book

VMware Cookbook

by Ryan Troy, Matthew Helmke

October 2009

Beginner to intermediate

298 pages

7h 11m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
AudienceOrganization of This BookFont ConventionsUsing Code ExamplesWe’d Like to Hear from YouSafari® Books OnlineAcknowledgments
1. VMware Infrastructure Installation
1.1. What Is VMware Infrastructure 3?1.2. What Is VMware vSphere 4.0?1.3. VMware ESX 3.x/4.x Configuration Maximums1.4. VMware ESX 3.x Server Overview1.5. VMware ESX 3.x Installation1.6. VMware ESXi 3.5 Overview1.7. VMware ESXi 3.5 Installation1.8. VMware vCenter Server 2.x Overview1.9. vCenter Server 2.x Installation1.10. VMware vCenter Client 2.x Overview1.11. vCenter Client 2.x Installation1.12. License Server Overview1.13. License Server (vCenter 2.x) Installation1.14. vConverter Overview1.15. vConverter Installation1.16. VMware ESX 4.0 Installation
2. Storage
2.1. Comparing ESX Storage Options2.2. Storage Device Naming Scheme2.3. Creating a Network for a Software iSCSI Initiator2.4. Configuring Software iSCSI2.5. Configuring a Hardware iSCSI Initiator2.6. Configuring iSCSI in Windows Virtual Machines2.7. Opening Firewall Ports for an ESX iSCSI Software Initiator2.8. Multipathing with iSCSI2.9. Adding Fibre Channel Storage in ESX2.10. Raw Device Mapping in Virtual Machines2.11. Creating a Port to Access NFS Datastores2.12. Configuring ESX to Use NFS2.13. Creating a VMFS Volume in vCenter2.14. Performing a Storage Rescan2.15. Creating a VMFS Volume via the Command Line2.16. Viewing the Files That Define a VMFS Volume2.17. Extending a VMFS Volume2.18. Reading VMFS Metadata2.19. Renaming a VMFS Volume Label from the Command Line2.20. Manually Creating and Aligning a VMFS Partition2.21. Creating a Diagnostic Partition2.22. Removing Storage Volumes from ESX2.23. Determining Whether a VMFS Datastore Is on a Local or SAN Disk2.24. Adjusting Timeouts When Adding Storage in vCenter2.25. Setting Disk Timeouts in Windows
3. Networking
3.1. Understanding Differences Between ESX 3.5 and ESXi 3.5 in Network Support3.2. Configuring ESX Network Ports and Firewall3.3. Creating a vSwitch for Virtual Machines3.4. Removing a Virtual Switch3.5. Adding VMotion to Enable Virtual Machine Migration3.6. Creating a Service Console Network via the CLI3.7. Checking Connectivity Using vmkping3.8. Modifying the Speed of a Network Adapter3.9. Choosing Network Elements That Protect Security3.10. Setting the Basic Level 2 Security Policy3.11. Ethernet Traffic Shaping3.12. Using Multiple Gateways3.13. Load Balancing and Failover3.14. Creating a Jumbo Frame VMkernel Interface for iSCSI3.15. Enabling Jumbo Frames on a vSwitch3.16. Enabling Jumbo Frames on a Virtual Machine3.17. Changing the Service Console IP Address3.18. Using the Command Line to Locate Physical Ethernet Adapters3.19. Changing the Ethernet Port Speed via the Command Line3.20. Restoring a Service Console via the CLI
4. Resource and vCenter Management
4.1. Understanding Virtual Machine Memory Use Through Reservations, Shares, and Limits4.2. Configuring Virtual Machine CPU Limits4.3. Configuring Virtual Machine CPU Shares4.4. Configuring Virtual Machine CPU Reservations4.5. Setting Up Resource Pools4.6. Understanding Resource Pools4.7. Expandable Reservations in Resource Pools4.8. Creating a Cluster4.9. Adding Hosts to a Cluster4.10. Enabling DRS in a Cluster4.11. Understanding Cluster States and Warnings4.12. Reconfiguring HA on a Host4.13. Using ESX 4.x CPU/RAM Hot Add/Hotplug Support4.14. Surviving a vCenter Server Failure or Outage
5. Useful Command-Line Tools
5.1. Entering Maintenance Mode via the Command Line5.2. Displaying Server Information5.3. Viewing the ESX Version5.4. Changing the Virtual Disk from BusLogic to LSI Logic5.5. Hiding the VMware Tools Icon5.6. Emptying a Large Virtual Machine Logfile5.7. Viewing Disk Partitions via the Console5.8. Monitoring CPU Usage5.9. Monitoring Memory5.10. Monitoring Storage Performance5.11. Monitoring Network Usage5.12. Managing Virtual Switches5.13. Generating a Logfile for VMware Support5.14. Checking ESX Patches5.15. Enabling NTP in vCenter5.16. Enabling NTP via the Command Line5.17. Changing the ESX Server’s Time5.18. Using TCP Wrappers5.19. Restarting the vCenter Agent5.20. Unregistering a Virtual Machine via the Command Line5.21. Registering a Virtual Machine via the Command Line5.22. Finding Virtual Machine Snapshots5.23. Renaming a Virtual Machine via vCenter5.24. Renaming a Virtual Machine via the Command Line5.25. Using Host Files5.26. Setting ESX Options Using the Command Line5.27. Configuring Authentication Choices Using the Command Line5.28. Manipulating the Bootloader5.29. Manipulating the Crash Dump Partition5.30. Configuring a Firewall on the Command Line5.31. Managing ESX Driver Modules5.32. Configuring Storage Multipathing5.33. Managing NFS Mounts5.34. Managing Disk Volumes with ESX45.35. Configuring Ethernet Adapters5.36. Rescanning Host Bus Adapters5.37. Managing ESX4 Add-ons from the Command Line5.38. Managing Resource Groups from the Command Line5.39. Managing VMkernel Network Routes5.40. Configuring Software iSCSI Options5.41. Configuring Hardware iSCSCI Options5.42. Upgrading Your Version of VMware5.43. Displaying vmhba Names with Associated Mappings5.44. Managing SCSI Device Mappings with ESX4 vSphere5.45. Managing VMkernel Ports5.46. Managing vswif Console Network Settings
6. General Security
6.1. Enabling SSH on ESXi6.2. Enabling Direct root Logins on Your ESX Server6.3. Adding Users and Groups6.4. Allowing or Denying Users the Use of SSH6.5. Turning on the MOTD for Console Users6.6. Changing the root Password via the Console6.7. Recovering a Lost root Password6.8. Disabling Direct root Console Logins6.9. Securing the GRUB Bootloader Menu6.10. Disabling USB Drive Mounting6.11. Opening and Closing Firewall Ports via the Console6.12. Checking Default ESX Ports6.13. Turning on SNMP for Remote Administration6.14. Using SNMP Version 36.15. Using sudo6.16. Configuring sudo6.17. Tracking Users via the CLI6.18. Configuring Active Directory Authentication6.19. Setting a Maximum Number of Failed Logins6.20. Limiting Access to the su Command6.21. Setting User Password Aging6.22. Disabling Copy and Paste6.23. Disabling Disk Shrinking on Virtual Machines6.24. Disabling Unneeded Devices6.25. Preventing Unwanted Device Additions and Removals6.26. Disabling VMware Tools Settings Override
7. Automating ESX Installation
7.1. Enabling Scripted Install Support on ESX7.2. Using the Scripted Installer7.3. Enhancing the Kickstart Configuration7.4. Copying the CD-ROM to Facilitate NFS Installations7.5. Advanced Install Scripting Using %pre7.6. Advanced Install Scripting Using %post7.7. Using the ESX Deployment Appliance
Index
About the Authors

