Upgrade And Security Configuration VMware VSphere 6.7 Update 1
VMware vSphere 6.7 Update 1Upgrade and Security ConfigurationAuthorBrandon LeeBrandon Lee has been in the IT industry for over 15 years now and hasworked in various IT industries spanning education, manufacturing, hospitality,and consulting for various technology companies including Fortune 500companies. He is a prolific blogger and contributes to the community throughvarious blog posts and technical documentation primarily atVirtualizationhowto.com
VMware vSphere 6.7 Update 1 Upgrade and SecurityConfiguration1.2.Upgrading to VMware vSphere 6.7 Update 1 Overviewa.Other Upgrade Considerations Before Upgrading vSphereb.Upgrade Process Order OverviewUpgrading VCSA Appliance to vCenter Server 6.7 Update 1a.VMware vSphere vCenter Server VCSA 6.7 Update 1 Upgrade Stage 23.Upgrading VMware ESXi to vSphere 6.7 Update 14.Implementing VMware vSphere Virtual Machine Encryptiona.5.Virtualization-based Security Best Practicesa.6.7.8.9.How to Enable VMware Virtual Machine EncryptionEnabling Virtualization-Based Security in VMware vSphereVMware vSphere Virtual Trusted Platform Module or vTPMa.Differences between a Physical TPM and a Virtual TPMb.Adding the Virtual TPM Module to a Virtual MachineWhat is the Virtual Networking Layer?a.Securing VMware vSphere Virtual Networking Layerb.Isolate Network Trafficc.Use Firewalls to Secure Virtual Network Elementsd.Consider Network Security Policiese.Secure VM Networkingf.Use VLANs to Protect Virtual Networksg.Secure Virtual Storage Network Traffich.Use IPSec when PossibleSecuring VMware vSphere 6.7 Update 1 Virtual machine Best Practicesa.General Virtual Machine Protectionb.Deploying VMs using Templatesc.Securing the VM Console in vSphered.Limiting VM Resource Usagee.Disabling unnecessary VM Functionsf.Use Virtualization-Based Security and vTPM 2.0White paper TakeawaysBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
If you are using an external Platform Services Controller, upgrade PlatformServices Controller appliance 6.0 to version 6.7.Upgrade the vCenter Server to vSphere 6.7 Update 1 – This is an extremelyimportant step as it allows choosing a supported upgrade method, depending onthe version you are coming from.oooooYou must first ensure your current deployment supports upgrading ormigrating to the vCenter Server 6.7 Update 1 deployment.Use the Graphical Deployment Tool – This allows upgrading vCenter Serverby means of a two-step process to first deploy the new VCSA appliance asan OVA and then copying the existing data to the new appliance whichthen assumes the identity.Use the Migration Assistant Interface – This allows migrating from thelegacy SSO Platform Services Controller, or vCenter Server on Windows tothe VCSA appliance.Use the CLI installer – This allows advanced users the means to upgradeVCSA appliances or vCenter Server on Windows to the latest version.Using the vCenter Admin VAMI interface – This is the administrativeinterface in VCSA that allows patching the appliance to the latest versionwithin the major release.High-level overview of the vCenter Server Upgrade Process (Image Courtesy of VMware)Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Upgrade your ESXi hosts – Upgrading the ESXi hypervisor on cluster hosts comesafter upgrading the vCenter Server. The vCenter Server must be at the same levelor higher than the ESXi hosts it manages. Typically, customers want to keep theversion of ESXi in sync with the version of vCenter. However, it is worth mentioningthat the latest vCenter Server 6.7 Update 1 supports managing down level ESXihosts.oAs shown below, vCenter Server 6.7 Update 1 supports managing ESXi hostsall the way back to version 6.0. There may be reasons a customer mightchoose to do this. By using the latest vCenter Server version, you have thelatest HTML5 interface and all the other nice features that the new VCSAbrings to the table. However, VMware has deprecated support in ESXi forlegacy Windows Server versions such as 2003 starting in vSphere 6.7. If acustomer is running legacy Windows Server operating systems, this might bea reason to run the latest vCenter with a down level ESXi host version.VMware Product Interoperability Matrix Upgrade Virtual Machine VMware Tools – While VMware has decoupled the VMwareTools releases from the vSphere version itself, new vSphere versions generally comewith an updated version of VMware Tools if you choose this option for the ESXihypervisor download. After upgrading your vCenter Server and ESXi hosts, you willwant to roll through the virtual machines and upgrade VMware tools. This can bedone manually in vSphere or can easily be done programmatically with PowerCLI.Upgrade Virtual Machine compatibility – This is a step that is certainly not required,however, if there are new virtual hardware features or other configuration that a newvSphere version unlocks that you want to take advantage of, you will want to upgradeyour virtual hardware compatibility.By following the steps above, upgrading vSphere environments to the latest versionsincluding vSphere 6.7 Update 1 can be performed smoothly and effectively. What are someother considerations to make?Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Other Upgrade Considerations Before Upgrading vSphereAre there any other considerations to make before upgrading vSphere? Yes, there are.Another extremely important consideration to make before upgrading vSphere versions isto make sure your backup solution of choice supports the vSphere version. It would beextremely frustrating and dangerous for your organization’s data to be able to successfullyupgrade vSphere to the latest version but find that your data protection solution startsfailing to backup, replicate or perform other operations with vSphere. Why do new versionsoften break backups?Data protection solutions rely on being able to interact with the backup APIs that are foundin vSphere. With new versions and releases, VMware at times either changes the way theAPI works or changes the API altogether. Once the upgrade happens, if the data protectionsolution is not engineered to be able to deal with the new APIs, jobs will generally startfailing with miscellaneous errors. So, it is key to ensure compatibility up front with dataprotection solutions to make sure they are compatible with the version you are upgradingto, such as vSphere 6.7 Update 1.Along the lines of what we have discussed with the data protection solutions interactingwith vCenter Server, count on the downtime required for vCenter Server depending on theversion you are coming from. Patching vCenter from the VAMI will not take as long as theUpgrade process takes with the GUI tool 2-step process. If you have monitoring solutions orother third-party products that integrate with vCenter Server, expect the downtime requiredfor these solutions as well while vCenter is undergoing the upgrade. While the VMsthemselves will still be available, make sure you can withstand the time “flying blind” if yourely on monitoring solutions with hooks into vCenter.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
VMware vSphere 6.7 Update 1 Upgrade and SecurityConfiguration1.2.Upgrading to VMware vSphere 6.7 Update 1 Overviewa.Other Upgrade Considerations Before Upgrading vSphereb.Upgrade Process Order OverviewUpgrading VCSA Appliance to vCenter Server 6.7 Update 1a.VMware vSphere vCenter Server VCSA 6.7 Update 1 Upgrade Stage 23.Upgrading VMware ESXi to vSphere 6.7 Update 14.Implementing VMware vSphere Virtual Machine Encryptiona.5.Virtualization-based Security Best Practicesa.6.7.8.9.How to Enable VMware Virtual Machine EncryptionEnabling Virtualization-Based Security in VMware vSphereVMware vSphere Virtual Trusted Platform Module or vTPMa.Differences between a Physical TPM and a Virtual TPMb.Adding the Virtual TPM Module to a Virtual MachineWhat is the Virtual Networking Layer?a.Securing VMware vSphere Virtual Networking Layerb.Isolate Network Trafficc.Use Firewalls to Secure Virtual Network Elementsd.Consider Network Security Policiese.Secure VM Networkingf.Use VLANs to Protect Virtual Networksg.Secure Virtual Storage Network Traffich.Use IPSec when PossibleSecuring VMware vSphere 6.7 Update 1 Virtual machine Best Practicesa.General Virtual Machine Protectionb.Deploying VMs using Templatesc.Securing the VM Console in vSphered.Limiting VM Resource Usagee.Disabling unnecessary VM Functionsf.Use Virtualization-Based Security and vTPM 2.0White paper TakeawaysBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Upgrade Process Order OverviewAs covered already, there are certainly things to consider with an upgrade of VMwarevSphere. How is an upgrade of vSphere carried out? When thinking about an upgradevSphere environment, customers need to follow an order of operations in upgrading thevSphere environment. What is the order of operations when upgrading? Below is a quicklisting of native VMware solutions and the order of upgrading to vSphere 6.7, found in theVMware KB article 53710. Be sure when upgrading your environment to take an inventoryof all VMware solutions that are integrated into the vSphere environment along with allthird-party solutions that are reliant upon connections to vSphere. Be sure to check withthose third-party providers for their relevant compatibility and interoperability .18.19.vRealize AutomationvRealize OrchestratorvRealize Business for CloudvRealize Operations ManagervRealize Log InsightvRealize Log Insight AgentvRealize Operations Endpoint AgentsvADP-based Backup SolutionNSX-vExternal PSCvCenter ServerVUMvSphere ReplicationvSphere Site Recovery ManagervSphere Update Manager Download ServiceESXi hypervisorVMware ToolsVirtual HardwarevSAN/VMFSIn the following walkthrough, let’s take a look at upgrading a simple vSphereenvironment that only consists of vCenter Server and a cluster of ESXi hosts. In theabove list, we have highlighted the vCenter Server and ESXi hypervisor in the list above.As you can see, these both sit in various places in the recommended order of operationsfrom an overall VMware products standpoint. If you have any of the other solutions, youwill need to look and see where it fits in the overall order of upgrade operations setforth by VMware.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
