VCP-DCV for vSphere 8.

x Cert Guide
Companion Website and Pearson Test Prep Access Code
Access interactive study tools on this book’s companion website, including practice
test software, review exercises, Key Term flash card application, a study planner, and
more!
To access the companion website, simply follow these steps:
1. Go to www.pearsonitcertification.com/register.

2. Enter the print book ISBN: 9780138169886.

3. Answer the security question to validate your purchase.

4. Go to your account page.

5. Click on the Registered Products tab.

6. Under the book listing, click on the Access Bonus Content link.

When you register your book, your Pearson Test Prep practice test access code will
automatically be populated with the book listing under the Registered Products tab.
You will need this code to access the practice test that comes with this book. You
can redeem the code at PearsonTestPrep.com. Simply choose Pearson IT Certi-
fication as your product group and log into the site with the same credentials you
used to register your book. Click the Activate New Product button and enter the
access code. More detailed instructions on how to redeem your access code for both
the online and desktop versions can be found on the companion website.
If you have any issues accessing the companion website or obtaining your Pearson
Test Prep practice test access code, you can contact our support team by going to
pearsonitp.echelp.org.
This page intentionally left blank
VCP-DCV for vSphere 8.x
Cert Guide

John A. Davis, Steve Baca

Hoboken, New Jersey

VCP-DCV for vSphere 8.x Cert Guide VICE PRESIDENT, IT
PROFESSIONAL
Copyright © 2024 by Pearson Education, Inc. Mark Taub
All rights reserved. This publication is protected by copyright, and permission DIRECTOR, ITP PRODUCT
must be obtained from the publisher prior to any prohibited reproduction, stor- MANAGEMENT
age in a retrieval system, or transmission in any form or by any means, electronic, Brett Bartow
mechanical, photocopying, recording, or likewise. For information regarding EXECUTIVE EDITOR
permissions, request forms, and the appropriate contacts within the Pearson Nancy Davis
Education Global Rights & Permissions Department, please visit
DEVELOPMENT EDITOR
www.pearson.com/permissions. Ellie Bru
No patent liability is assumed with respect to the use of the information contained MANAGING EDITOR
herein. Although every precaution has been taken in the preparation of this book, Sandra Schroeder
the publisher and author assume no responsibility for errors or omissions. Nor is
SENIOR PROJECT EDITOR
any liability assumed for damages resulting from the use of the information con-
Mandie Frank
tained herein.
COPY EDITOR
ISBN-13: 978-0-13-816988-6
Kitty Wilson
ISBN-10: 0-13-816988-8
INDEXER
Library of Congress Cataloging-in-Publication Data: 2023914336 Erika Millen

$PrintCode PROOFREADER
Donna E. Mulder
Trademarks TECHNICAL EDITOR
All terms mentioned in this book that are known to be trademarks or service Joseph Cooper
marks have been appropriately capitalized. Pearson IT Certification cannot attest PUBLISHING
to the accuracy of this information. Use of a term in this book should not be COORDINATOR
regarded as affecting the validity of any trademark or service mark. Cindy Teeters
DESIGNER
Warning and Disclaimer
Chuti Prasertsith
Every effort has been made to make this book as complete and as accurate as pos-
COMPOSITOR
sible, but no warranty or fitness is implied. The information provided is on an “as
codeMantra
is” basis. The authors and the publisher shall have neither liability nor responsi-
bility to any person or entity with respect to any loss or damages arising from the
information contained in this book.

Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs; and
content particular to your business, training goals, marketing focus, or branding
interests), please contact our corporate sales department at corpsales@pearsoned.
com or (800) 382-3419.
For government sales inquiries, please contact [email protected].
For questions about sales outside the U.S., please contact [email protected].
Pearson’s Commitment to Diversity, Equity, and
Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all
learners. We embrace the many dimensions of diversity, including but not limited
to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and
religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the poten-
tial to deliver opportunities that improve lives and enable economic mobility. As we
work with authors to create content for every product and service, we acknowledge
our responsibility to demonstrate inclusivity and incorporate diverse scholarship so
that everyone can achieve their potential through learning. As the world’s leading
learning company, we have a duty to help drive change and live up to our purpose to
help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
■ Everyone has an equitable and lifelong opportunity to succeed through
learning
■ Our educational products and services are inclusive and represent the rich
diversity of learners
■ Our educational content accurately reflects the histories and experiences of the
learners we serve
■ Our educational content prompts deeper discussions with learners and moti-
vates them to expand their own learning (and worldview)

While we work hard to present unbiased content, we want to hear from you about
any concerns or needs with this Pearson product so that we can investigate and
address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.
Contents at a Glance

Introduction xxvi
PART I: VSPHERE ARCHITECTURE, INTEGRATION, AND REQUIREMENTS
CHAPTER 1 vSphere Overview, Components, and Requirements 3
CHAPTER 2 Storage Infrastructure 31
CHAPTER 3 Network Infrastructure 91
CHAPTER 4 Clusters and High Availability 131
CHAPTER 5 vCenter Server Features and Virtual Machines 167
CHAPTER 6 VMware Product Integration 205
CHAPTER 7 vSphere Security 237
PART II: VSPHERE INSTALLATION/CONFIGURATION
CHAPTER 8 vSphere Installation 287
CHAPTER 9 Configuring and Managing Virtual Networks 331
PART III: VSPHERE MANAGEMENT AND OPTIMIZATION
CHAPTER 10 Managing and Monitoring Clusters and Resources 365
CHAPTER 11 Managing Storage 415
CHAPTER 12 Managing vSphere Security 471
CHAPTER 13 Managing vSphere and vCenter Server 515
CHAPTER 14 Managing Virtual Machines 573
CHAPTER 15 Final Preparation 613
APPENDIX A Answers to the “Do I Know This Already?” Quizzes and
Review Questions 617
Glossary 637
Index 645
ONLINE ELEMENTS:
APPENDIX B Memory Tables
APPENDIX C Memory Table Answers
APPENDIX D Study Planner
Table of Contents

Introduction xxvi

Part I: vSphere Architecture, Integration, and Requirements

Chapter 1 vSphere Overview, Components, and Requirements 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
vSphere Components and Editions 6
vSphere Components 6
Editions and Licenses 8
vCenter Server Topology 10
Single Sign-On (SSO) Domain 11
Enhanced Linked Mode 12
vCenter HA 12
Infrastructure Requirements 13
Compute and System Requirements 14
Storage Requirements 16
Network Requirements 17
Infrastructure Services 21
Other Requirements 23
Additional Requirements 23
vSphere Replication Requirements 24
vCenter High Availability Requirements 24
SDDC Requirements 25
VMware Cloud vs. VMware Virtualization 26
Server Virtualization 26
VMware SDDC 26
vCloud Suite and Private Clouds 27
VCF and Hybrid Clouds 27
VMC on AWS 27
VMware vCloud Director 27
Cloud Automation 27
Exam Preparation Tasks 28
Review All the Key Topics 28
Complete Tables and Lists from Memory 28
Define Key Terms 28
Answer Review Questions 29
viii VCP-DCV for vSphere 8.x Cert Guide

Chapter 2 Storage Infrastructure 31

“Do I Know This Already?” Quiz 31
Foundation Topics 34
Storage Models and Datastore Types 34
How Virtual Machines Access Storage 34
Storage Virtualization: The Traditional Model 34
Software-Defined Storage Models 38
Datastore Types 39
Storage in vSphere with Kubernetes 43
VMware NVMe 44
vSAN Concepts 47
vSAN Characteristics 48
vSAN Terminology 50
What Is New in vSAN 7.0 and Newer 52
vSAN Deployment Options 53
vSAN Limitations 58
vSAN Space Efficiency 58
vSAN Encryption 61
vSAN File Service 61
vSAN Requirements 63
Other vSAN Considerations 68
vSphere Storage Integration 69
VASA 69
VAAI 70
Virtual Volumes (vVols) 72
Storage Multipathing and Failover 75
Multipathing Overview 75
Pluggable Storage Architecture (PSA) 76
Storage Policies 80
Storage Policy Based Management (SPBM) 81
Virtual Disk Types 81
vSAN-Specific Storage Policies 81
Storage DRS (SDRS) 83
Initial Placement and Ongoing Balancing 83
Space Utilization Load Balancing 83
I/O Latency Load Balancing 83
SDRS Automation Level 84
SDRS Thresholds and Behavior 84
SDRS Recommendations 84
Anti-affinity Rules 85
Datastore Cluster Requirements 85
NIOC, SIOC, and SDRS 86
 Table of Contents ix

Exam Preparation Tasks 87

Review All Key Topics 87
Complete Tables and Lists from Memory 87
Define Key Terms 87
Review Questions 88

Chapter 3 Network Infrastructure 91

“Do I Know This Already?” Quiz 91
Foundation Topics 94
Networking Terms and Concepts 94
Traditional Networking Terminology 94
Virtual NICs 96
Virtual Switch Concepts 96
VLANs 97
vSphere Standard Switch (vSS) 98
MTU 100
vSS Network Policies 100
NIC Teaming Policies 101
Network Security Policies 102
Traffic Shaping Policy 103
VLAN Policies 104
vSphere Distributed Switch (vDS) 104
Distributed Port Groups 105
Uplink Port Groups 105
vSS and vDS Comparison 106
vDS Network Policies 106
Inbound Traffic Shaping 107
Port-Blocking Policies 108
Load-Based NIC Teaming 108
Resource Allocation Policy 108
NetFlow and Monitoring Policy 111
Traffic Filtering and Marking Policy 111
vDS Settings and Features 112
Private VLANs 113
Data Center–Level Management 113
Network Offloads Compatibility 114
Port State Monitoring 115
Port State with vMotion 115
Port Mirroring 116
Port Binding and Allocation 117
LACP Support 118
vDS Health Check 119
x VCP-DCV for vSphere 8.x Cert Guide

Other vSphere Networking Features 120

Multicast Filtering Mode 120
Discovery Protocol 121
TCP Segmentation Offload 122
DirectPath I/O 122
Single Root I/O Virtualization (SR-IOV) 123
VMkernel Networking and TCP/IP Stacks 125
Exam Preparation Tasks 127
Review All Key Topics 127
Complete Tables and Lists from Memory 127
Define Key Terms 127
Review Questions 128

Chapter 4 Clusters and High Availability 131

“Do I Know This Already?” Quiz 131
Foundation Topics 134
Cluster Concepts and Overview 134
vSphere Cluster Services (vCLS) 135
Enhanced vMotion Compatibility (EVC) 135
vSAN Services 139
Distributed Resource Scheduler (DRS) 139
Recent DRS Enhancements 139
DRS Rules 142
DRS Migration Sensitivity 143
Resource Pools 144
vSphere High Availability (HA) 148
vSphere HA Requirements 149
vSphere HA Response to Failures 150
Heartbeats 151
vSphere HA Admission Control 151
vSphere HA Advanced Options 153
Virtual Machine Settings 153
VM Component Protection (VMCP) 154
Virtual Machine and Application Monitoring 154
vSphere HA Best Practices 155
Proactive HA 155
Other Resource Management and Availability Features 156
Predictive DRS 156
Distributed Power Management (DPM) 156
Fault Tolerance (FT) 157
vCenter Server High Availability 161
VMware Service Lifecyle Manager 161
 Table of Contents xi

Exam Preparation Tasks 162

Review All Key Topics 162
Complete Tables and Lists from Memory 162
Define Key Terms 162
Review Questions 163

Chapter 5 vCenter Server Features and Virtual Machines 167

“Do I Know This Already?” Quiz 167
Foundation Topics 171
vCenter Server and vSphere 171
vSphere Managed Inventory Objects 171
Host Profiles 175
Content Libraries 176
Virtual Machine File Structure 178
Configuration File 179
Virtual Disk Files 180
Snapshot Files 180
Virtual Machine Snapshots 180
Snapshot Use Cases 182
What a Snapshot Preserves 182
Parent Snapshots 183
Snapshot Behavior 183
Limitations 184
Virtual Machine Settings 185
VM Hardware/Compatibility 185
Virtual Disk Provisioning 188
VMware Tools 188
Virtual Machine Options 188
Virtual Machine Advanced Settings 189
Virtual Machine Migration 190
Migrating Virtual Machines 190
vMotion Details 194
Storage vMotion Details 197
Virtual Machine Cloning 199
Clones 199
Rapid Provisioning with Templates 200
Instant Clones 200
Exam Preparation Tasks 202
Review All Key Topics 202
Complete Tables and Lists from Memory 202
Define Key Terms 202
Review Questions 203
xii VCP-DCV for vSphere 8.x Cert Guide

Chapter 6 VMware Product Integration 205

“Do I Know This Already?” Quiz 205
Foundation Topics 208
vSphere Add-ons 208
vSphere with Tanzu 208
vSphere+ 213
vCenter Converter 214
VMware vSphere Replication 215
VMware SkyLine 215
Aria Suite 216
Aria Operations 216
Aria for Logs 217
Aria Automation 218
Aria Orchestrator 219
Aria Operations for Networks 220
Desktop and Application Virtualization 222
VMware Horizon 222
App Volumes 223
Replication and Disaster Recovery 224
vSphere Replication 224
Site Recovery Manager (SRM) 226
Private, Public, and Hybrid Clouds 227
VMware Cloud Foundation (VCF) 227
VMware Hybrid Cloud Extension (HCX) 229
VMware Cloud (VMC) on AWS 231
Azure VMware Solution 231
Networking and Security 232
NSX 232
Exam Preparation Tasks 234
Review All Key Topics 234
Complete Tables and Lists from Memory 234
Define Key Terms 234
Review Questions 235

Chapter 7 vSphere Security 237

“Do I Know This Already?” Quiz 237
Foundation Topics 240
vSphere Certificates 240
vSphere Certificates Overview 240
Certificate Requirements 242
 Table of Contents xiii

ESXi Host Certificates 245

vSphere Permissions 246
Authentication and Authorization 246
Inventory Hierarchy and Objects 246
Privileges and Roles 248
Permissions 250
Global Permissions 250
Best Practices for Roles and Permissions 251
Required Privileges for Common Tasks 252
How Permissions Are Applied by vCenter Server 255
ESXi and vCenter Server Security 257
Built-in Security Features 257
Security Profiles 258
ESXi Password Hardening 260
Joining an ESXi Host to a Directory Service 260
vSphere Authentication Proxy 260
ESXi Host Access 261
Control MOB Access 261
ESXi Secure Boot and TPM 261
vSphere Trust Authority (vTA) 263
vCenter Server Security 263
vSphere Network Security 266
Firewalls 266
Segmentation and Isolation 266
Internet Protocol Security 266
Virtual Machine Security 269
Virtual Machine Hardening Best Practices 269
Configuring UEFI Boot 270
Disabling Unexposed Features 270
Other Common Settings 270
Virtual Machine Risk Profiles 272
Protecting Virtual Machines Against Denial-of-Service Attacks 272
Controlling VM Device Connections 273
Virtual Machine Encryption 273
Encrypted vSphere vMotion 276
Virtual Trusted Platform Module (vTPM) 277
Virtual Intel Software Guard Extension (vSGX) 278
Available Add-on Security 279
Compliance Using VMware Aria Operations 279
VMware NSX 280
xiv VCP-DCV for vSphere 8.x Cert Guide

Exam Preparation Tasks 282

Review All the Key Topics 282
Complete Tables and Lists from Memory 282
Define Key Terms 283
Review Questions 283

Part II: vSphere Installation/Configuration

Chapter 8 vSphere Installation 287
“Do I Know This Already?” Quiz 287
Foundation Topics 290
Installing ESXi Hosts 290
Installing ESXi Interactively 290
Scripted ESXi Installation 292
Using Auto Deploy 296
Deploying vCenter Server Components 301
vCenter Server Database 301
Platform Services Controller (PSC) 301
vCenter Server Appliance 302
Configuring and Managing VMware Certificate Authority (VMCA) 307
Configuring Single Sign-On (SSO) 309
SSO and Identity Sources Overview 309
Adding, Editing, and Removing SSO Identity Sources 310
Adding an Active Directory Identity Source 311
Adding an LDAP Authentication Source 313
Enabling and Disabling Single Sign-On (SSO) Users 314
Configuring SSO Policies 315
Configuring Identity Federation 316
Initial vSphere Configuration 318
Implementing vSphere Client 318
Implementing VMware vSphere Lifecycle Manager 318
Configuring the vCenter Server Inventory 319
Using Host Profiles 321
VMware Tools 324
ESXi Configuration Settings 324
Advanced ESXi Host Options 325
Exam Preparation Tasks 327
Review All the Key Topics 327
Complete Tables and Lists from Memory 327
Define Key Terms 327
Review Questions 328
 Table of Contents xv

Chapter 9 Configuring and Managing Virtual Networks 331

“Do I Know This Already?” Quiz 331
Foundation Topics 334
vSphere Standard Switches (vSS) 334
Creating and Configuring vSphere Standard Switches 334
Creating and Configuring Standard Port Groups 336
vSphere Distributed Switches (vDS) 338
Creating and Configuring vSphere Distributed Switches 338
Creating and Configuring Distributed Port Groups 341
VMkernel Networking 342
Configuring and Managing VMkernel Adapters 342
Configuring TCP/IP Stacks 343
Configuring and Managing Networking Features 344
Configuring Network I/O Control (NIOC) 344
Creating a Network Resource Pool 345
Using Private VLANs 346
Using DirectPath I/O 347
Single Root I/O Virtualization (SR-IOV) 347
Configuring and Managing Port Mirroring 349
Configuring and Managing Link Aggregation Groups (LAGs) 350
Managing Host Networking with vDS 354
Adding Hosts to a vDS 354
Managing Host Physical Network Adapters on a vDS 355
Migrating VMkernel Network Adapters to a vDS 356
Removing Hosts from a vDS 356
Migrating Virtual Machines to a vDS 357
Monitoring the State of Ports in a Distributed Port Group 358
Using the vDS Health Check 358
Networking Policies and Advanced Features 359
Exam Preparation Tasks 361
Review All the Key Topics 361
Complete Tables and Lists from Memory 361
Define Key Terms 361
Review Questions 362

Part III: vSphere Management and Optimization

Chapter 10 Managing and Monitoring Clusters and Resources 365
“Do I Know This Already?” Quiz 365
Foundation Topics 368
xvi VCP-DCV for vSphere 8.x Cert Guide

Creating and Configuring a vSphere Cluster 368

Creating a Cluster 368
Configuring a Cluster with Quickstart 369
EVC Mode 372
Creating and Configuring a vSphere DRS Cluster 372
Creating a vSphere DRS Cluster 372
Creating a Resource Pool 372
Configuring Advanced DRS Options 373
Creating and Configuring a vSphere HA Cluster 374
Creating a vSphere HA Cluster 374
Configuring Advanced vSphere HA Options 374
Configuring vSphere HA Admission Control 375
Configuring VMCP 375
Configuring Virtual Machine and Application Monitoring 376
Configuring Proactive HA 376
Configuring vSphere Fault Tolerance 377
Monitoring and Managing vSphere Resources 377
Metrics 378
vSphere Client Performance Charts 379
Troubleshooting and Optimizing Performance 383
Monitoring and Managing Cluster Resources 388
Monitoring and Managing Resource Pool Resources 389
Monitoring and Managing Host Resources and Health 390
Monitoring and Managing Virtual Machine Resources 392
ESXTOP 396
VIMTOP 399
vCenter Server Management 399
Events, Alarms, and Automated Actions 400
Events 400
Viewing Events in the vSphere Client 400
Viewing the System Event Log 401
Streaming Events to a Remote Syslog Server 401
Alarms 402
Viewing and Acknowledging Triggered Alarms 403
Creating Alarm Definitions 403
Alarm Actions 404
Advanced Use Cases for Alarms 404
Logging in vSphere 405
ESXi Logs 405
vCenter Server Logs 407
Uploading System Logs to VMware 407
Log Levels 408
 Table of Contents xvii

Configuring Syslog on ESXi Hosts 409

vRealize Log Insight (vRLI) 411
Exam Preparation Tasks 412
Review All the Key Topics 412
Complete Tables and Lists from Memory 412
Define Key Terms 412
Review Questions 413

Chapter 11 Managing Storage 415

“Do I Know This Already?” Quiz 415
Foundation Topics 418
Configuring and Managing vSAN 418
Preparing for vSAN 418
Creating a vSAN Cluster with Quickstart 419
Manually Enabling vSAN 420
Editing vSAN Settings 421
Licensing vSAN 421
Viewing a vSAN Datastore 422
Configuring vSAN and vSphere HA 422
Disabling vSAN 423
Shutting Down and Restarting vSAN 424
Deploying vSAN with vCenter Server 424
Expanding a vSAN Cluster 424
Working with Maintenance Mode 426
Managing vSAN Fault Domains 428
Extending a vSAN Datastore Across Two Sites 428
Managing Devices in a vSAN Cluster 430
Increasing Space Efficiency in a vSAN Cluster 433
Using Encryption in a vSAN Cluster 434
Using vSAN Policies 437
Viewing vSAN Storage Providers 439
Using vSAN File Service 439
Managing Datastores 441
Managing VMFS Datastores 441
Managing Raw Device Mappings (RDMs) 446
Managing NFS Datastores 447
Storage DRS and SIOC 449
Configuring and Managing Storage DRS 450
Configuring and Managing SIOC 452
iSCSI, iSER, NVMe, and PMem 454
Managing iSCSI 454
Managing VMware NVMe 455
xviii VCP-DCV for vSphere 8.x Cert Guide

Managing PMem 458

Multipathing, Storage Policies, and vVols 459
Managing Multipathing 460
Managing Storage Policies 463
Configuring and Managing vVols 466
Exam Preparation Tasks 468
Review All the Key Topics 468
Complete Tables and Lists from Memory 468
Define Key Terms 468
Review Questions 469

Chapter 12 Managing vSphere Security 471

“Do I Know This Already?” Quiz 471
Foundation Topics 474
Configuring and Managing Authentication and Authorization 474
Managing SSO 474
Users and Groups 476
Privileges and Roles 477
Permissions 477
Global Permissions 478
Editing Permissions 478
Configuring and Managing vSphere Certificates 479
Managing vSphere Client Certificates 479
Using Custom Certificates 480
Managing ESXi Certificates 481
General ESXi Security Recommendations 483
Hardening Guidelines 484
Configuring ESXi Using Host Profiles 485
Using Scripts to Manage Host Configuration Settings 486
ESXi Passwords and Account Lockout 487
SSH and ESXi Shell Security 489
PCI and PCIe Devices and ESXi 491
Disabling the Managed Object Browser 491
ESXi Networking Security Recommendations 492
ESXi Web Proxy Settings 492
vSphere Auto Deploy Security Considerations 493
Controlling CIM Access 493
Configuring and Managing ESXi Security 494
Configuring the ESXi Firewall 494
Customizing ESXi Services 495
Using Lockdown Mode 496
Managing the Acceptance Levels of Hosts and VIBs 497
 Table of Contents xix

Assigning Privileges for ESXi Hosts 498

Using Active Directory to Manage ESXi Users 499
Configuring vSphere Authentication Proxy 500
Configuring Smart Card Authentication for ESXi 501
Configuring UEFI Secure Boot for ESXi Hosts 501
Securing ESXi Hosts with Trusted Platform Module 502
Securing ESXi Log Files 503
Additional Security Management 503
Key Management Server 503
Changing Permission Validation Settings 504
Configuring and Managing vSphere Trust Authority (vTA) 504
TLS 1.2 506
FIPS 507
Securing Virtual Machines with Intel Software Guard Extensions (SGX) 507
Encrypting a Virtual Machine 508
Exam Preparation Tasks 510
Review All the Key Topics 510
Complete Tables and Lists from Memory 510
Define Key Terms 510
Review Questions 511

Chapter 13 Managing vSphere and vCenter Server 515

“Do I Know This Already?” Quiz 515
Foundation Topics 518
vCenter Server Backup 518
Backing Up and Restoring vSphere with Tanzu 521
Upgrading to vSphere 8.0 523
vCenter Server Data Transfer 524
Upgrading vCenter Server Appliance 525
Migrating vCenter Server for Windows to vCenter Server Appliance 528
Upgrading ESXi and Virtual Machines 530
Using Update Planner 530
Using vSphere Lifecycle Manager 532
About VMware Update Manager 535
VMware Update Manager Download Service (UMDS) 535
Baselines and Images 536
ESXi Quick Boot 542
ESXi Firmware Updates 542
Hardware Compatibility Checks 544
Exporting and Importing Cluster Images 544
Backup and Restore Scenarios 545
Upgrading Virtual Machines 546
xx VCP-DCV for vSphere 8.x Cert Guide

Managing ESXi Hosts 547

Monitoring and Managing vCenter Server 549
Monitoring and Managing vCenter Server with the VAMI 550
Monitoring and Managing vCenter Server with the vSphere Client 554
Updating the vCenter Server 561
Managing a vCenter HA Cluster 564
Repointing a vCenter Server to Another Domain 565
Exam Preparation Tasks 569
Review All the Key Topics 569
Complete Tables and Lists from Memory 569
Define Key Terms 570
Review Questions 570

Chapter 14 Managing Virtual Machines 573

“Do I Know This Already?” Quiz 573
Foundation Topics 576
Creating and Configuring Virtual Machines 576
Creating a New Virtual Machine 576
Powering On a VM 577
Opening a Console to a VM 577
Installing and Upgrading VMware Tools 578
Shutting Down a Guest 580
Cloning a Virtual Machine 580
Converting Between a VM and a Template 581
Deploying a Virtual Machine from a Template 582
Customizing the Guest OS 582
Deploying OVF/OVA Templates 585
Managing Virtual Machines 586
Configuring Virtual Machine Hardware 586
Editing Virtual Machine Options 592
Configuring Guest User Mappings 594
Editing OVF Details 594
Creating and Managing Virtual Machine Snapshots 595
Migrating Virtual Machines 596
Advanced Virtual Machine Management 598
Managing OVF Templates 598
Virtualization-Based Security 598
Managing VMs by Using PowerCLI 599
Configuring VMs to Support vGPUs 601
Managing EVC Mode and CPU Affinity 603
 Table of Contents xxi

Content Libraries 604

Introduction to Content Libraries 604
Creating a Content Library 604
Publishing a Content Library 605
Subscribing to a Content Library 606
Content Library Permissions 606
Content Library Synchronization Options 607
Adding Items to a Content Library 608
Deploying VMs by Using a Content Library 608
Managing VM Templates in a Content Library 609
Exam Preparation Tasks 610
Review All the Key Topics 610
Complete Tables and Lists from Memory 610
Define Key Terms 610
Review Questions 611

Chapter 15 Final Preparation 613

Getting Ready 613
Taking the Exam 614

Appendix A Answers to the “Do I Know This Already?” Quizzes and Review
Questions 617

Glossary 637

Index 645

Online Elements:

Appendix B Memory Tables

Appendix C Memory Table Answers

Appendix D Study Planner

About the Authors

John A. Davis, now an independent contractor and senior integration architect at

MEJEER, LLC, became a VMware Certified Instructor (VCI) and VMware Certi-
fied Professional (VCP) in 2004. Since then, all of his work has focused on VMware-
based technologies. He has experience in teaching official VMware curriculum in
five countries and delivering VMware professional services throughout the United
States. Recently, his work has involved designing and implementing solutions for
hybrid clouds, cloud automation, disaster recovery, and virtual desktop infrastructure
(VDI). He has authored several white papers and co-authored VCP-DCV for vSphere
7.x Cert Guide, VCP6-DCV Cert Guide, and VCAP5-DCA Cert Guide (VMware Press).
He holds several advanced certifications, including VCAP-DCV 2021, VCP-NV
202, and VCP-DTM 2020. He has been a vExpert since 2014. He is the author of
the vLoreBlog.com and can be found on Twitter @johnnyadavis.
Steve Baca, VCAP, VCI, VCP, and NCDA, has been in the computer industry for
more than 20 years. Originally a computer programmer and a system administra-
tor working on Unix and Windows systems, he migrated over to technical training
and wrote a course for Sun Microsystems. After teaching various courses for Sun,
he eventually transitioned to VMware about 10 years ago, to do technical training.
Currently he is a badged employee for VMware and lives in Omaha, Nebraska. He
thoroughly enjoys teaching and writing and believes that the constant evolution of
the computer industry requires continuously learning to stay ahead. Steve can be
found on Twitter @scbaca1.
Dedication

Dedicated to Madison, Emma, Jaxon, Ethan, Eli, and Robbie, the six wonderful children
to whom I am blessed to be known as “Grampy.” They fill my days with joy and fun,
especially after a hard day of writing or working for their namesake, MEJEER, LLC.
—John Davis

First and foremost, I would like to dedicate this book to my loving wife, Sharyl. Without
your support, I would not be able to commit the time necessary to co-author a book.
Thank you for believing in me and allowing me to have the time for my many
endeavors. I would also like to dedicate this book to my children: Zachary, Brianna,
Eileen, Susan, Keenan, and Maura.
—Steve Baca

Acknowledgments

Thanks to my wife and best friend, Delores, who tolerates my late-night writing,
supports my recent business venture, and makes me happy every day. Thanks to my
parents, Monica and Norman Davis, who provided me with a great education and
taught me the importance of hard work. Thanks to God for placing me in an
environment with unmeasurable blessings and opportunities.
I would like to thank my co-authors and partners, Steve Baca and Owen Thomas.
Thanks to our technical editor, Joe Cooper, for his hard work and dedication.
Special thanks to Nancy Davis (executive editor) and Ellie Bru (development editor)
for coordinating everything and keeping this project moving.
—John Davis
There are so many people to acknowledge and thank for making this book possible.
First, thanks to my wife and family for supporting me while writing this book. I
would also like to thank my co-authors, John Davis and Owen Thomas, who deserve
much of the credit for this book. Thank you to the production team and editors at
Pearson, who do a tremendous amount of work from the initial planning of the book
to the final printing.
—Steve Baca
About the Technical Reviewer

Joseph Cooper is a Principal Instructor and a member of America’s Tech Lead

Team with VMware’s Education Department. Joe has spoken at several VMworld
conferences, VMUG events, and vForum events, and is a featured instructor
in the VMware Learning Zone. Prior to joining VMware, Joe was an instruc-
tor at the State University of New York, College at Cortland, where he taught
technology courses to sport management and kinesiology students. You can find
him on Twitter @joeicooper and on YouTube at https://youtube.com/channel/
UCYrPi0AqS8f8QxChAgZa5Sg.
We Want to Hear from You!
As the reader of this book, you are our most important critic and commentator. We
value your opinion and want to know what we’re doing right, what we could do bet-
ter, what areas you’d like to see us publish in, and any other words of wisdom you’re
willing to pass our way.
We welcome your comments. You can email or write to let us know what you did or
didn’t like about this book—as well as what we can do to make our books better.
Please note that we cannot help you with technical problems related to the topic of this book.
When you write, please be sure to include this book’s title and author as well as your
name and email address. We will carefully review your comments and share them
with the author and editors who worked on the book.
Email: [email protected]

Reader Services
Register your copy of VCP-DCV for vSphere 8.x Cert Guide at
www.pearsonitcertification.com for convenient access to downloads, updates,
and corrections as they become available. To start the registration process, go to
www.pearsonitcertification.com/register and log in or create an account.* Enter the
product ISBN 9780138169886 and click Submit. When the process is complete, you
will find any available bonus content under Registered Products.
*Be sure to check the box that you would like to hear from us to receive exclusive
discounts on future editions of this product.
Introduction

This book focuses on one major goal: helping you prepare to pass the VMware
vSphere 8.x Professional (2V0-21.23) exam, which is a key requirement for earning
the VCP-DCV 2023 certification. This book may be useful for secondary purposes,
such as learning how to implement, configure, and manage a vSphere environment
or preparing to take other VCP-DCV qualifying exams.
The rest of this introduction provides details on the VCP-DCV certification, the
2V0-21.23 exam, and this book.

