Administering VCF (Chap5-6) PDF

**Managing License Keys in VMware Cloud Foundation \[Chapter 5\]** ================================================================== You can add component license keys in the SDDC Manager UI or add a solution license key in vSphere Client. Starting with VMware Cloud Foundation 5.1.1, you can license VMware Cloud Foundation components using a solution license key or individual component license keys. **Note:** VMware Cloud Foundation 5.1.1 supports a combination of solution and component license keys. For example, **Workload Domain 1** can use component license keys and **Workload Domain 2** can use the solution license key. For more information about the VCF solution license key, VMware vSphere 8 Enterprise Plus for VCF, see . SDDC Manager does not manage the solution license key. If you are using a solution license key, VMware Cloud Foundation components are deployed in evaluation mode and then you use the vSphere Client to add and assign the solution key. See [Managing vSphere Licenses](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-E7BD7B2F-CF13-4FE7-8040-C67FA2687276.html) for information about using a solution license key for VMware ESXi and vCenter Server. If you are using a solution license key, you must also add a separate VMware vSAN license key for vSAN clusters. See [Configure License Settings for a vSAN Cluster](https://docs.vmware.com/en/VMware-vSphere/8.0/vsan-planning/GUID-A2A2EDDA-4C4D-438C-98DF-6511C5DF72B2.html). **Note:** VMware vCenter Server, VMware NSX, VMware Aria Suite components, and VMware HCX are all licensed when you assign a solution license key to a vCenter Server. Use the SDDC Manager UI to manage component license keys. If you entered component license keys in the deployment parameter workbook that you used to create the management domain, those component license keys appear in the Licensing screen of the SDDC Manager UI. You can add additional component license keys to support your requirements. You must have adequate license units available before you create a VI workload domain, add a host to a vSphere cluster, or add a vSphere cluster to a workload domain. Add the necessary component license keys before you begin any of these tasks. **Add a Component License Key in the SDDC Manager UI** ====================================================== You can use the SDDC Manager UI to add component license keys to the SDDC Manager inventory. SDDC Manager does not manage solution license keys. Procedure --------- 1. In the navigation pane, click **Administration** \> **Licensing**. 2. Click **+ License Key**.\ An image of the add license key button. 3. Select a product from the drop-down menu. 4. Enter the license key. 5. Enter a description for the license. 6. Click **Add**. What to do next --------------- If you want to replace an existing license with a newly added license, you must add and assign the new license in the management UI (for example, vSphere Client or NSX Manager) of the component whose license you are replacing. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- **Edit a Component License Key Description in the SDDC Manager UI** =================================================================== If you have multiple component license keys for a product, the description can help in identifying the license key. For example, you may want to use one license key for high-performance workload domains and the other license key for regular workload domains. Procedure --------- 1. In the navigation pane, click **Administration** \> **Licensing**. 2. Click the vertical ellipsis (three dots) next to the license key and click **Edit Description**.\ ![License key menu options, showing Edit Description.](media/image2.png) 3. On the **Edit License Key Description** dialog, edit the description and click **Save**. **Delete a Component License Key in the SDDC Manager UI** ========================================================= Deleting a component license key removes it from the SDDC Manager inventory. If the license key has been applied to any workload domain, host, or vSphere cluster, it is not removed from them, but it cannot be applied to new workload domains, hosts, or vSphere clusters. Procedure --------- 1. In the navigation pane, click **Administration** \> **Licensing**. 2. Click the vertical ellipsis (three dots) next to the license key you want to delete and click **Remove**.\ The menu options for a license key, showing Remove. 3. In the **Remove License key** dialog, click **Remove**. Results ------- The component license key is removed from the SDDC Manager inventory **Update Component License Keys for Workload Domain Components** ================================================================ You can use the SDDC Manager UI to update the license keys for components whose license keys have expired, are expiring, or are incompatible with upgraded components. You can update component license keys for: - vCenter Server - VMware NSX - VMware vSAN - ESXi Updates are specific to the selected workload domain. If you want to update component license keys for multiple workload domains, you must update each workload domain separately. Prerequisites ------------- The new component license key(s) must already be added to the SDDC Manager inventory. Procedure --------- 1. In the navigation pane, click **Inventory** \> **Workload Domains**. 2. Click a workload domain name in the **Domain** column. 3. Select **Actions** \> **Update Licenses**. 4. Read the overview and click **Next**. 5. Select one or more products to update and click **Next**.