When looking at a simple configuration of only vCenter Server and the ESXi hosts in thecluster, the process to upgrade the vSphere components in that configuration involvesupgrading vCenter Server first, and then upgrading the ESXi hosts. In the followingwalkthrough, let’s upgrade an existing vCenter 6.5 U2 VCSA installation to vCenter 6.7Update 1 VCSA. The process is the same as the one established with the VCSA 6.5upgrade process. The ISO installer that is downloaded contains the GUI installer/upgradeutility that allows deploying, upgrading, migrating from Windows vCenter, or restoring aninstallation.When upgrading, the process involves deploying a new vCenter Server VCSA 6.7 Update 1appliance and then copying the configuration and data from the upgrade source VCSAappliance over to the new appliance. The new appliance then assumes the identity of thesource appliance and the old VCSA appliance is powered off.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Upgrading VCSA Appliance to vCenter Server 6.7 Update 1After downloading the new version of vCenter, which is downloadable from VMware asan ISO file, you simply mount the ISO and run the UI installer. This launches the utilitythat allows you to choose the operation you want to perform.vCenter Server Appliance 6.7 Installer – Upgrade optionsThe installer will happen in 2 stages. The first stage is to deploy the appliance. Theintroductory screen describes the process in detail and the various steps taken in eachstage.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Deploying the vSphere 6.7 Update 1 applianceNext, accept the EULA presented for the installer.Accept the EULA for the vSphere 6.7 Update 1 upgradeBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Now, we connect to the source appliance by providing the credentials for connectivity.Additionally, you connect to the source ESXi host or vCenter Server that manages thesource appliance.Connect to the source appliance using the installerConnect to the source appliance using the installerBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Next, connect to the appliance deployment target by providing the hostnameand the credentials. This allows the installer to create the new appliance.Connect to the appliance deployment target so the new appliance virtual machine can becreated and managedBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Select the folder for the new appliance creation in the target vSphereinfrastructure.Select the vSphere folder where the new appliance will be createdBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Select the compute resource such as a standalone host or vSphere clusterto house the new vCenter Server Appliance.Selecting the compute resource to house the resulting appliance that is createdBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
After configuring the vSphere connection to the target environment, you are askedto set up the target appliance virtual machine by providing a name, root passwordand confirming the root password.Setup the target appliance VMBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Configure the deployment size for the resulting VCSA appliance. The installerprovides great information right on the installer GUI configuration page for thedeployment size options.Select the deployment size for the resulting VCSA applianceBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Select the datastore the new VCSA appliance will be housed in. You also have the optionto select the Enable Thin Disk Mode which thin provisions the resulting VCSA appliancedisks on the datastore. This means that blocks are only zeroed out when they are writtento. This saves a tremendous amount of space since space is only claimed on the datastoreas the blocks are written to.Selecting the target datastore for the resulting VCSA appliance andchoosing thin disk mode optionsBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
On the network settings configuration, choose the port group to attach the resultingVCSA appliance to as well as the temporary IP address for the appliance. Keep in mindthat ultimately, the installer is going to assume the IP address of the source appliance. Sohere, we are simply giving it an IP address that will allow it to communicate with thesource appliance during the upgrade process to copy data across.Configuring network settings for the new VCSA applianceBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
The Stage 1 process is now ready to begin the actual configuration of the VCSA appliancein line with the parameters configured during the wizard. Click Finish.The configuration is ready to begin using the parameters chosen forthe new VCSA applianceStage 1 – Deploy vCenter Server Appliance with an Embedded Platform ServicesController begins. The new appliance VM is deployed into the vSphere inventory.VMware vSphere 6.7 Update 1 VCSA appliance deployment beginsStage 1 of the deployment finishes. Stage 2 begins.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
VMware vSphere vCenter Server VCSA 6.7 Update 1 Upgrade Stage 2Stage 2 of the vSphere 6.7 Update 1 VCSA upgrade beginsIn Stage 2, the installer copies data from the source vCenter Server Appliance to thedeployed appliance. In the introduction screen, the process details are displayed.Overview of Stage 2 in the vSphere 6.7 Update 1 upgrade processBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
The Pre-upgrade check result will display any warning or other errors that arefound. Below, we have warnings about legacy patch baselines, etc.Pre-upgrade check warnings displayed before the deployment of the newappliance beginsBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
