Your Daily VMware quiz!
Comments
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Answers to my questions provided inline. As before, position your mouse at the end of the question, hold down the left-hand button and drag your mouse up/down to reveal the answer.
I'll hold off on answering tomtom1's questions to let everyone else have a go at 'em. -
WascallyWabbit83 Registered Users Posts: 4 ■□□□□□□□□□27 I) Expanding on the answer provided, using something like the following should return the VM name and array of IP addresses for VMs in <<clustername>>:
Get-cluster <<clustername>> | Get-VM | Select Name, @{N="IPAddresses";E={$_.Guest.IPAddress }} | Export-CSV -NoTypeInformation C:\temp\VMs.csv
Of course, this relies on VMware tools running.
28 a) Use the esxcfg-route command in < 5.1, or "esxcli network ip route" in in 5.1+to add the route.
If you're using <5.1 this will need to be added to startup scripts as routes are not persistant across reboots.
28 b) Set das.ignoreRedundantNetWarning to true in HA Advanced Options -
Essendon Member Posts: 4,546 ■■■■■■■■■■
Question 28
a) A static route on your ESXi hosts is necessary to allow traffic flow between the local site and a remote site via an IPSec VPN connection. How would you create the static route (N.B. Setting the default gateway will not suffice).
b) You have a cluster host which shows the following error:
Since you will be adding extra NICs to the hosts next month, the warning can be ignored for now. How would you make this warning temporarily go away?
a). Did not know the exact syntax so had to look it up. But there are slightly different commands depending on the version of ESXi. Check the following link > VMware KB: Configuring static routes for vmkernel ports on an ESXi host
b). Add the following advanced setting to your cluster's HA >
das.ignoreRedundantNetWarning = True
There was an escalated ticket that came in the other day with an admin somewhere in the country complaining his cluster wasnt picking up host isolation incidents. I VPN'd in and it turned out he had unchecked "Enable Host Monitoring, thinking this was what made the "This host has no management network redundancy".... So folks, when should uncheck this? Only when you are performing network maintenance activities which might cause the host to become isolated (though this normally shouldn't happen in a well-architected network). -
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 29
A company has hired you as their Virtualization Administrator. In your first few days at work, you are asked to build a few Virtual Machines and add new disks to 1 Windows VM called Win7-001. The datastore that this VM (it has several vmdk's attached) currently sits in only has 50GB of free space left, but there's another datastore that has over 1TB of free space. How will you non-disruptively move the vmdk's to this other datastore?
You also discover that there's a datastore that holds various ISO files. You see that some of these files have been sitting in the datastore for about 2 years and they look like they have something to do with Windows XP. You ask around if you can delete these iso's and your manager advises you to get rid of them. Elated, you walk back to your desk at the thought of being able to free up 10GB of space. When you attempt to delete the files, your hopes come crashing down when you get a big red error message telling you that some files are in use. How do you determine which VM's are using these files and how will you ensure you can delete them?
This same company is looking at a command line solution to manage their ESXi infrastructure. Upon speaking to the junior admins you find that they have generally never used Linux and are more comfortable with Windows. Your manager insists they use the vMA to manage the infrastructure, would you recommend that and why? -
WascallyWabbit83 Registered Users Posts: 4 ■□□□□□□□□□Question 29
A company has hired you as their Virtualization Administrator. In your first few days at work, you are asked to build a few Virtual Machines and add new disks to 1 Windows VM called Win7-001. The datastore that this VM (it has several vmdk's attached) currently sits in only has 50GB of free space left, but there's another datastore that has over 1TB of free space. How will you non-disruptively move the vmdk's to this other datastore?You also discover that there's a datastore that holds various ISO files. You see that some of these files have been sitting in the datastore for about 2 years and they look like they have something to do with Windows XP. You ask around if you can delete these iso's and your manager advises you to get rid of them. Elated, you walk back to your desk at the thought of being able to free up 10GB of space. When you attempt to delete the files, your hopes come crashing down when you get a big red error message telling you that some files are in use. How do you determine which VM's are using these files and how will you ensure you can delete them?
