management traffic needs to be separated from the network with dedicated uplinks, 2 uplinks are reserved for management. 2 uplinks are reserved for production (VM traffic) and two uplinks are reserved for FCoE. vShield Edge will provide the necessary security (firewall based) for the communication that is allowed or prohibited between the virtual machines.

Physical design of the virtual network design:

tomtom1 · April 2014

Essendon wrote: »

Bringing the difficulty down a couple of notches

Question 32

There's a vApp that your customer has been complaining about. There are 5 machines and their boot order is critical to the proper operation of this multi-tier application. The customer says that they have put in a delay of 2 minutes between the boot-up of 2nd and 3rd VM's, but the application doesnt start correctly. You check the Settings of the vApp and discover the following:

What can you do to best make sure the application works properly.

Come on guys, give this one a go!

B-Art · April 2014

Essendon wrote: »

Question 1

You need to upgrade your vSphere infrastructure from v5 to v5.5. You have the following products in this infrastructure:

- 6 ESXi hosts
- vCenter
- VUM
- 77 VM's

In which order would you upgrade the various parts?

Answer:

vCenter
VUM
Then use VUM to perform an orchestrated upgrade of your hosts and then the VM's (VMware tools first, then the VM hardware)

I would disagree on this.
Remember that VMware tools will always be backward compatible!
So upgrading VMware tools within the VM's is a save first step, and takes no extra resources...

tomtom1 · April 2014

How will you upgrade the VMware Tools without upgrading the host? And to upgrade the host, and keep managing it via your vCenter, you need to upgrade the vCenter server first.

First upgrading the Tools would be a logical step, since it (could) provide(s) drivers for the guest OS to use with the new hardware version?

Essendon · April 2014

Back after a much needed 5 day hiatus from virtualization and computing in general! Being away from a computer never felt so good.

@tomtom1 - thanks for pointing out the vShield Edge error. When I was putting this question together, I had another scenario in mind but then changed it a little and left Endpoint in there.

As for the question, this is somewhat alike to the way they want to trip you a little in the DCD. There's a bit of info in there that's not so relevant to the question, you got to be able to weed out the superfluous items and focus on the things that matter.

I'd never P2V a domain controller, instead build a new Windows VM, join it to the domain, promote it to the role of DC and transfer any FSMO roles (if needed). AD is updated between DC's based on sequence numbers and you dont want to throw this update mechanism into disarray.

Essendon · April 2014

Question 33

a). You've asked your junior vAdmin to create a switch and choose the option to "route based on physical NIC load". He is absolutely tearing his hair out at not being able to see this option in the dropdown below:

What's he doing wrong?

Answer: He's not even creating a vDS, this screenshot is that of a vSS. The ability to route based on pNIC load lies with the vDS only. He needs to create a vDS.

b). Your junior vAdmin has uncovered problem in one of his setups. He's seen that vMotion of any VM between two host fails. Check the following screenshot -

He sees that vMotion is enabled on both hosts in the cluster. What should he check next in the host's settings to pinpoint the cause of this problem?

Answer: He should go in and check the IP address of the vmknic

Essendon · April 2014

Question 34

a). You are upgrading your 2 vCenter servers, one's located in DataCenter A and the other in DataCenter B. DataCenter A's vCenter has been upgraded successfully to v5.5, but the hosts still need to be upgraded. DataCenter B's vCenter is still at v5.0. After the upgrade you notice that you cannot see DataCenter B's vCenter anymore when you log in to DataCenter A's vCenter. Why is this happening and how will you fix it?

Answer: This has happened because for Linked Mode to work, your vCenter servers need to be the same version. You can fix this by upgrading the other vCenter to 5.5 too and Linked-mode it to the first.

b). Your customer is quite worried about the security of their FC data, they think since there is no authentication that can be enabled while setting up the hosts for it - hosts not meant to "see" some data will be able to "see" it. What can you tell them to allay their fears?

Answer: A FC array uses what's called "zoning" to ensure the right hosts see a LUN/volume (depending on who the vendor is). Zoning reduces the LUN's/targets presented to a host, prevents other OS's like Windows from accessing the same LUN and resignaturing it. In addition "masking" can be used to ensure the security of data. Masking can be done both at the array and the host levels.

c). Another customer of yours has asked you to setup an iSCSI storage array for a remote site. But there's a slight problem, the hosts have no hardware iSCSI adapters on them. How will you still setup the hosts for iSCSI?

Answer: You can use the software iSCSI adapter instead. Designate NIC's for use with this adapter, it's also recommended to use 1GbE and faster for such a setup. You'll want to dedicate 2 vmnic's for this setup, so ensure there are enough to go around.

Essendon · April 2014

Anyone?

Question for everyone - what kind of questions should I ask here to encourage more participation? More config type ones, maybe some drag and drops, or more shorter questions - you tell me!

