?
Solved

vsphere best practices (above and beyond security)

Posted on 2013-05-16
8
Medium Priority
?
486 Views
Last Modified: 2013-05-21
Aside from Security best practices for vSphere and your virtual server infrastructure, are there any other best practice documents to adhere to when designing/configuring/management your vSphere infrastructure, if so what specifics do they cover, and are there any useful tools to check for alignment to these best practices also? I could do with a checklist to see how well our vSphere infrastructure aligns to best practice guidance, there is a lot on security but not so much in other risk areas outside of security.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 123

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 39170684
vCenter Operations Manager, will maintain and monitor your configurations.

Best Practice is to read all the vSphere documentations.

VMware vSphere 4.1 Documentation

VMware vSphere 4.1 Documentation Index

Hardware, Software, and Guest Operating System Compatibility Information


Hardware Compatibility Guide

Configuration Maximums for VMware vSphere 4.1

VMware vSphere Compatibility Matrixes

Guest Operating System Compatibility Guide

Main System Administrator Documentation Set

First published on 13 Jul 2010 for ESXi 4.1 Embedded Build 260247 and vCenter Server 4.1 Build 259021


Getting Started with ESXi Installable

ESXi Installable and vCenter Server Setup Guide

Upgrade Guide

VMware vSphere 5.0 Documentation
VMware vSphere 5.0 Documentation Index

VMware vSphere Basics Guide
vSphere Installation and Setup Guide
vSphere Upgrade Guide
vCenter Server and Host Management Guide      
vSphere Virtual Machine Administration Guide
vSphere Host Profiles Guide
vSphere Networking Guide
vSphere Storage Guide
vSphere Security Guide
vSphere Resource Management Guide
vSphere Availability Guide
vSphere Monitoring and Performance Guide
vSphere Troubleshooting
VMware vSphere Examples and Scenarios Guide

Release 5.0 Update 1 Documentation Archive
Release 5.0 Documentation Archive

Also your VMware Environment can be Audited and Checked, e.g. Proactive Maintenance by a VMware Partner or VMware Consultant (employee!)

Best Practice is divided into four areas, which is Audited.

1. Networking
2. Storage
3. vSphere Hosts
4. vSphere VMs

Are you Administrators trained at VMware and Certifed?
0
 
LVL 3

Author Comment

by:pma111
ID: 39170687
Aside from security issues if you've reviewed other companies vsphere setups, do you come across any other common misconfigurations/risks?
0
 
LVL 123
ID: 39170693
Yes, many, Single Point of failures  mostly, non certified equipment, which is not on the HCL.

Organisations with NO VMware Support, running FREE ESXi, no backups, no resilient networking, no resilient storage.

Untrained staff, staff with zero VMware skills.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 3

Author Comment

by:pma111
ID: 39170766
When you say no backups, are you referring to hosts here, or guests (virtual machines), or other things? I was under the impression many dont backup hosts, just guests.
0
 
LVL 3

Author Comment

by:pma111
ID: 39170769
Are there any tools that can match your hardware against the HCL to identify mismatches, or is that a manual task?
0
 
LVL 123
ID: 39170820
No VM backup no docs for ESXi host config

Search the HCL manually ensure hardware is on HCL before purchase!
0
 
LVL 123
ID: 39170822
No VMware Support or Maintenance contract
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1000 total points
ID: 39171866
Check that patches are being applied to the hosts.

Make sure that snapshots are deleted within 72 hours.  (Snapshots are NOT backups.  They introduce performance problems, risk corruption of the VM, and are a security risk in that a patched system could be brought back in an unpatched state.)

Make sure that CDs are not set to be connected at power on.  (VMs can then boot to the CD, and inadvertently cause an outage.)

Monitor CPU_Ready, especially if you have machines with multiple vCPUs.  (CPU_Ready is a measure of how long the guest OS is waiting for CPU to be scheduled.  It should be below 1%; anything above that indicates scheduling issues.)

Watch for patches to your storage infrastructure if you're using shared storage.  I've seen SAN controllers become unresponsive because a firmware patch had not been applied.

Use RAID-6 (NetApp calls it RAID-DP) when possible.  Raid 5 allows for one drive failure, and RAID-6 gives you that additional redundancy for when a tech goes in to replace a failed drive and pulls the wrong drive.

Monitor capacity to make sure you have enough capacity if one of your hosts fails.

Monitor the capacity of your datastores.

Set up E-mail notification of alarms.

Learn powershell/powercli.  In any sufficiently large environment, you will need it.

Make sure VMTools are installed on all guests, and kept up to date.

Make sure to document who set up each VM, what its purpose is, who can tell you when it's time to remove it.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question