Otherwise, use tools like RVTools or PowerCLI to identify files in use. It's quittin' time so might follow this up tomorrow
This same company is looking at a command line solution to manage their ESXi infrastructure. Upon speaking to the junior admins you find that they have generally never used Linux and are more comfortable with Windows. Your manager insists they use the vMA to manage the infrastructure, would you recommend that and why? -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Check for ISOs mounted
Get-VM | Get-CDDrive | select @{N="VM";E="Parent"},IsoPath | where {$_.IsoPath -ne $null}
My own knowledge base made public: http://open902.com -
tomtom1 Member Posts: 375WascallyWabbit83 wrote: »Use PowerCLI. Seriously, it's awesome And because you can install it on a Windows host, rather than use the Linux-based vMA appliance, which fits better with the requirements (comfort level of users).
Well, actually the requirement is to use the VMA. Also, if you need to run some specific esxcli commands (not everything is in PowerCLI yet) you might need the VMA. -
WascallyWabbit83 Registered Users Posts: 4 ■□□□□□□□□□Well, actually the requirement is to use the VMA. Also, if you need to run some specific esxcli commands (not everything is in PowerCLI yet) you might need the VMA.
-
tomtom1 Member Posts: 375WascallyWabbit83 wrote: »Not true, the requirement was a command line management tool. One of the conditions was the vMA, which I would not recommend a as there are tools that fit better. If PowerCLI and Get-ESXCLI don't work for you, you could also install vCLI on Windows...
From the question:
Your manager insists they use the vMA to manage the infrastructure -
WascallyWabbit83 Registered Users Posts: 4 ■□□□□□□□□□You missed the end off that sentence from the question:would you recommend that and why?
There's more than one way to answer this question, interesting to see how people approach this -
Essendon Member Posts: 4,546 ■■■■■■■■■■Yeah I made that question a little ambiguous to encourage reasoning and discussion. It could go either way, vMA or PowerCLI. If this was a question on exam, I'd go with "your manager insists" and get the team to learn using the vMA. But to be fair to VMware, they wouldnt ask a question which could have two equally likely answers.
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 30
Your company has built a new proprietary application that is absolutely critical to their revenue targets and they would like to ensure this application is available at all times. The company however is not buying new hosts for this application and are re-purposing 2 servers from another project. They want this application to be available even if the host it is running on fails. You investigate the hardware this application will run on and discover that the two ESXi 5 hosts will have shared storage but one's a HP G7 and the other's a HP G6. Will you be able to make this application available at all times using VMware FT? Make fair assumptions where necessary. -
Essendon Member Posts: 4,546 ■■■■■■■■■■I reckon a Design question warrants its own space, so here it is
Question 31
You are the Virtualization Consultant hired by a company to lead a DMZ virtualization design. The company, ABC Industries, has a few physical servers that currently sit in the DMZ rack at their primary datacenter:
- TMG box that acts as the proxy. This is an internet facing machine with multiple NIC's, one with an IP address that's able to talk to their Service Provider's DNS server and the other with an IP address on the same subnet as the Domain Controllers.
- Domain Controller, DC1.
- Domain Controller, DC2.
- An extranet Windows machine that their customers can use to access some locally placed documents. This is not joined to the domain.
- A Symantec Brightmail appliance.
- A Windows machine with some kind of backups software, this machine is joined to the domain hosted on the two DC's. It backs up the Domain Controllers, the extranet machine and itself.
Company requirements:
- There must be no communication at any time between the the extranet box, the Brightmail appliance and the Domain Controllers.
- The ESXi design must be able to scale as needed. There will be a need in the near future to add 4 more VM's for the company's new website. Each VM will need 8GB RAM with reservations.
- Separate physical switches be used for your storage network. The management network needs to have its own redundant uplinks.
- The TMG box will need 2 vCPU's and 8GB RAM.
- The DC's will each need 1 vCPU and 4GB RAM.
- The Brightmail and extranet machine will need 1 vCPU and 6GB RAM each.
- The backups machine will need 2 vCPU's and 12GB RAM.
