Improve company productivity with a Business Account.Sign Up

x
?
Solved

vsphere best practices (above and beyond security)

Posted on 2013-05-16
8
Medium Priority
?
493 Views
Last Modified: 2013-05-21
Aside from Security best practices for vSphere and your virtual server infrastructure, are there any other best practice documents to adhere to when designing/configuring/management your vSphere infrastructure, if so what specifics do they cover, and are there any useful tools to check for alignment to these best practices also? I could do with a checklist to see how well our vSphere infrastructure aligns to best practice guidance, there is a lot on security but not so much in other risk areas outside of security.
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 126

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 39170684
vCenter Operations Manager, will maintain and monitor your configurations.

Best Practice is to read all the vSphere documentations.

VMware vSphere 4.1 Documentation

VMware vSphere 4.1 Documentation Index

Hardware, Software, and Guest Operating System Compatibility Information


Hardware Compatibility Guide

Configuration Maximums for VMware vSphere 4.1

VMware vSphere Compatibility Matrixes

Guest Operating System Compatibility Guide

Main System Administrator Documentation Set

First published on 13 Jul 2010 for ESXi 4.1 Embedded Build 260247 and vCenter Server 4.1 Build 259021


Getting Started with ESXi Installable

ESXi Installable and vCenter Server Setup Guide

Upgrade Guide

VMware vSphere 5.0 Documentation
VMware vSphere 5.0 Documentation Index

VMware vSphere Basics Guide
vSphere Installation and Setup Guide
vSphere Upgrade Guide
vCenter Server and Host Management Guide      
vSphere Virtual Machine Administration Guide
vSphere Host Profiles Guide
vSphere Networking Guide
vSphere Storage Guide
vSphere Security Guide
vSphere Resource Management Guide
vSphere Availability Guide
vSphere Monitoring and Performance Guide
vSphere Troubleshooting
VMware vSphere Examples and Scenarios Guide

Release 5.0 Update 1 Documentation Archive
Release 5.0 Documentation Archive

Also your VMware Environment can be Audited and Checked, e.g. Proactive Maintenance by a VMware Partner or VMware Consultant (employee!)

Best Practice is divided into four areas, which is Audited.

1. Networking
2. Storage
3. vSphere Hosts
4. vSphere VMs

Are you Administrators trained at VMware and Certifed?
0
 
LVL 3

Author Comment

by:pma111
ID: 39170687
Aside from security issues if you've reviewed other companies vsphere setups, do you come across any other common misconfigurations/risks?
0
 
LVL 126
ID: 39170693
Yes, many, Single Point of failures  mostly, non certified equipment, which is not on the HCL.

Organisations with NO VMware Support, running FREE ESXi, no backups, no resilient networking, no resilient storage.

Untrained staff, staff with zero VMware skills.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 3

Author Comment

by:pma111
ID: 39170766
When you say no backups, are you referring to hosts here, or guests (virtual machines), or other things? I was under the impression many dont backup hosts, just guests.
0
 
LVL 3

Author Comment

by:pma111
ID: 39170769
Are there any tools that can match your hardware against the HCL to identify mismatches, or is that a manual task?
0
 
LVL 126
ID: 39170820
No VM backup no docs for ESXi host config

Search the HCL manually ensure hardware is on HCL before purchase!
0
 
LVL 126
ID: 39170822
No VMware Support or Maintenance contract
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1000 total points
ID: 39171866
Check that patches are being applied to the hosts.

Make sure that snapshots are deleted within 72 hours.  (Snapshots are NOT backups.  They introduce performance problems, risk corruption of the VM, and are a security risk in that a patched system could be brought back in an unpatched state.)

Make sure that CDs are not set to be connected at power on.  (VMs can then boot to the CD, and inadvertently cause an outage.)

Monitor CPU_Ready, especially if you have machines with multiple vCPUs.  (CPU_Ready is a measure of how long the guest OS is waiting for CPU to be scheduled.  It should be below 1%; anything above that indicates scheduling issues.)

Watch for patches to your storage infrastructure if you're using shared storage.  I've seen SAN controllers become unresponsive because a firmware patch had not been applied.

Use RAID-6 (NetApp calls it RAID-DP) when possible.  Raid 5 allows for one drive failure, and RAID-6 gives you that additional redundancy for when a tech goes in to replace a failed drive and pulls the wrong drive.

Monitor capacity to make sure you have enough capacity if one of your hosts fails.

Monitor the capacity of your datastores.

Set up E-mail notification of alarms.

Learn powershell/powercli.  In any sufficiently large environment, you will need it.

Make sure VMTools are installed on all guests, and kept up to date.

Make sure to document who set up each VM, what its purpose is, who can tell you when it's time to remove it.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article will go through how to backup a vPostgres DB from a broken vCenter Appliance and restore to a new vCenter Appliance.
This article is divided into two sections. 1) First describes how you can connect to server / service / device with Username and secure password in powershell. 2) Second part is to use secure credentials and connect to vCenters which are in Link…
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question