After connecting to the source vCenter Server, the Select Upgrade data screendisplays. Here you can choose which data is copied to the new appliance. The variousdata sizes are displayed for each option.Choose the upgrade data option during the vSphere 6.7 Update 1 upgradeprocessBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Next, choose whether or not to participate in the CEIP program by checking orunchecking the box.Configure CEIP options screenBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Stage 2 of the upgrade process is ready to begin. The chosen options aredisplayed on the screen along with the option to either go back or Finish theprocess.The Ready to Complete screen displays the options chosen for Stage 2You will see a warning displayed indicating the source VCSA appliance will beshut down during the process. Click OK to continue with the process.Acknowledge the shutdown warning for the source VCSA appliance VMBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
The Data transfer and appliance setup begin in the Stage 2 process.Stage 2 process begins with the data copy from the source applianceBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
After some time, the Stage 2 process will complete. As you can see the three steps asdefined are to copy data, set up the target vCenter Server and start processes, and thenimport copied data to the target vCenter Server. After a successful upgrade process, youwill see the link to the appliance displayed on Stage 2 complete screen.Upgrading VMware ESXi to vSphere 6.7 Update 1One of the major achievements of vSphere 6.7 Update 1 is the introduction of the fullyfunctional HTML 5 UI. The new HTML 5 interface is a joy to work with. This is certainlyevident when working with the Update Manager component of the vSphere client. Theprocess to work with the Update Manager interface, uploading images, creatingbaselines, attaching baselines, and remediating hosts are extremely easy and intuitive.Let’s step through the process and screens of the normal process to upload thevSphere 6.7 Update 1 ESXi image, create the baseline, attach the baseline to the ESXihosts in our environment, and then remediate the hosts per the attached upgradebaseline.Backup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
The first thing that we need to do is upload the new ESXi 6.7 ISO. To do this navigatein the HTML5 client to Update Manager ESXi Images Import.Importing and uploading the vSphere 6.7 Update 1 ISO to Update ManagerChoose to import an ESXi Image and Browse to the ISO file for ESXi 6.7 Update 1.As soon as you select it, it will start to import and then upload the image.Choose the ESXi 6.7 Update 1 ISO image to import to Update ManagerBackup & Disaster Recovery for Virtual and Physical Data Center Vembu Technologies
Below, the process to import the ESXi image has begun. The first step uploadsthe image and step 2 imports the image into the Update Manager imagescatalog.The ESXi 6.7 Update 1 ISO image uploads via the Update Manager Import ESXiImage wizardAf
of all VMware solutions that are integrated into the vSphere environment along with all third-party solutions that are reliant upon connections to vSphere. Be sure to check with those third-party providers for their relevant compatibility and interoperability matrices. 1. vRealize Automation 2. vRealize Orchestrator 3. vRealize Business for Cloud
2.7 VMware vCenter Support Assistant 22 2.8 VMware Continuent 23 2.9 VMware Hyper-Converged Infrastructure Kits 23 2.10 VMware Site Recovery Manager 23 2.11 VMware NSX 24 2.12 VMware NSX Advanced Load Balancer 28 2.13 VMware SD-WAN by VeloCloud 29 2.14 VMware Edge Network Intelligence 30 2.15 VMware NSX Firewall 30
the VMware Hybrid Cloud Native VMware management tools extend on-prem services across VMware Hybrid Cloud vRealize adapters allow "first class citizen" status for VMware Cloud on AWS Leverage same in-house VMware tools and processes across VMware Hybrid Cloud Support the cloud agility strategy of the organisation without disruption
Fundamentals Associate VMware Data Center Virtualization Associate VMware Cloud Management and Automation Associate VMware Security. Design Expert Certification (VCDX) Certification . VMware Data Center Virtualization: Core Technical Skills VCTA-DCV VMware vSphere: Install, Configure, Manage vSphere Professional VMware Advanced
VMware also welcomes your suggestions for improving our other VMware API and SDK documentation. Send your feedback to: docfeedback@vmware.com. . , and can assist development of applications for VMware vSphere and vCloud. The user interface retains . In the VMware Developer Center, find the introduction page for VMware Workbench IS. At the .
8. Install VMware Fusion by launching the “Install VMware Fusion.pkg”. 9. Register VMware Fusion when prompted and configure preferences as necessary. 10. Quit VMware Fusion. Create a VMware Fusion Virtual Machine package with Composer 1. Launch VMware Fusion from /Applications. 2. Cre
VMware View 18 VMware Mirage 21 VMware Workspace 24 Summary 25 Chapter 2 VMware View Architecture 27 Introduction 27 Approaching the Design and Architecture 27 Phase I: Requirements Gathering and Assessment 28 Phase II: Analysis 29 Phase III: Calculate 30 Phase IV: Design 32 VMware View Server Architecture 33 VMware View Connection Server 34
VMware, Inc. 9 About ThisBook The Guest Operating System Installation Guide provides users of VMware ESX Server, VMware GSX Server, VMware Server, VMware ACE, VMware Workstation, and VMware Fusion information about installing guest operating systems in
VMware ESX Server uses a virtual disk file format different from the format used by VMware products that run on a host operating system—such as VMware GSX Server, VMware Server, VMware Player, VMware Workstation, and VMware Fusion. As a result, when you move a virtual machine from a system