Colophon
Copyright

Content preview from VMware Cookbook

Chapter 6. General Security

In this chapter we will provide solutions to help you maintain a secure virtual environment, using technologies that are already available to you in your VMware implementation. This chapter will cover a lot of basic Linux-related material, since the ESX Server has Red Hat Linux as its base. We will also discuss increasing security with ESXi, VMware’s console-less hypervisor.

This chapter will focus on using the command line for security and monitoring tasks. Most of the tasks we’ll examine (apart from user-related tasks such as role management) can be performed using the vCenter client, and in fact that is VMware’s suggested method. However, we feel that users should know how to use alternative ways to manage their ESX Servers, in case there are problems that prevent the use of the vCenter client. Thus, we have chosen to focus on the command line in this chapter. If you need details on performing any of these tasks via vCenter, we recommend that you familiarize yourself with a great document VMware provides on security, located at http://www.vmware.com/files/pdf/vi35_security_hardening_wp.pdf.

6.1. Enabling SSH on ESXi

Problem

You want to enable SSH on your server console.

Solution

Enable SSH. However, note that leaving direct root SSH disabled is the suggested configuration.

Discussion

SSH is a valuable service to have on your service console because it provides a way for an administrator to go behind the VMware GUI and issue commands directly to the operating ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

VMware vSphere 6.7 Cookbook - Fourth Edition

Publisher Resources

ISBN: 9780596805777Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

VMware Cookbook

by Ryan Troy, Matthew Helmke

Chapter 6. General Security