Constraints:
- The company only has enough money to buy a single 2-way, 8 core 3 GHz machine with 96GB RAM. This machine has 6 x 10 GbE ports.
- The TMG box must continue to perform its internet duties. The company depends on this machine for connectivity to the outside world.
- An FC array has already been bought for this project.
- Use vShield Endpoint for their virtual firewall needs. No physical firewalls be used except between the management network and vCenter.
- Use a minimum number of virtual switches (vSS or vDS, you choose).
Assumptions:
- A 2 man team will assist you with the P2V of the physical servers
- There are no expansion slots available in the servers the company is purchasing.
- The current physical servers are close to EOL.
- Enterprise Plus vSphere 5.1 license is available.
- The VM's you will build a few months down the track will need reservations.
- Use VLAN's at your discretion.
- You will build a new vCenter server.
Architect a DMZ Virtualization networking design for them. Make fair assumptions where necessary.
Also talk about the P2V of the domain controllers, if this is a good/bad thing and how you would approach this particular aspect. In addition, would you recommend the company buy a new host as soon as possible and why?
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Bringing the difficulty down a couple of notches
Question 32
There's a vApp that your customer has been complaining about. There are 5 machines and their boot order is critical to the proper operation of this multi-tier application. The customer says that they have put in a delay of 2 minutes between the boot-up of 2nd and 3rd VM's, but the application doesnt start correctly. You check the Settings of the vApp and discover the following:
What can you do to best make sure the application works properly.
Answer
I'd find out how long it takes for the appropriate services to come up in the Group 2 VM(s) and chuck that time (plus a few more seconds) in there. Some services are set to start on a delay, so you got to account for that too. -
tomtom1 Member Posts: 375Allright, my take on question 31. First off, a question. vShield Endpoint is an antivirus and antimalware solution. I think you meant vShield Edge? I need to update it a bit more, but this is a first go.
Assumptions:
-> The fibre channel infrastructure needs to be FCoE, since host HBA's are not possible.
-> The new workload (VM based) will be sized on 1 vCPU. RAM requirements are provided.
-> The physical CPU is ready for virtualization (support of HT, VT).
-> The physical switches are capable of 802.1q VLAN trunking
Risks:
-> Recoverability from host failures cannot be reached with only 1 host in a cluster.
-> A logical separation between the networks (VLAN-based) will be used. This is a less "hard" separation then a physical separation, using dedicated uplinks for the networks.
Capacity planning:
-> CPU current workload: 8 vCPU's
-> CPU new workload: 4 vCPU's
-> RAM current workload: 40 GB
-> RAM new workload: 32 GB
Logical design of the virtual network design:
Based on the current requirements, we have 3 types of traffic:- VM traffic
- Mangement traffic
- FCoE traffic
Physical design of the virtual network design:
-
tomtom1 Member Posts: 375Bringing the difficulty down a couple of notches
Question 32
There's a vApp that your customer has been complaining about. There are 5 machines and their boot order is critical to the proper operation of this multi-tier application. The customer says that they have put in a delay of 2 minutes between the boot-up of 2nd and 3rd VM's, but the application doesnt start correctly. You check the Settings of the vApp and discover the following:
What can you do to best make sure the application works properly.
Come on guys, give this one a go! -
B-Art Registered Users Posts: 1 ■□□□□□□□□□Question 1
You need to upgrade your vSphere infrastructure from v5 to v5.5. You have the following products in this infrastructure:
- 6 ESXi hosts
- vCenter
- VUM
- 77 VM's
In which order would you upgrade the various parts?
Answer:
vCenter
VUM
Then use VUM to perform an orchestrated upgrade of your hosts and then the VM's (VMware tools first, then the VM hardware)
I would disagree on this.
Remember that VMware tools will always be backward compatible!
So upgrading VMware tools within the VM's is a save first step, and takes no extra resources... -
tomtom1 Member Posts: 375How will you upgrade the VMware Tools without upgrading the host? And to upgrade the host, and keep managing it via your vCenter, you need to upgrade the vCenter server first.