VCP-DCV Requirements
The primary objective of the VCP-DCV 2023 certification is to demonstrate that
you have mastered the skills to successfully install, configure, and manage VMware
vSphere 8 environments. You can find the exam requirements, objectives, and other
details on the certification web portal, at http://mylearn.vmware.com/portals/
certification/. On the website, navigate to the Data Center Virtualization track and
to the VCP-DCV certification. Examine the VCP-DCV 2023 requirements based
on your qualifications. For example, if you select that you currently hold no VCP
certifications, then the website indicates that your path to certification is to gain
experience with vSphere 8.0, attend one of the following required training courses,
and pass the Professional vSphere 8.0 (2V0-21.23) exam:
■ VMware vSphere: Install, Configure, Manage [V8]
■ VMware vSphere: Optimize, Scale, and Secure [V8]
■ VMware vSphere: Troubleshooting [V8]
■ VMware vSphere: Fast Track [V8]

If you select that you currently hold a VCP-DCV 2020 or newer certification, the
website indicates that your path includes a recommendation, but not a requirement,
to take a training course.
VMware updates the VCP-DCV certification requirements each year. So, the
requirements for the VCP-DCV 2024 certification may differ slightly from VCP-
DCV 2023 certification. Likewise, VMware updates the qualifying exams. Each
year, as VMware updates the Professional VMware vSphere 8.x exam, the authors of
this book will create an appendix to supplement the original book. To prepare for a
future version of the exam, download the corresponding online appendix from the
book’s companion website and use it to supplement the original book.
 Introduction xxvii

After you identify your path to certification, you can select the Professional VMware
vSphere 8.x (2V0-21.23) exam to closely examine its details and to download the
Exam Preparation Guide (also known as the exam blueprint).

Details on the 2V0-21.23 Exam

The 2V0-21.23 exam blueprint provides details on exam delivery, minimum
qualifications for candidates, exam objectives, recommended courses, and references
to supporting VMware documentation. It also contains 10 sample exam questions.
The 2V0-21.23 exam is a proctored exam delivered through Pearson VUE. See
Chapter 15, “Final Preparation,” for details on registering and taking the exam.
A minimally qualified candidate (MQC) has 6 to 12 months of hands-on experience
implementing, managing, and supporting a vSphere environment. The MQC has
knowledge of storage, networking, hardware, security, business continuity, and
disaster recovery concepts.
The exam characteristics are as follows:
■ Format: Proctored exam
■ Question type: Multiple choice
■ Number of questions: 70
■ Duration: 135 minutes
■ Passing score: 300
■ Cost: $250 (in the United States)

2V0-21.23 Exam Objectives

The 2V0-21.23 exam blueprint lists the exam objectives, which are summarized
here:
Section 1: Architectures and Technologies
■ Objective 1.1: Identify the pre-requisites and components for a VMware
vSphere 8.x implementation
■ Objective 1.2: Describe the components and topology of a VMware vCenter
architecture
xxviii VCP-DCV for vSphere 8.x Cert Guide

■ Objective 1.3: Describe storage concepts

■ 1.3.1: Identify and differentiate storage access protocols for VMware
vSphere (NFS, iSCSI, SAN, etc.)
■ 1.3.2: Describe storage datastore types for VMware vSphere
■ 1.3.3: Explain the importance of advanced storage configurations (vStor-
age APIs for Array Integration (VAAI), vStorage APIs for Storage Aware-
ness (VASA), multipathing, etc.)
■ 1.3.4: Describe storage policies
■ 1.3.5: Describe basic storage concepts in VMware vSAN and VMware
Virtual Volumes (vVOLs)
■ 1.3.6: Identify use cases for raw device mapping (RDM), Persistent
Memory (PMem), Non-Volatile Memory Express (NVMe), NVMe over
Fabrics (NVMe-oF), and RDMA (iSER)
■ 1.3.7: Describe datastore clusters
■ 1.3.8: Describe Storage I/O Control (SIOC)
■ Objective 1.4: Describe VMware ESXi cluster concepts
■ 1.4.1: Describe VMware Distributed Resource Scheduler (DRS)
■ 1.4.2: Describe vSphere Enhanced vMotion Compatibility (EVC)
■ 1.4.3: Describe how DRS scores virtual machines
■ 1.4.4: Describe VMware vSphere High Availability (HA)
■ 1.4.5: Identify use cases for fault tolerance
■ Objective 1.5: Explain the difference between VMware standard switches and
distributed switches
■ 1.5.1: Describe VMkernel networking
■ 1.5.2: Manage networking on multiple hosts with vSphere Distributed
Switch (VDS)
■ 1.5.3: Describe networking policies
■ 1.5.4: Manage Network I/O Control (NIOC) on a vSphere Distributed
Switch (VDS)
■ 1.5.5: Describe Network I/O Control (NIOC)
 Introduction xxix

■ Objective 1.6: Describe VMware vSphere Lifecycle Manager concepts

■ Objective 1.7: Describe the basics of VMware vSAN as primary storage
■ 1.7.1: Identify basic vSAN requirements (networking, disk count, and
type)
■ 1.7.2: Identify Express Storage Architecture (ESA) concepts for vSAN 8
■ Objective 1.8: Describe the role of Virtual Machine Encryption in a data
center
■ 1.8.1: Describe vSphere Trust Authority
■ 1.8.2: Describe the role of a Key Management Services (KMS) server in
vSphere
■ Objective 1.9: Recognize methods of securing virtual machines
■ 1.9.1: Recognize use cases for a virtual Trusted Platform Module (vTPM)
■ 1.9.2: Differentiate between Basic Input or Output System (BIOS) and
Unified Extensible Firmware Interface (UEFI) firmware
■ 1.9.3: Recognize use cases for Microsoft virtualization-based security
(VBS)
■ Objective 1.10: Describe identity federation
■ 1.10.1: Describe the architecture of identity federation
■ 1.10.2: Recognize use cases for identity federation
■ Objective 1.11: Describe VMware vSphere Distributed Services Engine
■ 1.11.1: Describe the role of a data processing unit (DPU) in vSphere
■ Objective 1.12: Identify use cases for VMware Tools
■ Objective 1.13: Describe the high-level components of VMware vSphere with
Tanzu
■ 1.13.1: Identify the use case for a Supervisor Cluster and Supervisor
Namespace
■ 1.13.2: Identify the use case for vSphere Zones
■ 1.13.3: Identify the use case for a VMware Tanzu Kubernetes Grid
(TKG) cluster
xxx VCP-DCV for vSphere 8.x Cert Guide

Section 2: VMware Products and Solutions

■ Objective 2.1: Describe the role of VMware vSphere in the Software-Defined
Data Center
■ Objective 2.2: Identify use cases for VMware vSphere+
■ Objective 2.3: Identify use cases for VMware vCenter Converter
■ Objective 2.4: Identify disaster recovery (DR) use cases
■ 2.4.1: Identify VMware vCenter replication options
■ 2.4.2: Identify use cases for VMware Site Recovery Manager (SRM)
Section 3: Planning and Designing (There are no testable objectives for this
section.)
Section 4: Installing, Configuring, and Setup
■ Objective 4.1: Describe single sign-on (SSO)
■ 4.1.1: Configure a single sign-on (SSO) domain
■ 4.1.2: Join an existing single sign-on (SSO) domain
■ Objective 4.2: Configure vSphere distributed switches
■ 4.2.1: Create a distributed switch
■ 4.2.2: Add ESXi hosts to the distributed switch
■ 4.2.3: Examine the distributed switch configuration
■ Objective 4.3: Configure Virtual Standard Switch (VSS) advanced virtual net-
working options
■ Objective 4.4: Set up identity sources
■ 4.4.1: Configure identity federation
■ 4.4.2: Configure LDAP integration
■ Objective 4.5: Deploy and configure VMware vCenter Server Appliance
(VCSA)
■ Objective 4.6: Create and configure VMware HA and DRS advanced options
(Admission Control, Proactive HA, etc.)
 Introduction xxxi

■ Objective 4.7: Deploy and configure VMware vCenter High Availability

■ Objective 4.8: Set up content library
■ 4.8.1: Create a content library
■ 4.8.2: Add content to the content library
■ 4.8.3: Publish a local content library
■ Objective 4.9: Subscribe to content library
■ 4.9.1: Create a subscribed content library
■ 4.9.2: Subscribe to a published content library
■ 4.9.3: Deploy virtual machines (VMs) from a subscribed content library
■ Objective 4.10: Manage virtual machine (VM) template versions
■ 4.10.1: Update template in content library
■ Objective 4.11: Configure VMware vCenter file-based backup
■ Objective 4.12: Configure vSphere Trust Authority
■ Objective 4.13: Configure vSphere certificates
■ 4.13.1: Describe Enterprise PKIs role for SSL certificates
■ Objective 4.14: Configure vSphere Lifecycle Manager
■ Objective 4.15: Configure different network stacks
■ Objective 4.16: Configure host profiles
■ Objective 4.17: Identify ESXi boot options
■ 4.17.1: Configure Quick Boot
■ 4.17.2: Securely Boot ESXi hosts
■ Objective 4.18: Deploy and configure clusters using the vSphere Cluster
Quickstart workflow
■ 4.18.1: Use Cluster Quickstart workflow to add hosts
■ 4.18.2: Use Cluster Quickstart workflow to configure a cluster
■ 4.18.3: Use Quickstart to expand clusters
■ Objective 4.19: Set up and configure VMware ESXi
■ 4.19.1: Configure Time Configuration
■ 4.19.2: Configure ESXi services
xxxii VCP-DCV for vSphere 8.x Cert Guide

■ 4.19.3: Configure Product Locker

■ 4.19.4: Configure Lockdown Mode
■ 4.19.5: Configure ESXi firewall
■ Objective 4.20: Configure VMware vSphere with Tanzu
■ 4.20.1: Configure a Supervisor Cluster & Supervisor Namespace
■ 4.20.2: Configure a Tanzu Kubernetes Grid Cluster
■ 4.20.3: Configure vSphere Zones
■ 4.20.4: Configure Namespace permissions
Section 5: Performance-tuning, Optimization, Upgrades
■ Objective 5.1: Identify resource pools use cases
■ 5.1.1: Explain shares, limits, and reservations (resource management)
■ Objective 5.2: Monitor resources of a VMware vCenter Server Appliance
(VCSA) and vSphere 8.x environment
■ Objective 5.3: Identify and use resource monitoring tools
■ Objective 5.4: Configure Network I/O Control (NIOC)
■ Objective 5.5: Configure Storage I/O Control (SIOC)
■ Objective 5.6: Configure a virtual machine port group to be offloaded to a data
processing unit (DPU)
■ Objective 5.7: Explain the performance impact of maintaining virtual machine
snapshots
■ Objective 5.8: Use Update Planner to identify opportunities to update VM-
ware vCenter
■ Objective 5.9: Use vSphere Lifecycle Manager to determine the need for up-
grades and updates
■ 5.9.1: Update virtual machines
■ 5.9.2: Update VMware ESXi
■ Objective 5.10: Use performance charts to monitor performance
■ Objective 5.11: Perform proactive management with VMware Skyline
■ Objective 5.12: Use VMware vCenter management interface to update VM-
ware vCenter
 Introduction xxxiii

■ Objective 5.13: Complete lifecycle activities for VMware vSphere with Tanzu
■ 5.13.1: Update Supervisor cluster
■ 5.13.2: Back up and restore VMware vSphere with Tanzu
Section 6: Troubleshooting and Repairing
■ Objective 6.1: Identify use cases for enabling vSphere Cluster Services (vCLS)
retreat mode
■ Objective 6.2: Differentiate between the main management services in
VMware ESXi and vCenter and their corresponding log files
■ Objective 6.3: Generate a log bundle

Section 7: Administrative and Operational Tasks

■ Objective 7.1: Create and manage virtual machine snapshots
■ Objective 7.2: Create virtual machines using different methods (Open
Virtualization Format (OVF) templates, content library, etc.)
■ Objective 7.3: Manage virtual machines (modifying virtual machine settings,
VMware per-VM EVC, latency sensitivity, CPU affinity, etc.)
■ Objective 7.4: Manage storage
■ 7.4.1: Configure and modify datastores
■ 7.4.2: Create virtual machine storage policies
■ 7.4.3: Configure storage cluster options
■ Objective 7.5: Create DRS affinity and anti-affinity rules for common use
cases
■ Objective 7.6: Migrate virtual machines
■ 7.6.1: Identify requirements for Storage vMotion, Cold Migration,
vMotion, and Cross vCenter Export
■ Objective 7.7: Configure role-based access control
■ Objective 7.8: Manage host profiles
■ Objective 7.9: Utilize VMware vSphere Lifecycle Manager
■ 7.9.1: Describe firmware upgrades for VMware ESXi
■ 7.9.2: Describe VMware ESXi updates
■ 7.9.3: Describe component and driver updates for VMware ESXi
xxxiv VCP-DCV for vSphere 8.x Cert Guide

■ 7.9.4: Describe hardware compatibility check

■ 7.9.5: Describe ESXi cluster image export functionality
■ 7.9.6: Create VMware ESXi cluster image
■ Objective 7.10: Use predefined alarms in VMware vCenter
■ Objective 7.11: Create custom alarms
■ Objective 7.12: Deploy an encrypted virtual machine
■ 7.12.1: Convert a non-encrypted virtual machine to an encrypted virtual
machine
■ 7.12.2: Migrate an encrypted virtual machine
■ 7.12.3: Configure virtual machine vMotion encryption properties

NOTE For future exams, download and examine the objectives in the updated exam
blueprint. Be sure to use the future Pearson-provided online appendix specific to the
updated exam.

NOTE Section 3 does not apply to the 2V0-21.23 exam, but it may be used for other
exams.

Who Should Take This Exam and Read This Book?

The VCP-DCV certification is the most popular certification at VMware; more
than 100,000 professionals around the world hold this certification. This book
is intended for anyone who wants to prepare for the 2V0-21.23 exam, which is a
required exam for VCP-DCV 2023 certification. The audience includes current and
prospective IT professionals such as system administrators, infrastructure adminis-
trators, and virtualization engineers.

Book Features and Exam Preparation Methods

This book uses several key methodologies to help you discover the exam topics on
which you need more review, to help you fully understand and remember those
details, and to help you prove to yourself that you have retained your knowledge of
those topics. This book does not try to help you pass the exam only by memoriza-
tion but by truly learning and understanding the topics.
 Introduction xxxv

The book includes many features that provide different ways to study so you can
be ready for the exam. If you understand a topic when you read it but do not study
it any further, you probably will not be ready to pass the exam with confidence.
The features included in this book give you tools that help you determine what you
know, review what you know, better learn what you don’t know, and be well prepared
for the exam. These tools include:
■ “Do I Know This Already?” Quizzes: Each chapter begins with a quiz that
helps you determine the amount of time you need to spend studying that
chapter.
■ Foundation Topics: These are the core sections of each chapter. They explain
the protocols, concepts, and configuration for the topics in that chapter.
■ Exam Preparation Tasks: This section of each chapter lists a series of study
activities that should be done after reading the “Foundation Topics” section.
Each chapter includes the activities that make the most sense for studying the
topics in that chapter. The activities include the following:
■ Key Topics Review: The Key Topic icon appears next to the most
important items in the “Foundation Topics” section of the chapter. The
“Key Topics Review” section lists the key topics from the chapter and
their page numbers. Although the contents of the entire chapter could be
on the exam, you should definitely know the information listed for each
key topic. Review these topics carefully.
■ Memory Tables: To help you exercise your memory and memorize some
important facts, memory tables are provided. The memory tables contain
only portions of key tables provided previously in the chapter, enabling
you to complete the table or list. Appendix B, “Memory Tables,” provides
the incomplete tables, and Appendix C, “Memory Tables Answer Key,”
includes the completed tables (answer keys). These appendixes are also
provided on the companion website that is provided with your book.
■ Define Key Terms: The VCP-DCV exam requires you to learn and
know a lot of related terminology. This section lists some of the most
important terms from the chapter and asks you to write a short definition
and compare your answer to the glossary.
■ Practice Exams: The companion website contains an exam engine.

Book Organization
The chapters in this book are organized such that Chapters 1 through 7 provide in-
depth material on vSphere concepts, and Chapters 8 through 14 describe procedures
xxxvi VCP-DCV for vSphere 8.x Cert Guide

for the installation, configuration, and management of vSphere components and

features. The authors recommend that you read the entire book from cover to cover
at least once. As you read about any topic in Chapters 1 to 7, keep in mind that you
can find corresponding “how to” steps in Chapters 8 to 14. As you read about any
specific procedure in Chapters 8 to 14, keep in mind that you can find associated
details (concepts) in Chapters 1 to 7.
Optionally, you can prepare for the exam by studying for the exam objectives in or-
der, using Table I-1 as a guide. As you prepare for each exam objective, you can focus
on the most appropriate chapter and section. You can also refer to related chapters
and sections. For example, as you prepare for Objective 1.2 (Describe the compo-
nents and topology of a VMware vCenter architecture), you should focus on the
“vCenter Server Topology” section in Chapter 1, but you may also want to review
the “Deploying vCenter Server Components” section in Chapter 8 and the “vSphere
Managed Inventory Objects” section in Chapter 5.
When preparing for a specific exam objective, you can use Table I-1 to identify the
sections in the book that directly address the objective and the sections that provide
related information.

Table I-1 Mapping of Exam Objectives to Book Chapters and Sections

Objective Description Chapter/Section Supporting Chapter/Section
1 Architectures and Technologies
1.1 Identify the pre- 1: vSphere Overview, 8: vSphere Installation
requisites and Components, and
■ Installing ESXi Hosts
components for a Requirements
VMware vSphere ■ Deploying vCenter Server
■ Infrastructure
8.x implementation Components
Requirements
■ Other Requirements
1.2 Describe the 1: vSphere Overview, 8: vSphere Installation
components and Components, and
■ Deploying vCenter Server
topology of a Requirements
Components
VMware vCenter
■ vCenter Server
architecture 5: vCenter Server Features and
Topology
Virtual Machines
■ vSphere Managed Inventory
Objects
 Introduction xxxvii

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.3 Describe storage 2: Storage Infrastructure
concepts
■ Storage Models and
Datastore Types
1.3.1 Identify and 2: Storage Infrastructure
differentiate storage
■ Storage
access protocols for
Virtualization:
VMware vSphere
Traditional Model
(NFS, iSCSI, SAN,
etc.)
1.3.2 Describe storage 2: Storage Infrastructure 11: Managing Storage
datastore types for
■ Software-Defined ■ Managing Datastores
VMware vSphere
Storage Models
■ Datastore Types
1.3.3 Explain the 2: Storage Infrastructure 11: Managing Storage
importance of
■ VASA ■ VASA: Registering a Storage
advanced storage
Provider
configurations ■ VAAI
(vStorage APIs for ■ VASA: Managing Storage
Array Integration Providers
(VAAI), vStorage
APIs for Storage
Awareness (VASA),
multipathing, etc.)
1.3.4 Describe storage 2: Storage Infrastructure 11: Managing Storage
policies
■ Storage Policies ■ Managing Storage Policies
1.3.5 Describe basic 2: Storage Infrastructure 2: Storage Infrastructure
storage concepts in
■ vSAN Concepts ■ Storage Virtualization:
VMware vSAN and
Traditional Model
VMware Virtual ■ Virtual Volumes
Volumes (vVOLs) (vVols) ■ Software-Defined Storage
Models
■ Datastore Types
■ Storage in vSphere with
Kubernetes
11: Managing Storage
■ Managing vSAN
■ Managing Datastores
■ Configuring and Managing
vVols
xxxviii VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.3.6 Identify use cases 2: Storage Infrastructure 11: Managing Storage
for raw device
■ Raw Device Mappings ■ Managing RDMs
mapping (RDM),
(RDMs)
Persistent Memory ■ Managing Storage Policies
(PMem), Non- ■ vVols
■ Managing VMware NVMe
Volatile Memory
■ VMware NVMe
Express (NVMe), ■ Managing PMem
NVMe over Fabrics
(NVMe-oF), and
RDMA (iSER).
1.3.7 Describe datastore 2: Storage Infrastructure 11: Managing Storage
clusters
■ Storage DRS (SDRS) ■ Configuring and Managing
SDRS
1.3.8 Describe Storage 2: Storage Infrastructure 11: Managing Storage
I/O Control (SIOC)
■ NIOC, SIOC, and ■ Configuring and Managing
SDRS SIOC
1.4 Describe VMware 4: Clusters and High 10: Managing and Monitoring
ESXi cluster Availability Clusters and Resources
concepts
■ Cluster Concepts and ■ Creating and Configuring a
Overview vSphere Cluster
■ Distributed Resources ■ Creating and Configuring a
Scheduler (DRS) vSphere DRS Cluster
■ High Availability ■ Creating and Configuring a
(HA) vSphere HA cluster
1.4.1 Describe VMware 4: Clusters and High 10: Managing and Monitoring
Distributed Availability Clusters and Resources
Resource Scheduler
■ Cluster Concepts and ■ Creating and Configuring a
(DRS)
Overview vSphere DRS Cluster
■ Distributed Resources
Scheduler (DRS)
1.4.2 Describe vSphere 4: Clusters and High 10: Managing and Monitoring
Enhanced vMotion Availability Clusters and Resources
Compatibility
■ Enhanced vMotion ■ EVC Mode
(EVC)
Compatibility (EVC)
 Introduction xxxix

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.4.3 Describe how 4: Clusters and High 10: Managing and Monitoring
DRS scores virtual Availability Clusters and Resources
machines
■ How DRS Scores ■ Creating and Configuring a
VMs vSphere DRS Cluster
1.4.4 Describe VMware 4: Clusters and High 10: Managing and Monitoring
vSphere High Availability Clusters and Resources
Availability (HA)
■ vSphere High ■ Creating and Configuring a
Availability (HA) vSphere HA cluster
1.4.4.1 Describe Admission 4: Clusters and High 10: Managing and Monitoring
Control Availability Clusters and Resources
■ vSphere HA ■ Creating and Configuring a
Admission Control vSphere HA cluster
1.4.4.2 Describe vSphere 4: Clusters and High
Cluster Services Availability
(vCLS)
■ vSphere Cluster
Services (vCLS)
1.4.5 Identify use cases 4: Clusters and High 10: Managing and Monitoring
for fault tolerance Availability Clusters and Resources
■ Fault Tolerance (FT) ■ Configuring vSphere Fault
Tolerance
1.5 Explain the 3: Network Infrastructure 9: Configuring and Managing
difference between Virtual Networks
■ vSphere Standard
VMware standard
Switch (vSS) ■ Creating and Configuring
switches and
vSphere Standard Switches
distributed switches ■ vSphere Distributed
Switch (vDS) ■ Creating and Configuring
vSphere Distributed
■ vDS Settings and
Switches
Features
1.5.1 Describe VMkernel 3: Network Infrastructure 9: Configuring and Managing
networking Virtual Networks
■ VMkernel
Networking and ■ Configuring and Managing
TCP/IP Stacks VMkernel Adapters
■ Configuring TCP/IP Stacks
xl VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.5.2 Manage networking 9: Configuring and 3: Network Infrastructure
on multiple hosts Managing Virtual
■ vSphere Distributed Switch
with vSphere Networks
(vDS)
Distributed Switch
■ Managing Host
(VDS)
Networking with vDS
1.5.3 Describe 3: Network Infrastructure 9: Configuring and Managing
networking policies Virtual Networks
■ vSS Networking
Policies ■ Networking Policies and
Advanced Features
■ vDS Networking
Policies
1.5.4 Manage Network 9: Configuring and 3: Network Infrastructure
I/O Control Managing Virtual
■ Network I/O Control
(NIOC) on a Networks
vSphere Distributed
■ Configuring Network
Switch (VDS)
I/O Control (NIOC)
1.5.5 Describe Network 3: Network Infrastructure 9: Configuring and Managing
I/O Control Virtual Networks
■ Network I/O Control
(NIOC)
■ Configuring Network I/O
Control (NIOC)
1.6 Describe VMware 13: Managing vSphere 8: vSphere Installation
vSphere Lifecycle and vCenter Server
■ VMware vSphere Lifecyle
Manager concepts
■ Using vSphere Manager Implementation
Lifecycle Manager
1.7 Describe the basics 2: Storage Infrastructure
of VMware vSAN
■ vSAN Concepts
as primary storage
1.7.1 Identify basic 2: Storage Infrastructure 11: Managing Storage
vSAN requirements
■ vSAN Requirements ■ Configuring and Managing
(networking, disk
vSAN
count, and type)
1.7.2 Identify 2: Storage Infrastructure
Express Storage
■ vSAN Concepts
Architecture
(ESA) concepts for
vSAN 8
 Introduction xli

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.8 Describe the role 7: vSphere Security
of Virtual Machine
■ Virtual Machine
Encryption in a
Encryption
data center
1.8.1 Describe vSphere 7: vSphere Security 12: Managing vSphere Security
Trust Authority
■ vSphere Trust ■ Configuring and Managing
Authority (vTA) vSphere Trust Authority
(vTA)
1.8.1.1 Describe the 7: vSphere Security 12: Managing vSphere Security
vSphere Trust
■ vSphere Trust ■ Configuring and Managing
Authority
Authority (vTA) vSphere Trust Authority
architecture
(vTA)
1.8.1.2 Recognize use cases 7: vSphere Security
for vSphere Trust
■ vSphere Trust
Authority
Authority (vTA)
1.8.2 Describe the role of 1: vSphere Overview,
a Key Management Components, and
Services (KMS) Requirements
server in vSphere
■ Infrastructure
Requirements
1.9 Recognize methods 7: vSphere Security
of securing virtual
■ Virtual Machine
machines
Security
1.9.1 Recognize use cases 7: vSphere Security
for a virtual Trusted
■ Virtual Trusted
Platform Module
Platform Module
(vTPM)
(vTPM)
1.9.2 Differentiate 7: vSphere Security 12: Managing vSphere Security
between Basic
■ ESXi Secure Boot and ■ Configuring UEFI Secure
Input or Output
TPM Boot for ESXi Hosts
System (BIOS) and
Unified Extensible
Firmware Interface
(UEFI) firmware
xlii VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.9.3 Recognize use 14: Managing Virtual
cases for Microsoft Machines
virtualization-based
■ Virtualization-Based
security (VBS)
Security
1.10 Describe identity 8: vSphere Installation
federation
■ Configuring Identity
Federation
1.10.1 Describe the 8: vSphere Installation
architecture of
■ Configuring Identity
identity federation
Federation
1.10.2 Recognize use 8: vSphere Installation
cases for identity
■ Configuring Identity
federation
Federation
1.11 Describe VMware 3: Network Infrastructure
vSphere Distributed
■ Network Offloads
Services Engine
Compatibility
1.11.1 Describe the role 1: vSphere Overview,
of a data processing Components and
unit (DPU) in Requirements
vSphere
■ Compute and System
Requirements
3: Network Infrastructure
■ Traditional
Networking
Terminology
■ Network Offloads
Compatibility
1.12 Identify use cases 5: vCenter Server
for VMware Tools Features and Virtual
Machines
■ VMware Tools
1.13 Describe the high- 6: VMware Product
level components of Integration
VMware vSphere
■ vSphere with Tanzu
with Tanzu
 Introduction xliii

Objective Description Chapter/Section Supporting Chapter/Section

1 Architectures and Technologies
1.13.1 Identify the 6: VMware Product
use case for a Integration
Supervisor Cluster
■ vSphere with Tanzu
and Supervisor
Namespace ■ vSphere with Tanzu
Use Cases
1.13.2 Identify the use case 6: VMware Product
for vSphere Zones Integration
■ vSphere with Tanzu
1.13.3 Identify the use 6: VMware Product
case for a VMware Integration
Tanzu Kubernetes
■ vSphere with Tanzu
Grid (TKG) cluster
2 VMware Products and Solutions
2.1 Describe the role of 1: vSphere Overview,
VMware vSphere Components, and
in the Software- Requirements
Defined Data
■ VMware SDDC
Center
2.2 Identify use cases 6: VMware Product
for VMware Integration
vSphere+
■ vSphere+
2.3 Identify use cases 6: VMware Product
for VMware Integration
vCenter Converter
■ vCenter Converter
2.4 Identify disaster 6: VMware Product
recovery (DR) use Integration
cases
■ vSphere Replication
■ Site Recovery
Manager (SRM)
2.4.1 Identify VMware 6: VMware Product
vCenter replication Integration
options
■ vSphere Replication
2.4.2 Identify use cases 6: VMware Product
for VMware Site Integration
Recovery Manager
■ Site Recovery
(SRM)
Manager (SRM)
xliv VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

3 Planning and Designing
4 Installing, Configuring, and Setup
4.1 Configure single 1: vSphere Overview, 12: Managing vSphere Security
sign-on (SSO) Components and
■ Managing SSO
Requirements
■ vCenter Server
Topology
8: vSphere Installation
■ Configuring Single
Sign-On (SSO)
4.1.1 Configure an SSO 8: vSphere Installation 1: vSphere Overview,
domain Components, and Requirements
■ Deploying vCenter
Server Components ■ vCenter Server Topology
■ Configuring Single 12: Managing vSphere Security
Sign-On (SSO)
■ Managing SSO
4.1.2 Join an existing 8: vSphere Installation 1: vSphere Overview,
SSO domain Components, and Requirements
■ Deploying vCenter
Server Components ■ vCenter Server Topology
■ Configuring Single 12: Managing vSphere Security
Sign-On (SSO)
■ Managing SSO
4.2 Configure vSphere 9: Configuring and
distributed switches Managing Virtual
Networks
■ vSphere Distributed
Switches (vDS)
4.2.1 Create a distributed 9: Configuring and
switch Managing Virtual
Networks
■ Creating and
Configuring vSphere
Distributed Switches
4.2.2 Add ESXi hosts 9: Configuring and
to the distributed Managing Virtual
switch Networks
■ Adding Hosts to a
vDS
 Introduction xlv

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.2.3 Examine the 9: Configuring and
distributed switch Managing Virtual
configuration Networks
■ Creating and
Configuring vSphere
Distributed Switches
4.3 Configure Virtual 9: Configuring and 3: Network Infrastructure
Standard Switch Managing Virtual
■ vSphere Standard Switch
(VSS) advanced Networks
(vSS)
virtual networking
■ Creating and
options
Configuring vSphere
Standard Switches
■ Creating and
Configuring Standard
Port Groups
4.4 Set up identity 8: vSphere Installation 12: Managing vSphere Security
sources
■ Adding, Editing, ■ Managing SSO
and Removing SSO
Identity Sources
4.4.1 Configure identity 8: vSphere Installation 12: Managing vSphere Security
federation
■ Configuring Identity ■ Managing SSO
Federation
4.4.2 Configure LDAP 8: vSphere Installation 12: Managing vSphere Security
integration
■ Adding, Editing, ■ Managing SSO
and Removing SSO
Identity Sources
■ How to Add an
LDAP Authentication
Source
4.5 Deploy and 8: vSphere Installation 1: vSphere Overview,
configure VMware Components, and Requirements
■ vCenter Server
vCenter Server
Appliance ■ vCenter Server Topology
Appliance (VCSA)
13: Managing vSphere and
vCenter Server
■ Upgrading to vSphere 7.0
■ Repointing a vCenter Server
to Another Domain
xlvi VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.6 Create and 10: Managing and 4: Clusters and High Availability
configure VMware Monitoring Clusters and
■ Distributed Resource
HA and DRS Resources
Scheduler (DRS)
advanced options
■ Creating and
(Admission Control, ■ vSphere High Availability
Configuring a
Proactive HA, etc.) (HA)
vSphere DRS Cluster
■ Creating and
Configuring a
vSphere HA Cluster
4.7 Deploy and 8: vSphere Installation 1: vSphere Overview,
configure VMware Components, and Requirements
■ Implementing VCSA
vCenter High
HA ■ vCenter Server Topology
Availability
■ vCenter High Availability
Requirements
4: Clusters and High Availability
■ vCenter Server High
Availability
13: Managing vSphere and
vCenter Server
■ Managing the vCenter HA
Cluster
4.8 Set up content 14: Managing Virtual 5: vCenter Server Features and
library Machines Virtual Machines
■ Content Libraries ■ Content Libraries
4.8.1 Create a content 14: Managing Virtual
library Machines
■ Creating a Content
Library
4.8.2 Add content to the 14: Managing Virtual
content library Machines
■ Adding Items to a
Content Library
4.8.3 Publish a local 14: Managing Virtual
content library Machines
■ Publishing a Content
Library
 Introduction xlvii

