%BOOK_ENTITIES; ]>

If you want to use the VMware vSphere hypervisor to run guest virtual machines, install vSphere on the host(s) in your cloud.

For a smoother installation, gather the following information before you start: Information listed in Information listed in

You will need the following information about vCenter. vCenter Requirement Value Notes vCenter User This user must have admin privileges. vCenter User Password Password for the above user. vCenter Datacenter Name Name of the datacenter. vCenter Cluster Name Name of the cluster.

You will need the following information about VLAN. VLAN Information Value Notes ESXi VLAN VLAN on which all your ESXi hypervisors reside. ESXI VLAN IP Address IP Address Range in the ESXi VLAN. One address per Virtual Router is used from this range. ESXi VLAN IP Gateway ESXi VLAN Netmask Management Server VLAN VLAN on which the &PRODUCT; Management server is installed. Public VLAN VLAN for the Public Network. Public VLAN Gateway Public VLAN Netmask Public VLAN IP Address Range Range of Public IP Addresses available for &PRODUCT; use. These addresses will be used for virtual router on &PRODUCT; to route private traffic to external networks. VLAN Range for Customer use A contiguous range of non-routable VLANs. One VLAN will be assigned for each customer.

If you haven't already, you'll need to download and purchase vSphere from the VMware Website (https://www.vmware.com/tryvmware/index.php?p=vmware-vsphere&lp=1) and install it by following the VMware vSphere Installation Guide. Following installation, perform the following configuration, which are described in the next few sections: Required Optional ESXi host setup NIC bonding Configure host physical networking, virtual switch, vCenter Management Network, and extended port range Multipath storage Prepare storage for iSCSI Configure clusters in vCenter and add hosts to them, or add hosts without clusters to vCenter

All ESXi hosts should enable CPU hardware virtualization support in BIOS. Please note hardware virtualization support is not enabled by default on most servers.

You should have a plan for cabling the vSphere hosts. Proper network configuration is required before adding a vSphere host to &PRODUCT;. To configure an ESXi host, you can use vClient to add it as standalone host to vCenter first. Once you see the host appearing in the vCenter inventory tree, click the host node in the inventory tree, and navigate to the Configuration tab. vsphereclient.png: vSphere client In the host configuration tab, click the "Hardware/Networking" link to bring up the networking configuration page as above.

A default virtual switch vSwitch0 is created. &PRODUCT; requires all ESXi hosts in the cloud to use the same set of virtual switch names. If you change the default virtual switch name, you will need to configure one or more &PRODUCT; configuration variables as well.

&PRODUCT; allows you to use vCenter to configure three separate networks per ESXi host. These networks are identified by the name of the vSwitch they are connected to. The allowed networks for configuration are public (for traffic to/from the public internet), guest (for guest-guest traffic), and private (for management and usually storage traffic). You can use the default virtual switch for all three, or create one or two other vSwitches for those traffic types. If you want to separate traffic in this way you should first create and configure vSwitches in vCenter according to the vCenter instructions. Take note of the vSwitch names you have used for each traffic type. You will configure &PRODUCT; to use these vSwitches.

By default a virtual switch on ESXi hosts is created with 56 ports. We recommend setting it to 4088, the maximum number of ports allowed. To do that, click the "Properties..." link for virtual switch (note this is not the Properties link for Networking). vsphereclient.png: vSphere client In vSwitch properties dialog, select the vSwitch and click Edit. You should see the following dialog: vsphereclient.png: vSphere client In this dialog, you can change the number of switch ports. After you've done that, ESXi hosts are required to reboot in order for the setting to take effect.

In the vSwitch properties dialog box, you may see a vCenter management network. This same network will also be used as the &PRODUCT; management network. &PRODUCT; requires the vCenter management network to be configured properly. Select the management network item in the dialog, then click Edit. vsphereclient.png: vSphere client Make sure the following values are set: VLAN ID set to the desired ID vMotion enabled. Management traffic enabled. If the ESXi hosts have multiple VMKernel ports, and ESXi is not using the default value "Management Network" as the management network name, you must follow these guidelines to configure the management network port group so that &PRODUCT; can find it: Use one label for the management network port across all ESXi hosts. In the &PRODUCT; UI, go to Configuration - Global Settings and set vmware.management.portgroup to the management network label from the ESXi hosts.