First upgrading the Tools would be a logical step, since it (could) provide(s) drivers for the guest OS to use with the new hardware version? -
Essendon Member Posts: 4,546 ■■■■■■■■■■Back after a much needed 5 day hiatus from virtualization and computing in general! Being away from a computer never felt so good.
@tomtom1 - thanks for pointing out the vShield Edge error. When I was putting this question together, I had another scenario in mind but then changed it a little and left Endpoint in there.
As for the question, this is somewhat alike to the way they want to trip you a little in the DCD. There's a bit of info in there that's not so relevant to the question, you got to be able to weed out the superfluous items and focus on the things that matter.
I'd never P2V a domain controller, instead build a new Windows VM, join it to the domain, promote it to the role of DC and transfer any FSMO roles (if needed). AD is updated between DC's based on sequence numbers and you dont want to throw this update mechanism into disarray. -
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 33
a). You've asked your junior vAdmin to create a switch and choose the option to "route based on physical NIC load". He is absolutely tearing his hair out at not being able to see this option in the dropdown below:
What's he doing wrong?
Answer: He's not even creating a vDS, this screenshot is that of a vSS. The ability to route based on pNIC load lies with the vDS only. He needs to create a vDS.
b). Your junior vAdmin has uncovered problem in one of his setups. He's seen that vMotion of any VM between two host fails. Check the following screenshot -
He sees that vMotion is enabled on both hosts in the cluster. What should he check next in the host's settings to pinpoint the cause of this problem?
Answer: He should go in and check the IP address of the vmknic
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 34
a). You are upgrading your 2 vCenter servers, one's located in DataCenter A and the other in DataCenter B. DataCenter A's vCenter has been upgraded successfully to v5.5, but the hosts still need to be upgraded. DataCenter B's vCenter is still at v5.0. After the upgrade you notice that you cannot see DataCenter B's vCenter anymore when you log in to DataCenter A's vCenter. Why is this happening and how will you fix it?
Answer: This has happened because for Linked Mode to work, your vCenter servers need to be the same version. You can fix this by upgrading the other vCenter to 5.5 too and Linked-mode it to the first.
b). Your customer is quite worried about the security of their FC data, they think since there is no authentication that can be enabled while setting up the hosts for it - hosts not meant to "see" some data will be able to "see" it. What can you tell them to allay their fears?
Answer: A FC array uses what's called "zoning" to ensure the right hosts see a LUN/volume (depending on who the vendor is). Zoning reduces the LUN's/targets presented to a host, prevents other OS's like Windows from accessing the same LUN and resignaturing it. In addition "masking" can be used to ensure the security of data. Masking can be done both at the array and the host levels.
c). Another customer of yours has asked you to setup an iSCSI storage array for a remote site. But there's a slight problem, the hosts have no hardware iSCSI adapters on them. How will you still setup the hosts for iSCSI?
Answer: You can use the software iSCSI adapter instead. Designate NIC's for use with this adapter, it's also recommended to use 1GbE and faster for such a setup. You'll want to dedicate 2 vmnic's for this setup, so ensure there are enough to go around. -
Essendon Member Posts: 4,546 ■■■■■■■■■■Anyone?
Question for everyone - what kind of questions should I ask here to encourage more participation? More config type ones, maybe some drag and drops, or more shorter questions - you tell me!
P.S. I totally realize there aren't a whole lot of people visiting the vForum, if there was a similar thread in the CCNA forum it would have gone bonkers! -
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 35
a). Pam has recently joined your team as a junior vSphere administrator. You want her to be able to create new VM's and mount iso's as needed. You dont want her to have any access to a resource pool that houses some critical VM's. What pre-defined role would you assign her user account to ensure the second requirement?
Answer: The predefined role called No Access is a good fit here. Assign her (a security group preferably) this role at the critical VM resource pool and she wont have any access to object in the pool (and on the pool).
b). One of Pam's colleagues, Jane, has full rights to vCenter. She sees there are these VM's in the Recovery VMs pool that look like this:
Seeing she cant power them on, she deletes them. Triumphantly she comes and tells you she's deleted some rogue VM's. What were those VM's and how do you bring 'em back?