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.9 Subscribe to 14: Managing Virtual
content library Machines
■ Subscribing to a
Content Library
4.9.1 Create a subscribed 14: Managing Virtual
content library Machines
■ Publishing a Content
Library
4.9.2 Subscribe to a 14: Managing Virtual
published content Machines
library
■ Subscribing to a
Content Library
4.9.3 Deploy virtual 14: Managing Virtual
machines (VMs) Machines
from a subscribed
■ Deploying VMs by
content library
Using a Content
Library
4.10 Manage virtual 14: Managing Virtual
machine (VM) Machines
template versions
■ Managing VM
Templates in a
Content Library
4.10.1 Update template in 14: Managing Virtual
content library Machines
■ Managing VM
Templates in a
Content Library
4.11 Configure VMware 13: Managing vSphere
vCenter file-based and vCenter Server
backup
■ vCenter Server
Backup
4.12 Configure vSphere 12: Managing vSphere 7: vSphere Security
Trust Authority Security
■ vSphere Trust Authority
■ Configuring and (vTA)
Managing vSphere
Trust Authority
(vTA)
xlviii VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.13 Configure vSphere 12: Managing vSphere 7: vSphere Security
certificates Security
■ ESXi Host Certificates
■ Configuring and
13: Managing vSphere and
Managing vSphere
vCenter Server
Certificates
■ Verifying SSL Certificates
for Legacy Hosts
4.13.1 Describe Enterprise 7: vSphere Security 12: Managing vSphere Security
PKIs role for SSL
■ vSphere Certificates ■ Configuring and Managing
certificates
Overview vSphere Certificates
4.14 Configure vSphere 8: vSphere Installation 13: Managing vSphere and
Lifecycle Manager vCenter Server
■ Implementing
VMware vSphere ■ Using vSphere Lifecycle
Lifecycle Manager Manager
■ About VMware Update
Manager
■ Update Manager Download
Service (UMDS)
4.15 Configure different 9: Configuring and 3: Network Infrastructure
network stacks Managing Virtual
■ VMkernel Networking and
Networks
TCP/IP Stacks
■ Configuring TCP/IP
Stacks
4.16 Configure host 8: vSphere Installation
profiles
■ Configuring ESXi
Using Host Profiles
4.17 Identify ESXi boot 8: vSphere Installation
options
■ ESXi Kernel Options
4.17.1 Configure Quick 13: Managing vSphere
Boot and vCenter Server
■ ESXi Quick Boot
4.17.2 Securely Boot ESXi 12: Managing vSphere 7: vSphere Security
hosts Security
■ ESXi Secure Boot and TPM
■ Configuring UEFI
■ vSphere Trusted Authority
Secure Boot for ESXi
(vTA)
Hosts
 Introduction xlix

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.18 Deploy and 10: Managing and
configure clusters Monitoring Clusters and
using the vSphere Resources
Cluster Quickstart
■ Creating a Cluster
workflow
4.18.1 Use Cluster 10: Managing and
Quickstart Monitoring Clusters and
workflow to add Resources
hosts
■ Configuring a Cluster
with Quickstart
4.18.2 Use Cluster 10: Managing and
Quickstart Monitoring Clusters and
workflow to Resources
configure a cluster
■ Configuring a Cluster
with Quickstart
4.18.3 Use Quickstart to 10: Managing and
expand clusters Monitoring Clusters and
Resources
■ Configuring a Cluster
with Quickstart
4.19 Set up and 8: vSphere Installation 12: Managing vSphere Security
configure VMware
■ vSphere Lifecycle ■ Configuring and Managing
ESXi
ESXi Security
■ Installing ESXi Hosts
■ Initial vSphere
Configuration
4.19.1 Configure Time 12: Managing vSphere 10: Managing and Monitoring
Configuration Security Clusters and Resources
■ Customizing ESXi ■ Configuring a Cluster with
Services Quickstart
■ Configuring ESXi
Using Host Profiles
8: vSphere Installation
■ ESXi Configuration
Settings
l VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.19.2 Configure ESXi 12: Managing vSphere
services Security
■ Customizing ESXi
Services
4.19.2.1 Configure ESXi 12: Managing vSphere
Shell Security
■ SSH and ESXi Shell
Security
4.19.2.2 Configure SSH 12: Managing vSphere
Security
■ SSH and ESXi Shell
Security
4.19.3 Configure Product 8: vSphere Installation
Locker
■ Configuring ESXi
Using Host Profiles
4.19.4 Configure 12: Managing vSphere 7: vSphere Security
Lockdown Mode Security
■ ESXi Host Access
■ Using Lockdown
Mode
4.19.5 Configure ESXi 12: Managing vSphere 7: vSphere Security
firewall Security
■ Security Profiles
■ Configuring the ESXi
Firewall
4.20 Configure VMware 6: VMware Product
vSphere with Tanzu Integration
■ vSphere with Tanzu
Integration
4.20.1 Configure a 6: VMware Product
Supervisor Cluster Integration
& Supervisor
■ vSphere with Tanzu
Namespace
4.20.2 Configure a Tanzu 6: VMware Product
Kubernetes Grid Integration
Cluster
■ vSphere with Tanzu
 Introduction li

Objective Description Chapter/Section Supporting Chapter/Section

4 Installing, Configuring, and Setup
4.20.3 Configure vSphere 6: VMware Product
Zones Integration
■ vSphere with Tanzu
4.20.4 Configure 6: VMware Product
Namespace Integration
permissions
■ vSphere with Tanzu
5 Performance-tuning, Optimization, Upgrades
5.1 Identify resource 4: Clusters and High 10: Managing and Monitoring
pools use cases Availability Clusters and Resources
■ Resource Pools ■ Creating a Resource Pool
■ Monitoring and Managing
Resource Pool Resources
5.1.1 Explain shares, 4: Clusters and High 10: Managing and Monitoring
limits, and Availability Clusters and Resources
reservations
■ Shares, Limits, and ■ Shares, Limits, and
(resource
Reservations Reservations
management)
■ Creating a Resource Pool
■ Monitoring and Managing
Resource Pool Resources
5.2 Monitor resources 10: Managing and 4: Clusters and High Availability
of a VMware Monitoring Clusters and
■ Cluster Concepts and
vCenter Server Resources
Overview
Appliance (VCSA)
■ Monitoring and
and vSphere 8.x ■ Distributed Resource
Managing vSphere
environment Scheduler (DRS)
Resources
5.3 Identify and use 10: Managing and
resource monitoring Monitoring Clusters and
tools Resources
■ Monitoring and
Managing vSphere
Resources
5.4 Configure Network 9: Configuring and 3: Network Infrastructure
I/O Control Managing Virtual
■ Network I/O Control
(NIOC) Networks
■ Configuring Network
I/O Control (NIOC)
lii VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

5 Performance-tuning, Optimization, Upgrades
5.5 Configure Storage 11: Managing Storage 2: Storage Infrastructure
I/O Control (SIOC) ■ Configuring and
■ NIOC, SIOC, and SDRS
Managing SIOC
5.6 Configure a virtual 9: Configuring and
machine port group Managing Virtual
to be offloaded to a Networks
data processing unit ■ vSphere Distributed
(DPU) Switches (vDS)
5.7 Explain the 5: vCenter Server 14: Managing Virtual Machines
performance impact Features and Virtual
■ Creating and Managing
of maintaining Machines
Virtual Machine Snapshots
virtual machine ■ Virtual Machine
snapshots Snapshots
5.8 Use Update 13: Managing vSphere
Planner to identify and vCenter Server
opportunities to ■ Using Update Planner
update VMware
vCenter
5.9 Use vSphere 13: Managing vSphere
Lifecycle Manager and vCenter Server
to determine the ■ Using Lifecycle
need for upgrades Manager
and updates
■ Upgrading to
vSphere 7.0
■ Using Update Planner
5.9.1 Update virtual 4: Managing Virtual
machines Machines
■ Installing and
Upgrading VMware
Tools
5.9.2 Update VMware 13: Managing vSphere
ESXi and vCenter Server
■ Using vSphere
Lifecycle Manager
5.10 Use performance 10: Managing and
charts to monitor Monitoring Clusters and
performance Resources
■ Monitoring and
Managing vSphere
Resources
 Introduction liii

Objective Description Chapter/Section Supporting Chapter/Section

5 Performance-tuning, Optimization, Upgrades
5.11 Perform proactive 10: Managing and 6: VMware Product Integration
management with Monitoring Clusters and
■ VMware Skyline
VMware Skyline Resources
■ Monitoring and
Managing Host
Resources and Health
5.12 Use VMware 13: Managing vSphere
vCenter and vCenter Server
management
■ Patching with VAMI
interface to update
VMware vCenter
5.13 Complete lifecycle 13: Managing vSphere
activities for and vCenter Server
VMware vSphere
■ Using vSphere
with Tanzu
Lifecycle Manager
5.13.1 Update Supervisor 13: Managing vSphere
cluster and vCenter Server
■ Using vSphere
Lifecycle Manager
5.13.2 Back up and restore 13: Managing vSphere
VMware vSphere and vCenter Serve
with Tanzu
■ vCenter Server

6 Troubleshooting and Repairing

6.1 Identify use cases 4: Clusters and High
for enabling Availability
vSphere Cluster
■ vSphere Cluster
Services (vCLS)
Services (vCLS)
retreat mode
6.2 Differentiate 10: Managing and
between the main Monitoring Clusters and
management Resources
services in
■ ESXi Logs
VMware ESXi and
vCenter and their ■ vCenter Server Logs
corresponding log
files
liv VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

6 Troubleshooting and Repairing
6.3 Generate a log 10: Managing and
bundle Monitoring Clusters and
Resources
■ ESXi Logs
■ vCenter Server Logs
■ Uploading System
Logs to VMware
13: Managing vSphere
and vCenter Server
■ Monitoring and
Managing vCenter
Server with the VAMI
7 Administrative and Operational Tasks
7.1 Create and manage 14: Managing Virtual 5: vCenter Server Features and
virtual machine Machines Virtual Machines
snapshots
■ Creating and ■ Virtual Machine Snapshots
Managing Virtual
Machine Snapshots
7.2 Create virtual 14: Managing Virtual 5: vCenter Server Features and
machines Machines Virtual Machines
using different
■ Managing VMs by ■ Virtual Machine Cloning
methods (Open
Using PowerCLI
Virtualization 14: Managing Virtual Machines
Format (OVF) ■ Deploying OVF/OVA
templates, content
■ Managing OVF Templates
Templates
library, etc.) ■ Content Libraries
■ Deploying VMs by
Using a Content
Library
7.3 Manage virtual 14: Managing Virtual 5: vCenter Server Features and
machines Machines Virtual Machines
(modifying virtual
■ Managing EVC Mode ■ Virtual Machine Migration
machine settings,
and CPU Affinity
VMware per-VM
EVC, latency 10: Managing and
sensitivity, CPU Monitoring Clusters and
affinity, etc.) Resources
■ Latency Sensitivity
 Introduction lv

Objective Description Chapter/Section Supporting Chapter/Section

7 Administrative and Operational Tasks
7.4 Manage storage 11: Managing Storage 2 : Storage Infrastructure
■ Managing Datastores ■ Datastore Types
■ Managing Storage ■ Storage Policies
Policies
■ Storage Multipathing and
■ Managing Failover
Multipathing
■ Managing Paths with
the vSphere Client
7.4.1 Configure and 11: Managing Storage 2: Storage Infrastructure
modify datastores
■ Managing Datastores ■ Datastore Types
7.4.2 Create virtual 11: Managing Storage 2: Storage Infrastructure
machine storage
■ Managing Storage ■ Storage Policies
policies
Policies
7.4.3 Configure storage 11: Managing Storage 2: Storage Infrastructure
cluster options
■ Configuring and ■ SDRS
Managing Storage
DRS
■ Configuring and
Managing vSAN
7.5 Create DRS affinity 10: Managing and 4: Clusters and High Availability
and anti-affinity Monitoring Clusters and
■ DRS Rules
rules for common Resources
use cases
■ Creating Affinity/
Anti-Affinity Rules
7.6 Migrate virtual 14: Managing Virtual 5: vCenter Server Features and
machines Machines Virtual Machines
■ Migrating Virtual ■ Virtual Machine Migration
Machines
■ vMotion Details
■ Storage vMotion Details
7.6.1 Identify 14: Managing Virtual 5: vCenter Server Features and
requirements for Machines Virtual Machines
Storage vMotion,
■ Migrating Virtual ■ Virtual Machine Migration
Cold Migration,
Machines
vMotion, and Cross ■ vMotion Details
vCenter Export
■ Storage vMotion Details
lvi VCP-DCV for vSphere 8.x Cert Guide

Objective Description Chapter/Section Supporting Chapter/Section

7 Administrative and Operational Tasks
7.7 Configure role- 12: Managing vSphere 7: vSphere Security
based access control Security
■ vSphere Permissions
■ Configuring
8: vSphere Installation
and Managing
Authentication and ■ Applying Permissions to ESXi
Authorization Hosts Using Host Profiles
7.8 Manage host 8: vSphere Installation 5: vCenter Server Features and
profiles Virtual Machines
■ Configuring ESXi by
Using Host Profiles ■ Host Profiles
7.9 Utilize VMware 13: Managing vSphere 8: vSphere Installation
vSphere Lifecycle and vCenter Server
■ Implementing VMware
Manager
■ Using vSphere vSphere Lifecycle Manager
Lifecycle Manager
14: Managing Virtual Machines
■ Installing and Upgrading
VMware Tools
7.9.1 Describe firmware 13: Managing vSphere 8: vSphere Installation
upgrades for and vCenter Server
■ Implementing VMware
VMware ESXi
■ Using vSphere vSphere Lifecycle Manager
Lifecycle Manager
7.9.2 Describe ESXi 13: Managing vSphere 8: vSphere Installation
updates and vCenter Server
■ Implementing VMware
■ Using vSphere vSphere Lifecycle Manager
Lifecycle Manager
7.9.3 Describe 13: Managing vSphere 8: vSphere Installation
component and and vCenter Server
■ Implementing VMware
driver updates for
■ Using vSphere vSphere Lifecycle Manager
ESXi
Lifecycle Manager Implementation
7.9.4 Describe hardware 13: Managing vSphere 8: vSphere Installation
compatibility check and vCenter Server
■ Implementing VMware
■ Using vSphere vSphere Lifecycle Manager
Lifecycle Manager
5: vCenter Server Features and
Virtual Machines
■ VM Hardware/Compatibility
14: Managing Virtual Machines
■ Configuring Virtual
Machine Hardware
 Introduction lvii

Objective Description Chapter/Section Supporting Chapter/Section

7 Administrative and Operational Tasks
7.9.5 Describe ESXi 13: Managing vSphere 8: vSphere Installation
cluster image export and vCenter Server
■ Implementing VMware
functionality
■ Using vSphere vSphere Lifecycle Manager
Lifecycle Manager
4: Clusters and High Availability
■ Cluster Concepts and
Overview
7.9.6 Create ESXi cluster 13: Managing vSphere
image and vCenter Server
■ Using vSphere
Lifecycle Manager
7.10 Use predefined 10: Managing and
alarms in VMware Monitoring Clusters and
vCenter Resources
■ Alarms
7.11 Create custom 10: Managing and
alarms Monitoring Clusters and
Resources
■ Advanced Use Cases
for Alarms
■ Creating Alarm
Definitions
7.12 Deploy an 12: Managing vSphere
encrypted virtual Security
machine
■ Encrypting a Virtual
Machine
7.12.1 Convert a non- 12: Managing vSphere
encrypted virtual Security
machine to an
■ Encrypting a Virtual
encrypted virtual
Machine
machine
7.12.2 Migrate an 7: vSphere Security
encrypted virtual
■ Encrypted vSphere
machine
vMotion
7.12.3 Configure virtual 7: vSphere Security
machine vMotion
■ Encrypted vSphere
encryption
vMotion
properties
lviii VCP-DCV for vSphere 8.x Cert Guide

Companion Website
Register this book to get access to the Pearson IT Certification test engine and
other study materials plus additional bonus content. Check this site regularly for
new and updated postings written by the authors that provide further insight into
the more troublesome topics on the exam. Be sure to check the box indicating that
you would like to hear from us to receive updates and exclusive discounts on future
editions of this product or related products.
To access this companion website, follow these steps:
Step 1. Go to www.pearsonITcertification.com/register and log in or create
a new account.
Step 2. Enter the ISBN 9780138169886.
Step 3. Answer the challenge question as proof of purchase.
Step 4. Click on the Access Bonus Content link in the Registered Products
section of your account page to be taken to the page where your
downloadable content is available.

NOTE Keep in mind that many of the companion content files—especially image
and video files—are very large.

If you are unable to locate the files for this title by following these steps, please visit
www.pearsonITcertification.com/contact and select the Site Problems/Comments
option. Our customer service representatives will assist you.

How to Access the Pearson Test Prep Practice

(PTP) App
You have two options for installing and using the Pearson Test Prep application: a
web app and a desktop app. To use the Pearson Test Prep application, start by
finding the registration code that comes with the book. You can find the code in
these ways:
■ You can get your access code by registering the print ISBN (9780138169886)
on pearsonitcertification.com/register. Make sure to use the print book ISBN,
regardless of whether you purchased an eBook or the print book. After you
register the book, your access code will be populated on your account page
under the Registered Products tab. Instructions for how to redeem the code
are available on the book’s companion website by clicking the Access Bonus
Content link.
 Introduction lix

■ Premium Edition: If you purchase the Premium Edition eBook and

Practice Test directly from the Pearson IT Certification website, the code
will be populated on your account page after purchase. Just log in at
pearsonitcertification.com, click Account to see details of your account, and
click the digital purchases tab.

NOTE After you register your book, your code can always be found in your account
under the Registered Products tab.

Once you have the access code, to find instructions about both the PTP web app
and the desktop app, follow these steps:
Step 1. Open this book’s companion website as shown earlier in this Introduction
under the heading, “Companion Website.”
Step 2. Click the Practice Exams button.
Step 3. Follow the instructions listed there for both installing the desktop app
and using the web app.

Note that if you want to use the web app only at this point, just navigate to
pearsontestprep.com, log in using the same credentials used to register your book
or purchase the Premium Edition, and register this book’s practice tests using the
registration code you just found. The process should take only a couple of minutes.

Customizing Your Exams

Once you are in the exam settings screen, you can choose to take exams in one of
three modes:
■ Study mode: Enables you to fully customize your exams and review answers
as you are taking the exam. This is typically the mode you use first to assess
your knowledge and identify information gaps.
■ Practice Exam mode: Locks certain customization options, as it is presenting
a realistic exam experience. Use this mode when you are preparing to test your
exam readiness.
■ Flash Card mode: Strips out the answers and presents you with only the
question stem. This mode is great for late-stage preparation when you really
want to challenge yourself to provide answers without the benefit of seeing
multiple-choice options. This mode does not provide the detailed score
reports that the other two modes do, so you should not use it if you are trying
to identify knowledge gaps.
lx VCP-DCV for vSphere 8.x Cert Guide

In addition to these three modes, you will be able to select the source of your ques-
tions. You can choose to take exams that cover all of the chapters or you can narrow
your selection to just a single chapter or the chapters that make up specific parts in
the book. All chapters are selected by default. If you want to narrow your focus to
individual chapters, simply deselect all the chapters and then select only those on
which you wish to focus in the Objectives area.
You can also select the exam banks on which to focus. Each exam bank comes com-
plete with a full exam of questions that cover topics in every chapter. You can have
the test engine serve up exams from all test banks or just from one individual bank
by selecting the desired banks in the exam bank area. There are several other cus-
tomizations you can make to your exam from the exam settings screen, such as the
time of the exam, the number of questions served up, whether to randomize ques-
tions and answers, whether to show the number of correct answers for multiple-
answer questions, and whether to serve up only specific types of questions. You can
also create custom test banks by selecting only questions that you have marked or
questions on which you have added notes.

Updating Your Exams

If you are using the online version of the Pearson Test Prep software, you should
always have access to the latest version of the software as well as the exam data. If
you are using the Windows desktop version, every time you launch the software
while connected to the Internet, it checks if there are any updates to your exam data
and automatically downloads any changes that were made since the last time you
used the software.
Sometimes, due to many factors, the exam data might not fully download when you
activate your exam. If you find that figures or exhibits are missing, you might need
to manually update your exams. To update a particular exam you have already
activated and downloaded, simply click the Tools tab and click the Update Products
button. Again, this is only an issue with the desktop Windows application. If you
wish to check for updates to the Pearson Test Prep exam engine software, Windows
desktop version, simply click the Tools tab and click the Update Application button.
This ensures that you are running the latest version of the software engine.
Credits

Cover: FrameRatio/Shutterstock
Figure 5-1, Figure 5-2, Figure 5-3, Figure 5-4, Figure 8-1, Figure 10-1, Figure 10-2,
Figure 10-3, Figure 10-4, Figure 13-1, Figure 13-2: VMware, Inc.
 CHAPTER 4

Clusters and High Availability

This chapter provides details on clusters and high availability in vSphere 8.0.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should
study this entire chapter or move quickly to the “Exam Preparation Tasks”
section. In any case, the authors recommend that you read the entire chapter at
least once. Table 4-1 outlines the major headings in this chapter and the corre-
sponding “Do I Know This Already?” quiz questions. You can find the answers
in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review
Questions.”

Table 4-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section Questions
Cluster Concepts and Overview 1
Distributed Resource Scheduler (DRS) 2–4
vSphere High Availability (HA) 5–7
Other Resource Management and Availability Features 8–10

1. You want to implement EVC to ensure that vMotion is enabled across

a specific set of ESXi hosts. Which of the following are requirements?
(Choose two.)
a. Hosts must be connected to a DRS cluster.
b. Hosts must be connected to a vCenter Server.
c. CPUs must be configured with a custom compatibility mask.
d. You must select either Enable EVC for AMD Hosts or Enable EVC
for Intel Hosts.
132 VCP-DCV for vSphere 8.x Cert Guide

2. In vSphere 8.0, you want to configure the DRS migration threshold such that
it is at the minimum level at which virtual machine happiness is considered.
Which of the following values should you choose?
a. Level 1
b. Level 2
c. Level 3
d. Level 4
e. Level 5

3. Which of the following is not a good use for resource pools in DRS?
a. To delegate control and management
b. To impact the use of network resources
c. To impact the use of CPU resources
d. To impact the use of memory resources

4. You want to use shares to give high-priority resource access to a set of vir-
tual machines in a resource pool, without concern for the relative number of
objects in the pool compared to other pools. Which feature is helpful?
a. Limits
b. Standard shares
c. Scalable shares
d. DRS advanced settings

5. You are configuring vSphere HA in a cluster. You want to configure the cluster
to use a specific host as a target for failovers. Which setting should you use?
a. Host Failures Cluster Tolerates
b. Define Host Failover Capacity By set to Cluster Resource Percentage
c. Define Host Failover Capacity By set to Slot Policy (Powered-on VMs)
d. Define Host Failover Capacity By set to Dedicated Failover Hosts
e. Define Host Failover Capacity By set to Disabled

6. You are enabling VM Monitoring in a vSphere HA cluster. You want to set the
monitoring level such that its failure interval is 60 seconds. Which of the
following options should you choose?
a. High
b. Medium
 Chapter 4: Clusters and High Availability 133

c. Low
d. Normal

7. You are configuring Virtual Machine Component Protection (VMCP) in a

vSphere HA cluster. Which of the following statements is true?
a. For PDL and APD failures, you can control the restart policy for virtual
machines by setting it to Conservative or Aggressive.
b. For PDL failures, you can control the restart policy for virtual machines
by setting it to Conservative or Aggressive.
c. For APD failures, you can control the restart policy for virtual machines
by setting it to Conservative or Aggressive.
d. For PDL and APD failures, you cannot control the restart policy for
virtual machines.

8. You want to configure your environment to use predictive metrics when

making placement and balancing decisions. What feature is required?
a. Predictive DRS
b. Aria Automation
c. Proactive HA
d. Slot Policy

9. You are configuring vSphere Fault Tolerance (FT) in a vSphere 8.0 environ-
ment. What is the maximum number of virtual CPUs you can use with an
FT-protected virtual machine?
a. One
b. Two
c. Four
d. Eight

10. You are concerned about service availability for your vCenter Server. Which of
the following statements is true?
a. If a vCenter service fails, VMware Service Lifecycle Manager restarts it.
b. If a vCenter service fails, VMware Lifecycle Manager restarts it.
c. If a vCenter service fails, vCenter Server HA restarts it.
d. VMware Service Lifecycle Manager is a part of the PSC.
134 VCP-DCV for vSphere 8.x Cert Guide

Foundation Topics

Cluster Concepts and Overview

A vSphere cluster is a set of ESXi hosts that are intended to work together as a unit.
When you add a host to a cluster, the host’s resources become part of the cluster’s
resources. vCenter Server manages the resources of all hosts in a cluster as one unit.
In addition to creating a cluster, assigning a name, and adding ESXi objects, you can
enable and configure features on a cluster, such as vSphere Distributed Resource
Scheduler (DRS), VMware Enhanced vMotion Compatibility (EVC), Distributed
Power Management (DPM), vSphere High Availability (HA), and vSAN.
In the vSphere Client, you can manage and monitor the resources in a cluster as a
single object. You can easily monitor and manage the hosts and virtual machines in
the DRS cluster.
If you enable VMware EVC on a cluster, you can ensure that migrations with vMo-
tion do not fail due to CPU compatibility errors. If you enable vSphere DRS on a
cluster, you can allow automatic resource balancing using the pooled host resources
in the cluster. If you enable vSphere HA on a cluster, you can allow rapid virtual
machine recovery from host hardware failures, using the cluster’s available host
resource capacity. If you enable DPM on a cluster, you can provide automated power
management in the cluster. If you enable vSAN on a cluster, you use a logical SAN
that is built on a pool of drives attached locally to the ESXi hosts in the cluster.
You can use the Quickstart workflow in the vSphere Client to create and configure
a cluster. The Quickstart page provides three cards: Cluster Basics, Add Hosts, and
Configure Cluster. For an existing cluster, you can use Cluster Basics to change the
cluster name and enable cluster services, such as DRS and vSphere HA. You can use
the Add Hosts card to add hosts to the cluster. You can use the Configure Cluster
card to configure networking and other settings on the hosts in the cluster.
In addition, in vSphere 7.0 and later, you can configure a few general settings for
a cluster. For example, when you create a cluster, even if you do not enable DRS,
vSphere, HA, or vSAN, you can choose to manage all hosts in the cluster with a
single image. With this option, all hosts in a cluster inherit the same image, which
reduces variability between hosts, improves your ability to ensure hardware compat-
ibility, and simplifies upgrades. This feature requires hosts to already be ESXi 7.0
or above. It replaces baselines. Once it is enabled, baselines cannot be used in this
cluster.
 Chapter 4: Clusters and High Availability 135

NOTE Do not confuse a vSphere cluster with a datastore cluster. In vSphere,

datastore clusters and vSphere (host) clusters are separate objects. Although you
can directly enable a vSphere cluster for vSAN, DRS, and vSphere HA, you cannot
directly enable it for datastore clustering. You create datastore clusters separately. See
Chapter 2, “Storage Infrastructure,” for details on datastore clusters.

vSphere Cluster Services (vCLS)

vCLS, which is implemented by default in all vSphere clusters, ensures that cluster
services remain available even if vCenter Server becomes unavailable. When you
deploy a new cluster in vCenter Server 7.0 Update 3 or upgrade a vCenter Server
to Version 7.0 Update 3, vCLS virtual appliances are automatically deployed to the
cluster. In clusters with three or more hosts, three vCLS appliances are automati-
cally deployed with anti-affinity rules to separate the appliances. In smaller clusters,
the number of vCLS VMs matches the number of hosts.
In vSphere 8.0, each vCLS VM is configured with one vCPU, 128 MB memory,
and no vNIC. The datastore for each vCLS VM is automatically selected based on
the rank of the datastores connected to the cluster’s hosts, with preference given to
shared datastores. You can control the datastore choice by using the vSphere Client
to select the cluster, navigating to Configure > vSphere Cluster Service > Datastores,
and clicking the Add button. vCLS VMs are always powered on and should be
treated as system VMs, where only administrators perform selective operations on
the vCLS VMs. vCenter Server manages the health of vCLS VMs. You should not
back up or take snapshots of these VMs. You can use the Summary tab for a cluster
to examine the vCLS health, which is either Healthy, Degraded, or Unhealthy.
If you want to place a datastore hosting a vCLS VM into Maintenance Mode, you
must either manually migrate the vCLS VM with Storage vMotion to a new location
or put the cluster in Retreat Mode. In Retreat Mode, the health of vCLS is degraded,
DRS stops functioning, and vSphere HA does not perform optimal placement when
responding to host failure events. To put a cluster in Retreat Mode, you need to obtain
its cluster domain ID from the URL of the browser after selecting the cluster in the
vSphere Client. Then you apply the cluster domain ID, which is in the form domain-
c(number), to create a new vCenter Server advanced setting with the entry config.vcls.
clusters.domain-c(number).enabled that is set to False.

Enhanced vMotion Compatibility (EVC)

EVC is a cluster setting that can improve CPU compatibility between hosts for sup-
porting vMotion. vMotion migrations are live migrations that require compatible
instruction sets for source and target processors used by the virtual machine. The
source and target processors must come from the same vendor class (AMD or Intel)
136 VCP-DCV for vSphere 8.x Cert Guide

to be vMotion compatible. The clock speed, cache size, and number of cores can
differ between source and target processors. When you start a vMotion migration or
a migration of a suspended virtual machine, the wizard checks the destination host
for compatibility; it displays an error message if problems exist. By using EVC, you
can allow vMotion between some processors that would normally be incompatible.
The CPU instruction set that is available to a virtual machine guest OS is deter-
mined when the virtual machine is powered on. This CPU feature set is based on
the following items:
■ The host CPU family and model
■ Settings in the BIOS that might disable CPU features
■ The ESX/ESXi version running on the host
■ The virtual machine’s compatibility setting
■ The virtual machine’s guest operating system

EVC ensures that all hosts in a cluster present the same CPU feature set to vir-
tual machines, even if the actual CPUs on the hosts differ. If you enable the EVC
cluster setting, you can configure the EVC Mode with a baseline CPU feature set.
EVC ensures that hosts in a cluster use the baseline feature set when presenting an
instruction set to a guest OS. EVC uses AMD-V Extended Migration technology
for AMD hosts and Intel FlexMigration technology for Intel hosts to mask proces-
sor features; this allows hosts to present the feature set of an earlier processor gener-
ation. You should configure EVC Mode to accommodate the host with the smallest
feature set in the cluster.
The EVC requirements for hosts include the following:
■ ESXi 6.7 or later is required.
■ Hosts must be attached to a vCenter Server.
■ CPUs must be from a single vendor (either Intel or AMD).
■ If the AMD-V, Intel-VT, AMD NX, or Intel XD features are available in the
BIOS, they need to be enabled.
■ Check the VMware Compatibility Guide to ensure that CPUs are supported for
EVC Mode.

NOTE You can apply a custom CPU compatibility mask to hide host CPU features
from a virtual machine, but VMware does not recommend doing so.

You can configure the EVC settings by using the Quickstart > Configure Cluster
workflow in the vSphere Client. You can also configure EVC directly in the cluster
settings. The options for VMware EVC are Disable EVC, Enable EVC for AMD
 Chapter 4: Clusters and High Availability 137

Hosts, and Enable EVC for Intel Hosts. You can also configure per-VM EVC, as
described in Chapter 5, “vCenter Server Features and Virtual Machines.”
If you choose Enable EVC for Intel Hosts, you can set the EVC Mode setting to
one of the options described in Table 4-2.