P.S. I totally realize there aren't a whole lot of people visiting the vForum, if there was a similar thread in the CCNA forum it would have gone bonkers!

Essendon · April 2014

Question 35

a). Pam has recently joined your team as a junior vSphere administrator. You want her to be able to create new VM's and mount iso's as needed. You dont want her to have any access to a resource pool that houses some critical VM's. What pre-defined role would you assign her user account to ensure the second requirement?

Answer: The predefined role called No Access is a good fit here. Assign her (a security group preferably) this role at the critical VM resource pool and she wont have any access to object in the pool (and on the pool).

b). One of Pam's colleagues, Jane, has full rights to vCenter. She sees there are these VM's in the Recovery VMs pool that look like this:

Seeing she cant power them on, she deletes them. Triumphantly she comes and tells you she's deleted some rogue VM's. What were those VM's and how do you bring 'em back?

Answer: These VM's are called placeholder VM's. SRM creates them so you know where they will be recovered to when you kick off a test or a real run of your Recovery Plans. They are not actual VM's, in fact when you see their size in their placeholder datastore you'll see they are only a few kb in size. They can be recreated by clicking on Restore Placeholder or Restore All link in the Protection Group interface.

smackie1973 · April 2014

Hi guys

First off, great thread. I'm just starting the road to VCP-DCV after completing my MCSA 2008 last year and I have a feeling this will be very useful for learning some good tips as well as finding any glaring holes in my knowledge. Been using vSphere since 3.5 and did the 5.5. Install/Manage/Configure course last week. My work env is currently running 5.0 U3.

Anyway, here goes

Q35
a) the obvious answer would be virtual machine user (or power user) but on checking my env at work i'm not sure members of those roles can create vm's. I'll need to create a temp user and test it.

b) I haven't used it yet, but my first guess would be that these vm's were standby vSphere replicas (or something along that line). If that's correct, i would then assume that the replicas would need to be re-initialized from the source vm's.

tomtom1 · April 2014

smackie1973 wrote: »

Hi guys

b) I haven't used it yet, but my first guess would be that these vm's were standby vSphere replicas (or something along that line). If that's correct, i would then assume that the replicas would need to be re-initialized from the source vm's.

Very close! These are SRM virtual machines. SRM is a VMware product that allows for easy DR (Disaster Recovery). SRM uses either vSphere replicas or storage replication, so without actually knowing the product, you made a pretty good guess!

Essendon · April 2014

Great reply there @smakie1973, check under the questions for their answer. As for the first question, I really should have made it clearer - I was in fact asking for the admin to not be able to do anything in the critical VM resource pool.

Essendon · April 2014

Question 36

Your junior vAdmin is performing some housekeeping on your ESXi clusters and an hour later advises you she's finished her work. A little while later, a HA event happens and sure enough VM's from the failed host are restarted on other hosts in a cluster. One VM is unable to restart, you check the settings of the VM and see the following screenshot:

Why has this happened and how will you bring the VM up? In addition, how will you ensure this (not powering up) doesnt happen again.

Essendon · April 2014

Pre-posting today's question

Question 37

Your vCenter is a VM that manages 10 hosts. You are the on-call person and get woken up at 2am on Saturday morning by the Helpdesk responding to a number of alarms in Solarwinds that say there are problems with the vCenter server. You un-willingly drag yourself out of bed, power up your laptop, VPN to the office and attempt to logon to vCenter using the vSphere Client but get the error message that said it was unable to establish a network connection to vCenter. You are successfully able to RDP to the Windows Server VM that hosts vCenter. You find out that the vCenter Server service is stopped. You try to start the service, but the service doesnt start. You know that vCenter's database is on the same VM as vCenter. You quickly check the disk and realize the disk is full. How will you get vCenter up and running again?

smackie1973 · April 2014

Q36
The host the VM migrated to doesn't have a port group with matching details to what the VM is looking for, therefore it won't be able to start up.
Normally the first option would be to make sure that port group is configured on all hosts in the cluster. However, as the label is called 'Internal' the assumption is that it is only configured on one particular host and may not be needed. If that is the case then it should be removed from the VM.

smackie1973 · April 2014

Q37
There may be various ways around this.
With my SQL DBA hat on, the first thing i would check is log space on the server. If the log has filled up, manually truncate it and then shrink the physical file to free up physical disk space. This will allow vCenter to start. You can then go back to bed and add disk space at a decent hour. Note: I've been here before, although not a 2am thankfully!

The next option is to connect directly to the host that vcenter is running on using the full client (web client won't work!). This may take some time to check each one until you find it (a 'should run' affinity rule will help here). Once found, extend the space on the drive that is full (edit VM settings), then login to the server, extend the drive and then start vcenter.

Your Daily VMware quiz!

Comments