(Applies only to VMware vSphere version 4.x) You need to extend the range of firewall ports that the console proxy works with on the hosts. This is to enable the console proxy to work with VMware-based VMs. The default additional port range is 59000-60000. To extend the port range, log in to the VMware ESX service console on each host and run the following commands: esxcfg-firewall -o 59000-60000,tcp,in,vncextras esxcfg-firewall -o 59000-60000,tcp,out,vncextras

NIC bonding on vSphere hosts may be done according to the vSphere installation guide.

&PRODUCT; supports Cisco Nexus 1000v dvSwitch (Distributed Virtual Switch) for virtual network configuration in a VMware vSphere environment. This section helps you configure a vSphere cluster with Nexus 1000v virtual switch in a VMware vCenter environment. For information on creating a vSphere cluster, see

The Cisco Nexus 1000V virtual switch is a software-based virtual machine access switch for VMware vSphere environments. It can span multiple hosts running VMware ESXi 4.0 and later. A Nexus virtual switch consists of two components: the Virtual Supervisor Module (VSM) and the Virtual Ethernet Module (VEM). The VSM is a virtual appliance that acts as the switch's supervisor. It controls multiple VEMs as a single network device. The VSM is installed independent of the VEM and is deployed in redundancy mode as pairs or as a standalone appliance. The VEM is installed on each VMware ESXi server to provide packet-forwarding capability. It provides each virtual machine with dedicated switch ports. This VSM-VEM architecture is analogous to a physical Cisco switch's supervisor (standalone or configured in high-availability mode) and multiple linecards architecture. Nexus 1000v switch uses vEthernet port profiles to simplify network provisioning for virtual machines. There are two types of port profiles: Ethernet port profile and vEthernet port profile. The Ethernet port profile is applied to the physical uplink ports-the NIC ports of the physical NIC adapter on an ESXi server. The vEthernet port profile is associated with the virtual NIC (vNIC) that is plumbed on a guest VM on the ESXi server. The port profiles help the network administrators define network policies which can be reused for new virtual machines. The Ethernet port profiles are created on the VSM and are represented as port groups on the vCenter server.

This section discusses prerequisites and guidelines for using Nexus virtual switch in &PRODUCT;. Before configuring Nexus virtual switch, ensure that your system meets the following requirements: A cluster of servers (ESXi 4.1 or later) is configured in the vCenter. Each cluster managed by &PRODUCT; is the only cluster in its vCenter datacenter. A Cisco Nexus 1000v virtual switch is installed to serve the datacenter that contains the vCenter cluster. This ensures that &PRODUCT; doesn't have to deal with dynamic migration of virtual adapters or networks across other existing virtual switches. See Cisco Nexus 1000V Installation and Upgrade Guide for guidelines on how to install the Nexus 1000v VSM and VEM modules. The Nexus 1000v VSM is not deployed on a vSphere host that is managed by &PRODUCT;. When the maximum number of VEM modules per VSM instance is reached, an additional VSM instance is created before introducing any more ESXi hosts. The limit is 64 VEM modules for each VSM instance. &PRODUCT; expects that the Management Network of the ESXi host is configured on the standard vSwitch and searches for it in the standard vSwitch. Therefore, ensure that you do not migrate the management network to Nexus 1000v virtual switch during configuration. All information given in

For a smoother configuration of Nexus 1000v switch, gather the following information before you start: vCenter Credentials Nexus 1000v VSM IP address Nexus 1000v VSM Credentials Ethernet port profile names

You will need the following information about vCenter: Nexus vSwitch Requirements Value Notes vCenter IP The IP address of the vCenter. Secure HTTP Port Number 443 Port 443 is configured by default; however, you can change the port if needed. vCenter User ID The vCenter user with administrator-level privileges. The vCenter User ID is required when you configure the virtual switch in &PRODUCT;. vCenter Password The password for the vCenter user specified above. The password for this vCenter user is required when you configure the switch in &PRODUCT;.