Table 4-2 EVC Modes for Intel

Level EVC Mode Description
L0 Intel Merom Smallest Intel feature set for EVC mode.
L1 Intel Penryn Includes the Intel Merom feature set and exposes additional CPU features,
including SSE4.1.
L2 Intel Nehalem Includes the Intel Penryn feature set and exposes additional CPU features,
including SSE4.2 and POPCOUNT.
L3 Intel Westmere Includes the Intel Nehalem feature set and exposes additional CPU
features, including AES and PCLMULQDQ.
L4 Intel Sandy Bridge Includes the Intel Westmere feature set and exposes additional CPU
features, including AVX and XSAVE.
L5 Intel Ivy Bridge Includes the Intel Sandy Bridge feature set and exposes additional CPU
features, including RDRAND, ENFSTRG, FSGSBASE, SMEP, and F16C.
L6 Intel Haswell Includes the Intel Ivy Bridge feature set and exposes additional CPU
features, including ABMX2, AVX2, MOVBE, FMA, PERMD, RORX/
MULX, INVPCID, and VMFUNC.
L7 Intel Broadwell Includes the Intel Haswell feature set and exposes additional CPU features,
including Transactional Synchronization Extensions, Supervisor Mode
Access Prevention, Multi-Precision Add-Carry Instruction Extensions,
PREFETCHW, and RDSEED.
L8 Intel Skylake Includes the Intel Broadwell feature set and exposes additional CPU
features, including Advanced Vector Extensions 512, Persistent Memory
Support Instructions, Protection Key Rights, Save Processor Extended
States with Compaction, and Save Processor Extended States Supervisor.
L9 Intel Cascade Lake Includes the Intel Skylake feature set and exposes additional CPU features,
including VNNI and XGETBV with ECX = 1.
L10 Intel Ice Lake Includes the Intel Cascade Lake feature set and exposes additional CPU
features, including HA extensions, Vectorized AES, User Mode Instruction
Prevention, Read Processor ID, Fast Short REP MOV, WBNOINVD,
Galois Field New Instructions, and AVX512 Integer Fused Multiply Add,
Vectorized Bit Manipulation, and Bit Algorithms Instructions.
L11 Intel Sapphire Includes the Intel Ice Lake feature set and exposes additional CPU
Rapids features, including Control-Flow Enforcement Technology, Advanced
Matrix Extensions, Supervisor Protection Keys, AVX-VNNI, AVX512
FP16, AVX512 BF16, CLDEMOTE, SERIALIZE, WBNOINVD, and
MOVDIRI instructions.
138 VCP-DCV for vSphere 8.x Cert Guide

If you choose Enable EVC for AMD Hosts, you can set the EVC Mode setting to
one of the options described in Table 4-3.

Table 4-3 EVC Modes for AMD

Level EVC Mode Description
A0 AMD Opteron Smallest AMD feature set for EVC mode.
Generation 1
A1 AMD Opteron Includes the AMD Generation 1 feature set and exposes additional
Generation 2 CPU features, including CPMXCHG16B and RDTSCP.
A3 AMD Opteron Includes the AMD Generation 2 feature set and exposes additional
Generation 3 CPU features, including SSE4A, MisAlignSSE, POPCOUNT, and
ABM (LZCNT).
A2, B0 AMD Opteron Includes the AMD Generation 3 feature set without 3DNow support.
Generation 3
(without 3DNow!)
B1 AMD Opteron Includes the AMD Generation 3 no3DNow feature set and exposes
Generation 4 additional CPU features, including SSSE3, SSE4.1, AES, AVX, XSAVE,
XOP, and FMA4.
B2 AMD Opteron Includes the AMD Generation 4 feature set and exposes additional
Piledriver CPU features, including FMA, TBM, BMI1, and F16C.
B3 AMD Opteron Includes the AMD Piledriver feature set and exposes additional
Steamroller CPU features, including XSAVEOPT RDFSBASE, RDGSBASE,
WRFSBASE, WRGSBAS, and FSGSBASE.
B4 AMD Zen Includes the AMD Steamroller feature set and exposes additional CPU
features, including RDRAND, SMEP, AVX2, BMI2, MOVBE, ADX,
RDSEED, SMAP, CLFLUSHOPT, XSAVES, XSAVEC, SHA, and
CLZERO.
B5 AMD Zen 2 Includes the AMD Zen feature set and exposes additional CPU
features, including CLWB, UMIP, RDPID, XGETBV with ECX = 1,
WBNOINVD, and GMET.
B6 AMD Zen 3 Includes the AMD Zen 2 feature set and exposes additional CPU
features, including always serializing LFENCE, INVPCID, PSFD,
SSBD, PCID, PKU, VAES, VPCLMULQDQ, and shadow stacks.
B7 AMD Zen 4 Includes the AMD Zen 3 feature set and exposes additional
CPU features, including Fast Short CMPSB and STOSB,
Automatic IBRS, AVX512BF16, AVX512BITALG, AVX512BW,
AVX512CD, AVX512DQ, AVX512F, AVX512IFMA, AVX512VBMI,
AVX512VBMI2, AVX512VL, AVX512VNNI, AVX512VPOPCNTDQ,
GFNI, IBRS, and Upper Address Ignore.
 Chapter 4: Clusters and High Availability 139

Starting with vSphere 7.0 Update 1, EVC provides a feature for Virtual Shared
Graphics Acceleration (vSGA), allowing multiple virtual machines to share GPUs
and leverage the 3D graphics acceleration capabilities.

vSAN Services
You can enable DRS, vSphere HA, and vSAN at the cluster level. The following
sections provide details on DRS and vSphere HA. For details on vSAN, see Chapter 2.

Distributed Resource Scheduler (DRS)

DRS distributes compute workload in a cluster by strategically placing virtual
machines during power-on operations and live migrating (vMotion) VMs when
necessary. DRS provides many features and settings that enable you to control its
behavior.
You can set DRS Automation Mode for a cluster to one of the following:
■ Manual: DRS does not automatically place or migrate virtual machines. It
only makes recommendations.
■ Partially Automated: DRS automatically places virtual machines as they
power on. It makes recommendations for virtual machine migrations.
■ Fully Automated: DRS automatically places and migrates virtual machines.

You can override Automation Mode at the virtual machine level.

Recent DRS Enhancements

VMware added many improvements to DRS beginning with vSphere 6.5. For exam-
ple, in vSphere 7.0, DRS runs once every minute rather than every 5 minutes, as in
older DRS versions. The newer DRS versions tend to recommend smaller (in terms
of memory) virtual machines for migration to facilitate faster vMotion migrations,
whereas older versions tend to recommend large virtual machines to minimize the
number of migrations. Older DRS versions use an imbalance metric that is derived
from the standard deviation of load across the hosts in the cluster. Newer DRS ver-
sions focus on virtual machine happiness. Newer DRS versions are much lighter and
faster than the older versions.
Newer DRS versions recognize that vMotion is an expensive operation and account
for it in their recommendations. In a cluster where virtual machines are frequently
powered on and the workload is volatile, it is not necessary to continuously migrate
virtual machines. DRS calculates the gain duration for live migrating a virtual
machine and considers the gain duration when making recommendations.
140 VCP-DCV for vSphere 8.x Cert Guide

In vSphere 8.0, when PMEM is present, DRS performance can be improved by

leveraging memory statistics to optimize VM placement.
The following sections provide details on other recent DRS enhancements.

Network-Aware DRS
In vSphere 6.5, DRS considers the utilization of host network adapters during initial
placement and load balancing, but it does not balance the network load. Instead, its
goal is to ensure that the target host has sufficient available network resources. It
works by eliminating hosts with saturated networks from the list of possible migra-
tion hosts. The threshold used by DRS for network saturation is 80% by default.
When DRS cannot migrate VMs due to network saturation, the result may be an
imbalanced cluster.
Beginning with vSphere 7.0, DRS uses a new cost modeling algorithm that is
flexible and balances network bandwidth along with CPU and memory usage.

Virtual Machine Distribution

Starting with vSphere 6.5, you can enable an option to distribute a more even
number of virtual machines across hosts. The main use case for this is to improve
availability. The primary goals of DRS—to ensure that all VMs are getting the
resources they need and that the load is balanced in the cluster—remain unchanged.
But with this new option enabled, DRS also tries to ensure that the number of
virtual machines per host is balanced in the cluster.

Memory Metric for Load Balancing

Historically, vSphere has used the Active Memory metric for load-balancing
decisions. In vSphere 6.5 and 6.7, you have the option to set DRS to balance the
load based on the Consumed Memory metric. vSphere 7.0 and later do not support
the option to change this behavior.

Virtual Machine Initial Placement

Starting with vSphere 6.5, DRS began to use a new initial placement algorithm that
is faster, lighter, and more effective than the previous algorithm. In earlier versions,
DRS takes a snapshot of the cluster state when making virtual machine placement
recommendations. With the new algorithm, DRS does not snapshot the cluster
state, which allows for more accurate recommendations and faster virtual machine
 Chapter 4: Clusters and High Availability 141

power on. In vSphere 6.5, the new placement feature is not supported for the
following configurations:
■ Clusters where DPM, Proactive HA, or HA Admission Control is enabled
■ Clusters with DRS configured in Manual Mode
■ Virtual machines with the Manual DRS Override setting enabled
■ Virtual machines that are FT enabled
■ Virtual machines that are part of a vApp

In vSphere 6.7 and later, the new placement is available for all configurations.

Enhancements to the Evacuation Workflow

Prior to vSphere 6.5, when evacuating a host entering Maintenance Mode, DRS
waited to migrate templates and power off virtual machines until after the comple-
tion of vMotion migrations, leaving those objects unavailable for use for a long time.
Starting with vSphere 6.5, DRS prioritizes the migration of virtual machine tem-
plates and powered-off virtual machines over powered-on virtual machines, making
those objects available for use without the need to wait on vMotion migrations.
Prior to vSphere 6.5, the evacuation of powered-off virtual machines was inefficient.
In versions since vSphere 6.5, these evacuations occur in parallel, making use of up
to 100 re-register threads per vCenter Server. This means that you may see only a
small difference when evacuating up to 100 virtual machines.
In versions since vSphere 6.7, DRS is more efficient at evacuating powered-on
virtual machines from a host that is entering Maintenance Mode. Instead of simul-
taneously initiating vMotion for all the powered-on VMs on the host, as in previous
versions, DRS initiates vMotion migrations in batches of eight at a time. Each vMo-
tion batch is issued after the previous batch completes. The vMotion batching makes
the entire workflow more controlled and predictable.

DRS Support for NVM

In versions since vSphere 6.7, DRS supports virtual machines running on next-
generation persistent memory devices, known as non-volatile memory (NVM)
devices. NVM is exposed as a datastore that is local to the host. Virtual machines
can use the datastore as an NVM device exposed to the guest (Virtual Persistent
Memory [vPMem]) or as a location for a virtual machine disk (Virtual Persistent
Memory Disk [vPMemDisk]). DRS is aware of the NVM devices used by
virtual machines and guarantees that the destination ESXi host has enough free
persistent memory to accommodate placements and migrations.
142 VCP-DCV for vSphere 8.x Cert Guide

How DRS Scores VMs

Historically, DRS balanced the workload in a cluster based on host compute
resource usage. In versions since vSphere 7.0, DRS balances the workload based on
virtual machine happiness. A virtual machine’s DRS score is a measure of its happi-
ness, which, in turn, is a measure of the resources available for consumption by the
virtual machine. The higher the DRS score for a VM, the better its resource avail-
ability. DRS moves virtual machines to improve their DRS scores. DRS also calcu-
lates a DRS score for a cluster, which is a weighted sum of the DRS scores of all the
virtual machines in the cluster.
In versions since Sphere 7.0, DRS calculates the core for each virtual machine on
each ESXi host in the cluster every minute. Simply put, DRS logic computes an ideal
throughput (demand) and an actual throughput (goodness) for each resource (CPU,
memory, and network) for each virtual machine. The virtual machine’s efficiency for a
particular resource is a ratio of the goodness over the demand. A virtual machine’s DRS
score (total efficiency) is the product of its CPU, memory, and network efficiencies.
When calculating the efficiency, DRS applies resource costs. For CPU resources,
DRS includes costs for CPU cache, CPU ready, and CPU tax. For memory
resources, DRS includes costs for memory burstiness, memory reclamation, and
memory tax. For network resources, DRS includes a network utilization cost.
DRS compares a virtual machine’s DRS score for the host on which it currently
runs. DRS determines whether another host can provide a better DRS score for the
virtual machine. If so, DRS calculates the cost for migrating the virtual machine to
the host and factors that score into its load-balancing decision.

DRS Rules
You can configure rules to control the behavior of DRS.
A VM–host affinity rule specifies whether the members of a selected virtual machine
DRS group can run on the members of a specific host DRS group. Unlike a virtual
machine–to–virtual machine (VM–VM) affinity rule, which specifies affinity (or
anti-affinity) between individual virtual machines, a VM–host affinity rule specifies an
affinity relationship between a group of virtual machines and a group of hosts. There are
required rules (designated by “must”) and preferential rules (designated by “should”).
A VM–host affinity rule includes the following components:
■ One virtual machine DRS group
■ One host DRS group
■ A designation of whether the rule is a requirement (“must”) or a preference
(“should”) and whether it is affinity (“run on”) or anti-affinity (“not run on”)
 Chapter 4: Clusters and High Availability 143

A VM–VM affinity rule specifies whether selected individual virtual machines

should run on the same host or whether they should be kept on separate hosts.
This type of rule is used to create affinity or anti-affinity between individual virtual
machines. When an affinity rule is created, DRS tries to keep the specified virtual
machines together on the same host. You might want to do this, for example, for
performance reasons.
With an anti-affinity rule, DRS tries to keep the specified virtual machines apart.
You can use such a rule if you want to guarantee that certain virtual machines are
always on different physical hosts. In that case, if a problem occurs with one host,
not all virtual machines are at risk. You can create VM–VM affinity rules to specify
whether selected individual virtual machines should run on the same host or be kept
on separate hosts.
VM–VM affinity rule conflicts can occur when you use multiple VM–VM affinity
and VM–VM anti-affinity rules. If two VM–VM affinity rules are in conflict, you
cannot enable both of them. For example, if one rule keeps two virtual machines
together and another rule keeps the same two virtual machines apart, you cannot
enable both rules. Select one of the rules to apply and disable or remove the con-
flicting rule. When two VM–VM affinity rules conflict, the older one takes prece-
dence, and the newer rule is disabled. DRS tries to satisfy only enabled rules and
ignores disabled rules. DRS gives higher precedence to preventing violations of
anti-affinity rules than violations of affinity rules.

NOTE A VM–VM rule does not allow the “should” qualifier. You should consider
these as “must” rules.

DRS Migration Sensitivity

Prior to vSphere 7.0, DRS used a migration threshold to determine when virtual
machines should be migrated to balance the cluster workload. In vSphere 7.0 and
newer, DRS is designed to be more virtual machine centric and workload centric
rather than cluster centric. You can set the DRS Migration Sensitivity parameter to
one of the following values:
■ Level 1: DRS only makes recommendations to fix rule violations or to
facilitate a host entering Maintenance Mode.
■ Level 2: DRS expands on Level 1 by making recommendations in situations
that are at or close to resource contention. It does not make recommendations
just to improve virtual machine happiness or cluster load distribution.
■ Level 3: DRS expands on Level 2 by making recommendations to improve
VM happiness and cluster load distribution. This is the default level.
144 VCP-DCV for vSphere 8.x Cert Guide

■ Level 4: DRS expands on Level 3 by making recommendations for occasional

bursts in the workload and reacts to sudden load changes.
■ Level 5: DRS expands on Level 4 by making recommendations dynamic and
greatly varying workloads. DRS reacts to the workload changes every time.

Resource Pools
Resource pools are container objects in the vSphere inventory that are used to
compartmentalize the CPU and memory resources of a host, a cluster, or a parent
resource pool. Virtual machines run in and draw resources from resource pools. You
can create multiple resource pools as direct children of a standalone host or a DRS
cluster. You cannot create child resource pools on a host that has been added to a
cluster or on a cluster that is not enabled for DRS.
You can use resource pools to organize VMs. You can delegate control over each
resource pool to specific individuals and groups. You can monitor resources and set
alarms on resource pools. If you need a container just for organization and permis-
sion purposes, consider using a folder. If you also need resource management, then
consider using a resource pool. You can assign resource settings such as shares,
reservations, and limits to resource pools.

Use Cases
You can use resource pools to compartmentalize a cluster’s resources and then use
the resource pools to delegate control to individuals or organizations. Table 4-4
provides some use cases for resource pools.

Table 4-4 Resource Pool Use Cases

Use Case Details
Flexible hierarchical Add, remove, modify, and reorganize resource pools, as needed.
organization
Resource isolation Use resource pools to allocate resources to separate departments, in
such a manner that changes in a pool do not unfairly impact other
departments.
Access control and Use permissions to delegate activities, such as virtual machine creation
delegation and management, to other administrators.
Separation of In a DRS cluster, perform resource management independently of the
resources from actual hosts.
hardware
Managing multitier Manage the resources for a group of virtual machines (in a specific resource
applications pool), which is easier than managing resources per virtual machine.
 Chapter 4: Clusters and High Availability 145

Shares, Limits, and Reservations

You can configure CPU and memory shares, reservations, and limits on resource
pools, as described in Table 4-5.

Table 4-5 Shares, Limits, and Reservations

Option Description
Shares Shares specify the relative importance of a virtual machine or a resource pool.
If a virtual machine has twice as many shares of a resource as another virtual
machine, it is entitled to consume twice as much of that resource when these
two virtual machines are competing for resources. Shares can be thought of as
priority under contention.
Shares are typically set to High, Normal, or Low, and these values specify
share values with a 4:2:1 ratio. You can also select Custom and assign a specific
number of shares (to express a proportional weight).
A resource pool uses its shares to compete for the parent’s resources and is
allocated a portion based on the ratio of the pool’s shares compared with its
siblings. Siblings share the parent’s resources according to their relative share
values, bounded by the reservation and limit.
For example, consider a scenario where a cluster has two child resource pools
with normal CPU shares, another child resource pool with high CPU shares,
and no other child objects. During periods of contention, each of the pools with
normal shares would get access to 25% of the cluster’s CPU resources, and the
pool with high shares would get access to 50%.
Reservations A reservation specifies the guaranteed minimum allocation for a virtual machine
or a resource pool. A CPU reservation is expressed in megahertz, and a memory
reservation is expressed in megabytes. You can power on a virtual machine only
if there are enough unreserved resources to satisfy the reservation of the virtual
machine. If the virtual machine starts, then it is guaranteed that amount, even
when the physical server is heavily loaded.
For example, if you configure the CPU reservation for each virtual machine as
1 GHz, you can start eight VMs in a resource pool where the CPU reservation
is set for 8 GHz and expandable reservations are disabled. But you cannot start
additional virtual machines in the pool.
You can use reservations to guarantee a specific amount of resources for
a resource pool. The default value for a resource pool’s CPU or memory
reservation is 0. If you change this value, it is subtracted from the unreserved
resources of the parent. The resources are considered reserved, regardless of
whether virtual machines are associated with the resource pool.
146 VCP-DCV for vSphere 8.x Cert Guide

Option Description
Expandable You can enable expandable reservations to effectively allow a child resource
reservations pool to borrow from its parent. Expandable reservations, which are enabled by
default, are considered during admission control. When powering on a virtual
machine, if the resource pool does not have sufficient unreserved resources, the
resource pool can use resources from its parent or ancestors.
For example, say that in a resource pool where 8 GHz is reserved and
expandable reservations are disabled, you try to start nine virtual machines
each with 1 GHz, but the last virtual machine does not start. If you enable
expandable reservations in the resource pool, and its parent pool (or cluster) has
sufficient unreserved CPU resources, you can start the ninth virtual machine.
Limits A limit specifies an upper bound for CPU or memory resources that can be
allocated to a virtual machine or a resource pool.
You can set a limit on the amount of CPU and memory allocated to a resource
pool. The default is unlimited. For example, if you power on multiple CPU-
intensive virtual machines in a resource pool, where the CPU limit is 10 GHz,
then, collectively, the virtual machines cannot use more than 10 GHz CPU
resources, regardless of the pool’s reservation settings, the pool’s share settings,
or the amount of available resources in the parent.

Table 4-6 provides the CPU and memory share values for virtual machines when
using the High, Normal, and Low settings. For resource pools, the share values are
equivalent to those of a virtual machine with four vCPUs and 16 GB memory.

Table 4-6 Virtual Machine Shares

Setting CPU Share Value Memory Share Value
High 2000 per vCPU 20 per MB
Normal 1000 per vCPU 10 per MB
Low 500 per vCPU 5 per MB

For example, the share values for a resource pool configured with normal CPU
shares and high memory shares are 4000 (that is, 4 × 1000) CPU shares and 327,680
(that is, 16 × 1024 × 20) memory shares.

NOTE The relative priority represented by each share changes with the addition
and removal of virtual machines in a resource pool or cluster. It also changes as you
increase or decrease the shares on a specific virtual machine or resource pool.
 Chapter 4: Clusters and High Availability 147

Enhanced Resource Pool Reservation

In versions since vSphere 6.7, DRS uses a two-pass algorithm to allocate resource
reservations to children. The old allocation model does not reserve more resources
than the current demand, even when the resource pool is configured with a higher
reservation. When a spike in virtual machine demand occurs after resource alloca-
tion is complete, DRS does not make the remaining pool reservation available to
the virtual machine until the next allocation operation occurs. As a result, a virtual
machine’s performance may be temporarily impacted. In the new allocation model,
each allocation operation uses two passes. In the first pass, the resource pool reserva-
tion is allocated based on virtual machine demand. In the second pass, excess pool
reservation is allocated proportionally, limited by the virtual machine’s configured
size, which reduces the performance impact due to virtual machine spikes.

Scalable Shares
In versions since vSphere 7.0, DRS provides scalable shares. The main use case for
scalable shares is a scenario in which you want to use shares to give high-priority
resource access to a set of virtual machines in a resource pool, without concern for
the relative number of objects in the pool compared to other pools. With standard
shares, each pool in a cluster competes for resource allocation with its siblings, based
on the share ratio. With scalable shares, the allocation for each pool factors in the
number of objects in the pool.
For example, consider a scenario in which a cluster with 100 GHz CPU capacity
has a high-priority resource pool with CPU Shares set to High and a low-priority
resource pool with CPU Shares set to Normal, as shown in Figure 4-1. This means
that the share ratio between the pools is 2:1, so the high-priority pool is effectively
allocated twice the CPU resources as the low-priority pool whenever CPU conten-
tion exists in the cluster. The high-priority pool is allocated 66.7 GHz, and the low-
priority pool is effectively allocated 33.3 GHz. In this cluster, 40 virtual machines
of equal size are running, with 32 in the high-priority pool and 8 in the low-priority
pool. The virtual machines are all demanding CPU resources, causing CPU conten-
tion in the cluster. In the high-priority pool, each virtual machine is allocated 2.1
GHz. In the low-priority pool, each virtual machine is allocated 4.2 GHz.

DRS Cluster
CPU Capacity = 100 GHz

High Priority Low Priority

CPU Shares = High CPU Shares = Normal

32 8
VMs VMs

Figure 4-1 Scalable Shares Example

148 VCP-DCV for vSphere 8.x Cert Guide

If you want to change the resource allocation such that each virtual machine in the
high-priority pool is effectively allocated more resources than the virtual machines
in the low-priority pool, you can use scalable shares. If you enable scalable shares
in the cluster, DRS effectively allocates resources to the pools based on the Shares
settings and the number of virtual machines in the pool. In this example, the CPU
shares for the pools provide a 2:1 ratio. Factoring this with the number of virtual
machines in each pool, the allocation ratio between the high-priority pool and the
low-priority pool is 2 times 32 to 1 times 8, or simply 8:1. The high-priority pool is
allocated 88.9 GHz, and the low-priority pool is allocated 11.1 GHz. Each virtual
machine in the high-priority pool is allocated 2.8 GHz. Each virtual machine in the
low-priority pool is allocated 1.4 GHz.

vSphere High Availability (HA)

vSphere HA is a cluster service that provides high availability for the virtual
machines running in the cluster. You can enable vSphere High Availability (HA) on a
vSphere cluster to provide rapid recovery from outages and cost-effective high avail-
ability for applications running in virtual machines. vSphere HA provides applica-
tion availability in the following ways:
■ It protects against server failure by restarting the virtual machines on other
hosts in the cluster when a host failure is detected, as illustrated in Figure 4-2.
■ It protects against application failure by continuously monitoring a virtual
machine and resetting it if a failure is detected.
■ It protects against datastore accessibility failures by restarting affected virtual
machines on other hosts that still have access to their datastores.
■ It protects virtual machines against network isolation by restarting them
if their host becomes isolated on the management or vSAN network. This
protection is provided even if the network has become partitioned.

DRS Cluster

ESXi Host ESXi Host ESXi Host

XVMs VMs

Figure 4-2 vSphere HA Host Failover

VMs
 Chapter 4: Clusters and High Availability 149

Benefits of vSphere HA over traditional failover solutions include the following:

■ Minimal configuration
■ Reduced hardware cost
■ Increased application availability
■ DRS and vMotion integration

vSphere HA can detect the following types of host issues:

■ Failure: A host stops functioning.
■ Isolation: A host cannot communicate with any other hosts in the cluster.
■ Partition: A host loses network connectivity with the primary host.

When you enable vSphere HA on a cluster, the cluster elects one of the hosts to act
as the primary host. The primary host communicates with vCenter Server to report
cluster health. It monitors the state of all protected virtual machines and secondary
hosts. It uses network and datastore heartbeating to detect failed hosts, isolation,
and network partitions. vSphere HA takes appropriate actions to respond to host
failures, host isolation, and network partitions. For host failures, the typical reac-
tion is to restart the failed virtual machines on surviving hosts in the cluster. If a
network partition occurs, a primary host is elected in each partition. If a specific host
is isolated, vSphere HA takes the predefined host isolation action, which may be to
shut down or power down the host’s virtual machines. If the primary host fails, the
surviving hosts elect a new primary host. You can configure vSphere to monitor and
respond to virtual machine failures, such as guest OS failures, by monitoring heart-
beats from VMware Tools.

NOTE Although vCenter Server is required to implement vSphere HA, the health
of an HA cluster is not dependent on vCenter Server. If vCenter Server fails, vSphere
HA still functions. If vCenter Server is offline when a host fails, vSphere HA can fail
over the affected virtual machines.

vSphere HA Requirements
When planning a vSphere HA cluster, you need to address the following
requirements:
■ The cluster must have at least two hosts, licensed for vSphere HA.
■ Hosts must use static IP addresses or guarantee that IP addresses assigned by
DHCP persist across host reboots.
150 VCP-DCV for vSphere 8.x Cert Guide

■ Each host must have at least one—and preferably two—management networks

in common.
■ To ensure that virtual machines can run any host in the cluster, the hosts must
access the same networks and datastores.
■ To use VM Monitoring, you need to install VMware Tools in each virtual
machine.
■ IPv4 or IPv6 can be used.

NOTE The Virtual Machine Startup and Shutdown (automatic startup) feature is
disabled and unsupported for all virtual machines residing in a vSphere HA cluster.

vSphere HA Response to Failures

You can configure how a vSphere HA cluster should respond to different types of
failures, as described in Table 4-7.

Table 4-7 vSphere HA Response to Failure Settings

Option Description
Host Failure Response > Failure If Enabled, the cluster responds to host failures by
Response restarting virtual machines. If Disabled, host monitoring is
turned off, and the cluster does not respond to host failures.
Host Failure Response > Default You can indicate the order in which virtual machines are
VM Restart Priority restarted when the host fails (higher-priority machines first).
Host Failure Response > VM The restart priority condition must be met before HA
Restart Priority Condition restarts the next priority group.
Response for Host Isolation You can indicate the action that you want to occur if a host
becomes isolated. You can choose Disabled, Shutdown and
Restart VMs, or Power Off and Restart VMs.
VM Monitoring You can indicate the sensitivity (Low, High, or Custom)
with which vSphere HA responds to lost VMware Tools
heartbeats.
Application Monitoring You can indicate the sensitivity (Low, High, or Custom)
with which vSphere HA responds to lost application
heartbeats.

NOTE If multiple hosts fail, the virtual machines on the failed host migrate first in
order of priority, and then the virtual machines from the next host migrate.
 Chapter 4: Clusters and High Availability 151

Heartbeats
The primary host and secondary hosts exchange network heartbeats every second.
When the primary host stops receiving these heartbeats from a secondary host,
it checks for ping responses or the presence of datastore heartbeats from the
secondary host. If the primary host does not receive a response after checking for
a secondary host’s network heartbeat, ping, or datastore heartbeats, it declares that
the secondary host has failed. If the primary host detects datastore heartbeats for
a secondary host but no network heartbeats or ping responses, it assumes that the
secondary host is isolated or in a network partition.
If any host is running but no longer observes network heartbeats, it attempts to ping
the set of cluster isolation addresses. If those pings also fail, the host declares itself to
be isolated from the network.

vSphere HA Admission Control

vSphere uses admission control when you power on a virtual machine. It checks the
amount of unreserved compute resources and determines whether it can guarantee that
any reservation configured for the virtual machine is configured. If so, it allows the vir-
tual machine to power on. Otherwise, it generates an “Insufficient Resources” warning.
vSphere HA Admission Control is a setting that you can use to specify whether
virtual machines can be started if they violate availability constraints. The cluster
reserves resources so that failover can occur for all running virtual machines on the
specified number of hosts. When you configure vSphere HA admission control, you
can set the options described in Table 4-8.

Table 4-8 vSphere HA Admission Control Options

Option Description
Host Failures Cluster Tolerates Specifies the maximum number of host failures for
which the cluster guarantees failover
Define Host Failover Capacity By set to Specifies the percentage of the cluster’s compute
Cluster Resource Percentage resources to reserve as spare capacity to support
failovers
Define Host Failover Capacity By set to Specifies a slot size policy that covers all
Slot Policy (for powered-on VMs) powered-on VMs
Define Host Failover Capacity By set to Specifies the designated hosts to use for failover
Dedicated Failover Hosts actions
Define Host Failover Capacity By set to Disables admission control
Disabled
Performance Degradation VMs Tolerate Specifies the percentage of performance
degradation the VMs in a cluster are allowed to
tolerate during a failure
152 VCP-DCV for vSphere 8.x Cert Guide

If you disable vSphere HA admission control, then you enable the cluster to allow
virtual machines to power on regardless of whether they violate availability con-
straints. In the event of a host failover, you may discover that vSphere HA cannot
start some virtual machines.
In vSphere 8.0, the default admission control setting is Cluster Resource Percentage,
which reserves a percentage of the total available CPU and memory resources in
the cluster. For simplicity, the percentage is calculated automatically by defining the
number of host failures to tolerate (FTT). The percentage is dynamically changed
as hosts are added to the cluster or removed from it. Another new enhancement is
the Performance Degradation VMs Tolerate setting, which controls the amount of
performance reduction that is tolerated after a failure. A value of 0% indicates that
no performance degradation is tolerated.
With the Slot Policy option, vSphere HA admission control ensures that a specified
number of hosts can fail, leaving sufficient resources in the cluster to accommodate
the failover of the impacted virtual machines. Using the Slot Policy option, when
you perform certain operations, such as powering on a virtual machine, vSphere HA
applies admission control in the following manner:
Step 1. HA calculates the slot size, which is a logical representation of memory
and CPU resources. By default, it is sized to satisfy the requirements for
any powered-on virtual machine in the cluster. For example, it may be
sized to accommodate the virtual machine with the greatest CPU reserva-
tion and the virtual machine with the greatest memory reservation.
Step 2. HA determines how many slots each host in the cluster can hold.
Step 3. HA determines the current failover capacity of the cluster, which is the
number of hosts that can fail while still leaving enough slots to satisfy all
the powered-on virtual machines.
Step 4. HA determines whether the current failover capacity is less than the
configured failover capacity (provided by the user).
Step 5. If the current failover capacity is less than the configured failover capacity,
admission control disallows the operation.

