This week I am back in the classroom teaching a vSphere 5.5: Install, Configure and Manage class for VMware in Sacramento, CA. During the first few sections of the class, the ESXi user interfaces and basic configuration tasks are presented, including an overview of the tasks that can be accomplished with DCUI (Direct Console User Interface). The topic of lockdown mode is mentioned as well as how to configure an ESXI host to use Active Directory for user authentication and a little advice on user account best practices. As part of the discussion, I bring up the use of an “ESX Admins” group in Active Directory, the treatment of the Root user password as an “in case of emergency” item to be tightly controlled and the use of lockdown mode.

Today when I was leaving class, I was happy to see a new blog post from Kyle Gleed of VMware entitled: “Restricting Access to the ESXi Host Console – Revisiting Lockdown Mode” and in particular his 5 step recommendation on restricting access to ESXi with version 5.1 or later:

1. Add your ESXi hosts to Active Directory. This not only allows users to use their existing active directory accounts to manage their ESXi hosts, but it eliminates the need to create and maintain local user accounts on each host.

2. Create the “ESX Admins” Group in Active Directory and add all your admins as members to this group. By default, when an ESXi hosts is added to active directory the “ESX Admins” group is assigned full admin privileges. Note that you can change the name of the group and customize the privileges (follow the link for information on how to do this).

3. Vault the “root” password. As I noted above, root is still able to override lockdown mode so you want to limit access to this account. With ESXi versions 5.1 and beyond you can now assign full admin rights to named users so it’s no longer necessary to use the root account for day-to-day administration. Don’t disable the root account, set a complex password and lock it away in a safe so you can access it if you ever need to.

4. Set a timeout for both the ESXiShellTimeOut and the ESXiShellInteractiveTimeOut. Should you ever need to temporarily enable access the ESXi Shell via SSH it’s good to set these timeouts so these services will automatically get shutdown and idle SSH/Shell sessions terminated.

5. Enable Lockdown Mode. Enabling lockdown mode prevents non-root users from logging onto the host console directly. This forces admins to manage the host through vCenter Server. Again, should a host ever become isolated from vCenter Server you can retrieve the root password and login as root to override the lockdown mode. Again, be sure not to disable the root user . The point is not to disable root access, but rather to avoid having admins use it for their day-to-day activities.

Terrific advice and I appreciate the timing, I will definitely refer to this in class this week and in the future!

Posted by

vminstructor

Posted on

November 26, 2013

Posted under

ESXi, training, vCenter, vSphere

Comments

Leave a comment

VMware KB: VMware vSphere 5 Memory Management and Monitoring diagram

While digging through VMware’s Knowledge Base for articles for a future blog post I ran across this and couldn’t wait to share.

This has the most brilliant diagram of the various memory management features and their instrumentation in the various interfaces available to vSphere admins.

VMware KB: VMware vSphere 5 Memory Management and Monitoring diagram.

Posted by

vminstructor

Posted on

February 20, 2013

Posted under

Certification, training, VCP

Comments

Leave a comment

VMware releases VCP-Cloud exam

VMware has released the VCP-Cloud exam. With the release of the VCP-Cloud exam there are now two ways to obtain the VCP-Cloud certification.

From the VMware Education and Certification blog:

Path 1
If you are already a VCP5-DV (VMware Certified Professional 5 – Datacenter Virtualization, formerly known as VCP5), all you need to do is pass the IaaS exam to earn your VCP-Cloud certification. There are two courses that can help you prepare for this exam, but they aren’t required:

vCloud Director: Install, Configure, Manage

vCenter Chargeback Fundamentals

Path 2
If you are just starting with VMware technologies or don’t have VCP5-DV certification, then you need to take two steps to earn your VCP-Cloud certification:

Attend one of these qualifying courses:

vCloud Director: Install, Configure, Manage

VMware vCloud: Deploy and Manage the VMware Cloud [V1.5]

Pass the VCP-Cloud exam

Learn more about the VCP-Cloud certification and the two paths towards earning it at www.vmware.com/go/vcpcloud.

Posted by

vminstructor

Posted on

October 31, 2012

Posted under

training, VMware

Comments

Leave a comment

Free VMware self-paced eLearning courses

Are you looking for basic understanding of some of VMware products outside of just the core of vCenter and ESXi? If so, check out the free elearning courses offered by VMware Education. There are courses on Site Recovery Manager, vFabric, vCenter Operations Manager, vShield, vCloud Director, VMware View and What’s New in vSPhere 5.1. In addition there are courses on virtualizing Microsoft Tier 1 applications like Exchange 2010, SQL server and SharePoint.