The following information specified in the Nexus Configure Networking screen is displayed in the Details tab of the Nexus dvSwitch in the &PRODUCT; UI: Network Requirements Value Notes Control Port Group VLAN ID The VLAN ID of the Control Port Group. The control VLAN is used for communication between the VSM and the VEMs. Management Port Group VLAN ID The VLAN ID of the Management Port Group. The management VLAN corresponds to the mgmt0 interface that is used to establish and maintain the connection between the VSM and VMware vCenter Server. Packet Port Group VLAN ID The VLAN ID of the Packet Port Group. The packet VLAN forwards relevant data packets from the VEMs to the VSM. The VLANs used for control, packet, and management port groups can be the same. For more information, see Cisco Nexus 1000V Getting Started Guide.

You will need the following information about network configuration: VSM Configuration Parameters Value Notes Value Notes Admin Name and Password The admin name and password to connect to the VSM appliance. You must specify these credentials while configuring Nexus virtual switch. Management IP Address This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuting Nexus virtual switch. SSL Enable Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which &PRODUCT; failes to connect to the VSM.

Whether you create a Basic or Advanced zone configuration, ensure that you always create an Ethernet port profile on the VSM after you install it and before you create the zone. The Ethernet port profile created to represent the physical network or networks used by an Advanced zone configuration trunk all the VLANs including guest VLANs, the VLANs that serve the native VLAN, and the packet/control/data/management VLANs of the VSM. The Ethernet port profile created for a Basic zone configuration does not trunk the guest VLANs because the guest VMs do not get their own VLANs provisioned on their network interfaces in a Basic zone. An Ethernet port profile configured on the Nexus 1000v virtual switch should not use in its set of system VLANs, or any of the VLANs configured or intended to be configured for use towards VMs or VM resources in the &PRODUCT; environment. You do not have to create any vEthernet port profiles – &PRODUCT; does that during VM deployment. Ensure that you create required port profiles to be used by &PRODUCT; for different traffic types of &PRODUCT;, such as Management traffic, Guest traffic, Storage traffic, and Public traffic. The physical networks configured during zone creation should have a one-to-one relation with the Ethernet port profiles. vsphereclient.png: vSphere client For information on creating a port profile, see Cisco Nexus 1000V Port Profile Configuration Guide.

Assign ESXi host's physical NIC adapters, which correspond to each physical network, to the port profiles. In each ESXi host that is part of the vCenter cluster, observe the physical networks assigned to each port profile and note down the names of the port profile for future use. This mapping information helps you when configuring physical networks during the zone configuration on &PRODUCT;. These Ethernet port profile names are later specified as VMware Traffic Labels for different traffic types when configuring physical networks during the zone configuration. For more information on configuring physical networks, see .

Determine the public VLAN, System VLAN, and Guest VLANs to be used by the &PRODUCT;. Ensure that you add them to the port profile database. Corresponding to each physical network, add the VLAN range to port profiles. In the VSM command prompt, run the switchport trunk allowed vlan<range> command to add the VLAN ranges to the port profile. For example: switchport trunk allowed vlan 1,140-147,196-203 In this example, the allowed VLANs added are 1, 140-147, and 196-203 You must also add all the public and private VLANs or VLAN ranges to the switch. This range is the VLAN range you specify in your zone. Before you run the vlan command, ensure that the configuration mode is enabled in Nexus 1000v virtual switch. For example: If you want the VLAN 200 to be used on the switch, run the following command: vlan 200 If you want the VLAN range 1350-1750 to be used on the switch, run the following command: vlan 1350-1750 Refer to Cisco Nexus 1000V Command Reference of specific product version.

To make a &PRODUCT; deployment Nexus enabled, you must set the vmware.use.nexus.vswitch parameter true by using the Global Settings page in the &PRODUCT; UI. Unless this parameter is set to "true" and restart the management server, you cannot see any UI options specific to Nexus virtual switch, and &PRODUCT; ignores the Nexus virtual switch specific parameters specified in the AddTrafficTypeCmd, UpdateTrafficTypeCmd, and AddClusterCmd API calls. Unless the &PRODUCT; global parameter "vmware.use.nexus.vswitch" is set to "true", &PRODUCT; by default uses VMware standard vSwitch for virtual network infrastructure. In this release, &PRODUCT; doesn’t support configuring virtual networks in a deployment with a mix of standard vSwitch and Nexus 1000v virtual switch. The deployment can have either standard vSwitch or Nexus 1000v virtual switch.