If a cluster has a few virtual machines that have much larger reservations than the
others, they will distort slot size calculation. To remediate this, you can specify an
upper bound for the CPU or memory component of the slot size by using advanced
options. You can also set a specific slot size (CPU size and memory size). The next
section describes the advanced options that affect the slot size.
 Chapter 4: Clusters and High Availability 153

vSphere HA Advanced Options

You can set vSphere HA advanced options by using the vSphere Client or in the
fdm.cfg file on the hosts. Table 4-9 provides some of the advanced vSphere HA
options.

Table 4-9 Advanced vSphere HA Options

Option Description
das.isolationaddressX Provides the addresses to use to test for host isolation when no
heartbeats are received from other hosts in the cluster. If this option
is not specified (which is the default setting), the management
network default gateway is used to test for isolation. To specify
multiple addresses, you can set das.isolationaddressX, where X is a
number between 0 and 9.
das.usedefaultisolationaddress Specifies whether to use the default gateway IP address for isolation
tests.
das.isolationshutdowntimeout For scenarios where the host’s isolation response is to shut down,
specifies the period of time that the virtual machine is permitted to
shut down before the system powers it off.
das.slotmeminmb Defines the maximum bound on the memory slot size.
das.slotcpuinmhz Defines the maximum bound on the CPU slot size.
das.vmmemoryminmb Defines the default memory resource value assigned to a virtual
machine whose memory reservation is not specified or is zero. This is
used for the Host Failures Cluster Tolerates admission control policy.
das.vmcpuminmhz Defines the default CPU resource value assigned to a virtual machine
whose CPU reservation is not specified or is zero. This is used for
the Host Failures Cluster Tolerates admission control policy. If no
value is specified, the default of 32 MHz is used.
das.heartbeatdsperhost Specifies the number of heartbeat datastores required per host. The
default is 2. The acceptable values are 2 to 5.
das.config.fdm. Specifies the number of seconds the system delays before executing
isolationPolicyDelaySec the isolation policy after determining that a host is isolated. The
minimum is 30. A lower value results in a 30-second delay.
das.respectvmvmantiaffinityrules Determines whether vSphere HA should enforce VM–VM anti-
affinity rules even when DRS is not enabled.

Virtual Machine Settings

To use the Host Isolation Response Shutdown and Restart VMs setting, you must
install VMware Tools on the virtual machine. If a guest OS fails to shut down in
300 seconds (or a value specified by das.isolationshutdowntimeout), the virtual
machine is powered off.
154 VCP-DCV for vSphere 8.x Cert Guide

You can override the cluster’s settings for Restart Priority and Isolation Response
for each virtual machine. For example, you might want to prioritize virtual machines
providing infrastructure services such as DNS or DHCP.
At the cluster level, you can create dependencies between groups of virtual
machines. You can create VM groups, host groups, and dependency rules between
the groups. In the rules, you can specify that one VM group cannot be restarted if
another specific VM group is started.

VM Component Protection (VMCP)

Virtual Machine Component Protection (VMCP) is a vSphere HA feature that can
detect datastore accessibility issues and provide remediation for affected virtual
machines. When a failure occurs such that a host can no longer access the stor-
age path for a specific datastore, vSphere HA can respond by taking actions such
as creating event alarms or restarting a virtual machine on other hosts. The main
requirements are that vSphere HA is enabled in the cluster and that ESX 6.0 or later
is used on all hosts in the cluster.
The failures VMCP detects are permanent device loss (PDL) and all paths down
(APD). PDL is an unrecoverable loss of accessibility to the storage device that
cannot be fixed without powering down the virtual machines. APD is a transient
accessibility loss or other issue that is recoverable.
For PDL and APD failures, you can set VMCP to either issue event alerts or to
power off and restart virtual machines. For APD failures only, you can additionally
control the restart policy for virtual machines by setting it to Conservative or
Aggressive. With the Conservative setting, the virtual machine is powered off only
if HA determines that it can be restarted on another host. With the Aggressive
setting, HA powers off the virtual machine regardless of the state of other hosts.

Virtual Machine and Application Monitoring

VM Monitoring restarts specific virtual machines if their VMware Tools heartbeats
are not received within a specified time. Likewise, Application Monitoring can restart
a virtual machine if the heartbeats from a specific application in the virtual machine
are not received. If you enable these features, you can configure the monitoring set-
tings to control the failure interval and reset period. Table 4-10 lists these settings.

Table 4-10 VM Monitoring Settings

Setting Failure Interval Reset Period
High 30 seconds 1 hour
Medium 60 seconds 24 hours
Low 120 seconds 7 days
 Chapter 4: Clusters and High Availability 155

The Maximum per-VM Resets setting can be used to configure the maximum
number of times vSphere HA attempts to restart a specific failing virtual machine
within the reset period.

vSphere HA Best Practices

You should provide network path redundancy between cluster nodes. To do so, you
can use NIC teaming for the virtual switch. You can also create a second manage-
ment network connection, using a separate virtual switch.
When performing disruptive network maintenance operations on the network used
by clustered ESXi hosts, you should suspend the Host Monitoring feature to ensure
that vSphere HA does not falsely detect network isolation or host failures. You can
reenable host monitoring after completing the work.
To keep vSphere HA agent traffic on the specified network, you should ensure that
the VMkernel virtual network adapters used for HA heartbeats (enabled for man-
agement traffic) do not share the same subnet as VMkernel adapters used for vMo-
tion and other purposes.
You use the das.isolationaddressX advanced option to add an isolation address for
each management network.

Proactive HA
Proactive High Availability (Proactive HA) integrates with select hardware part-
ners to detect degraded components and evacuate VMs from affected vSphere hosts
before an incident causes a service interruption. Hardware partners offer a vCen-
ter Server plug-in to provide the health status of the system memory, local stor-
age, power supplies, cooling fans, and network adapters. As hardware components
become degraded, Proactive HA determines which hosts are at risk and places them
into either Quarantine Mode or Maintenance Mode. When a host enters Mainte-
nance Mode, DRS evacuates its virtual machines to healthy hosts, and the host is not
used to run virtual machines. When a host enters Quarantine Mode, DRS leaves the
current virtual machines running on the host but avoids placing or migrating virtual
machines to the host. If you prefer that Proactive HA simply make evacuation rec-
ommendations rather than automatic migrations, you can set Automation Level to
Manual.
The vendor-provided health providers read sensor data in the server and provide the
health state to vCenter Server. The health states are Healthy, Moderate Degrada-
tion, Severe Degradation, and Unknown.
156 VCP-DCV for vSphere 8.x Cert Guide

Other Resource Management and Availability Features

This section describes other vSphere features related to resource management and
availability.

Predictive DRS
Predictive DRS is a feature in vSphere 6.5 and later that leverages the predictive
analytics of VMware Aria Operations, formerly known as vRealize Operations
(vROps), and vSphere DRS. Together, these two products can provide workload
balancing prior to the occurrence of resource utilization spikes and resource conten-
tion. Every night, Aria Operations calculates dynamic thresholds, which are used to
create forecasted metrics for the future utilization of virtual machines. Aria Opera-
tions passes the predictive metrics to vSphere DRS to determine the best placement
and balance of virtual machines before resource utilization spikes occur. Predictive
DRS helps prevent resource contention on hosts that run virtual machines with
predictable utilization patterns.
The following prerequisites are needed to run Predictive DRS:
■ vCenter Server 6.5 or later is required.
■ Predictive DRS must be configured and enabled in both vCenter Server and
Aria Operations.
■ The vCenter Server and Aria Operations clocks must be synchronized.

Distributed Power Management (DPM)

The vSphere Distributed Power Management (DPM) feature enables a DRS cluster
to reduce its power consumption by powering hosts on and off, as needed, based on
cluster resource utilization. DPM monitors the cumulative virtual machine demand
for memory and CPU resources in the cluster and compares this to the available
resources in the cluster. If sufficient excess capacity is found, vSphere DPM directs
the host to enter Standby Mode. When DRS detects that a host is entering Standby
Mode, it evacuates the virtual machines. Once the host is evacuated, DPM powers it
off, and the host is in Standby Mode. When DPM determines that capacity is inad-
equate to meet the resource demand, DPM brings a host out of Standby Mode by
powering it on. Once the host exits Standby Mode, DRS migrates virtual machines
to it.
To power on a host, DPM can use one of three power management protocols: Intel-
ligent Platform Management Interface (IPMI), Hewlett-Packard Integrated Lights-
Out (iLO), or Wake-on-LAN (WoL). If a host supports multiple protocols, they
 Chapter 4: Clusters and High Availability 157

are used in the following order: IPMI, iLO, WOL. If a host does not support one of
these protocols, DPM cannot automatically bring a host out of Standby Mode.
DPM is very configurable. As with DRS, you can set DPM’s automation to be
manual or automatic.

NOTE Do not disconnect a host that is in Standby Mode or remove it from a DRS
cluster without first powering it on. Otherwise, vCenter Server is not able to power
the host back on.

To configure IPMI or iLO settings for a host, you can edit the host’s Power Man-
agement settings. You should provide credentials for the Baseboard Management
Controller (BMC) account, the IP address of the appropriate NIC, and the MAC
address of the NIC.
Using WOL with DPM requires that the following prerequisites be met:
■ ESXi 3.5 or later is required.
■ vMotion must be configured.
■ The vMotion NIC must support WOL.
■ The physical switch port must be set to automatically negotiate the link speed.

Before enabling DPM, use the vSphere Client to request the host to enter Standby
Mode. After the host powers down, right-click the host and attempt to power on.
If this is successful, you can allow the host to participate in DPM. Otherwise, you
should disable power management for the host.
You can enable DPM in a DRS cluster’s settings. You can set Automation Level to
Off, Manual, or Automatic. When this option is set to Off, DPM is disabled. When
it is set to Manual, DPM makes recommendations only. When it is set to Automatic,
DPM automatically performs host power operations as needed.
Much as with DRS, with DPM you can control the aggressiveness of DPM (that is,
the DPM threshold) with a slider bar in the vSphere Client. The DRS threshold and
the DPM threshold are independent of one another. You can override automation
settings per host. For example, for a 16-host cluster, you might want to set DPM
Automation to Automatic on only 8 of the hosts.

Fault Tolerance (FT)

If you have virtual machines that require continuous availability as opposed to high
availability, you can consider protecting the virtual machines with vSphere Fault
158 VCP-DCV for vSphere 8.x Cert Guide

Tolerance (FT). vSphere FT provides continuous availability for a virtual machine

(the primary VM) by ensuring that the state of a secondary VM is identical at any
point in the instruction execution of the virtual machine.
If the host running the primary VM fails, an immediate and transparent failover
occurs. The secondary VM becomes the primary VM host without losing network
connection or in-progress transactions. With transparent failover, there is no data
loss, and network connections are maintained. The failover is fully automated and
occurs even if vCenter Server is unavailable. Following the failover, FT spawns a
new secondary VM and reestablishes redundancy and protection, assuming that a
host with sufficient resources is available in the cluster. Likewise, if the host running
the secondary VM fails, a new secondary VM is deployed. vSphere Fault Tolerance
can accommodate symmetric multiprocessor (SMP) virtual machines with up to
eight vCPUs.
Use cases for FT include the following:
■ Applications that require continuous availability, especially those with long-
lasting client connections that need to be maintained during hardware failure
■ Custom applications that have no other way of being clustered
■ Cases in which other clustering solutions are available but are too complicated
or expensive to configure and maintain

Before implementing FT, consider the following requirements:

■ CPUs must be vMotion compatible.
■ CPUs must support hardware MMU virtualization.
■ A low-latency 10 Gbps network is required for FT Logging.
■ Virtual machine files other than VMDK files must be stored on shared storage.
■ A vSphere Standard License is required for FT protection of virtual machines
with up to two virtual CPUs.
■ A vSphere Enterprise Plus License is required for FT protection of virtual
machines with up to eight virtual CPUs.
■ Hardware Virtualization (HV) must be enabled in the host BIOS.
■ Hosts must be certified for FT.
■ The virtual memory reservation should be set to match the memory size.
■ vSphere HA must be enabled on the cluster.
■ SSL certificate checking must be enabled in the vCenter Server settings.
■ The hosts must use ESXi 6.x or later.
 Chapter 4: Clusters and High Availability 159

You should also consider the following VMware recommendations concerning

vSphere FT:
■ VMware recommends a minimum of two physical NICs.
■ VMware recommends that the host BIOS power management settings be set
to Maximum Performance or OS-Managed Performance.
■ You should have at least three hosts in the cluster to accommodate a new
secondary VM following a failover.

The following vSphere features are not supported for FT-protected virtual
machines:
■ Snapshots (An exception is that disk-only snapshots created for vStorage APIs
for Data Protection [VADP] backups are supported for FT but not for legacy
FT.)
■ Storage vMotion
■ Linked clones
■ Virtual Volumes datastores
■ Storage-based policy management (However, vSAN storage policies are
supported.)
■ I/O filters
■ Disk encryption
■ Trusted Platform Module (TPM)
■ Virtual Based Security (VBS)–enabled VMs
■ Universal Point in Time snapshots (a next-generation vSAN feature)
■ Physical raw device mappings (RDMs) (However, virtual RDMs are supported
for legacy FT.)
■ Virtual CD-ROMs for floppy drives backed by physical devices
■ USB devices, sound devices, serial ports, and parallel ports
■ N-Port ID Virtualization (NPIV)
■ Network adapter passthrough
■ Hot plugging devices (Note that the hot plug feature is automatically disabled
when you enable FT on a virtual machine.)
■ Changing the network where a virtual NIC is connected
160 VCP-DCV for vSphere 8.x Cert Guide

■ Virtual Machine Communication Interface (VMCI)

■ Virtual disk files larger than 2 TB
■ Video devices with 3D enabled

You should apply the following best practices for FT:

■ Use similar CPU frequencies in the hosts.
■ Use active/standby NIC teaming settings.
■ Ensure that the FT Logging network is secure (that is, FT data is not
encrypted).
■ Enable jumbo frames and 10 Gbps for the FT network. Optionally, configure
multiple NICs for FT Logging.
■ Place ISO files on shared storage.
■ If vSAN is used for primary or secondary VMs, do not also connect those vir-
tual machines to other storage types. Also, place the primary and secondary
VMs in separate vSAN fault domains.
■ Keep vSAN and FT Logging on separate networks.

In vSphere 6.5, FT is supported with DRS only when EVC is enabled. You can
assign a DRS automation to the primary VM and let the secondary VM assume
the same setting. If you enable FT for a virtual machine in a cluster where EVC is
disabled, the virtual machine DRS automation level is automatically disabled. In ver-
sions since vSphere 6.7, EVC is not required for FT to support DRS.
To enable FT, you first create a VMkernel virtual network adapter on each host
and connect to the FT Logging network. You should enable vMotion on a separate
VMkernel adapter and network.
When you enable FT protection for a virtual machine, the following events occur:
■ If the primary VM is powered on, validation tests occur. If validation is passed,
then the entire state of the primary VM is copied and used to create the sec-
ondary VM on a separate host. The secondary VM is powered on. The virtual
machine’s FT status is Protected.
■ If the primary VM is powered off, the secondary VM is created and registered
to a host in the cluster but not powered on. The virtual machine FT Status
setting is Not Protected, VM not Running. When you power on the primary
VM, the validation checks occur, and the secondary VM is powered on. Then
FT Status changes to Protected.
 Chapter 4: Clusters and High Availability 161

Legacy FT VMs can exist only on ESXi hosts running on vSphere versions earlier
than 6.5. If you require legacy FT, you should configure a separate vSphere 6.0
cluster.

vCenter Server High Availability

vCenter Server High Availability (vCenter HA) is described in Chapter 1, “vSphere
Overview, Components, and Requirements.” vCenter HA implementation is
covered in Chapter 8, “vSphere Installation.” vCenter HA management is covered in
Chapter 13, “Managing vSphere and vCenter Server.”

VMware Service Lifecyle Manager

If a vCenter service fails, VMware Service Lifecycle Manager (vmon) restarts it.
VMware Service Lifecycle Manager is a service that runs in a vCenter server that
monitors the health of services and takes preconfigured remediation action when it
detects a failure. If multiple attempts to restart a service fail, the service is considered
failed.

NOTE Do not confuse VMware Service Lifecyle Manager with VMware vSphere
Lifecycle Manager, which provides simple, centralized lifecycle management for ESXi
hosts through the use of images and baselines.
162 VCP-DCV for vSphere 8.x Cert Guide

Exam Preparation Tasks

As mentioned in the section “Book Features and Exam Preparation Methods” in
the Introduction, you have some choices for exam preparation: the exercises here,
Chapter 15, “Final Preparation,” and the exam simulation questions on the
companion website.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topic icon in
the outer margin of the page. Table 4-11 lists these key topics and the page number
on which each is found.

Table 4-11 Key Topics for Chapter 4

Key Topic Element Description Page Number
Section Network-aware DRS 140
Section How DRS scores VMs 142
List DRS migration sensitivity 143
Section Scalable shares 147
List vSphere HA requirements 149
Table 4-7 vSphere HA response to failure settings 150
List vSphere FT requirements 158

Complete Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the companion website), or
at least the section for this chapter, and complete the tables and lists from memory.
Appendix C, “Memory Table Answers” (also on the companion website), includes
completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter and check your answers in the
glossary:
Virtual Machine Component Protection (VMCP), Proactive High Availability
(Proactive HA), Predictive DRS, vSphere Fault Tolerance (FT), VMware Service
Lifecycle Manager
 Chapter 4: Clusters and High Availability 163

Review Questions
1. You are configuring EVC. Which of the following is not a requirement?
a. A vSphere cluster
b. A DRS cluster
c. CPUs in the same family
d. CPUs with the same base instruction set

2. In vSphere 8.0, you want to configure the DRS migration threshold such that
it is at the maximum level at which resource contention is considered but
virtual machine happiness is not. Which of the following values should you
choose?
a. Level 1
b. Level 2
c. Level 3
d. Level 4
e. Level 5

3. In a vSphere cluster, which of the following statements is true if the primary

host detects datastore heartbeats for a secondary host but no network heart-
beats or ping responses?
a. The primary host declares that the secondary host is isolated.
b. The primary host assumes that the secondary host is isolated or in a
network partition.
c. The primary host takes the host isolation response action.
d. The primary host restarts the virtual machines on the failed secondary
host.

4. You want to configure vSphere HA. Which of the following is a requirement?

a. IPv4 must be used for all host management interfaces.
b. vMotion must be enabled on each host.
c. The Virtual Machine Startup and Shutdown (automatic startup) feature
must be enabled on each virtual machine.
d. Host IP addresses must persist across reboots.
164 VCP-DCV for vSphere 8.x Cert Guide

5. You are configuring vSphere Distributed Power Management (DPM) in your

vSphere 8.0 environment. Which of the following is not a requirement for
using Wake-on-LAN (WoL) in DPM?
a. The management NIC must support WOL.
b. vMotion is configured.
c. The vMotion NIC must support WOL.
d. The physical switch port must be set to auto negotiate the link speed.
This page intentionally left blank
Index

Numbers vCenter Converter, 214–215

802.1ax, 95 VMware Skyline, 215–216
802.1q, 97, 99, 106 vSphere Replication, 215
802.3ad, 95, 101, 108 vSphere requirements, 7, 23–24
vSphere with Tanzu, 208–213, 521–523
A vSphere+ 213–214
Address Resolution Protocol (ARP), 336
absent component state, vSAN, 51
addresses
acceptance levels
IP (Internet Protocol), 94, 553
ESXi hosts, 497–498
MAC (media access control), 94,
VIB (vSphere Installation Bundle),
102–103
497–498
Administration server, 10
account lockout, ESXi, 487–489
Administrator privileges, 249, 265, 498
accounts
Administrators group, 315
Pearson Vue, 614
admission control
VMware Certification, 614
virtual machine resources, 394
actions, alarm, 404
vSphere HA, 151–152, 375
Active Directory (AD), 21, 258
Advisor (Skyline), 215
ESXi host management with, 499–500
affinity/anti-affinity rules
identity sources, 311–313
Predictive DRS, 156, 374
Active Directory Federation Services (AD
vSphere DRS clusters, 373–374
FS), 246
Agent, vCenter Server, 11
Active node, vCenter HA clusters, 12–13
AI (artificial intelligence), 601
AD. See Active Directory (AD)
alarms, 402–405
adapters
actions, 404
host physical network
creating, 403–404
managing on vDS, 355–356
elements of, 402
migration to vDS, 356
use cases, 404–405
VMkernel, 342–343
viewing/acknowledging, 403
Add-DeployRule, 299
all paths down (APD), 154
add-ons
Amazon Web Services, VMC (VMware
Dell, 543
Cloud) on, 27, 231
HPE, 543
AMD
overview of, 208, 540
AMD-V Extended Migration, 136
646 AMD

EVC (Enhanced vMotion Compatibility) applying to ESXi hosts, 323

modes for, 138–139 authentication and authorization,
anti-affinity rules, 85 245–246
Predictive DRS, 156, 374 best practices, 251–252
vSphere DRS clusters, 373–374 content libraries, 606–607
anything as a service (XaaS), 219 editing, 478–479
APD (all paths down), 154 ESXi hosts, 323
App Volumes, 223 global, 250–251, 478
Appliance, vCenter Server inventory hierarchy and objects,
compatibility, 524 246–248
migrating vCenter Server for Windows management, 504
to, 528–530 permission validation settings, 504
patching vCenter Server with, 563–564 permissions diagram, 250
storage sizes, 16–17 privileges and roles, 248–250, 477,
upgrading, 525–527 498–499
Appliance Management Interface, vCenter required permissions for common
Server, 225 tasks, 252–254
monitoring/managing vCenter Server setting, 477–478
with, 550–554 validation settings, 504
patching vCenter Server with, 561–563 vCenter Server application of, 255–257
vCenter Server backup with, 518–521 privileges
application monitoring, in vSphere HA configuration, 477
clusters, 376 ESXi hosts, 498–499
Application Path Resiliency service, 230 management, 477, 498–499
application virtualization types of, 248–250
App Volumes, 223 vCenter Server, 265
VMware Horizon, 222–223 privileges and roles
Apply-EsxImageProfile, 300 best practices, 251–252
Aria Suite, 7 creating, 477
Aria Automation, 27, 218–219 required permissions for common
Aria for Logs, 217–218 tasks, 252–254
Aria Operations, 27, 216–217, 279–280 types of, 248–250
Aria Operations for Networks, 220–221 vCenter Server application of, 255–257
Aria Orchestrator, 219–220 smart card, 501
ARP (Address Resolution Protocol), 336 SSO (single sign-on). See SSO (single
array-based failover with iSCSI, 76 sign-on)
artificial intelligence (AI), 601 users and groups, 476–477
ATS (Atomic Test and Set), 71 VMware Enhanced Authentication
ATS Only Flag primitive, 71 Plug-in, 307
Attestd, 258 vSphere Authentication Proxy, 260, 500
authentication and authorization, 474–479 Authentication Proxy, 500
content libraries, 605 authorization. See authentication and
permissions, 245–246 authorization
 Cisco Discovery Protocol (CDP) 647

Auto Deploy built-in storage providers, 69

cmdlets, 299–300 Bulk Migration service, VMware Hybrid
compatibility, 524 Cloud Extension, 229
ESXi host installation with, 296–301 Burst Size option, traffic shaping policy, 104
security considerations, 493
Automated Lifecycle Management (LCM), C
228 CAAdmins group, 314
automation caching
Aria Automation, 218–219 stateless, 296
Aria Orchestrator, 219–220 vSAN requirements, 65
cloud computing, 27 capacity reservation, vSphere HA, 423
DRS (Distributed Resource Scheduler), CAs (certificate authorities)
139 overview of, 240
SDRS (Storage DRS), 84 VMCA (VMware Certificate Authority),
Average Bandwidth option, traffic shaping 240–241, 298, 307–309
policy, 103 CAT I-CAT III (DISA), 484
AWS (Amazon Web Services), VMC CBT (Change Block Tracking), 225
(VMware Cloud) on, 27, 231 CDP (Cisco Discovery Protocol), 121
Azure VMware Solution, 231 CD-ROM drives, 186
CEIP (Customer Improvement Program),
B 530
backup and recovery certificate authorities. See CAs (certificate
snapshots, 182 authorities)
vCenter Server, 23, 518–521 Certificate Manager, 479, 480–481
vCenter Server file-based backup and certificate signing requests (CSRs), 309
restore, 23 certificates
vLCM (vSphere Lifecycle Manager), core identity services, 241
544–545 CSR (certificate signing request), 309
vSphere with Tanzu, 208–213, 521–523 ESXi host, 245
bar charts, 379 overview of, 240–241
base image, ESXi, 540 recommended modes for, 241
baselines, 536–542 requirements for, 242–245
block primitives, 71 solution user certificate stores, 244
blueprints, Cloud Assembly, 218 types of, 243–244
boot vCenter Server, 265
ESXi Quick Boot, 542 Change Block Tracking (CBT), 225
ESXi scripted installation, 294 change rollbacks, 182
ESXi Secure Boot, 261–262 chipsets, 186
UEFI Secure Boot, 501–502 Chrome, VMware support for, 23
VMs (virtual machines), 189 CIM (Common Information Model) access,
vSAN and, 68 493–494
boot.cfg file, 293 CIM Server, 259
brute-force attacks, 100 Cisco Discovery Protocol (CDP), 121
648 Citrix Virtual Apps and Desktops, VMware App Volumes integration

Citrix Virtual Apps and Desktops, VMware migration sensitivity, 143–144

App Volumes integration, 223 network-aware DRS, 140
claim rules, 462 NVM (non-volatile memory) support,
client, vSphere. See vSphere Client 141
client performance charts Predictive DRS, 156
advanced performance charts, 381–383 recent enhancements, 139–142
definition of, 377 resource pools, 144–148
types of, 379 rules, 142–143
views, 379–380 virtual machine distribution, 140
cloning VMs (virtual machines), 199–201 virtual machine initial placement,
cold clones, 199 140–141
hot clones, 199 virtual machine scores, 142
instant clones, 200–201 EVC (Enhanced vMotion Compatibility)
linked clones, 182, 200 configuration, 136–139
privileges required for, 580–581 overview of, 135–136, 372
Cloud Assembly, 27, 218 requirements for, 136
Cloud Builder, 228 Kubernetes, vSphere with Tanzu and,
cloud computing 208–211
Aria Automation, 218–219 moving hosts into, 254
automation, 27 overview of, 134
Azure VMware Solution, 231 resource monitoring and management,
Cloud Assembly, 27, 218 388–389
Cloud Builder, 228 vCenter HA, 12–13, 161, 564–565
CNS (Cloud Native Storage), 53 vCLS (vSphere Cluster Services), 135
HCX (Hybrid Cloud Extension), 229– vSAN
231 creating with Quickstart, 419
hybrid cloud, 27 encryption in, 61, 434–437
VMC (VMware Cloud), 27, 226–227, 231 expanding, 424–426
vSphere+213–214 extending across two sites, 428–430
Cloud Native Storage (CNS), 53 managing devices in, 430–432
clusters requirements for, 67
cluster images, importing/exporting, space efficiency in, 58–60, 433
544–545 standard, 53
configuring with Quickstart, 369–371 stretched, 55–58
creating, 368 two-host, 54
datastore, 85, 135 vSphere DRS, 372–374
definition of, 172–173 vSphere HA, 148–155
DPM (Distributed Power Management), admission control, 151–152
156–157 advanced options, 153
DRS (Distributed Resource Scheduler) benefits of, 148–149
automation modes, 139 best practices, 155
evacuation workflow, 141 creating and configuring, 374–378
memory metric for load balancing, 140 heartbeats, 151
 configuration 649

Proactive HA, 155 SSO (single sign-on). See SSO (single

Proactive HA (High Availability), 7, sign-on)
155, 376 users and groups, 476–477
requirements for, 149–150 certificates, 479–483
response to failures, 150 custom, 480–481
virtual machine settings, 153–154 ESXi, 481–483
VM monitoring settings, 154–155 vSphere Client, 479–480
VMCP (Virtual Machine Component clusters, 134
Protection), 154 cluster creation, 368
cmdlets, Auto Deploy, 299–300 EVC mode, 372
CNS (Cloud Native Storage), 53 Quickstart, 369–371
Code Stream (Aria Automation), 218 vSphere DRS, 372–374
cold clones, 199 vSphere HA, 374–378
Collector (Skyline), 215 content libraries, 603
Common Information Model (CIM) access, adding items to, 608
493–494 authentication, 605
community secondary PVLANs, 113 creating, 604–605
CommunitySupported VIBs, 498 definition of, 604
compatibility deploying VMs with, 608–609
EVC (Enhanced vMotion Compatibility), managing VM templates in, 609
135–139 overview of, 176–178
configuration, 136–139 permissions, 606–607
overview of, 135–136 publishing, 605
requirements for, 136 subscribing to, 606
hardware compatibility checks, 544 synchronization options, 607
vCenter Server 7.0, 524 versioning, 177
VMs (virtual machines), 586 ESXi hosts
compliance configuration scripts, 485–487
Aria Operations, 279–280 profiles, 484–485
VMs (virtual machines), 51 ESXi security, 493–494
Compliant clusters, 541 Active Directory, 499–500
component state, vSAN, 51 ESXi firewall, 494–495
components, vSphere, 6–8 ESXi services, 495–496
compression, vSAN, 58, 59 general security recommendations,
compute and system requirements, 14–16 483–492
configuration. See also installation; host acceptance levels, 497–498
management; VMware product Lockdown Mode, 496–497
integration log files, 503
authentication and authorization, networking security recommendations,
474–479 492–494
permissions, 477–479 privileges, 498–499
privileges and roles, 477 smart card authentication, 501
650 configuration