Answer: These VM's are called placeholder VM's. SRM creates them so you know where they will be recovered to when you kick off a test or a real run of your Recovery Plans. They are not actual VM's, in fact when you see their size in their placeholder datastore you'll see they are only a few kb in size. They can be recreated by clicking on Restore Placeholder or Restore All link in the Protection Group interface.
-
smackie1973 Member Posts: 13 ■■□□□□□□□□Hi guys
First off, great thread. I'm just starting the road to VCP-DCV after completing my MCSA 2008 last year and I have a feeling this will be very useful for learning some good tips as well as finding any glaring holes in my knowledge. Been using vSphere since 3.5 and did the 5.5. Install/Manage/Configure course last week. My work env is currently running 5.0 U3.
Anyway, here goes
Q35
a) the obvious answer would be virtual machine user (or power user) but on checking my env at work i'm not sure members of those roles can create vm's. I'll need to create a temp user and test it.
b) I haven't used it yet, but my first guess would be that these vm's were standby vSphere replicas (or something along that line). If that's correct, i would then assume that the replicas would need to be re-initialized from the source vm's. -
tomtom1 Member Posts: 375smackie1973 wrote: »Hi guys
b) I haven't used it yet, but my first guess would be that these vm's were standby vSphere replicas (or something along that line). If that's correct, i would then assume that the replicas would need to be re-initialized from the source vm's.
Very close! These are SRM virtual machines. SRM is a VMware product that allows for easy DR (Disaster Recovery). SRM uses either vSphere replicas or storage replication, so without actually knowing the product, you made a pretty good guess! -
Essendon Member Posts: 4,546 ■■■■■■■■■■Great reply there @smakie1973, check under the questions for their answer. As for the first question, I really should have made it clearer - I was in fact asking for the admin to not be able to do anything in the critical VM resource pool.
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Question 36
Your junior vAdmin is performing some housekeeping on your ESXi clusters and an hour later advises you she's finished her work. A little while later, a HA event happens and sure enough VM's from the failed host are restarted on other hosts in a cluster. One VM is unable to restart, you check the settings of the VM and see the following screenshot:
Why has this happened and how will you bring the VM up? In addition, how will you ensure this (not powering up) doesnt happen again.
-
Essendon Member Posts: 4,546 ■■■■■■■■■■Pre-posting today's question
Question 37
Your vCenter is a VM that manages 10 hosts. You are the on-call person and get woken up at 2am on Saturday morning by the Helpdesk responding to a number of alarms in Solarwinds that say there are problems with the vCenter server. You un-willingly drag yourself out of bed, power up your laptop, VPN to the office and attempt to logon to vCenter using the vSphere Client but get the error message that said it was unable to establish a network connection to vCenter. You are successfully able to RDP to the Windows Server VM that hosts vCenter. You find out that the vCenter Server service is stopped. You try to start the service, but the service doesnt start. You know that vCenter's database is on the same VM as vCenter. You quickly check the disk and realize the disk is full. How will you get vCenter up and running again? -
smackie1973 Member Posts: 13 ■■□□□□□□□□Q36
The host the VM migrated to doesn't have a port group with matching details to what the VM is looking for, therefore it won't be able to start up.
Normally the first option would be to make sure that port group is configured on all hosts in the cluster. However, as the label is called 'Internal' the assumption is that it is only configured on one particular host and may not be needed. If that is the case then it should be removed from the VM. -
smackie1973 Member Posts: 13 ■■□□□□□□□□Q37
There may be various ways around this.
With my SQL DBA hat on, the first thing i would check is log space on the server. If the log has filled up, manually truncate it and then shrink the physical file to free up physical disk space. This will allow vCenter to start. You can then go back to bed and add disk space at a decent hour. Note: I've been here before, although not a 2am thankfully!
The next option is to connect directly to the host that vcenter is running on using the full client (web client won't work!). This may take some time to check each one until you find it (a 'should run' affinity rule will help here). Once found, extend the space on the drive that is full (edit VM settings), then login to the server, extend the drive and then start vcenter.