\ ![Update Licenses wizard, showing the product selection screen.](media/image4.png) 6. Select a component license key for each product. 7. Review the new component license keys and click **Submit**. **Prepare ESXi Hosts for VMware Cloud Foundation \[Chapter 6\]** ================================================================ Before you can create a new VI workload domain, add a cluster to a workload domain, or add hosts to a cluster, you must prepare the ESXi hosts. Preparing the ESXi hosts involves installing the correct version of ESXi and performing some basic configuration tasks. For the supported ESXi version, see the Bill of Materials (BOM) section of the *VMware Cloud Foundation Release Notes*. **Important:** If you are preparing hosts for a VI workload domain where the ESXi hosts have been async patched to a later version of ESXi than the version listed in the BOM, the new hosts must use the later version of ESXi. Prerequisites ------------- VI workload domains require a minimum of three ESXi hosts. **Note:** If you are preparing ESXi hosts for a vSphere cluster using NFS, VMFS on FC, or vVols as principal storage, and the hosts will be added to a VI workload domain using vSphere Lifecycle Manager images as the update method, then only two hosts are required. To use vSAN Express Storage Architecture (ESA), your hosts must be ESA-compatible. **Create a Custom ISO Image for ESXi** ====================================== When your environment requires a custom ISO file for ESXi, you can create one using VMware PowerCLI or vSphere Lifecycle Manager. You might need to create a custom ISO image for ESXi in the following situations: - The ESXi version specified in the VMware Cloud Foundation BOM does not have an associated ISO file on the Broadcom Support Portal. This can be the case for ESXi patch releases. - You need an async patch version of ESXi. - You need a vendor-specific (OEM) ISO file. **Prerequisites** ----------------- Download the zip files for the following: - ESXi patch for the ESXi version specified in the VMware Cloud Foundation BOM or in the list of supported async patches in [KB 88287](https://kb.vmware.com/s/article/88287). You can download patches from the Broadcom Support Portal. - OEM add-on for ESXi from the Broadcom Support Portal. If the ESXi version specified in the BOM is not available in the **Select Version** drop-down menu, contact your vendor to determine which OEM add-on version to use. **Create a Custom ESXi ISO Image Using VMware PowerCLI** ======================================================== You can use VMware Power CLI to create a custom ISO. **Prerequisites** ----------------- VMware PowerCLI 12.0 or later. Procedure --------- 1. Gather the required information for the software spec that is used to create the custom ISO. a. In VMware PowerCLI, use the [Get-DepotBaseImages](https://developer.vmware.com/docs/powercli/latest/vmware.imagebuilder/commands/get-depotbaseimages/#Default) cmdlet to get the base image version from the zip file for the ESXi patch that you downloaded from the patches portal. b. Use the [Get-DepotAddons](https://developer.vmware.com/docs/powercli/latest/vmware.imagebuilder/commands/get-depotaddons/#Default) cmdlet to get the add-on name and version from the zip file for the OEM add-on for ESXi that you downloaded from the Broadcom Support Portal. (if applicable) 2. Create the software spec using the information you gathered in step 1. 3. In VMware PowerCLI, use the New-IsoImage cmdlet to generate a custom ISO. **Create a Custom ESXi ISO Image Using vSphere Lifecycle Manager** ================================================================== If you have access to a vCenter Server environment, you can use vSphere Lifecycle Manager to create and export a custom ISO. **Prerequisites** ----------------- Import the ESXi patch and vendor add-on (if applicable) zip files to the vSphere Lifecycle Manager depot. **Procedure** ------------- 1. Log in to vCenter Server using the vSphere Client. 2. Create a new temporary cluster, selecting the **Manage all hosts in the cluster with a single image** check box. 3. Select the ESXi version and vendor add-on (optional) and click **OK**.\ The settings page for the ESXi version and optional vendor add-on. 4. Export the vSphere Lifecycle Manager image as an ISO. 5. Delete the temporary cluster. **Install ESXi Interactively and Configure Hosts for VMware Cloud Foundation** ============================================================================== You can interactively install ESXi on all the hosts that will form the first cluster in the management domain, then you configure the management network, DNS, and NTP services. You can use the same process to add more hosts to the management domain later, or to install and configure hosts for VI workload domains. ESXi 8.0 Update 3 and later support installing two data processing units (DPUs) for use with VMware Cloud Foundation 5.2 or later. You can utilize the two DPUs in Active/Standby mode to provide high availability. Such configuration provides redundancy in the event one of the DPUs fails. In the high availability configuration, both DPUs are assigned to the same NSX-backed vSphere Distributed Switch. For example, DPU-1 is attached to vmnic0 and vmnic1 of the vSphere Distributed Switch and DPU-2 is attached to vmnic2 and vmnic3 of the same vSphere Distributed Switch. You can also utilize the two DPUs as independent devices to increase offload capacity per ESXi host. Each DPU is attached to a separate vSphere Distributed