TPM (Trusted Platform Module), virtual network infrastructure

502–503 DirectPath I/O, 122, 347
UEFI Secure Boot, 501–502 distributed port groups, 341–342, 357
VIB acceptance levels, 497–498 network resource pools, 109–111,
vSphere Authentication Proxy, 500 345–346
EVC (Enhanced vMotion Compatibility) NIOC (Network I/O Control),
EVC modes for AMD hosts, 138–139 108–109, 344–345
EVC modes for Intel hosts, 136–137 PVLANs (private VLANs), 346
EVC modes for VMs (virtual SR-IOV (single root I/O
machines), 603 virtualization), 347–349
EVC modes for vSphere clusters, 372 standard port groups, 341–342
Identity Federation, 316–318 vDS (vSphere Distributed Switches),
LACP (Link Aggregation Control 338–342
Protocol), 118–119 VMkernel networking, 342–344
NetFlow on vDS (vSphere Distributed vSS (vSphere Standard Switches),
Switches), 340–341 334–338
SSO (single sign-on) VMs (virtual machines)
Active Directory identity sources, advanced options, 189
311–313 cloning, 199–201, 580–581
LDAP identity sources, 313 compatibility options, 185–187, 586
overview of, 309–310 configuration files, 179
policies, 315–316 content libraries, 176–178, 604–609
SSO identity sources, 310 converting to templates, 581
users, enabling/disabling, 314–315 CPU affinity, 603
storage infrastructure creating, 252, 576–577
NFS datastores, 447–449 deploying from templates, 253, 582
RDMs (raw device mappings), disk mode settings, 590
446–447 encrypting, 589
VMFS datastores, 441–449 EVC mode, 603
vSAN, 418–440 guest OS, 253, 582
vVols (virtual volumes), 466–468 guest user mapping, 594
syslog, 409–410 hardware devices, 185–187
vCenter Server migration, 190–194, 254, 596–598
common management tasks, 555–557 moving to resource pools, 253
repointing to another domain, Open VM Tools, 578
565–569 opening consoles to, 577–578
SSL certificate verification for legacy options, 188–189, 592–593
hosts, 561 OVF/OVA templates, 178, 585, 594,
statistics collection settings, 558–560 598, 608
updates, 561–564 performance impact of, 396
vCenter HA clusters, 564–565 powering on, 577
VMCA (VMware Certificate provisioning, 188, 200, 589
Authority), 307–309 shutting down guests, 580
 das.isolationaddressX 651

snapshots, 180–185, 253, 595 config.vpxd.filter.vmfsFilter, 446

VBS (virtualization-based security), Config-vVol, 74
598–599 Connect-VIServer, 487, 600
versions, 587–588 consoles, VM (virtual machine), 577–578
vGPU (virtual GPU) support, 601–603 consumed capacity, 50
VM hardware configuration, 586–592 content libraries, 603
VMware PowerCLI, 599–601 creating, 604–605
VMware Tools, 153, 188, 189, 221, description of, 7
272, 324, 395, 524, 578–580 overview of, 176–178, 604
vSAN, 86 publishing, 605
cluster creation, 419 subscribing to, 605
cluster expansion, 424–426 versioning, 177
datastores, 422 controllers
deployment with vCenter Server, 424 NVDIMM, 187
disabling, 423 NVMe, 187
disk/device management, 430–432 SATA, 187
encryption, 434–437 SCSI, 187, 591
fault domains, 428 SIO, 187
File Service, 439–440 USB, 187
licensing, 421–422 Converter Standalone, 214–215
Maintenance Mode, 426–428 Coordinated Universal Time (UTC), 24
manually enabling, 420–421 Copy-DeployRule, 299
policies, 437–438 copy/paste, disabling, 271
preparation, 418 CPUs, 186
settings, 421 CPU affinity, 603
shutdown and restart, 424 CPU ID (CPU identification), 589
space efficiency, 433 performance analysis, 383–387
storage providers, viewing, 439 cryptography administrator role, 275
stretched clusters, 428–430 crypto-util command, 275
vSAN and vSphere HA, 422–423 CSRs (certificate signing requests), 309
vSphere initial configuration, 318–327 Custom Certificate Authority Mode, ESXi,
advanced ESXi host options, 325–327 245, 481–482
common ESXi host settings, 324–325 custom certificates, 480–481
host profiles, 321–323 custom TCP/IP stack, 125
vCenter Server inventory, 319–321 Customer Improvement Program (CEIP),
vLCM (vSphere Lifecycle Manager), 530
318–319 customization. See configuration;
VMware Tools, 324 management
vSphere Client, 318
config.vpxd.filter.hostRescanFilter, 446 D
config.vpxd.filter.rdmFilter, 446 das.config.fdm.isolationPolicyDelaySec, 153
config.vpxd.filter. das.heartbeatdsperhost, 153
sameHostsAndTransportsFilter, 446 das.isolationaddressX, 153, 155
652 das.isolationshutdowntimeout

das.isolationshutdowntimeout, 153 default TCP/IP stack, 125, 194–197

das.respectvmvmantiaffinityrules, 153 Defense Information Systems Agency
das.slotcpuinmhz, 153 (DISA), 484
das.slotmeminmb, 153 degraded component state, vSAN, 51
das.usedefaultisolationaddress, 153 DEKs (data encryption keys), 61, 274
das.vmcpuminmhz, 153 Dell OpenManage Integration for VMware
das.vmmemoryminmb, 153 vCenter Server (OMIVV), 543
data center-level management, vDS delta disk files, 184
(vSphere Distributed Switches), denial-of-service (DoS) attacks, 272
113–114 dependent hardware iSCSI adapter:454
data centers, definition of, 171–172 deployment
data encryption keys (DEKs), 61, 274 OVF/OVA templates, 585–586
Data Locality policy, 82 VCSA (vCenter Server Appliance)
data processing units (DPUs), 15–16, 95 CLI (command-line interface),
data statistics collection, 558–560 305–306
data storage providers, 69 GUI installer, 303–305
data transfer, vCenter Server, 524–525 post-installation, 306–307
databases requirements for, 302–303
database files, 184 VMs (virtual machines)
vCenter Server, 301 with content libraries, 608–609
Datastore Browser access, 265 from templates, 253, 582
datastores vSAN, 53–58, 424
clusters, 85, 135 depot, 539, 540
definition of, 174 desktop and application virtualization
NFS (Network File System) App Volumes, 223
management of, 447–449 VMware Horizon, 222–223
overview of, 41–43 device connections, disabling, 271
types of, 39–43, 50 DFW (Distributed Firewall), 280
virtual machine migration, 193 DHCP server, 297
VMFS (Virtual Machine File System) Direct Console User Interface (DCUI),
management of, 441–449 258, 547
overview of, 39–41 direct memory access (DMA), 349
vSAN directory services, joining hosts to, 260
overview of, 43 DirectPath I/O, 122, 347
types of, 50 DISA (Defense Information Systems
viewing, 422 Agency), 484
vVols (virtual volumes), 43 Disable Object Checksum policy, 83
Data-vVol, 74 disabling
DCAdmins group, 314 copying and pasting, 271
DCUI (Direct Console User Interface), device connections, 271
258, 547 disk shrinking, 270–271
dcui users, 499 MOB (managed object browser),
deduplication, vSAN, 58, 59 491–492
 EKs (endorsement keys) 653

SSO (single sign-on) users, 314–315 Predictive DRS, 156, 374

vSAN, 423 recent enhancements, 139–142
disaster recovery resource pools
SRM (Site Recovery Manager), 226–227 enhanced resource pool
VMware Hybrid Cloud Extension, 229 reservation, 147
vSphere Replication, 224–226 scalable shares, 147–148
Discovery Protocol, 121 shares, limits, and reservations,
disk groups, 50 145–146
disk mode settings, VMs (virtual machines), use cases, 144
590 rules, 142–143
disk shrinking, 270–271 SDRS (Storage DRS)
disks, virtual, 35, 81 anti-affinity rules, 85
Distributed Firewall (DFW), 280 automation levels, 84
distributed port groups, 105 datastore cluster requirements, 85
configuration, 341–342 initial placement and ongoing
port monitoring in, 357 balancing, 83
Distributed Power Management (DPM), 7, load balancing, 83
24, 156–157 management of, 449–452
Distributed Resource Scheduler. See DRS NIOC (Network I/O Control) versus,
(Distributed Resource Scheduler) 86
DMA (direct memory access), 349 recommendations, 84–85
DNS (Domain Name System), 21–22 SIOC (Storage I/O Control) versus,
domains 86, 452–454
DNS (Domain Name System), 21–22 thresholds and behavior, 84
repointing vCenter Server to, 565–569 virtual machine distribution, 140
DoS (denial-of-service) attacks, 272 virtual machine initial placement,
double-encapsulation attacks, 100 140–141
DPM (Distributed Power Management), 7, virtual machine scores, 142, 389
24, 156–157 DVD/CD-ROM drives, 186
DPUs (data processing units), 15–16, 95 dynamic link aggregation, 118–119,
DRS (Distributed Resource Scheduler) 350–354
automation modes, 139
cluster creation, 372–374 E
affinity/anti-affinity rules, 373–374 eager zeroed thick virtual disks, 81
Predictive DRS, 156, 374 Edge, VMware support for, 23
resource pools, 372–373 editing. See also configuration
description of, 7 host profiles, 322–323
evacuation workflow, 141 OVF (Open Virtual Format) templates,
memory metric for load balancing, 140 594
migration sensitivity, 143–144 permissions, 478–479
network-aware DRS, 140 SSO identity sources, 310
NVM (non-volatile memory) support, Egress Traffic Shaping, 359
141 EKs (endorsement keys), 277
654 elastic port allocation

elastic port allocation, 117 host configuration scripts, 485–487

Embedded Harbor Registry, 212 host profiles. See host profiles
embedded_vCSA_on_ESXi.json, 306 MOB (managed object browser),
embedded_vCSA_on_VC.json, 306 491–492
embedded_vCSA_replication_on_ESXi. overview of, 483–484
json, 306 passwords and account lockout,
embedded_vCSA_replication_on_VC.json, 487–489
306 PCI and PCIe devices, 491
EMC RecoverPoint, 227 shell security, 489–491
Encrypted vSphere vMotion, 276–277 SSH (Secure Shell), 489–491
encryption host networking management with vDS
Encrypted vSphere vMotion, 276–277 host addition to vDS, 354–355
VMs (virtual machines), 189, 273–276, host removal, 356–357
508–510, 589 network adapter management,
vSAN, 61, 434–437 355–356
endorsement keys (EKs), 277 network adapter migration to vDS,
Enhanced Linked Mode, 12, 476 356
enhanced resource pool reservation, 147 networking policies and advanced
Enhanced vMotion Compatibility. See EVC features, 359–361
(Enhanced vMotion Compatibility) port monitoring in distributed port
ephemeral binding, 117 groups, 357
erasure coding, 58, 59–60 virtual machine migration to vDS, 357
ESA (Express Storage Architecture), 47, 63 hosts
esxcli commands, 460–462, 486–487 acceptance levels, 497–498
esxcli network ip ipsec sa add, 267 advanced system settings, 325–327
esxcli rdma iser add, 455 certificates, 245
esxcli storage core claimrule add, configuration, 324–325
457–458 definition of, 173–174
esxcli storage hpp device set, 458 DNS resolution, 21–22
esxcli network namespace, 486 dynamic link aggregation, 118–119,
esxcli storage namespace, 486 350–354
ESXi, 243, 357 firewalls, 494–495, 548–549
base image, 540 health checks, 390–391
CBT (Change Block Tracking), 225 host access, 261
certificates, 243, 481–483 host configuration scripts, 485–487
clusters. See clusters host networking with vDS, 354–361
commands, 455, 457–458, 486–487 installation, 290–301
compute and system requirements, 14–16 joining to directory services, 260
DirectPath I/O, 122, 347 kernel options, 325–327
ESXi Shell, 258 lifecycle management with vLCM,
firmware updates, 542–544 532–546
general security recommendations Maintenance Mode, 301
hardening guidelines, 484–485 management, 499–500, 547–549
 Extended Statistics option, VAAI NAS primitives 655

moving into clusters, 254 privileges, 498–499

overview of, 21–22 Secure Boot, 261–262
permissions, 323 security profiles, 258–260
privileges, 498–499 smart card authentication, 501
profiles, 7, 175–176, 321–323, TPM (Trusted Platform Module),
484–485, 524 261–262, 502–503
resource management and monitoring, UEFI Secure Boot, 501–502
390–391 VIB acceptance levels, 497–498
syslog data collection with Aria for vSphere Authentication Proxy, 260,
Logs, 217–218 500
time synchronization with NTP vTA (vSphere Trust Authority), 263
(network time protocol), 22 storage requirements, 17
TPM (Trusted Platform Module), upgrading, 530
502–503 VLAN support, 97
UEFI Secure Boot, 501–502 ESXTOP, 396–399
vSAN hardware requirements, 25–26 EtherChannels (LAGs), 95, 350–354
vSphere+ 213–214 evacuation workflow, DRS (Distributed
log files, 405–407 Resource Scheduler), 141
namespaces, 486 EVC (Enhanced vMotion Compatibility),
network requirements, 20–21 135–139
networking security recommendations, configuration
492–494 EVC modes for AMD hosts, 138–139
Auto Deploy, 493 EVC modes for Intel hosts, 136–137
CIM (Common Information Model) EVC modes for VMs (virtual
access, 493–494 machines), 603
web proxy settings, 492 EVC modes for vSphere clusters, 372
Quick Boot, 542 overview of, 135–136
security requirements for, 136
Active Directory, 499–500 events
built-in features, 257–258 monitoring and management, 400–402
ESXi firewall, 494–495 streaming to remote syslog server,
ESXi services, 495–496 401–402
firewall ports, 259–260 system event log, 401
general security recommendations, viewing, 400
483–492 exam preparation
host acceptance levels, 497–498 exam-day tips, 614–616
host access, 261 pre-exam activities, 613–614
hosts, joining to directory services, 260 expanding vSAN clusters, 424–426
Lockdown Mode, 496–497 expiration, certificates, 483
log files, 503 exporting cluster images, 544–545
MOB (managed object browser), 261 Express Storage Architecture (ESA), 47, 63
networking security recommendations, Extended Copy (XCOPY), 71
492–494 Extended Statistics option, VAAI NAS
password hardening, 260 primitives, 72
656 failback

F FIPS (Federal Information Processing

failback, 359 Standards), 507
failover. See multipathing and failover Firefox, VMware support for, 23
failure firewalls, 266
definition of, 149 DFW (Distributed Firewall), 280
Failure Tolerance Method policy, 82 ESXi, 494–495, 548–549
FTT (failures to tolerate), 143 ports, 259–260
vSphere HA response to, 150 VMware NSX, 280–281
Fast File Clone/Native Snapshot Support firmware updates, ESXi, 542–544
option, VAAI NAS primitives, 71 First Class Disk (FCD), 44
fault domains, vSAN, 64–65, 428 fixed port allocation, 117
Fault Tolerance. See FT (Fault Tolerance) Flash Read Cache Reservation policy, 82
FC (Fibre Channel), 35, 44–45, 76, 189 flat files, 183
FCD (First Class Disk), 44 Flexible Launch Control (FLC) mode, 508
FC-NVMe (NVMe over Fibre Channel), folders, definition of, 172
455 Force Provisioning policy, 82
FCoE (Fibre Channel over Ethernet), 36 Forged Transmits option, network security
fdm.cfg file, 153 policies, 103
Federal Information Processing Standards FQDNs (fully qualified domain names),
(FIPS), 507 21–22, 521, 553
Fibre Channel (FC), 35, 44–45, 76, 189 FSVMs (file service virtual machine), 61–62
Fibre Channel over Ethernet (FCoE), 36 FT (Fault Tolerance), 157–161
file service virtual machines (FSVMs), description of, 7
61–62 legacy, 524
File Service, vSAN vSphere HA clusters, 377
management and configuration, 439–440 FTT (failures to tolerate), 143
overview of, 61–62 Full File Clone option, VAAI NAS
file-based backup and restore, 23 primitives, 71
file-based persistent volumes, 53 fully qualified domain names (FQDNs),
files. See also log files 21–22, 521, 553
boot.cfg, 293
fdm.cfg, 153 G
kickstart, 293 Get-DeployCommand, 299
snapshot, 184–185 Get-DeployMachineIdentity, 300
VM (virtual machine) Get-DeployOption, 300
configuration files, 179 Get-DeployRule, 299
file structure, 178–179 Get-DeployRuleSet, 299
snapshot files, 180 Get-VM cmdlet, 600
virtual disk files, 180 Get-VMHost, 487
filters Get-VMHostAttributes, 300
I/O, 39 Get-VMHostImageProfile, 300
multicast, 120–121 Get-VMHostMatchingRules, 299
storage protection, 446 global permissions
 host networking management with vDS 657

definition of, 250–251 vDS (vSphere Distributed Switches),

management of, 478 119–120
Google Chrome, VMware support for, 23 health states, 51, 553
GPUs (graphics processing units), VM heartbeats, vSphere HA, 151
configuration for, 601–603 Hewlett-Packard Integrated Lights-Out
graphical user interface (GUI), 297, (iLO), 156–157
302–305 high availability, 24
graphics processing units (GPUs), VM vCenter HA
configuration for, 601–603 clusters, 12–13, 564–565
GRID model, 601–603 overview of, 161
groups vSphere HA
authentication and authorization, admission control, 151–152
476–477 advanced options, 153
LAGs (link aggregation groups), 95, benefits of, 148–149
350–354 best practices, 155
port groups capacity reservation, 423
distributed, 341–342 cluster configuration, 374–378
standard, 336–338 description of, 7
SSO (single sign-on), 314–315 heartbeats, 151
guest OS Proactive HA, 155
customizing, 582 Proactive HA (High Availability), 7,
upgrade rollbacks, 182 155, 376
guest user mapping, 594 requirements for, 149–150
GUI (graphical user interface), 297, response to failures, 150
302–305 virtual machine settings, 153–154
VM monitoring settings, 154–155
H VMCP (Virtual Machine Component
hard disks, 186 Protection), 154
hardening vSAN and vSphere HA configuration,
ESXi passwords, 260 422–423
guidelines for, 484–485 vSphere requirements, 6, 24–25
VMs (virtual machines), 269 High-Performance Plug-in (HPP), 45–46
hardware Horizon, 201, 222–223
compatibility checks, 544 Host Agent, 11
health checks, 390–391 Host Isolation Response Shutdown setting,
VM hardware configuration, 586–592 vSphere HA, 153
vSAN requirements, 65–66 host limits, virtual machine migration, 193
HCI (hyperconverged infrastructure) host networking management with vDS,
technology, 227–229 354–361
HCX (Hybrid Cloud Extension), 229–231 host addition to vDS, 354–355
health checks host removal, 356–357
Skyline Health, 390–391 network adapter management, 355–356
network adapter migration to vDS, 356
658 host networking management with vDS

networking policies and advanced virtual machine migration to vDS, 357

features, 359–361 installation, 290–301
port monitoring in distributed port Auto Deploy, 296–301, 493
groups, 357 interactive installation, 290–292
virtual machine migration to vDS, 357 scripted installation, 292–296
host profiles, 175–176 joining to directory services, 260
configuration, 321–323 lifecycle management with vLCM,
applying, 321–322 532–546
applying ESXi host permissions with, backup and restore scenarios, 544–545
323 baselines and images, 536–542
editing, 322–323 cluster images, importing/exporting,
ESXi configuration with, 321, 484–485 544–545
description of, 7 ESXi firmware updates, 542–544
host_wipe_vsan_disks command, 431 ESXi Quick Boot, 542
host-based failover with iSCSI, 76 hardware compatibility checks, 544
hostd, 547 overview of, 532–535
hosts, 21–22 remediation settings, 534
acceptance levels, 497–498 terminology for, 539
certificates, 245 UMDS (Update Manager Download
configuration Service), 535–536
advanced system settings, 325–327 virtual machine upgrades, 546
common ESXi host settings, 324–325 Maintenance Mode, 301
kernel options, 325–327 management, 547–549
definition of, 173–174 managing with Active Directory, 499–500
DNS resolution, 21–22 moving into clusters, 254
dynamic link aggregation, 118–119, permissions, 323
350–354 privileges, 498–499
firewalls, 494–495, 548–549 profiles, 175–176, 484–485, 524
health checks, 390–391 applying, 321–322
host access, 261 applying ESXi host permissions with,
host configuration scripts, 485–487 323
host networking management with vDS, compatibility, 524
354–361 configuration, 321–323, 484–485
host addition to vDS, 354–355 definition of, 175–176
host removal, 356–357 description of, 7
network adapter management, editing, 322–323
355–356 EXSi configuration with, 321
network adapter migration to vDS, resource monitoring and management,
356 390–391
networking policies and advanced fea- syslog data collection with Aria for Logs,
tures, 359–361 217–218
port monitoring in distributed port time synchronization with NTP (network
groups, 357 time protocol), 22
 installation 659

TPM (Trusted Platform Module), images

502–503 cluster images, importing/exporting,
UEFI Secure Boot, 501–502 544–545
vSAN hardware requirements, 25–26 vLCM (vSphere Lifecycle Manager),
vSphere+213–214 536–542
hot clones, 199 importing cluster images, 544–545
HPE iLO Amplifier, 543 Incompatible clusters, 542
HPP (High-Performance Plug-in), 45–46 independent hardware iSCSI adapter, 454
HTML5, 23 infrastructure requirements, vSphere
hybrid cloud, 27 compute and system, 14–16
Azure VMware Solution, 231 high availability, 6, 24–25
HCX (Hybrid Cloud Extension), network, 17–21
229–231 for optional components and add-ons,
VCF (VMware Cloud Foundation), 23–24
227–229 SDDC (software-defined data center),
Hybrid Cloud Extension (HCX), 229–231 25–26
hyperconverged infrastructure (HCI) storage, 16–17
technology, 227–229 supporting infrastructure services, 21–23
hypervisor-based replication, 224–226 vSphere replication, 6, 24
Ingress Traffic Shaping, 359
I installable core vSphere components, 6
IDE (Integrated Drive Electronics) installation. See also configuration;
interfaces, 186 management; VMware product
Identity Federation, 316–318 integration
identity sources ESXi
Active Directory, 311–313 compute and system requirements,
LDAP, 313 14–16
SSO (single sign-on), 310 network requirements, 20–21
IEEE (Institute of Electrical and storage requirements, 17
Electronics Engineers) ESXi hosts
802.1ax, 95 Auto Deploy, 296–301, 493
802.1q, 97, 106 interactive installation, 290–292
802.3ad, 95, 101, 108 scripted installation, 292–296
IEEE 802.1ax, 95 SSO (single sign-on)
IEEE 802.1Q, 97 Active Directory identity sources,
IEEE 802.3ad, 95 311–313
IETF (Internet Engineering Task Force) LDAP identity sources, 313
Requests for Comments, 94 overview of, 309–310
IGMP (Internet Group Management policies, 315–316
Protocol), 121 SSO identity sources, 310
iLO Amplifier, 543 users, enabling/disabling, 314–315
Image Builder PowerCLI, 297 vCenter Server components
image profiles, 297
660 installation

PSC (Platform Services Controller), SRM (Site Recovery Manager),

301–302 226–227
SSO (single sign-on), 309–316 vSphere Replication, 224–226
vCenter Server database, 301 storage, 69–75
VCSA (vCenter Server Appliance), VAAI (vSphere APIs for Array
302–307 Integration), 70–72
VMCA (VMware Certificate VASA (vSphere APIs for Storage
Authority), 307–309 Awareness), 69–70
VMware Tools, 189, 578–580 vVols (virtual volumes), 72–75
vSphere VMware NSX Data Center (NSX),
ESXi hosts, 290–301 232–233
Identity Federation, 316–318 VMware NSX-T Data Center (NSX-T),
initial configuration, 318–327 232–233
vCenter Server components, 301–307 vSphere add-ons
instant clones, 200–201 overview of, 208
Institute of Electrical and Electronics vCenter Converter (Converter
Engineers. See IEEE (Institute Standalone), 214–215
of Electrical and Electronics VMware Skyline, 215–216
Engineers) vSphere Replication, 215
Integrated Drive Electronics (IDE) vSphere with Tanzu, 208–213, 521–523
interfaces, 186 vSphere+ 213–214
Integrated Lights-Out (iLO), 156–157 Intel FlexMigration, 136
integration Intel hosts, EVC (Enhanced vMotion
Aria Suite Compatibility) modes for, 136–137
Aria Automation, 218–219 Intel Software Guard Extensions (SGX),
Aria for Logs, 217–218 278–279, 507–508
Aria Operations, 216–217 Intelligent Platform Management Interface
Aria Operations for Networks, (IPMI), 156–157
220–221 interactive ESXi installation, 290–292
Aria Orchestrator, 219–220 Interconnect service, VMware Hybrid
cloud computing Cloud Extension, 229
HCX (Hybrid Cloud Extension), Internet Group Management Protocol
229–231 (IGMP), 121
VCF (VMware Cloud Foundation), Internet Protocol Flow Information Export
227–229 (IPFIX), Aria Operations support
VMC (VMware Cloud) on AWS, 231 for, 221
desktop and application virtualization Internet Protocol Security (IPsec), 266–267
App Volumes, 223 Internet SCSI (iSCSI)
Horizon, 222–223 management of, 454–455
networking and security, 232–233 overview of, 35–36
replication and disaster recovery inventory
definition of, 171
 LACP (Link Aggregation Control Protocol) 661

hierarchy and objects, 171–173, 246–248 J

vCenter Server, 319–321 JSON (Javascript Object Notation)
I/O (input/output) templates, 306
DirectPath I/O, 122, 347 jumbo frames, 100
I/O filters, 39 just-in-time (JIT) delivery, 222–223
IOMMU ( I/O memory management
unit), 122, 349 K
IOVP (VMware-I/O Vendor Program),
KEK (Key Exchange Key), 270
75
KEKs (key encryption keys), 61, 274
NIOC (Network I/O Control), 86,
kernel, ESXi, 325–327
108–109, 344–345, 524
Key Management Interoperability Protocol
SIOC (Storage I/O Control), 86,
(KMIP), 23, 274, 434–436
452–454
key management server (KMS), 61, 263,
SR-IOV (single root I/O virtualization),
434–436, 503–504
123–125, 347–349
Key Management Services (KMS), 23
VAIO (vSphere APIs for I/O Filtering),
keyboards, 186
70, 275
keys
IOFilter, 275
DEKs (data encryption keys), 61, 274
IOMMU (I/O memory management unit),
KEK (Key Exchange Key), 270
349
KEKs (key encryption keys), 61, 274
IOPS Limit for Object policy, 83
KMIP (Key Management
IOVP (VMware-I/O Vendor Program), 75
Interoperability Protocol), 23, 274,
IP (Internet Protocol), 125–126
434–436
addresses, 94, 553
KMS (key management server), 23, 61,
IP hash NIC teaming, 101–102
263, 434–436, 503–504
IPFIX (Internet Protocol Flow Information
PKI (public key infrastructure), 240
Export), Aria Operations support
SSH (Secure Shell), 491
for, 221
kickstart file, 293
IPMI (Intelligent Platform Management
KMIP (Key Management Interoperability
Interface), 156–157
Protocol), 23, 274, 434–436
IPsec (Internet Protocol Security), 266–267
KMS (key management server), 23, 61, 263,
iSCSI (Internet SCSI)
434–436, 503–504
iSCSI Extensions for RDMA, 36
Kmxd, 258
iSCSI over RDMA. See iSER (iSCSI
Kubernetes, 53
Extensions for RDMA)
Aria Automation and, 219
iSER (iSCSI Extensions for RDMA), 36,
clusters, 208–211
455
storage, 43–44
management of, 454–455
overview of, 35–36
iSER (iSCSI Extensions for RDMA), 36,
L
455 labs, VMware Hands-on Labs, 613
isolated secondary PVLANs, 113 LACP (Link Aggregation Control
isolation, 149, 266 Protocol), 95, 118–119
662 LAGs (link aggregation groups)

LAGs (link aggregation groups), 95, link aggregation groups (LAGs), 95,
350–354 350–354
LANs, virtual. See VLANs (virtual LANs) linked clones, 182, 200
latency sensitivity, VMs (virtual machines), load balancing, 359
395 DRS (Distributed Resource Scheduler),
lazy zeroed thick virtual disks, 81 140
LCM (Lifecycle Manager), 52, 219, 228, SDRS (Storage DRS), 83
318–319. See also vLCM (vSphere load-based NIC teaming, 108
Lifecycle Manager) Load-Based Teaming Daemon, 258
LDAP (Lightweight Directory Access local storage, 35
Protocol), 11, 309, 313 Lockdown Mode, ESXi, 496–497
least significant bit (LSB), 101 lockout policy, 316
legacy fault tolerance, 524 Log Assist (Skyline), 215
legacy hosts, SSL certificate verification for, log files
561 Aria for Logs, 217–218
libraries, content, 603 ESXi, 405–407, 503
adding items to, 608 limiting number of, 271
authentication, 605 log levels, 408–409
creating, 604–605 monitoring and management, 405–412
definition of, 604 system event log
deploying VMs with, 608–609 configuration, 409–410
managing VM templates in, 609 streaming events to, 401–402
overview of, 176–178 viewing, 401
permissions, 606–607 vRLI (vRealize Log Insight), 411–412
publishing, 605 vCenter Server, 407–408
subscribing to, 606 VMware Skyline, 215
synchronization options, 607 vSAN, 68
versioning, 177 logical unit numbers (LUNs), 35
License Service, 11 LSB (least significant bit), 101
licenses LUNs (logical unit numbers), 35
vSAN, 67–68, 421–422 LZ4, 58
vSphere, 8–9
LicenseSevice.Administrators group, 315 M
Lifecycle Manager (LCM), 52, 219, 228, MAC (media access control) addresses,
318–319. See also vLCM (vSphere 102–103
Lifecycle Manager) definition of, 94
Lightweight Directory Access Protocol network security policies and, 102–103
(LDAP), 11, 309, 313 MAC Address Changes option, network
line charts, 379 security policies, 103
Link Aggregation Control Protocol Machine certificate store, 244
(LACP), 95, 118–119 machine learning (ML), 601
link aggregation groups, 350–354 machine SSL certificates, 243
 management 663

Machine SSL store (MACHINE_SSL_ remediation settings, 534

CERT), 307 terminology for, 539
Maintenance Mode UMDS (Update Manager Download
ESXi hosts, 301 Service), 535–536
vSAN, 426–428 virtual machine upgrades, 546
managed object browser (MOB), 261, ESXi host networking with vDS
491–492 host addition to vDS, 354–355
management. See also configuration; host removal, 356–357
installation network adapter management,
certificates 355–356
custom, 480–481 network adapter migration to vDS,
ESXi, 481–483 356
vSphere Client, 479–480 networking policies and advanced
clusters features, 359–361
configuring with Quickstart, 369–371 port monitoring in distributed port
creating, 368 groups, 357
EVC mode, 372 virtual machine migration to vDS, 357
vCenter HA, 564–565 ESXi security
vSphere DRS, 372–374 Active Directory, 499–500
vSphere HA, 374–378 ESXi firewall, 494–495
content libraries ESXi services, 495–496
adding items to, 608 general security recommendations,
authentication, 605 483–492
creating, 604–605 host acceptance levels, 497–498
definition of, 604 Lockdown Mode, 496–497
deploying VMs with, 608–609 log files, 503
managing VM templates in, 609 networking security recommendations,
overview of, 176–178 492–494
permissions, 606–607 overview of, 493–494
publishing, 605 privileges, 498–499
subscribing to, 606 smart card authentication, 501
synchronization options, 607 TPM (Trusted Platform Module),
versioning, 177 502–503
data center-level, 113–114 UEFI Secure Boot, 501–502
ESXi host lifecycle management VIB acceptance levels, 497–498
backup and restore scenarios, 544–545 vSphere Authentication Proxy, 500
baselines and images, 536–542 OVA (Open Virtual Appliance) templates
cluster images, importing/exporting, adding to content libraries, 608
544–545 reverting to previous version, 609
ESXi firmware updates, 542–544 OVF (Open Virtual Format) templates
ESXi Quick Boot, 542 adding to content libraries, 608
hardware compatibility checks, 544 managing, 178, 598
overview of, 532–535 reverting to previous version, 609
664 management