You can configure Nexus dvSwitch by adding the necessary resources while the zone is being created. vsphereclient.png: vSphere client After the zone is created, if you want to create an additional cluster along with Nexus 1000v virtual switch in the existing zone, use the Add Cluster option. For information on creating a cluster, see . In both these cases, you must specify the following parameters to configure Nexus virtual switch: Parameters Description Cluster Name Enter the name of the cluster you created in vCenter. For example, "cloud.cluster". vCenter Host Enter the host name or the IP address of the vCenter host where you have deployed the Nexus virtual switch. vCenter User name Enter the username that &PRODUCT; should use to connect to vCenter. This user must have all administrative privileges. vCenter Password Enter the password for the user named above. vCenter Datacenter Enter the vCenter datacenter that the cluster is in. For example, "cloud.dc.VM". Nexus dvSwitch IP Address The IP address of the VSM component of the Nexus 1000v virtual switch. Nexus dvSwitch Username The admin name to connect to the VSM appliance. Nexus dvSwitch Password The corresponding password for the admin user specified above.

In the vCenter datacenter that is served by the Nexus virtual switch, ensure that you delete all the hosts in the corresponding cluster. Log in with Admin permissions to the &PRODUCT; administrator UI. In the left navigation bar, select Infrastructure. In the Infrastructure page, click View all under Clusters. Select the cluster where you want to remove the virtual switch. In the dvSwitch tab, click the name of the virtual switch. In the Details page, click Delete Nexus dvSwitch icon. DeleteButton.png: button to delete dvSwitch Click Yes in the confirmation dialog box.

Use of iSCSI requires preparatory work in vCenter. You must add an iSCSI target and create an iSCSI datastore. If you are using NFS, skip this section.

In vCenter, go to hosts and Clusters/Configuration, and click Storage Adapters link. You will see: vsphereclient.png: vSphere client Select iSCSI software adapter and click Properties. vsphereclient.png: vSphere client Click the Configure... button. vsphereclient.png: vSphere client Check Enabled to enable the initiator. Click OK to save.

Under the properties dialog, add the iSCSI target info: vsphereclient.png: vSphere client Repeat these steps for all ESXi hosts in the cluster.

You should now create a VMFS datastore. Follow these steps to do so: Select Home/Inventory/Datastores. Right click on the datacenter node. Choose Add Datastore... command. Follow the wizard to create a iSCSI datastore. This procedure should be done on one host in the cluster. It is not necessary to do this on all hosts. vsphereclient.png: vSphere client

Storage multipathing on vSphere nodes may be done according to the vSphere installation guide.

Use vCenter to create a vCenter cluster and add your desired hosts to the cluster. You will later add the entire cluster to &PRODUCT;. (see ).

Disconnect the VMware vSphere cluster from &PRODUCT;. It should remain disconnected long enough to apply the hotfix on the host. Log in to the &PRODUCT; UI as root. See . Navigate to the VMware cluster, click Actions, and select Unmanage. Watch the cluster status until it shows Unmanaged. Perform the following on each of the ESXi hosts in the cluster: Move each of the ESXi hosts in the cluster to maintenance mode. Ensure that all the VMs are migrated to other hosts in that cluster. If there is only one host in that cluster, shutdown all the VMs and move the host into maintenance mode. Apply the patch on the ESXi host. Restart the host if prompted. Cancel the maintenance mode on the host. Reconnect the cluster to &PRODUCT;: Log in to the &PRODUCT; UI as root. Navigate to the VMware cluster, click Actions, and select Manage. Watch the status to see that all the hosts come up. It might take several minutes for the hosts to come up. Alternatively, verify the host state is properly synchronized and updated in the &PRODUCT; database.