1. vCenter 7 Multihoming
And with multihoming, this gives you the ability to configure multiple virtual network interfaces on your Vcenter Server appliance virtual machine. This is used to give you the ability to make your Vcenter Server appliance available on multiple networks without having to route that traffic. And you can configure a maximum of four Vnix on the Vcenter Server appliance. Nic Zero is always going to be there by default. That’s the primary management interface for Vcenter. And so that one is always going to be there when you create a second virtual Nic for the Vcenter server appliance that’s going to be reserved for Vcenter High Availability. So when you enable VCHA or Vcenter High Availability, it uses this interface to essentially communicate with the standby Vcenter Instant, so that’s nick One and nick Two and nick Three can be used for Multi homing. So the way we’ll go about this is to actually edit the settings on the Vcenter Server appliance virtual machine to add those virtual nicks.
And so here we see a little diagram. Just kind of breaking this down. We’ve got our Vcenter Server appliance with multiple virtual nicks, and there’s a few use cases identified here. Nick zero. That’s our management. Virtual nic. Nick one is for Vcenter. High availability. Nick Two. Maybe I’ve got a specific network that I want to push my backups towards. Nick Three, maybe I’ve got a third party that I’m allowing to communicate with this Vcenter Server appliance, and I’m exposing that one network interface to them. Nic Three. So the ability to create multiple interfaces with multiple IP addresses is supported in Vcenter Seven with a feature called Multi Homing.
2. Demo: Configure vCenter 7 Multihoming
In this video I’ll demonstrate how to configure multihoming on the Vcenter server appliance. So here you can see I’ve already logged into the Vsphere client and here is my Vcenter Server appliance virtual machine. So I’m going to rightclick this. And for multihoming what we’re looking to do is add multiple network interfaces. So at the moment you can see we’ve only got one one Nic associated with this Vcenter Server appliance. So I’m going to go ahead and click on Add new device. I’m going to add another network adapter and I’m going to go ahead and hit OK. And now let’s move over to the Vami and examine what the configuration looks like in there. So you could see prior to this before I refresh, I only had nick zero. Let me refresh my Vami screen here.
Now you can see I have nick zero and nick one which was automatically reserved for Vcenter high availability. Let’s go back to the Vsphere client. I’m going to edit settings on this VM again and I’m going to add two more network adapters. So let’s go to add new device. We’re going to add a network adapter here. Let’s go ahead and add one more device, another network adapter and I’ll go ahead and hit OK here and go back to the Vami. And I’ll refresh the vami again. And now we can see we should have nick two and nick three available and I can go to any of those network interface cards. Now I can edit them and I could assign different IP addresses on each of these network interface cards. So for example, I could go to nick three and maybe this is going to be on a specific network for backups.
So maybe I might have a different DNS server there or a different IP address. Is it going to be automatically obtained or am I going to manually specify that IP address? So now my Vcenter server appliance is actually equipped with four network interfaces. And just to wrap this process up I’m going to go back to the Vsphere web client and I’m going to edit settings on this VM one more time and I’m just going to clean up after myself. I’m going to remove the three network adapters that I just added the Vcenter and clean up those changes that I made so that we’ll be back to a single virtual Nic and we just refresh the vami one more time and we’re back down to a single network interface card. So that’s how you can configure multihoming on the Vcer Server appliance in Vsphere Seven.
3. Demo: vCenter 7 PNID and FQDN Changes
PNID is essentially how Vcenter identifies itself and it’s the primary network Identifier for Vcenter. And by default the fully qualified domain name or FQDN is the primary network Identifier. If you created Vcenter without an FQDN, then the IP address of Vcenter is the pneed. Now what’s different about Vcenter Seven than previous versions is if you change the FQDN, it also changes the pneed. And in order to complete that process, all of the custom certificates that exist on the Vcenter Server appliance need to be regenerated because they all refer to the FQDN that has just been changed. You also need to reconfigure V Center High Availability if that has been previously configured and you’re now changing the FQDN. And the other thing that needs to be done is if your Vcenter Server appliance is joined to the Active Directory domain, you’re going to have to rejoin it.