The courses are the same content that VMware partners have used to attain accreditation for delivering VMware solutions for disaster recovery and virtualizing business critical application.

While these courses won’t replace VMware Education’s live online or instructor lead classes, they will help you to get a basic understanding of concepts, capabilities and design choices when working with the various products.

The english language version is available here.

Posted by

vminstructor

Posted on

October 31, 2012

Posted under

ESXi, training, VMware, vSphere

Comments

Leave a comment

Over 50 Free Instructional Videos from VMware

Earlier this month, VMware launched a new site, VMwarelearning.com with 50+ technical videos. These videos offer tips, design guidelines, best practices and product feature knowledge from VMware technical experts. This is a terrific way to get valuable information and technical expertise for FREE!

Posted by

vminstructor

Posted on

May 24, 2010

Posted under

Certification, training, VMware

Comments

Leave a comment

New VMware Advanced Certifications announced

VMware Education has announced their new VMware Certified Advanced Professional (VCAP) Certification specialties VCAP4-Datacenter Administrator (VCAP4-DCA) and VCAP4-Datacenter Design (VCAP4-DCD).

VMware Certified Advanced Professional 4 -Datacenter Administration (VCAP4-DCA)
The VCAP-DCA is directed toward System Administrators, Senior Consultants and Technical Support Engineers who work with large and more complex virtualized environments and can demonstrate technical leadership with vSphere technologies. Successful candidates are able to use automation tools, to plan and design virtualized solutions and to administer all vSphere Enterprise components. Registration opens July 12. Learn more about this VCAP specialty.

VMware Certified Advanced Professional 4-Datacenter Design (VCAP4-DCD)
The VCAP-DCD is directed toward IT Architects and Consulting Architects who design VMware solutions in a multi-site, large enterprise environment. They have a deep understanding both of VMware core components and their relation to storage and networking as well as datacenter design methodologies. They also possess knowledge of applications and physical infrastructure, as well as their relationship to the virtual infrastructure. Registration opens in August. Learn more about this VCAP specialty.

Advanced Courses Created to help you Achieve Your New Certification Goals
VMware has designed several courses to help VCPs ramp their skills in preparation for VCAP certification exams.

VCAP-DCA Recommended Training
VMware vSphere: Troubleshooting [V4]
VMware vSphere: Manage for Performance [V4]

VCAP-DCD Recommended Training
VMware vSphere: Design Workshop [V4]

I have participated in “Train the Trainer” versions of each of the three courses listed above and heartily recommend them. Even if you do not anticipate pursuing advanced certification, these courses will greatly enhance your virtualization skills. If you later decide to pursue the advanced VMware credentials, you will be well on your way. These new specialties follow on after the VMware Certified Professional 4 (VCP4) exam and define the prerequisites along the path to VMware Certified Design Expert 4 (VCDX4) VMware premier certification. For more information on the VCDX4 Certification follow this link.

Posted by

vminstructor

Posted on

February 2, 2010

Posted under

ESX, training, View, VMware

Comments

Leave a comment

VMware Partner Exchange 2010

I just booked my flight to Las Vegas for VMware’s Partner Exchange. I will be attending the partner “Post-Sales Accreditation Bootcamp” on the weekend and staying for a couple of VMware View 4 design session on Tuesday. I have a cousin who lives in Las Vegas and Friday is his birthday. If I can locate him I will look him up! Thanks to my boss for picking up the tab! I will make sure he and the rest of our company gets a great return on the investment!

Posted by

vminstructor

Posted on

September 16, 2009

Posted under

EMC, training, VMware

Comments

Leave a comment

EMC Storage resources

Earlier today I saw an exchange between Scott Lowe and Chad Sakac on twitter regarding a post on learning about EMC storage. I teach as a contractor for VMware and storage is routinely identified by students a topic for more and more in-depth discussion. I follow both Scott Lowe‘s and Chad Sakac‘s blogs with interest as they both have provided me with insight and very useful information. In this case, I found the comments to be very helpful and in particular the comment from Chad Sakac of EMC to be a succinct and helpful quick start for learning more about EMC storage and VMware and will be referencing it in future classes.