Solved

vsphere best practices (above and beyond security)

Posted on 2013-05-16
8
483 Views
Last Modified: 2013-05-21
Aside from Security best practices for vSphere and your virtual server infrastructure, are there any other best practice documents to adhere to when designing/configuring/management your vSphere infrastructure, if so what specifics do they cover, and are there any useful tools to check for alignment to these best practices also? I could do with a checklist to see how well our vSphere infrastructure aligns to best practice guidance, there is a lot on security but not so much in other risk areas outside of security.
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 39170684
vCenter Operations Manager, will maintain and monitor your configurations.

Best Practice is to read all the vSphere documentations.

VMware vSphere 4.1 Documentation

VMware vSphere 4.1 Documentation Index

Hardware, Software, and Guest Operating System Compatibility Information


Hardware Compatibility Guide

Configuration Maximums for VMware vSphere 4.1

VMware vSphere Compatibility Matrixes

Guest Operating System Compatibility Guide

Main System Administrator Documentation Set

First published on 13 Jul 2010 for ESXi 4.1 Embedded Build 260247 and vCenter Server 4.1 Build 259021


Getting Started with ESXi Installable

ESXi Installable and vCenter Server Setup Guide

Upgrade Guide

VMware vSphere 5.0 Documentation
VMware vSphere 5.0 Documentation Index

VMware vSphere Basics Guide
vSphere Installation and Setup Guide
vSphere Upgrade Guide
vCenter Server and Host Management Guide      
vSphere Virtual Machine Administration Guide
vSphere Host Profiles Guide
vSphere Networking Guide
vSphere Storage Guide
vSphere Security Guide
vSphere Resource Management Guide
vSphere Availability Guide
vSphere Monitoring and Performance Guide
vSphere Troubleshooting
VMware vSphere Examples and Scenarios Guide

Release 5.0 Update 1 Documentation Archive
Release 5.0 Documentation Archive

Also your VMware Environment can be Audited and Checked, e.g. Proactive Maintenance by a VMware Partner or VMware Consultant (employee!)

Best Practice is divided into four areas, which is Audited.

1. Networking
2. Storage
3. vSphere Hosts
4. vSphere VMs

Are you Administrators trained at VMware and Certifed?
0
 
LVL 3

Author Comment

by:pma111
ID: 39170687
Aside from security issues if you've reviewed other companies vsphere setups, do you come across any other common misconfigurations/risks?
0
 
LVL 120
ID: 39170693
Yes, many, Single Point of failures  mostly, non certified equipment, which is not on the HCL.

Organisations with NO VMware Support, running FREE ESXi, no backups, no resilient networking, no resilient storage.

Untrained staff, staff with zero VMware skills.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:pma111
ID: 39170766
When you say no backups, are you referring to hosts here, or guests (virtual machines), or other things? I was under the impression many dont backup hosts, just guests.
0
 
LVL 3

Author Comment

by:pma111
ID: 39170769
Are there any tools that can match your hardware against the HCL to identify mismatches, or is that a manual task?
0
 
LVL 120
ID: 39170820
No VM backup no docs for ESXi host config

Search the HCL manually ensure hardware is on HCL before purchase!
0
 
LVL 120
ID: 39170822
No VMware Support or Maintenance contract
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 39171866
Check that patches are being applied to the hosts.

Make sure that snapshots are deleted within 72 hours.  (Snapshots are NOT backups.  They introduce performance problems, risk corruption of the VM, and are a security risk in that a patched system could be brought back in an unpatched state.)

Make sure that CDs are not set to be connected at power on.  (VMs can then boot to the CD, and inadvertently cause an outage.)

Monitor CPU_Ready, especially if you have machines with multiple vCPUs.  (CPU_Ready is a measure of how long the guest OS is waiting for CPU to be scheduled.  It should be below 1%; anything above that indicates scheduling issues.)

Watch for patches to your storage infrastructure if you're using shared storage.  I've seen SAN controllers become unresponsive because a firmware patch had not been applied.

Use RAID-6 (NetApp calls it RAID-DP) when possible.  Raid 5 allows for one drive failure, and RAID-6 gives you that additional redundancy for when a tech goes in to replace a failed drive and pulls the wrong drive.

Monitor capacity to make sure you have enough capacity if one of your hosts fails.

Monitor the capacity of your datastores.

Set up E-mail notification of alarms.

Learn powershell/powercli.  In any sufficiently large environment, you will need it.

Make sure VMTools are installed on all guests, and kept up to date.

Make sure to document who set up each VM, what its purpose is, who can tell you when it's time to remove it.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question