SSO (single sign-on), 474–479 content libraries, 176–178, 604–609

storage infrastructure converting to templates, 581
iSCSI (Internet SCSI), 454–455 CPU affinity, 603
multipathing and failover, 460–462 creating, 576–577
NFS datastores, 447–449 deploying from templates, 253, 582
PMem devices, 458–459 disk mode settings, 590
RDMs (raw device mappings), encrypting, 589
446–447 EVC mode, 603
SDRS (Storage DRS), 449–452 guest OS customization, 582–585
SIOC (Storage I/O Control), 452–454 guest user mapping, 594
storage policies, 463–466 hardware devices, 185–187
VMFS datastores, 441–449 migration, 190–194, 596–598
VMware NVMe (Non-Volatile Open VM Tools, 578
Memory Express), 455–458 opening consoles to, 577–578
vSAN, 418–440 options, 188–189, 592–593
vVols (virtual volumes), 466–468 OVF/OVA templates, 178, 585–586,
vCenter Server 594, 598, 608
overview of, 549–550 powering on, 577
repointing to another domain, provisioning, 188, 200, 589
565–569 shutting down guests, 580
with VAMI, 550–554 snapshots, 180–185, 595–596
vCenter HA clusters, 564–565 upgrading, 546
VMCA (VMware Certificate VBS (virtualization-based security),
Authority), 307–309 598–599
with vSphere Client, 554–564 versions, 587–588
virtual networks vGPU (virtual GPU) support, 601–603
DirectPath I/O, 347 VM hardware configuration, 586–592
host networking with vDS, 354–361 VMware PowerCLI, 599–601
LAGs (link aggregation groups), 95, VMware Tools, 153, 188, 189, 221,
350–354 272, 324, 395, 524, 578–580
network resource pools, 109–111, vSAN, 86
345–346 cluster creation, 419
NIOC (Network I/O Control), cluster expansion, 424–426
108–109, 344–345 datastores, 422
port mirroring, 116, 349–350 deployment with vCenter Server, 424
private VLANs (PVLANs), 346 disabling, 423
SR-IOV (single root I/O virtualiza- disk/device management, 430–432
tion), 347–349 encryption, 434–437
VMkernel adapters, 342–343 fault domains, 428
VMs (virtual machines) File Service, 439–440
advanced options, 189 licensing, 421–422
cloning, 199–201, 580–581 Maintenance Mode, 426–428
compatibility options, 185–187, 586 manually enabling, 420–421
 ML (machine learning) 665

policies, 437–438 NVDIMMs (non-volatile dual in-line

preparation, 418 memory modules), 458
settings, 421 NVM (non-volatile memory), 141
shutdown and restart, 424 objects, 51
space efficiency, 433 PMem devices, 458–459
storage providers, viewing, 439 RDMA (Remote Direct Memory Access),
stretched clusters, 428–430 457
vSAN and vSphere HA, 422–423 NVMe over RDMA, 44–45, 455
vSphere RDMA over Converged Ethernet, 457
backup and recovery with vSphere vPMeM (Virtual Persistent Memory),
with Tanzu, 208–213, 521–523 141, 458–459
ESXi hosts, 547–549 vSAN, 66
upgrading to vSphere 8.0, 523–531 Mem-vVol, 74
vCenter Server backup, 518–521 metadata
vLCM (vSphere Lifecycle Manager), VIB (vSphere Installation Bundle), 539
532–546 VMDK file, 183
vSphere resources metrics
alarms, 402–405 virtual machine resources, 392
client performance charts, 377, vSphere resources, 378
379–383 microsegmentation, 280–281
cluster resources, 388–389 Microsoft Active Directory. See Active
events, 400–402 Directory (AD)
host resources and health, 390–391 Microsoft Azure VMware Solution, 231
logging, 405–412 Microsoft Edge, VMware support for, 23
metrics, 378 Microsoft Key Exchange Key (KEK), 270
pool resources, 389–390 Microsoft virtualization-based security
troubleshooting and optimization, (VBS), 598–599
383–387 Microsoft Windows Perfmon, 395
vCenter Server resources, 399 migration
virtual machine resources, 392–399 DRS (Distributed Resource Scheduler)
Managing Host and Cluster Lifecycle migration sensitivity, 143–144
documentation, 371 host physical network adapters to vDS,
man-in-the-middle (MITM) attacks, 265 356
mapping VM guest users, 594 Storage vMotion, 197–199
Maximum per-VM Resets setting, vSphere vCenter Server for Windows to vCenter
HA, 155 Server Appliance, 528–530
maximum round-trip time (RTT), 26 virtual machines to vDS, 357
maximum transmission units. See MTUs vMotion, 194–197
(maximum transmission units) VMs (virtual machines), 190–194, 254,
media access control. See MAC (media 596–598
access control) addresses mirroring, port, 116, 349–350
memory, 186 MITM (man-in-the-middle) attacks, 265
files, 184 ML (machine learning), 601
666 MLD (Multicast Listener Discovery)

MLD (Multicast Listener Discovery), 121 MTUs (maximum transmission units)

MOB (managed object browser), 261, overview of, 100
491–492 vSS (vSphere Standard Switches), 335
Mobility Groups service, VMware Hybrid multicast brute-force attacks, 100
Cloud Extension, 229 multicast filtering mode, 120–121
Mobility Optimized Networking (MON), Multicast Listener Discovery (MLD), 121
230 multipathing and failover, 76
models, storage esxcli commands for, 460–462
software-defined storage, 38–39 failover types, 76
storage virtualization, 34–38 management of, 460–462
virtual machine storage, 34 MPPs (multipathing plug-ins), 76
MON (Mobility Optimized Networking), NMP (Native Multipathing Plug-in)
230 PSPs (Path Selection Plug-ins), 78–79
monitoring SATPs (Storage Array Type Plug-ins),
applications in vSphere HA clusters, 376 77–78
ports, 115–117, 357 VMware NMP, 76–77
vCenter Server overview of, 75–76, 359
overview of, 549–550 PSA (Pluggable Storage Architecture),
repointing to another domain, 76–80
565–569 multipathing plug-ins (MPPs), 76
with VAMI, 550–554
with vSphere Client, 554–564 N
vDS (vSphere Distributed Switches), 111 names, inventory objects, 171
VMs (virtual machines), 376 namespaces, 50, 486
vSphere HA, 154–155 NAS (network-attached storage), 36, 71–72
vSphere resources Native Multipathing Plug-in (NMP), 76–77
alarms, 402–405 PSPs (Path Selection Plug-ins), 78–79
client performance charts, 377, SATPs (Storage Array Type Plug-ins),
379–383 77–78
cluster resources, 388–389 VMware NMP, 76–77
events, 400–402 NetFlow
host resources and health, 390–391 configuration, 340–341
logging, 405–412 policies, 111
metrics, 378 network adapters, 186
pool resources, 389–390 Network Extension service, VMware
troubleshooting and optimization, Hybrid Cloud Extension, 229
383–387 network failure detection, 359
vCenter Server resources, 399 Network File System. See NFS (Network
virtual machine resources, 392–399 File System)
Monterey project, 114 network interface cards. See NICs (network
mounting datastores, 444 interface cards)
Mozilla Firefox, VMware support for, 23 Network I/O Control (NIOC), 86,
MPPs (multipathing plug-ins), 76 108–109, 344–345, 524
 networks 667

network limits, virtual machine migration, vDS (vSphere Distributed Switches),

192–193 106–112
network offloads compatibility, 114–115, vSS (vSphere Standard Switches),
338 100–104
network policies resource pools. See resource pools
vDS (vSphere Distributed Switches), security
106–112 Auto Deploy, 493
load-based NIC teaming, 108 CIM (Common Information Model)
NetFlow and monitoring, 111 access, 493–494
port-blocking, 108 firewalls, 266
resource allocation, 108–111 general recommendations, 267–268
traffic filtering and marking, 111–112 IPsec (Internet Protocol Security),
traffic shaping, 107 266–267
vSS (vSphere Standard Switches), network security policies, 268
100–104 segmentation and isolation, 266
network resource pools. See resource pools web proxy settings, 492
network time protocol. See NTP (network SR-IOV (single root I/O virtualization),
time protocol) 123–125
network-attached storage (NAS), 36, 71–72 TCP/IP stacks, 125–126
network-aware DRS (Distributed Resource terminology for, 94–95
Scheduler), 140 TSO (TCP Segmentation Offload), 122
networks, 350–354 vDS (vSphere Distributed Switches)
Aria Operations for Networks, 220–221 data center-level management,
CDP (Cisco Discovery Protocol), 121 113–114
definition of, 174 distributed port groups, 105
DirectPath I/O, 122, 347 health checks, 119–120
host networking management with vDS LACP (Link Aggregation Control
host adition to vDS, 354–355 Protocol), 118–119
host removal, 356–357 network offloads compatibility,
network adapter management, 114–115
355–356 network policies, 106–112
network adapter migration to vDS, overview of, 104
356 port binding and allocation, 117
networking policies and advanced port mirroring, 116, 349–350
features, 359–361 port state monitoring, 115–117
port monitoring in distributed port PVLANs (private VLANs), 113
groups, 357 uplink port groups, 105–106
virtual machine migration to vDS, 357 vSS compared to, 106
multicast filtering mode, 120–121 virtual, 18
opaque, 18, 95 DirectPath I/O, 122, 347
physical, 18, 94 host networking management with
policies vDS, 354–361
668 networks

LAGs (link aggregation groups), 95, vDS (vSphere Distributed Switches),

350–354 108
network resource pools, 109–111, vSS (vSphere Standard Switches),
345–346 101–102
NIOC (Network I/O Control), vNICs (virtual NICs), 96
108–109, 344–345 NIOC (Network I/O Control), 86,
port mirroring, 116, 349–350 108–109, 344–345, 524
PVLANs (private VLANs), 113, 346 NMP (Native Multipathing Plug-in), 76–77
SR-IOV (single root I/O virtualiza- PSPs (Path Selection Plug-ins), 78–79
tion), 123–125, 347–349 SATPs (Storage Array Type Plug-ins),
vDS (vSphere Distributed Switches), 77–78
104–120, 338–342 VMware NMP, 76–77
VLANs (virtual LANs), 97–98, 104, No Access privileges, 249, 498
113, 346 Non-Compliant clusters, 541
VMkernel networking, 125–126, Non-offloading mode before NSX is
342–344 enabled (vDS), 115
VMware NSX Data Center (NSX), non-volatile dual in-line memory modules
232–233 (NVDIMMs), 187, 458
VMware product integration, 232–233 Non-Volatile Memory Express. See NVMe
vSS (vSphere Standard Switches), (Non-Volatile Memory Express)
98–104, 334–338 non-volatile memory (NVM), DRS
vNICs (virtual NICs), 96 (Distributed Resource Scheduler)
vSAN support, 67 support for, 141
vSphere requirements, 17–21 Normal Lockdown Mode, 496
vSS (vSphere Standard Switches) notify switches, 359
configuration, 334–336 NPIV (N-Port ID Virtualization), 189
MTUs (maximum transmission units), N-Port ID Virtualization (NPIV), 189
100 NSX, 7, 18, 26, 232–233, 280–281
network policies, 100–104 NSX-T, 232
overview of, 98–100 NTP (network time protocol), 22, 258
standard port groups, 336–338 ntpd, 547
vDS compared to, 106 Number of Disk Stripes per Object policy,
New Virtual Machine wizard, 577 82
New-DeployRule, 299 NVDIMMs (non-volatile dual in-line
NFS (Network File System) memory modules), 187, 458
datastores NVIDIA BlueField, 15, 338–339
management of, 447–449 NVIDIA vGPU (GRID), 601–603
overview of, 41–43 NVM (non-volatile memory), DRS support
overview of, 36 for, 141
NICs (network interface cards) NVMe (Non-Volatile Memory Express),
hardware accelerators, 95 44–46
teaming policies controllers, 187
Hot-Plug, 52
 Pearson Vue 669

management of, 455–458 OVA (Open Virtual Appliance) templates,

NVMe over Fabrics, 455, 456 585–586
NVMe over Fibre Channel, 455 adding to content libraries, 608
NVMe over PCIe, 455 reverting to previous version, 609
NVMe over Remote Direct Memory OVF (Open Virtual Format) templates, 178
Access, 455, 457 adding to content libraries, 608
deploying, 585–586
O editing, 594
Object Space Reservation policy, 82 managing, 598
object state, 51 reverting to previous version, 609
object-based storage, 50
objects, inventory, 171–173 P
Observer, vSAN, 51–52 parallel ports, 186
OEMs (original equipment manufacturers), parent snapshots, 183
539, 540 partitions, 149
offline bundle/offline depot, 539 PartnerSupported VIBs, 498
Offloading mode after NSX is enabled Passive node, vCenter HA clusters, 12–13
(vDS), 115 passwords
OIDC (OpenID Connect), 209 ESXi, 260, 487–489
OMIVV (OpenManage Integration for policy, 264, 315
VMware vCenter Server), 543 patching
opaque networks, 18, 95 definition of, 539
Open Virtual Appliance templates. See OVA vCenter Server
(Open Virtual Appliance) templates with VAMI, 561–563
Open Virtual Format templates. See OVF with vCenter Server Appliance shell,
(Open Virtual Format) templates 563–564
Open VM Tools, 578 path failover. See multipathing and failover
OpenID Connect (OIDC), 209 Path Selection Plug-ins (PSPs), 78–79
OpenLDAP, 11, 246, 309, 313 PCE devices, 187
OpenManage Integration for VMware PCI (Peripheral Component Interconnect)
vCenter Server (OMIVV), 543 devices, 186, 491
OpenWSMAN daemon, 260 PCIe (Peripheral Component Interconnect
Operations Manager, Aria, 216–217 Express) devices
optimization, vSphere resource ESXi security recommendations, 491
performance, 383–387 NVMe (Non-Volatile Memory Express)
Orchestrator, Aria, 219–220 over PCIe, 44
original equipment manufacturers (OEMs), SR-IOV (single root I/O virtualization),
539, 540 123–125, 347–349
Original Storage Architecture (OSA), 47 PC/SC Smart Card Daemon, 258
OS Assisted Migration service, 230 PDL (permanent device loss), 154
OSA (Original Storage Architecture), 47 Peak Bandwidth option, traffic shaping
OSs (operating systems), guest, 253, 582 policy, 104
Other-vVol, 74 Pearson Vue, 614
670 Pensando Distributed Services Card (Pensando DSC)

Pensando Distributed Services Card vCenter Server application of, 255–257

(Pensando DSC), 15 required permissions for common tasks,
Pensando network offloads compatibility, 252–254
338–339 setting, 477–478
Perfmon, 395 validation settings, 504
performance charts, client vCenter Server application of, 255–257
advanced performance charts, 381–383 persistent logging, 68
definition of, 377 persistent storage providers, 69
types of, 379 PEs (protocol endpoints), 73
views, 379–380 PFTT (Primary Level of Failures to
performance counters, 272 Tolerate), 430
Peripheral Component Interconnect PFTT (Primary Level of Failures to
Express. See PCIe (Peripheral Tolerate) policy, 82
Component Interconnect Express) physical networks, 18, 94
devices PID (primary network identifier), 553
Peripheral Component Interconnect (PCI) pie charts, 379
devices, 186, 491 PKI (public key infrastructure), 240
permanent device loss (PDL), 154 Planned Migration Mode, SRM (Site
permissions Recovery Manager), 226
applying to ESXi hosts, 323 Platform Services Controller Administration,
authentication and authorization, 10
245–246 Platform Services Controller (PSC),
best practices, 251–252 301–302
content libraries, 606–607 Pluggable Storage Architecture (PSA),
editing, 478–479 76–80, 460
ESXi hosts, 323 plug-ins
global HPP (High-Performance Plug-in), 45–46
definition of, 250–251 MPPs (multipathing plug-ins), 76
management, 478 NMP (Native Multipathing Plug-in)
inventory hierarchy and objects, 246–248 PSPs (Path Selection Plug-ins), 78–79
management, 504 SATPs (Storage Array Type Plug-ins),
permission validation settings, 504 77–78
permissions diagram, 250 VMware NMP, 76–77
privileges and roles PSPs (Path Selection Plug-ins), 78–79
best practices, 251–252 SATPs (Storage Array Type Plug-ins),
configuration, 477 77–78
creating, 477 vCenter Server plug-ins, 10
ESXi hosts, 498–499 VMware Enhanced Authentication
management, 477, 498–499 Plug-in, 307
required permissions for common PMem devices, 458–459, 577
tasks, 252–254 pointing devices, 188
types of, 248–250 policies
vCenter Server, 265 network
 Promiscuous Mode, network security policies 671

host networking management with PowerCLI, 51, 297

vDS, 359–361 host management with, 487
security, 268 VM management with, 599–601
vDS (vSphere Distributed Switches), powering on VMs (virtual machines), 577
106–112 practice exams, 614
vSS (vSphere Standard Switches), Predictive DRS, 156, 374
100–104 preparation, exam
SSO (single sign-on), 315–316 exam-day tips, 614–616
storage, 80–83 pre-exam preparation, 613–614
management of, 463–466 Primary Level of Failures to Tolerate
SPBM (Storage Policy Based (PFTT), 82, 430
Management), 81 primary network identifier (PID), 553
virtual disk types, 81 primitives, storage, 70–72
vSAN-specific, 81–83 private cloud
vCenter Server, 264 Azure VMware Solution, 231
vDS (vSphere Distributed Switches), VMware Hybrid Cloud Extension
106–112 (HCX), 229–231
VMs (virtual machines), 589 private VLANs (PVLANs), 113, 346
vSAN, 69, 437–438 privileges
vSS (vSphere Standard Switches), configuration, 477
100–104 ESXi hosts, 498–499
pools, network resource, 345–346 management, 477, 498–499
ports types of, 248–250
binding and allocation, 117 vCenter Server, 265
distributed, 105 Proactive HA (High Availability), 155
ESXi, 20–21 configuration, 376
firewall, 259–260 description of, 7
mirroring, 115–117, 349–350 product integration. See VMware product
parallel, 186 integration
port-blocking policies, 108 profiles
serial, 187 ESXi security, 258–260
state monitoring, 115–117 host, 484–485, 524
vCenter Server, 19–20 applying, 321–322
virtual machine port groups applying ESXi host permissions with,
distributed, 105, 341–342, 357 323
standard, 336–338 definition of, 175–176
uplink, 105–106 description of, 7
VLAN ID range, 97–98 editing, 322–323
for vSphere Replication deployment, 225 EXSi configuration with, 321
power management image, 297
DPM (Distributed Power Management), VM risk, 272
156–157 Promiscuous Mode, network security
VMs (virtual machines), 189 policies, 103
672 promiscuous secondary PVLANs

promiscuous secondary PVLANs, 113 RecoverPoint, 227

protocol endpoints (PEs), 73 recovery. See backup and recovery
provisioning, 188 registering storage providers, 465
policies, 589 regulatory standards, compliance with,
rapid, 200 279–280
TCP/IP stack, 125 remediation settings, vLCM (vSphere
thin, 58 Lifecycle Manager), 534
PSA (Pluggable Storage Architecture), Remote Desktop Services Host (RDSH),
76–80, 460 223
PSC (Platform Services Controller), 301– Remote Direct Memory Access. See RDMA
302 (Remote Direct Memory Access)
PSPs (Path Selection Plug-ins), 78–79 Remove-DeployRule, 299
public cloud removing
Azure VMware Solution, 231 hosts from vDS, 356–357
VMware Hybrid Cloud Extension SSO identity sources, 310
(HCX), 229–231 Repair-DeployImageCache, 300
public key infrastructure (PKI), 240 Repair-DeployRulesetCompliance, 300
publishing content libraries, 605 replication. See also backup and recovery
PVLANs (private VLANs), 113, 346 RAV (Replication Assisted vMotion), 230
PXE server, 297 Replication objects, 53
SRM (Site Recovery Manager), 226–227
Q VRMS (vSphere Replication
questions, exam, 614–616 Management Service), 24, 225
Quick Boot, 542 VRS (vSphere Replication Service), 24,
Quickstart, cluster configuration with, 225
369–371, 419 vSphere Replication, 215, 224–226
vSphere requirements, 6, 24
R repointing vCenter Server to another
domain, 565–569
RAID 5/RAID 6 erasure coding, 59–60
Requests for Comments, 94
rapid provisioning with templates, 200
requirements
RAV (Replication Assisted vMotion), 230
EVC (Enhanced vMotion Compatibility),
raw device mappings (RDMs), 36–38,
136
446–447, 576, 591
FT (Fault Tolerance), 158
RDMA (Remote Direct Memory Access),
vCenter Server
457
compute and system requirements, 14
NVMe over RDMA, 44–45, 455
network requirements, 19–20
RDMA over Converged Ethernet, 457
VCSA (vCenter Server Appliance),
RDMs (raw device mappings), 36–38,
302–303
446–447, 576, 591
vSAN, 25–26, 63–68
RDSH (Remote Desktop Services Host),
vSphere
223
compute and system, 14–16
Read Only privileges, 249, 498
high availability, 6, 24–25
Ready Node, vSAN, 52
 RFB protocol 673

infrastructure services support, 21–23 system logs, uploading to VMware,

network, 17–21 407–408
for optional components and add-ons, vCenter Server, 407
23–24 vRLI (vRealize Log Insight), 411–412
SDDC (software-defined data center), metrics, 378
25–26 Predictive DRS, 156, 374
storage, 16–17 troubleshooting and optimization,
vSphere replication, 6, 24 383–387
vSphere HA, 149–150 vCenter HA, 161
reservations vCenter Server resources, 399
DRS (Distributed Resource Scheduler) vDS (vSphere Distributed Switches)
migration sensitivity, 145–146 policies, 108–111
virtual machine resources, 392–394 virtual machine resources
Reserve Space option, VAAI NAS admission control, 394
primitives, 72 ESXTOP, 396–399
resignaturing, 442–443 latency sensitivity, 395
resource management. See also resource metrics, 392
pools Microsoft Windows Perfmon, 395
alarms shares, limits, and reservations,
actions, 404 392–394
creating, 403–404 vCenter Server Management, 399
elements of, 402 VIMTOP, 399
use cases, 404–405 virtual machine configurations, 396
viewing/acknowledging, 403 VMware Tools, 153, 188, 189, 221,
client performance charts 272, 324, 395, 524, 578–580
advanced performance charts, 381–383 VMware Service Lifecycle Manager,
definition of, 377 161–162
types of, 379 resource pools, 109–111, 345–346, 389–390
views, 379–380 creating, 372–373
clusters. See clusters definition of, 173
DPM (Distributed Power Management), DRS (Distributed Resource Scheduler)
156–157 migration sensitivity
events, 400–402 enhanced resource pool reservation,
streaming to remote syslog server, 147
401–402 scalable shares, 147–148
system event log, 401 shares, limits, and reservations,
viewing, 400 145–146
FT (Fault Tolerance), 157–161 use cases, 144
host resources and health, 390–391 moving VMs to, 253
log files Restart VMs setting, vSphere HA, 153
ESXi, 405–407 restarting vSAN, 424
log levels, 408–409 restore. See backup and recovery
syslog configuration, 409–410 RFB protocol, 260
674 RFCs (Requests for Comments)

RFCs (Requests for Comments), 94 initial placement and ongoing

Risk Management Framework (RMF), 484 balancing, 83
risk profiles, VM (virtual machine), 272 load balancing, 83
RMF (Risk Management Framework), 484 management of, 449–452
RoCE (RDMA over Converged Ethernet), NIOC (Network I/O Control) versus, 86
457 recommendations, 84–85
roles SIOC (Storage I/O Control) versus, 86,
best practices, 251–252 452–454
creating, 477 thresholds and behavior, 84
required permissions for common tasks, Secondary Level of Failures to Tolerate
252–254 (SFTT) policy, 82
types of, 248–250 Secure Boot, 261–262, 270
vCenter Server application of, 255–257 Secure Shell (SSH), 258, 489–491
root users, 499 security, 474–483. See also authentication
round trip time (RTT), 67 and authorization; permissions;
Route Based on IP Hash policy, 101–102 privileges
Route Based on Originating Virtual Port certificates
policy, 101 core identity services, 241
Route Based on Source MAC Hash policy, CSR (certificate signing request), 309
101 ESXi host, 245
RTT (round-trip time), 26, 67 overview of, 240–241
Ruby vSphere Console (RVC), 51 recommended modes for, 241
runweasel command, 293 requirements for, 242–245
RVC (Ruby vSphere Console), 51 solution user certificate stores, 244
types of, 243–244
S vCenter Server, 265
SATA (Serial ATA), 15, 187 ESXi
SATPs (Storage Array Type Plug-ins), Active Directory, 499–500
77–78 built-in features, 257–258
scalable shares, DRS (Distributed Resource ESXi firewall, 494–495
Scheduler) migration sensitivity, ESXi services, 495–496
147–148 firewall ports, 259–260
scripted ESXi host configuration, 485–487 general security recommendations,
scripted ESXi installation, 292–296 483–492
SCSI controllers, 187, 591 host acceptance levels, 497–498
SCSI UNMAP commands, 58 host access, 261
SDDC (software-defined data center), hosts, joining to directory services, 260
25–27, 231 Lockdown Mode, 496–497
SDRS (Storage DRS), 83–86 log files, 503
anti-affinity rules, 85 MOB (managed object browser), 261
automation levels, 84 networking security recommendations,
datastore cluster requirements, 85 492–494
password hardening, 260
 shares 675

privileges, 498–499 DoS (denial-of-service) attacks, 272

Secure Boot, 261–262 Encrypted vSphere vMotion, 276–277
security profiles, 258–260 encryption, 273–276, 508–510, 589
smart card authentication, 501 hardening, 269
TPM (Trusted Platform Module), Intel Software Guard Extensions
261–262, 502–503 (SGX), 278–279
UEFI Secure Boot, 501–502 management of, 508–510
VIB acceptance levels, 497–498 risk profiles, 272
vSphere Authentication Proxy, 260, UEFI Secure Boot, 270
500 unexposed features, disabling, 270
vTA (vSphere Trust Authority), 263 vTPM (virtual Trusted Platform
FIPS (Federal Information Processing Module), 277–278
Standards), 507 VMware Aria Operations, 279–280
firewalls, 266 VMware NSX, 280–281
DFW (Distributed Firewall), 280 VMware NSX-T, 232–233
ESXi, 494–495, 548–549 VMware NSX-T Data Center (NSX-T),
ports, 259–260 232–233
VMware NSX, 280–281 vTA (vSphere Trust Authority), 504–506
KMS (key management server), 503–504 Security Technical Implementation Guides
network (STIGs), 484
Auto Deploy, 493 Security Token Service (STS), 10, 475
CIM (Common Information Model) segmentation, 266, 280–281
access, 493–494 Serial ATA (SATA), 15, 187
firewalls, 266 serial ports, 187
general recommendations, 267–268 server virtualization, 26
IPsec (Internet Protocol Security), Service Broker, 27, 218
266–267 Service Composer (VMware NSX), 281
network security policies, 268 Service Lifecycle Manager, 161–162
security policies, 102–103 SEsparse, 184
segmentation and isolation, 266 Set-DeployMachineIdentity, 300
web proxy settings, 492 Set-DeployOption, 300
NSX Data Center, 232–233 Set-DeployRule, 299
shell, 489–491, 563–564 Set-DeployRuleSet, 299
STIGs (Security Technical setup.exe command, 579–580
Implementation Guides), 484 Set-VMHost, 487
STS (Security Token Service), 10, 475 sfcbd, 547
TLS (Transport Layer Security), 227, SFTT (Secondary Level of Failures to
506 Tolerate) policy, 82
vCenter Server, 263–265 SGX (Software Guard Extensions),
Virtual Intel SGX (vSGX), 507–510 278–279, 507–508
VMs (virtual machines) shares
common settings, 270–272 DRS (Distributed Resource Scheduler)
device connections, 271, 273 migration sensitivity, 145–148
676 shares

virtual machine resources, 392–394 software-defined storage, 38–39

shell security, 489–491, 563–564 software-packages install --iso command,
shutdown reboot -r "patch reboot" 563
command, 564 software-packages install -staged command,
shutting down 563
VMs (virtual machines), 580 software-packages install --url command,
vSAN, 424 564
single root I/O virtualization (SR-IOV), software-packages list --history command,
123–125, 347–349 563
single sign-on. See SSO (single sign-on) software-packages list --patch command,
single-level cell (SLC) devices, 66, 68 563
SIO controllers, 187 software-packages stage --iso command,
SIOC (Storage I/O Control), 86, 452–454 563
Skyline, 215–216 software-packages stage --url command,
Skyline Advisor, 392 563
Skyline Health, 390–391 solution user certificate, 244
SLC (single-level cell) devices, 66, 68 solution user stores, 308
slpd, 547 SolutionUsers group, 314
smart card authentication, 501 space efficiency, vSAN, 58–60
smart network card (SmartNIC), 339 spanning tree attacks, 100
SmartNICs, 15–16 SPBM (Storage Policy Based Management),
SMP (symmetric multiprocessor) virtual 39, 51, 59, 81, 463
machines, 158 SR-IOV (single root I/O virtualization),
SMP-FT (Symmetric Multiprocessing Fault 123–125, 347–349
Tolerance) virtual machines, 430 SRM (Site Recovery Manager), 226–227
Snapshot delta VMDKs, 51 SSH (Secure Shell), 258, 489–491
snapshots, virtual machine SSL certificate verification for legacy hosts,
behavior of, 183–184 561
benefits of, 182–183 SSO (single sign-on), 246, 474–479
creating/managing, 595–596 configuration
limitations of, 184–185 Active Directory identity sources,
overview of, 180–182 311–313
parent, 183 LDAP identity sources, 313
required permissions, 253 overview of, 309–310
snapshot files, 180 policies, 315–316
use cases, 182 SSO identity sources, 310
SNMP Server, 259 users, enabling/disabling, 314–315
software depot, 297 enabling with Windows session authenti-
Software Guard Extensions (SGX), cation, 474–479
278–279, 507–508 Enhanced Linked Mode, 476
software iSCSI adapter, 454 STS (Security Token Service), 475
software-defined data center (SDDC), vCenter Server, 11
25–27, 231 vCenter Single Sign-On, 6, 10, 11
 storage infrastructure 677

stacked charts, 379 local storage, 35

stacks, TCP/IP management and configuration, 446–447
definition of, 94 iSCSI (Internet SCSI), 454–455
for VMkernel networking, 125–126, multipathing and failover, 460–462
343–344 NFS datastores, 447–449
standalone VIB (vSphere Installation PMem devices, 458–459
Bundle), 539 RDMs (raw device mappings),
standard port groups, 336–338 446–447
standard switch, 18 storage policies, 463–466
standard vSAN clusters, 53 VMFS datastores, 441–449
stateless caching, 296 VMware NVMe (Non-Volatile
static binding, 117 Memory Express), 455–458
statistics collection, 558–560 vSAN, 418–440
statistics levels, 560 vVols (virtual volumes), 466–468
STIGs (Security Technical Implementation multipathing and failover
Guides), 484 esxcli commands for, 460–462
Storage Array Type Plug-ins (SATPs), failover types, 76
77–78 management of, 460–462
storage devices (LUNs), 35 MPPs (multipathing plug-ins), 76
Storage DRS. See SDRS (Storage DRS) NMP (Native Multipathing Plug-in),
storage infrastructure, 69 76–80
datastores overview of, 75–76
clusters, 85, 135 PSA (Pluggable Storage Architecture),
definition of, 174 76–80
management and configuration, NFS (Network File System)
441–449 datastores, 41–43, 447–449
NFS (Network File System), 41–43, overview of, 36
447–449 NVMe (Non-Volatile Memory Express),
types of, 39–43, 50 43, 44–46
virtual machine migration, 193 PMem devices, 458–459, 577
VMFS (Virtual Machine File System), RDMs (raw device mappings), 36–38,
39–41, 441–449 446–447, 576, 591
vSAN, 43, 50, 422 SDRS (Storage DRS)
vVols (virtual volumes), 43 anti-affinity rules, 85
FC (Fibre Channel), 35 automation levels, 84
FCoE (Fibre Channel over Ethernet), 36 datastore cluster requirements, 85
I/O filters, 39 initial placement and ongoing balanc-
iSCSI (Internet SCSI) ing, 83
management of, 454–455 load balancing, 83
overview of, 35–36 management and configuration,
iSER (iSCSI Extensions for RDMA), 36, 449–452
455 management of, 449–452
Kubernetes, 43–44
678 storage infrastructure

