[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

vsphere best practices (above and beyond security)

Posted on 2013-05-16
8
Medium Priority
?
491 Views
Last Modified: 2013-05-21
Aside from Security best practices for vSphere and your virtual server infrastructure, are there any other best practice documents to adhere to when designing/configuring/management your vSphere infrastructure, if so what specifics do they cover, and are there any useful tools to check for alignment to these best practices also? I could do with a checklist to see how well our vSphere infrastructure aligns to best practice guidance, there is a lot on security but not so much in other risk areas outside of security.
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 39170684
vCenter Operations Manager, will maintain and monitor your configurations.

Best Practice is to read all the vSphere documentations.

VMware vSphere 4.1 Documentation

VMware vSphere 4.1 Documentation Index

Hardware, Software, and Guest Operating System Compatibility Information


Hardware Compatibility Guide

Configuration Maximums for VMware vSphere 4.1

VMware vSphere Compatibility Matrixes

Guest Operating System Compatibility Guide

Main System Administrator Documentation Set

First published on 13 Jul 2010 for ESXi 4.1 Embedded Build 260247 and vCenter Server 4.1 Build 259021


Getting Started with ESXi Installable

ESXi Installable and vCenter Server Setup Guide

Upgrade Guide

VMware vSphere 5.0 Documentation
VMware vSphere 5.0 Documentation Index

VMware vSphere Basics Guide
vSphere Installation and Setup Guide
vSphere Upgrade Guide
vCenter Server and Host Management Guide      
vSphere Virtual Machine Administration Guide
vSphere Host Profiles Guide
vSphere Networking Guide
vSphere Storage Guide
vSphere Security Guide
vSphere Resource Management Guide
vSphere Availability Guide
vSphere Monitoring and Performance Guide
vSphere Troubleshooting
VMware vSphere Examples and Scenarios Guide

Release 5.0 Update 1 Documentation Archive
Release 5.0 Documentation Archive

Also your VMware Environment can be Audited and Checked, e.g. Proactive Maintenance by a VMware Partner or VMware Consultant (employee!)

Best Practice is divided into four areas, which is Audited.

1. Networking
2. Storage
3. vSphere Hosts
4. vSphere VMs

Are you Administrators trained at VMware and Certifed?
0
 
LVL 3

Author Comment

by:pma111
ID: 39170687
Aside from security issues if you've reviewed other companies vsphere setups, do you come across any other common misconfigurations/risks?
0
 
LVL 124
ID: 39170693
Yes, many, Single Point of failures  mostly, non certified equipment, which is not on the HCL.

Organisations with NO VMware Support, running FREE ESXi, no backups, no resilient networking, no resilient storage.

Untrained staff, staff with zero VMware skills.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Author Comment

by:pma111
ID: 39170766
When you say no backups, are you referring to hosts here, or guests (virtual machines), or other things? I was under the impression many dont backup hosts, just guests.
0
 
LVL 3

Author Comment

by:pma111
ID: 39170769
Are there any tools that can match your hardware against the HCL to identify mismatches, or is that a manual task?
0
 
LVL 124
ID: 39170820
No VM backup no docs for ESXi host config

Search the HCL manually ensure hardware is on HCL before purchase!
0
 
LVL 124
ID: 39170822
No VMware Support or Maintenance contract
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1000 total points
ID: 39171866
Check that patches are being applied to the hosts.

Make sure that snapshots are deleted within 72 hours.  (Snapshots are NOT backups.  They introduce performance problems, risk corruption of the VM, and are a security risk in that a patched system could be brought back in an unpatched state.)

Make sure that CDs are not set to be connected at power on.  (VMs can then boot to the CD, and inadvertently cause an outage.)

Monitor CPU_Ready, especially if you have machines with multiple vCPUs.  (CPU_Ready is a measure of how long the guest OS is waiting for CPU to be scheduled.  It should be below 1%; anything above that indicates scheduling issues.)

Watch for patches to your storage infrastructure if you're using shared storage.  I've seen SAN controllers become unresponsive because a firmware patch had not been applied.

Use RAID-6 (NetApp calls it RAID-DP) when possible.  Raid 5 allows for one drive failure, and RAID-6 gives you that additional redundancy for when a tech goes in to replace a failed drive and pulls the wrong drive.

Monitor capacity to make sure you have enough capacity if one of your hosts fails.

Monitor the capacity of your datastores.

Set up E-mail notification of alarms.

Learn powershell/powercli.  In any sufficiently large environment, you will need it.

Make sure VMTools are installed on all guests, and kept up to date.

Make sure to document who set up each VM, what its purpose is, who can tell you when it's time to remove it.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
This article will explain How to fix Broken backup chain in Veeam Backup & Replication.
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question