Switch and you have no failover between DPUs in such configuration. **Prerequisites** ----------------- - Download the ESXi ISO from the Broadcom Support Portal. For the supported ESXi versions, see the Bill of Materials (BOM) section of the *VMware Cloud Foundation Release Notes* and the list of supported async patches in [KB 88287](https://kb.vmware.com/s/article/88287). If the required version of ESXi does not have an ISO available on the Broadcom Support Portal, you can create one. See [Create a Custom ISO Image for ESXi](https://docs.vmware.com/en/VMware-Cloud-Foundation/5.2/vcf-admin/GUID-2674DA5A-8DF7-4212-A4A9-88CD798DC303.html#GUID-2674DA5A-8DF7-4212-A4A9-88CD798DC303). - Make sure that you have a host machine for SDDC access. You use this host to connect to the data center and perform configuration steps. - Verify that you have the completed *Planning and Preparation Workbook*. - Verify the Prerequisite Checklist sheet in the *Planning and Preparation Workbook*. **Procedure** ------------- 1. Install ESXi on VMware Cloud Foundation Hosts Using the ISO\ Install ESXi on all hosts in the first cluster in the management domain interactively. You can use the same process to install ESXi on additional hosts for the management domain, or on hosts for a VI workload domain. 2. Configure the Network on VMware Cloud Foundation Hosts\ After the initial boot, use the ESXi Direct Console User Interface (DCUI) for host network configuration and administrative access. 3. Configure the Virtual Machine Network Port Group on VMware Cloud Foundation Hosts\ You perform configuration of the Virtual Machine Network port group for each ESXi host by using the VMware Host Client. 4. Configure NTP on VMware Cloud Foundation Hosts\ Complete the initial configuration of all ESXi hosts by configuring the NTP service to avoid time synchronization issues in the SDDC. 5. Regenerate the Self-Signed Certificate on All Hosts\ Once you have configured the ESXi hosts\' identity by providing a hostname you must regenerate the self-signed certificate to ensure the correct common name is defined. **Install ESXi on VMware Cloud Foundation Hosts Using the ISO** =============================================================== Install ESXi on all hosts in the first cluster in the management domain interactively. You can use the same process to install ESXi on additional hosts for the management domain, or on hosts for a VI workload domain. Repeat this procedure for each host in the cluster that you want to add to a workload domain. **Procedure** ------------- 1. Mount the ESXi ISO on the host and restart the machine. 2. Set the BIOS or UEFI to boot from the mounted ISO. 3. On the welcome screen, press **Enter** to continue. 4. Accept the End User License Agreement by pressing **Enter**. 5. On the **Select a Disk to Install or Upgrade** screen, select the drive on which to install ESXi on and press **Enter**. 6. Select the keyboard type for the host. 7. Enter the root password for the host. 8. In the **Confirm Install** screen, if you have DPUs, you see each listed on a separate row. Press **F11** to confirm the start of the installation. 9. On the **Installation Complete** screen, press **Enter** to reboot the host. 10. Set the first boot device to be the drive on which you installed ESXi. 11. Repeat this procedure for all remaining hosts. **Configure the Network on VMware Cloud Foundation Hosts** ========================================================== After the initial boot, use the ESXi Direct Console User Interface (DCUI) for host network configuration and administrative access. Perform the following tasks to configure the host network settings: - Configure the network adapter (vmk0) and VLAN ID for the Management Network. - Configure the IP address, subnet mask, gateway, DNS server, and FQDN for the ESXi host. Repeat this procedure for all the hosts that you are adding to the workload domain. **Procedure** ------------- 1. Open the DCUI of the ESXi host. a. Open a console window to the host. b. Press F2 to enter the DCUI. c. Log in by using the **esxi\_root\_user\_password**. 2. Configure the network. d. Select **Configure Management Network** and press Enter. e. Select **VLAN (Optional)** and press Enter. f. Enter the VLAN ID for the Management Network and press Enter. g. Select **IPv4 Configuration** and press Enter. h. Select **Set static IPv4 address and network configuration** and press the Space bar. i. Enter the IPv4 Address, Subnet Mask and Default Gateway and press Enter. j. Select **DNS Configuration** and press Enter. k. Select **Use the following DNS Server address and hostname** and press the Space bar. l. Enter the Primary DNS Server, Alternate DNS Server and Hostname (FQDN) and press Enter. m. Select **Custom DNS Suffixes** and press Enter. n. Ensure that there are no suffixes listed and press Enter. 3. Press Escape to exit and press Y to confirm the changes. 4. Repeat this procedure for all remaining hosts. **Configure the Virtual Machine Network Port Group on VMware Cloud Foundation Hosts** ===================================================================================== You perform configuration of the Virtual Machine Network port group for each ESXi host by using the VMware Host Client. You configure the VLAN ID of the VM Network port group on the vSphere Standard Switch. This configuration provides connectivity to the Management network to allow communication to the vCenter Server Appliance during the automated deployment. Repeat this procedure for each host that you are adding to the workload domain. **Procedure** ------------- 1. In a web browser, log in to the ESXi host using the VMware Host Client. 