NIOC (Network I/O Control) versus, management and configuration,

86 466–468
recommendations, 84–85 storage integration
SIOC (Storage I/O Control) versus, VAAI (vSphere APIs for Array
86, 452–454 Integration), 70–72
thresholds and behavior, 84 VASA (vSphere APIs for Storage
SIOC (Storage I/O Control), 86, Awareness), 69–70
452–454 vVols (virtual volumes), 72–75
SPBM (Storage Policy Based Storage I/O Control (SIOC), 86, 452–454
Management), 39, 51, 59, 81, 463 Storage Policy Based Management (SPBM),
storage devices (LUNs), 35 39, 51, 59, 81, 463
storage integration storage primitives, 70–72
VAAI (vSphere APIs for Array storage protection filters, 446
Integration), 70–72 storage providers
VASA (vSphere APIs for Storage managing, 465
Awareness), 69–70 registering, 465
vVols (virtual volumes), 72–75 vSAN, 439
storage models storage virtualization, 34–38
software-defined storage, 38–39 Storage vMotion, 7, 41, 197–199
storage virtualization, 34–38 stpres, 307
virtual machine storage, 34 streaming events to remote syslog server,
storage policies 401–402
management of, 463–466 stretched vSAN clusters, 54, 428–430
SPBM (Storage Policy Based Strict Lockdown Mode, 496
Management), 81 STS (Security Token Service), 10, 475
virtual disk types, 81 subscribing to content libraries, 606
vSAN-specific, 81–83 supervisor clusters, vSphere with Tanzu,
storage virtualization, 34–38 208–211
Storage vMotion, 7, 41, 197–199 supervisors, vSphere with Tanzu, 208–211
virtual disks, 35 Swap-vVol, 74
virtual machine storage, 34 Switch-ActiveDeployRuleSet, 299
VMFS (Virtual Machine File System) switches
datastores, 39–41, 441–446 notify, 359
definition of, 36 overview of, 96–97
VMware NVMe (Non-Volatile Memory vDS (vSphere Distributed Switches)
Express), 455–458 configuration, 338–341
vSAN. See vSAN data center-level management,
vSphere requirements, 16–17 113–114
vVols (virtual volumes) distributed port groups, 105, 341–342,
datastores, 43 357
definition of, 39 health checks, 119–120
 third-party storage providers 679

host networking management with, T

354–361 tables, ARP (Address Resolution Protocol),
LACP (Link Aggregation Control 336
Protocol), 118–119 Tanzu, vSphere with, 208–213, 521–523
modifying, 340 TBW (terabytes written), 17
network offloads compatibility, TCP (Transmission Control Protocol)
114–115 ports, 19–21, 225
network policies, 106–112 TCP Flow Conditioning service, 230
overview of, 104 TSO (TCP Segmentation Offload), 122
port binding and allocation, 117 TCP/IP (Transmission Control Protocol/
port mirroring, 116, 349–350 Internet Protocol)
port state monitoring, 115–117 definition of, 94
PVLANs (private VLANs), 113 for VMkernel networking, 125–126,
upgrading, 339–340 343–344
uplink port groups, 105–106 vMotion, 125, 194–197
vSS compared to, 106 tcServer, 11
vSS (vSphere Standard Switches) templates
configuration, 334–336 converting VMs to, 581
MTUs (maximum transmission units), definition of, 174
100 deploying VMs from, 253, 582
network policies, 100–104 JSON vCenter Server templates, 306
overview of, 98–100 managing in content libraries, 609
standard port groups, 336–338 OVA (Open Virtual Appliance), 585–586
vDS compared to, 106 adding to content libraries, 608
Symmetric Multiprocessing Fault Tolerance reverting to previous version, 609
(SMP-FT) virtual machines, 430 OVF (Open Virtual Format)
symmetric multiprocessor (SMP) virtual adding to content libraries, 608
machines, 158 deploying, 585–586
synchronization, content libraries, 607 editing, 594
Syslog Server, 259 managing, 178, 598
system event log reverting to previous version, 609
configuration, 409–410 rapid provisioning with, 200
data collection, 217–218 terabytes written (TBW), 17
streaming events to, 401–402 Test Mode, SRM (Site Recovery Manager),
uploading to VMware, 407–408 227
viewing, 401 Test-DeployRulesetCompliance, 300
vRLI (vRealize Log Insight), 411–412 test-taking tips, 614–616
system requirements, vSphere, 14–16 TFTP server, 297
system settings, ESXi hosts, 325–327 thick eager zeroed provisioning, 188
SystemConfiguration.Administrators group, thick lazy zeroed provisioning, 188
315 thin provisioning, 58, 72, 81, 188
SystemConfiguration. third-party software providers, 539, 540
BashShellAdministrators group, 315 third-party storage providers, 69
680 thresholds, SDRS (Storage DRS)

thresholds, SDRS (Storage DRS), 84 TSO (TCP Segmentation Offload), 122

Thumbprint Mode, ESXi, 244, 245, two-host vSAN clusters, 54
481–482
time synchronization U
ESXi hosts, 22 UDP (User Datagram Protocol)
vCenter Server, 265 ESXi ports, 20–21
TLS (Transport Layer Security), 227, 506 vCenter Server ports, 19–20
tokens UEFI (Unified Extensible Firmware
STS (Security Token Service), 475 Interface), 15, 261–262, 270,
token policy, 316 501–502
TPM (Trusted Platform Module), 187, UMDS (Update Manager Download
261–262, 502–503. See also vTPM Service), 318–319, 535–536
(virtual Trusted Platform Module) unhealthy component state, vSAN, 51
traffic filtering and marking policy, 111– universally unique ID (UUID), 442–443
112, 360–361 Unknown clusters, 542
traffic shaping, 359 UNMAP command, 58, 72
vDS (vSphere Distributed Switches), 107 Update Manager Download Service
vSS (vSphere Standard Switches), 103– (UMDS), 318–319, 535–536
104 Update Planner, 530–531
training and development labs, 182 updates
Transmission Control Protocol. See TCP ARP (Address Resolution Protocol)
(Transmission Control Protocol) tables, 336
Transmission Control Protocol/Internet definition of, 539
Protocol. See TCP/IP (Transmission ESXi firmware, 542–544
Control Protocol/Internet Protocol) update.set --CheckUpdates enabled
Transport Layer Security (TLS), 227, 506 command, 563
triage, 182 update.set --currentURL command, 563
troubleshooting update.set --currentURL default command,
snapshots, 182 563
vSphere resource performance, 383–387 upgrades
trust definition of, 539
TPM (Trusted Platform Module), 187, vCenter Server Appliance, 525–527
261–262. See also vTPM (virtual vDS (vSphere Distributed Switches),
Trusted Platform Module) 339–340
vTA (vSphere Trust Authority), 263, VMs (virtual machines), 546
504–506 VMware Tools, 578–580
vTPM (virtual Trusted Platform to vSphere 8.0, 523–531
Module), 23, 277–278 ESXi, 530
Trusted Platform Module (TPM), 187, Update Planner, 530–531
261–262. See also vTPM (virtual vCenter Server 7.0 compatibility, 524
Trusted Platform Module) vCenter Server Appliance, upgrading,
Trusted root store (TRUSTED_ROOTS), 525–527
307 vCenter Server data transfer, 524–525
 vCenter Server 681

vCenter Server for Windows, migrat- vCenter HA

ing to vCenter Server Appliance, clusters, 12–13
528–530 management, 564–565
VMs (virtual machines), 530 requirements for, 24–25
U.S. Department of Defense (DoD), 484 overview of, 161
USB controllers, 187 vCenter Lookup Service, 10
USB devices, 187 vCenter Server, 71, 297
Use Explicit Failover Order policy, 102 backup and recovery, 518–521
User Datagram Protocol. See UDP (User compatibility, 524
Datagram Protocol) compute and system requirements, 14
user-defined vSAN clusters, 52 configuration
users common management tasks, 555–557
authentication and authorization, repointing to another domain, 565–
476–477 569
ESXi, 499–500 SSL certificate verification for legacy
SSO (single sign-on) hosts, 561
enabling/disabling, 314–315 statistics collection settings, 558–560
policies, 315–316 updates, 561–564
vCenter Server user access, 263–264, 265 vCenter HA clusters, 564–565
Users group, 314 content libraries, 603
UTC (Coordinated Universal Time), 24 creating, 604–605
UUID (universally unique ID), 442–443 definition of, 604
overview of, 176–178
V publishing, 605
VAAI (vSphere APIs for Array Integration), subscribing to, 605
70–72 data transfer, 524–525
VAIO (vSphere APIs for I/O Filtering), 70, database
275 compatibility, 524
VAMI (vCenter Server Appliance description of, 10
Management Interface), 225 description of, 6
monitoring/managing vCenter Server Enhanced Linked Mode, 12
with, 550–554 host profiles, 175–176
patching vCenter Server with, 561–563 installation
vCenter Server backup with, 518–521 PSC (Platform Services Controller),
vApps, 175, 189 301–302
VASA (vSphere APIs for Storage vCenter Server database, 301
Awareness), 69–70, 463–465 VCSA (vCenter Server Appliance),
VBS (virtualization-based security), 189, 302–307
598–599 VMCA (VMware Certificate
vCenter Appliance File-Based Backup and Authority), 307–309
Restore, 7 inventory, 171–173, 319–321
vCenter Converter (Converter Standalone), log files, 407
214–215 management, 399
682 vCenter Server

overview of, 549–550 migrating vCenter Server for Windows

repointing to another domain, to, 528–530
565–569 patching vCenter Server with, 563–564
with VAMI, 550–554 storage sizes, 16–17
vCenter HA clusters, 564–565 upgrading, 525–527
with vSphere Client, 554–564 vCenter Server Appliance Management
network requirements, 19–20 Interface (VAMI), 225
patching monitoring/managing vCenter Server
with VAMI, 561–563 with, 550–554
with vCenter Server Appliance shell, patching vCenter Server with, 561–563
563–564 vCenter Server backup with, 518–521
permissions vCenter Single Sign-On, 6, 10, 11
authentication and authorization, virtual machine cloning, 199–200
245–246 virtual machine files
best practices, 251–252 configuration files, 179
global, 250–251, 478 file structure, 178–179
inventory hierarchy and objects, snapshot files, 180
246–248 virtual disk files, 180
management, 504 virtual machine migration, 190–194
permissions diagram, 250 virtual machine settings
privileges and roles, 248–250, 477, advanced options, 189
498–499 compatibility options, 185–187
required permissions for common hardware devices, 185–187
tasks, 252–254 options, 188–189
vCenter Server application of, 255–257 provisioning type, 188
plug-ins, 10 VMware Tools, 188
rapid provisioning with templates, 200 virtual machine snapshots
resource monitoring and management, behavior of, 183–184
399 benefits of, 182–183
security, 263–265 creating/managing, 595–596
services, 8–11 limitations of, 184–185
Storage vMotion, 197–199 overview of, 180–182
system logs, uploading to VMware, parent, 183
407–408 snapshot files, 180
topology, 8–9 use cases, 182
updating, 561–564 vCenter Server for Windows
vCenter HA compatibility, 524
clusters, 12–13, 24–25, 564–565 migrating to vCenter Server Appliance,
overview of, 161 528–530
vCenter Server Agent, 11 vCenter Single Sign-On, 6, 10, 11, 244
vCenter Server Appliance VCF (VMware Cloud Foundation), 27,
compatibility, 524 226–227
vCloud Director, 27
 Virtual Machine Communication Interface (VMCI) 683

vCloud Suite, 27 port-blocking, 108

vCLS (vSphere Cluster Services), 135 resource allocation, 108–111
VCMP (Virtual Machine Component traffic filtering and marking, 111–112
Protection), 375 traffic shaping, 107
VCSA (vCenter Server Appliance) overview of, 104
installation, 302–307 port binding and allocation, 117
CLI (command-line interface), 305–306 port mirroring, 116, 349–350
GUI installer, 303–305 port state monitoring, 115–117
post-installation, 306–307 PVLANs (private VLANs), 113
requirements for, 302–303 upgrading, 339–340
vCSA_with_cluster_on_ESXi.json, 306 uplink port groups, 105–106
vDFS (vSAN Distributed File System), vSS compared to, 106
61–62 vDSE (vSphere Distributed Services
VDI (virtual desktop infrastructure), 201, Engine), 114
601 VECS (VMware Endpoint Certificate
vDS (vSphere Distributed Switches) Store), 240–241, 298, 307–308
compatibility, 524 velero-vsphere command, 522
configuration, 338–341 versioning, content libraries, 177
data center-level management, 113–114 vGPUs (virtual GPUs), VM configuration
distributed port groups for, 601–603
configuration, 341–342 VIB (vSphere Installation Bundle), 298
overview of, 105 acceptance levels, 497–498
port monitoring in, 357 definition of, 539
health checks, 119–120 metadata, 539
host networking management with standalone, 539
host adition to vDS, 354–355 vIDM (VMware Identity Manager), 219
host removal, 356–357 viewing
network adapter management, client performance charts, 379–380
355–356 events, 400
network adapter migration to vDS, system event log, 401
356 triggered alarms, 403
networking policies and advanced VIMTOP, 399
features, 359–361 virtual desktop infrastructure (VDI), 201,
port monitoring in distributed port 601
groups, 357 virtual disk files, 180
virtual machine migration to vDS, 357 virtual disks, 35, 81
LACP (Link Aggregation Control virtual GPUs (vGPUs), VM configuration
Protocol), 118–119 for, 601–603
modifying, 340 Virtual Intel SGX (vSGX), 278, 507–508
network offloads compatibility, 114–115 virtual LANs. See VLANs (virtual LANs)
network policies Virtual Machine Communication Interface
load-based NIC teaming, 108 (VMCI), 187, 272–273
NetFlow and monitoring, 111
684 Virtual Machine Component Protection (VMCP)

Virtual Machine Component Protection LACP (Link Aggregation Control

(VMCP), 154, 375 Protocol), 118–119
virtual machine disks (VMDKs), 50, 180, modifying, 340
444 network offloads compatibility,
Virtual Machine File System. See VMFS 114–115
(Virtual Machine File System) network policies, 106–112
virtual machine port groups overview of, 104
distributed, 105 port binding and allocation, 117
uplink, 105–106 port mirroring, 116, 349–350
virtual machines. See VMs (virtual port state monitoring, 115–117
machines) PVLANs (private VLANs), 113
virtual networks, 18 upgrading, 339–340
DirectPath I/O, 122, 347 uplink port groups, 105–106
host networking management with vDS vSS compared to, 106
host adition to vDS, 354–355 VLANs (virtual LANs)
host removal, 356–357 overview of, 97–98
network adapter management, policies, 104
355–356 PVLANs (private VLANs), 113, 346
network adapter migration to vDS, VMkernel networking, 125–126, 342–344
356 VMware product integration, 232–233
networking policies and advanced vSS (vSphere Standard Switches)
features, 359–361 configuration, 334–336
port monitoring in distributed port MTUs (maximum transmission units),
groups, 357 100
virtual machine migration to vDS, 357 network policies, 100–104
LAGs (link aggregation groups), 350–354 overview of, 98–100
network resource pools, 109–111, standard port groups, 336–338
345–346 virtual NICs (vNICs), 96
NIOC (Network I/O Control), 108–109, virtual non-volatile dual in-line memory
344–345 module (NVDIMM), 187
port mirroring, 116, 349–350 Virtual Persistent Memory Disk
PVLANs (private VLANs), 113, 346 (vPMemDisk), 141, 459
SR-IOV (single root I/O virtualization), Virtual Persistent Memory (vPMem), 141,
123–125, 347–349 458–459
vDS (vSphere Distributed Switches) Virtual Shared Graphics Acceleration
configuration, 338–341 (vSGA), 601–603
data center-level management, virtual switches. See vDS (vSphere
113–114 Distributed Switches); vSS (vSphere
distributed port groups, 105, 341–342, Standard Switches)
357 virtual Trusted Platform Module (vTPM),
health checks, 119–120 23, 277–278
host networking management with, virtual volumes. See vVols (virtual volumes)
354–361
 VMs (virtual machines) 685

virtualization-based security (VBS), 189, VMkernel networking

598–599 configuration, 342–344
VLANs (virtual LANs) overview of, 125–126
overview of, 97–98 TCP/IP networking layer, 18
policies, 104 vmkfstools, 71
PVLANs (private VLANs), 113, 346 vMotion, 7. See also Storage vMotion
vLCM (vSphere Lifecycle Manager), 52 EVC (Enhanced vMotion Compatibility),
backup and restore scenarios, 545 135–139
baselines and images, 536–542 Migration service, 229
cluster images, importing/exporting, port state monitoring, 115–116
544–545 TCP/IP stack, 125, 194–197
configuration, 318–319 VMRC (VMware Remote Console),
ESXi firmware updates, 542–544 577–578
ESXi Quick Boot, 542 VMs (virtual machines). See also vSphere
hardware compatibility checks, 544 HA
overview of, 532–535 advanced options, 189
remediation settings, 534 cloning, 199–201
terminology for, 539 cold clones, 199
UMDS (Update Manager Download hot clones, 199
Service), 535–536 instant clones, 200–201
virtual machine upgrades, 546 linked clones, 182, 200
VMAFD (VMware Authentication privileges required for, 580–581
Framework Daemon), 241 compatibility, 185–187, 524, 586
VMC (VMware Cloud), 27, 231 compliance status, 51
VMCA (VMware Certificate Authority), configuration, 396
240–241, 298, 307–309 content libraries, 603
VMCA Mode, ESXi certificates, 245, adding items to, 608
481–482 creating, 604–605
VMCI (Virtual Machine Communication definition of, 604
Interface), 187, 272–273 deploying VMs with, 608–609
VMCP (Virtual Machine Component managing VM templates in, 609
Protection), 154 overview of, 176–178
VMDKs (virtual machine disks), 50, 180, permissions, 606–607
444 publishing, 605
vmFork, 201 subscribing to, 606
VMFS (Virtual Machine File System), 17, synchronization options, 607
524 converting to templates, 581
compatibility, 524 CPU affinity, 603
datastores creating, 252, 576–577
management of, 441–446 definition of, 174
overview of, 39–41 deploying from templates, 253, 582
definition of, 36 disk mode settings, 590
VM-host affinity rules (DRS), 142 distribution of, 140
686 VMs (virtual machines)

DRS (Distributed Resource Scheduler) VIMTOP, 399

scores, 142 virtual machine configurations, 396
EVC mode, 603 VMware Tools, 395
files security
configuration files, 179 common settings, 270–272
file structure, 178–179 device connections, 271, 273
snapshot files, 180 DoS (denial-of-service) attacks, 272
virtual disk files, 180 Encrypted vSphere vMotion, 276–277
guest OS, 253, 582 encryption, 273–276, 508–510, 589
guest user mapping, 594 hardening, 269
hardware configuration, 586–592 Intel Software Guard Extensions
hardware devices, 185–187 (SGX), 278–279
home namespace, 50 risk profiles, 272
initial placement of, 140–141 UEFI Secure Boot, 270
migration, 190–194, 254, 596–598 unexposed features, disabling, 270
monitoring in vSphere HA clusters, 376 vTPM (virtual Trusted Platform
moving to resource pools, 253 Module), 277–278
Open VM Tools, 578 shutting down guests, 580
options, 188–189, 592–593 SMP (symmetric multiprocessor), 158
OVF/OVA templates, 178 snapshots
adding to content libraries, 608 behavior of, 183–184
deploying, 585–586 benefits of, 182–183
editing, 594 creating/managing, 595–596
managing, 598 limitations of, 184–185
rapid provisioning with, 200–201 overview of, 180–182
reverting to previous version, 609 parent, 183
path failover. See multipathing and required permissions, 253
failover snapshot files, 180
port groups use cases, 182
distributed, 105, 341–342 storage, 34, 466
standard, 336–338 swap objects, 51
uplink, 105–106 upgrading, 530, 546
powering on, 576–577 VBS (virtualization-based security),
provisioning, 188, 589 598–599
resource monitoring and management versions, 587–588
admission control, 394 vGPU (virtual GPU) support, 601–603
ESXTOP, 396–399 Virtual Intel SGX (vSGX), 507–508
latency sensitivity, 395 VMware PowerCLI, 599–601
metrics, 392 VMware Tools, 188
Microsoft Windows Perfmon, 395 installation, 578–580
shares, limits, and reservations, 392– upgrading, 578–580
394 virtual machine options, 189
vCenter Server Management, 399 vSphere with Tanzu and, 210
 VMware product integration 687

.vmsd extension, 184 SATPs (Storage Array Type Plug-ins),

.vmsn extension, 184 77–78
vmtoolsd, 188 VMware NMP, 76–77
VM-VM affinity rules (DRS), 143 VMware NSX, 18, 26, 280–281
VMW_PSP_FIXED, 79 VMware NSX-T, 232
VMW_PSP_MRU, 79 VMware NVMe. See NVMe (Non-Volatile
VMW_PSP_RR, 79 Memory Express)
VMW_SATP_ALUA, 78 VMware PowerCLI, 51, 599–601
VMW_SATP_DEFAULT_AA, 78 VMware product integration
VMW_SATP_DEFAULT_AP, 78 Aria Suite
VMW_SATP_LOCAL, 78 Aria Automation, 218–219
VMware App Volumes, 223 Aria for Logs, 217–218
VMware Aria. See Aria Suite Aria Operations, 216–217
VMware Aria Suite. See Aria Suite Aria Operations for Networks,
VMware Authentication Framework 220–221
Daemon (VMAFD), 241 Aria Orchestrator, 219–220
VMware Certificate Authority (VMCA), cloud computing
240–241, 298, 307–309 Azure VMware Solution, 231
VMware Certification, 614 HCX (Hybrid Cloud Extension),
VMware Cloud Assembly, 27 229–231
VMware Cloud Foundation (VCF), 27, VCF (VMware Cloud Foundation),
226–227 227–229
VMware Cloud (VMC), 27, 231 VMC (VMware Cloud) on AWS, 231
VMware Customer Experience desktop and application virtualization
Improvement Program (CEIP), 530 App Volumes, 223
VMware Directory Service (vmdir), 10, 11, Horizon, 222–223
241, 244 networking and security, 232–233
VMware Endpoint Certificate Store opening consoles to, 577–578
(VECS), 240–241, 298, 307–308 replication and disaster recovery
VMware Enhanced Authentication Plug-in, SRM (Site Recovery Manager),
307 226–227
VMware Global Services, 213–214 vSphere Replication, 224–226
VMware Hands-on Labs, 613 VMware NSX Data Center (NSX),
VMware High-Performance Plug-in (HPP), 232–233
45–46 VMware NSX-T Data Center (NSX-T),
VMware Horizon, 171, 201, 222–223 232–233
VMware Hybrid Cloud Extension (HCX), vSphere add-ons
229–231 overview of, 208
VMware Identity Manager (vIDM), 219 vCenter Converter (Converter
VMware iSER adapter, 454 Standalone), 214–215
VMware NMP (Native Multipathing Plug- VMware SkyLine, 215–216
in), 76–77 vSphere Replication, 215
PSPs (Path Selection Plug-ins), 78–79
688 VMware product integration

vSphere with Tanzu, 208–213, 521–523 vRLI (vRealize Log Insight), 411–412
vSphere+213–214 VRMS (vSphere Replication Management
VMware Remote Console (VMRC), Service), 24, 225
577–578 VRS (vSphere Replication Service), 24, 225
VMware Service Broker, 27 vSAN. See also vSphere HA
VMware Service Lifecycle Manager, benefits of, 47–48
161–162 best practices, 68
VMware Skyline, 215–216 boot devices and, 68
Skyline Advisor, 392 characteristics of, 48–50
Skyline Health, 390–391 clusters
VMware Tools, 153, 188, 189, 221 creating with Quickstart, 419
compatibility, 524 encryption in, 61, 434–437
configuration, 324 expanding, 424–426
installation, 578–580 extending across two sites, 428–430
lifecycle management, 579 managing devices in, 430–432
performance counters, 272 requirements for, 67
upgrading, 578–580 space efficiency in, 58–60, 433
virtual machine monitoring and manage- standard, 53
ment, 189, 395 stretched, 55–58
VMware vCenter Agent (vpxa), 259 two-host, 54
VMware vCloud Director, 27 compatibility, 524
VMware vCloud Suite, 27 component state, 51
VMware vSphere 8 STIG Readiness Guide, datastores
484 overview of, 43
VMware Workspace ONE Access, 222 types of, 50
VMWARE_HTTPSPROXY environment viewing, 422
variable, 578 deployment, 53–58
VMwareAccepted VIBs, 498 disabling, 423
VMwareCertified VIBs, 498 disk version, 524
VMware-I/O Vendor Program (IOVP), 75 DRS (Distributed Resource Scheduler)
VMX files, 179, 271 automation modes, 139
vmx.log.guest.level option, 579 description of, 7
vNICs (virtual NICs), 96 evacuation workflow, 141
vobd, 547 memory metric for load balancing, 140
vPMeM (Virtual Persistent Memory), 141, migration sensitivity, 143–144
458–459 network-aware DRS, 140
vPMem (Virtual PMem), 458–459 NVM (non-volatile memory) support,
vPMemDisk (Virtual Persistent Memory 141
Disk), 141, 459 Predictive DRS, 156, 374
vpxd certificate store, 244 recent enhancements, 139–142
vpxd-extension certificate store, 244 resource pools, 144–148
vpxuser, 499 rules, 142–143
vRealize Suite. See Aria Suite virtual machine distribution, 140
 vSphere 689

virtual machine initial placement, Ready Node, 52

140–141 requirements for, 25–26, 63–68
virtual machine scores, 142 shutting down/restarting, 424
ESA (Express Storage Architecture), 63 storage providers, viewing, 439
File Service, 61–62, 439–440 terminology for, 50–52
Health, 52 vDFS (vSAN Distributed File System),
licenses, 67–68, 421–422 61–62
limitations of, 58 vsan.unmap_support –enable command,
logging, 68 433
Maintenance Mode, 426–428 vSGA (Virtual Shared Graphics
management and configuration, 86 Acceleration), 601–603
cluster creation, 419 vSGX (virtual Intel SGX), 278
cluster expansion, 424–426 vSphere. See also individual components
datastores, 422 add-ons
deployment with vCenter Server, 424 overview of, 208
disabling of vSAN, 423 vCenter Converter (Converter
disk/device management, 430–432 Standalone), 214–215
encryption, 434–437 VMware Skyline, 215–216
fault domains, 428 vSphere Replication, 215
File Service, 439–440 vSphere with Tanzu, 208–213, 521–523
licensing, 421–422 vSphere+213–214
Maintenance Mode, 426–428 components overview, 6–8
manually enabling vSAN, 420–421 editions and licenses, 8–9
policies, 437–438 infrastructure requirements
preparation, 418 compute and system, 14–16
settings, 421 high availability, 6, 24–25
shutdown and restart, 424 network, 17–21
space efficiency, 433 for optional components and add-ons,
storage providers, viewing, 439 23–24
stretched clusters, 428–430 SDDC (software-defined data center),
vSAN and vSphere HA, 422–423 25–26
manually enabling, 420–421 storage, 16–17
memory consumption, 66 supporting infrastructure services,
new features in, 52–53 21–23
objects and components, 50 vSphere replication, 6, 24
Observer, 51–52 installation of. See vSphere installation
OSA (Original Storage Architecture), 47 inventory, 171–173
overview of, 7, 47–48 management of. See vSphere manage-
planning and size, 63–64 ment
policies, 69 resources. See resource management
configuration, 437–438 security. See security
storage, 81–83 upgrading to vSphere 8.0, 523–531
preparing for, 418 ESXi, 530
690 vSphere

Update Planner, 530–531 vSphere DRS. See DRS (Distributed

vCenter Server 7.0 compatibility, 524 Resource Scheduler)
vCenter Server Appliance, upgrading, vSphere Fault Tolerance. See FT (Fault
525–527 Tolerance)
vCenter Server data transfer, 524–525 vSphere HA, 148–155
vCenter Server for Windows, migrat- admission control, 151–152
ing to vCenter Server Appliance, advanced options, 153
528–530 benefits of, 148–149
VMs (virtual machines), 530 capacity reservation, 423
virtualization, 26–27 cluster configuration
vSphere APIs for Array Integration (VAAI), admission control, 375
70–72 advanced options, 374
vSphere APIs for I/O Filtering (VAIO), 70, cluster creation, 374
275 FT (Fault Tolerance), 377
vSphere APIs for Storage Awareness proactive HA, 376
(VASA), 69–70, 463–465 Proactive HA (High Availability), 7,
vSphere Authentication Proxy, 260, 500 155, 376
vSphere Certificate Manager utility backup VCMP (Virtual Machine Component
store (BACKUP_STORE), 308 Protection), 375
vSphere Client. See also clusters; vDS virtual machine and application moni-
(vSphere Distributed Switches); vSS toring, 376
(vSphere Standard Switches) description of, 7
certificates, 479–480 heartbeats, 151
configuration, 318 requirements for, 149–150
data center-level management, 113–114 response to failures, 150
monitoring/managing vCenter Server vSAN and, 422–423
with vSphere Health, 52
common management tasks, 555–557 vSphere installation
SSL certificate verification for legacy ESXi hosts, 290–301
hosts, 561 Auto Deploy, 296–301, 493
statistics collection settings, 558–560 interactive installation, 290–292
vCenter Server, repointing to another scripted installation, 292–296
domain, 565–569 Identity Federation, 316–318
vCenter Server updates, 561–564 initial configuration
path management with, 461–462 advanced ESXi host options, 325–327
physical switch information, viewing, 121 common ESXi host settings, 324–325
port state monitoring, 115–117 host profiles, 321–323
vSphere Cluster Services (vCLS), 135 vCenter Server inventory, 319–321
vSphere clusters. See clusters vLCM (vSphere Lifecycle Manager),
vSphere Distributed Services Engine 318–319
(vDSE), 114 VMware Tools, 324
vSphere Distributed Switches. See vDS vSphere Client, 318
(vSphere Distributed Switches) SSO (single sign-on)
 vTPM (virtual Trusted Platform Module) 691

Active Directory identity sources, troubleshooting and optimization,

311–313 383–387
LDAP identity sources, 313 vCenter Server resources, 399
overview of, 309–310 virtual machine resources, 392–399
policies, 315–316 upgrading to vSphere 8.0, 523–531
SSO identity sources, 310 ESXi, 530
users, enabling/disabling, 314–315 Update Planner, 530–531
vCenter Server components vCenter Server 7.0 compatibility, 524
PSC (Platform Services Controller), vCenter Server Appliance, 525–527
301–302 vCenter Server data transfer, 524–525
vCenter Server database, 301 vCenter Server for Windows, migrat-
VCSA (vCenter Server Appliance), ing to vCenter Server Appliance,
302–307 528–530
VMCA (VMware Certificate VMs (virtual machines), 530
Authority), 307–309 vCenter Server backup, 518–521
VIB (vSphere Installation Bundle), 298 vLCM (vSphere Lifecycle Manager),
acceptance levels, 497–498 532–546
definition of, 539 vSphere Pods, 212
metadata, 539 vSphere Replication Management Service
standalone, 539 (VRMS), 24, 225
vSphere Installation Bundle (VIB), 298 vSphere Replication objects, 53
acceptance levels, 497–498 vSphere Replication Service (VRS), 24, 225
definition of, 539 vSphere Standard Switches. See vSS
metadata, 539 (vSphere Standard Switches)
standalone, 539 vSphere Trust Authority (vTA), 263,
vSphere Lifecycle Manager. See vLCM 504–506
(vSphere Lifecycle Manager) vSphere Virtual Machine Encryption
vSphere management. See also vCenter Certificates, 244
Server vSphere with Tanzu, 208–213, 521–523
backup and recovery with vSphere with vSphere+213–214
Tanzu, 208–213, 521–523 vsphere-webclient certificate store, 244
ESXi hosts, 547–549 vSS (vSphere Standard Switches)
resource management configuration, 334–336
alarms, 402–405 MTUs (maximum transmission units),
client performance charts, 377, 100
379–383 network policies, 100–104
cluster resources, 388–389 overview of, 98–100
events, 400–402 standard port groups, 336–338
host resources and health, 390–391 vDS compared to, 106
logging, 405–412 vTA (vSphere Trust Authority), 263,
metrics, 378 504–506
pool resources, 389–390 vTPM (virtual Trusted Platform Module),
23, 277–278
692 vVols (virtual volumes)

vVols (virtual volumes), 53, 72–75 witnesses, 51

datastores, 43 WoL (Wake-on-LAN), 156–157
definition of, 39 worldwide names (WWNs), 189
management and configuration, 466–468 Write Same (Zero), 71
WSFCs (Windows Server failover clusters),
W 49, 444
Wake-on-LAN (WoL), 156–157 wsman, 547
WAN Optimization service, VMware WWNs (worldwide names), 189
Hybrid Cloud Extension, 229
wcp certificate store, 244 X-Y-Z
web proxies, ESXi web proxy settings, 492 XaaS (anything as a service), 219
Windows Server failover clusters (WSFCs), XCOPY (Extended Copy), 71
49, 444 X.Org Server, 259
Windows session authentication, 474–479 zeroing out files, 81
Witness node, vCenter HA clusters, 12–13