Now one word of caution, if you’re going to make a change that’s this significant, I definitely recommend that you take a snapshot of the Vcenter Server appliance before you start. So here I am in the Vsphere client and here’s my Vcenter Server. And if I’m going to modify the FQDN, for me, step one is to go ahead and take a snapshot of this Vcenter Server appliance and I’m just going to call it Pre FQDN Change. So that’s step one. I’ll go ahead and take that snapshot. Now in reality, you should also do an on demand file based backup of the Vcenter Server appliance as well. So here I am in the vami. You can see though, I’ve just recently performed a backup and we can look at our backup activity here. Once this populates, you’ll see that I performed the backup just a few minutes ago. So yeah, here you can see I’ve already performed both a manual and a scheduled backup of my Vcenter Server appliance. So I’m not going to bother doing a file based backup.
So what I am going to do here in the Vami is visit the networking screen. And on the networking screen I’ll go to Nick Zero and I’m going to edit the settings. On Nick zero. I have my host name and DNS. So if you’re going to modify the fully qualified domain name, this is the place to do it. So I’m just going to change it to new VCSA. One lab local, and I’ll click Next. It’s going to force me to put in the SSO administrator credentials. So I’ll go ahead and put those in and click Next. And this is telling me, hey, you’re reconfiguring Nick Zero. This is going to create downtime of your Vcenter server and it may not be up for a while and it’s forcing you to say, yes, I have backed up my Vcenter Server and all my unregistered extensions and so it’s telling me all the network settings need to be reconfigured here. You’re going to have to regenerate custom certificates, you’re going to have to reconfigure Vcenter high availability.
If you have hybrid link with Cloud V Center, you’re going to have to recreate those and you’re going to have to rejoin the Vcenter server appliance to the active directory domain. So those are all follow up tasks that need to be completed here. And once you start this process up, it’s going to take a while. It’s going to have to restart a bunch bunch of services. So I’m actually going to cancel this process because I really do not want to rename my Vcenter Server appliance and go through that entire process. So while this lecture may seem pretty simple, changing the FQDN wasn’t possible in Vs four six or six five Vcenter. Six seven, update three, this capability became possible.
4. vCenter Server Profiles
In Vsphere. This is very similar to those. So let’s say you spend time configuring your ESXi host perfectly. You set up network timing protocol and you set up firewall rules and all that sort of stuff. And you don’t want to do that every time. Not only is it a lot of manual work, but it’s a lot of opportunity for error if your manual manually configuring all of your ESXi hosts. So VMware came out with host profiles to make it really easy. You could create a reference host and export that configuration and apply it to all your hosts. Well, now they’ve done the same thing for Vcenter. There’s a lot of configuration that you do on a V Center instance. And we’ve seen some videos here where I’ve explored the Vami a little bit and there’s a lot of configuration information in there.
So if I’m going to be rolling out multiple V Center instances and I want to maintain a consistent configuration, I want to have easier set up, I want to have standardization. I can create a server profile from an existing Vcenter server appliance. And the Vcenter server profile is a JSON formatted text document. And by the way, if you want to use Vcenter server profiles, there’s no GUI for it yet. It’s not in the Vs fair client. It’s strictly a command line tool. So essentially what you’re doing is you’re exporting a server profile from a reference Vcenter server appliance. Then you can take that server profile and apply it to existing Vcenter server appliances to ensure that they are in compliance with the server profile and your standard configuration. So what is in this server profile?
What is it actually configuring? Well, there’s a whole lot of stuff. Backup schedules, retention policies, patching syslog server information, mail server information, what is the NTP server, what DNS server should be used, and on and on the list goes here. So there’s a lot of configuration options that need to be properly set inside of a Vcenter Server appliance. So let’s take a look at some of the possible use cases that we have here. Maybe you want to export the configuration of Vcenter as a JSON file and hold on to it somewhere, keep it as a sort of backup. Maybe you want to remediate incorrect configurations or make sure that you have a standard V Center configuration across the board by validating existing Vcenter instances. Maybe we have new Vcenter instances that we want to make the creation and modification of those very easy and straightforward by importing this existing configuration.
And once I’ve exported the Vcenter configuration as a JSON file, I could actually modify that JSON file and then in a coordinated manner push the changes that I’ve made to multiple Vcenter instances. So if my standard configuration changes in the future, let’s say for example, I have a new NTP server, I can modify my JSON file and then go ahead and push those changes to multiple Vcenter instances simultaneously. And like I mentioned, this is strictly a command line tool at the moment. But I would imagine in the future it’s probably going to be integrated into the Vsphere client. This is the way way that a lot of new features tend to go with Vsphere is that they come out first as a command line type tool and eventually they make it into the user interface. So in a subsequent version of Vcenter I wouldn’t be surprised to see this available in the UI.
5. vCenter and Dynamic DNS
Now, the Dynamic DNS feature was actually released in vsphere. Six Seven Update Three. And basically what it did was it allowed Vcenter to get a dynamic IP address from a DNS server. And if the IP address of V Centre were to change, then the DNS server would be automatically informed. So what Vcenter is essentially doing is once a day, every 24 hours, it’s setting a Keep alive to the DNS server, letting it know what the current IP address is. And so what are the use cases for dynamic DNS and what can potentially go wrong here? Well, one of the use cases could be you may just be changing the IP address of the centerer and want your DNS records to be automatically updated and dynamic DNS would definitely accomplish that.
You may also just want to ensure that the DNS server is consistently getting these Keep alive messages so that it doesn’t consider the DNS entry of Vcenter to be stale and clean it up. So that’s another potential use case. There is one thing that you need to watch out for specifically if you’re on Vsphere six Seven Update Three. Now, I know this is a Vsphere seven course, but just in case you’re on that slightly older version, if you enable dynamic DNS on Vcenter and you have Vcenter High Availability enabled, what’s going to happen is the dynamic DNS entry is going to be propagated for the primary IPV center and also the IP address of the V center High Availability address. So that’s just something to watch out for because that can make V Center unreachable on your network. But if you’re running Six Seven Update Three B or later, or if you’re running Vs for Seven, you don’t have to worry about. Thanks.
6. Demo: Precision Time Protocol in ESXi 7
So we still have some of the timing methods that we’ve always had before, like manually configuring the time inside of your ESXi host or using the network time protocol, which is by far preferable versus manual. So ideally, in a Vsphere environment, you’ll have a network time server and you’ll use NTP to synchronize your systems to that. Now, in Vs for seven, we have support for precision time protocol, and this is accurate in the sub microsecond range. This is used to synchronize things like financial transactions and other systems that require extremely precise timing.
And you need special equipment for precision time protocol. NTP is much easier to deploy, and in most use cases, NTP is going to work just fine for us. So in the vast majority of general server type use cases, we just want to stick with NTP. But if we have an application that absolutely requires this sub microsecond range accuracy, PTP is a viable solution for that. So here I am in the Vsphere client and I’ve gone to one of my ESXi hosts, and under the configure menu we have time configuration. And here you can see in my ESXi host I have configured NTP. So I’ve got NTP running. I have established an NTP server. This ESXi host is getting its timing from that NTP server. Below that, I now have the ability to enable the precision time protocol. So here you can see I’ve gone to my ESXi host and I’ve gone to the configure tab. And under the services view I can start and stop services. So what I’m now going to do is I’m going to turn off the NTP service. I’m going to stop the NTP service on my ESXi host, and you can see that the PTP demon is currently stopped. So I’m going to go ahead and start that and then I’m going to go back to time configuration. And here you can see the PTP service is now running. So now that I’ve got the service running on my ESXi host, I can actually go to my virtual machines.
So here you can see I’ve created a temporary VM called PTP Demo, and I can go to edit settings on that virtual machine and I can add a new device. And under other devices you can now add a new precision clock. So this is allowing your virtual machine to synchronize to the VM kernel system time that’s backed by PTP on your ESXi host. And this is only possible if your virtual machine uses virtual hardware version 17 or later. So like I said, in most circumstances you really won’t need PTP, but in those cases that you do, it’s now supported in ESXi seven.