2. Click **OK** to join the Customer Experience Improvement Program. 3. Configure a VLAN for the VM Network port group. a. In the navigation pane, click **Networking**. b. Click the **Port groups** tab, select the **VM network** port group, and click **Edit Settings**.\ ![The Port groups tab for an ESXi host in the VMware Host Client.](media/image6.png) c. On the **Edit port group - VM network** page, enter the Management Network VLAN ID, and click **Save**. 4. Repeat this procedure for all remaining hosts. **Configure NTP on VMware Cloud Foundation Hosts** ================================================== Complete the initial configuration of all ESXi hosts by configuring the NTP service to avoid time synchronization issues in the SDDC. Repeat this procedure for all the hosts that you are adding to the workload domain. Procedure --------- 1. In a web browser, log in to the ESXi host using the VMware Host Client. 2. Configure and start the NTP service. a. In the navigation pane, click **Manage**, and click the **System** tab.\ The System tab in the VMware Host Client. b. Click **Time & date** and click **Edit NTP Settings**. c. On the **Edit NTP Settings** page, select the **Use Network Time Protocol (enable NTP client)** radio button, and change the NTP service startup policy to **Start and stop with host**. d. In the **NTP servers** text box, enter the NTP Server FQDN or IP Address, and click **Save**. e. To start the service, click **Actions**, select **NTP service**, and click **Start**. 3. Repeat this procedure for all remaining hosts. **Regenerate the Self-Signed Certificate on All Hosts** ======================================================= Once you have configured the ESXi hosts\' identity by providing a hostname you must regenerate the self-signed certificate to ensure the correct common name is defined. During the installation of ESXi, the installer generates a self-signed certificate for each ESXi host but the process is performed prior to the ESXi identity being configured. This means all ESXi hosts have a common name in their self-signed certificate of localhost.localdomain. All communication between VMware Cloud Builder and the ESXi hosts is performed securely over HTTPS and as a result it validates the identify when making a connection by comparing the common name of the certificate against the FQDN provided within the VMware Cloud Builder configuration file. To ensure that the connection attempts and validation does not fail, you must manually regenerate the self-signed certificate after hostname has been configured. **Note:** VMware Cloud Foundation supports the use of signed certificates. If your organization\'s security policy mandates that all ESXi hosts must be configured with a CA-signed certificate. **Procedure** ------------- 1. In a web browser, log in to the ESXi host using the VMware Host Client. 2. In the **Actions** menu, click **Services** \> **Enable Secure Shell (SSH)**. 3. Log in to the ESXi host using an SSH client such as Putty. 4. Regenerate the self-signed certificate by executing the following command: 5. Restart the hostd and vpxa services by executing the following command: 6. Log back in to the VMware Host Client and click **Services** \> **Disable Secure Shell (SSH)** from the **Actions** menu. 7. Repeat this procedure for all remaining hosts. **Configure ESXi Hosts with Signed Certificates** ================================================= If corporate policy requires that you use external CA-signed certificates instead of VMCA-signed certificates for ESXi hosts, you can manually add external certificates to the hosts. When you install ESXi software on a server to create an ESXi host, the host initially has an autogenerated certificate. By default, when the host is added to a vCenter Server system during bring-up of the management domain or other operations involving hosts (for example, host commissioning, VI workload domain creation, and so on), the autogenerated certificate is replaced with a certificate that is signed by the VMware Certificate Authority (VMCA). When you use external certificates during bring-up, they are not replaced by VMCA-signed certificates. Once you perform bring-up with external certificates for ESXi hosts, all future hosts added to VMware Cloud Foundation must also use external certificates. Prerequisites ------------- External CA-signed certificate and key are available. Procedure --------- 1. In a web browser, log in to the ESXi host using the VMware Host Client. 2. In the navigation pane, click **Manage** and click the **Services** tab.\ ![The Services tab for an ESXi host in the VMware Host Client.](media/image8.png) 3. Select the **TSM-SSH** service and click **Start** if not started. 4. Log in to the ESXi Shell for the first host, either directly from the DCUI or from an SSH client, as a user with administrator privileges. 5. In the directory /etc/vmware/ssl, rename the existing certificates using the following commands: 6. Copy the external certificate and key that you want to use to /etc/vmware/ssl. 7. Rename the external certificate and key to rui.crt and rui.key. 8. Restart the host management agents by running the following commands: 9. In the VMware Host Client, select the **TSM-SSH** service for the ESXi host and click **Stop**. 10. Repeat for all the ESXi hosts that you are adding to VMware Cloud Foundation.

Administering VCF (Chap5-6) PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue