Solved

vsphere best practices (above and beyond security)

Posted on 2013-05-16
8
478 Views
Last Modified: 2013-05-21
Aside from Security best practices for vSphere and your virtual server infrastructure, are there any other best practice documents to adhere to when designing/configuring/management your vSphere infrastructure, if so what specifics do they cover, and are there any useful tools to check for alignment to these best practices also? I could do with a checklist to see how well our vSphere infrastructure aligns to best practice guidance, there is a lot on security but not so much in other risk areas outside of security.
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
ID: 39170684
vCenter Operations Manager, will maintain and monitor your configurations.

Best Practice is to read all the vSphere documentations.

VMware vSphere 4.1 Documentation

VMware vSphere 4.1 Documentation Index

Hardware, Software, and Guest Operating System Compatibility Information


Hardware Compatibility Guide

Configuration Maximums for VMware vSphere 4.1

VMware vSphere Compatibility Matrixes

Guest Operating System Compatibility Guide

Main System Administrator Documentation Set

First published on 13 Jul 2010 for ESXi 4.1 Embedded Build 260247 and vCenter Server 4.1 Build 259021


Getting Started with ESXi Installable

ESXi Installable and vCenter Server Setup Guide

Upgrade Guide

VMware vSphere 5.0 Documentation
VMware vSphere 5.0 Documentation Index

VMware vSphere Basics Guide
vSphere Installation and Setup Guide
vSphere Upgrade Guide
vCenter Server and Host Management Guide      
vSphere Virtual Machine Administration Guide
vSphere Host Profiles Guide
vSphere Networking Guide
vSphere Storage Guide
vSphere Security Guide
vSphere Resource Management Guide
vSphere Availability Guide
vSphere Monitoring and Performance Guide
vSphere Troubleshooting
VMware vSphere Examples and Scenarios Guide

Release 5.0 Update 1 Documentation Archive
Release 5.0 Documentation Archive

Also your VMware Environment can be Audited and Checked, e.g. Proactive Maintenance by a VMware Partner or VMware Consultant (employee!)

Best Practice is divided into four areas, which is Audited.

1. Networking
2. Storage
3. vSphere Hosts
4. vSphere VMs

Are you Administrators trained at VMware and Certifed?
0
 
LVL 3

Author Comment

by:pma111
ID: 39170687
Aside from security issues if you've reviewed other companies vsphere setups, do you come across any other common misconfigurations/risks?
0
 
LVL 117
ID: 39170693
Yes, many, Single Point of failures  mostly, non certified equipment, which is not on the HCL.

Organisations with NO VMware Support, running FREE ESXi, no backups, no resilient networking, no resilient storage.

Untrained staff, staff with zero VMware skills.
0
 
LVL 3

Author Comment

by:pma111
ID: 39170766
When you say no backups, are you referring to hosts here, or guests (virtual machines), or other things? I was under the impression many dont backup hosts, just guests.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 3

Author Comment

by:pma111
ID: 39170769
Are there any tools that can match your hardware against the HCL to identify mismatches, or is that a manual task?
0
 
LVL 117
ID: 39170820
No VM backup no docs for ESXi host config

Search the HCL manually ensure hardware is on HCL before purchase!
0
 
LVL 117
ID: 39170822
No VMware Support or Maintenance contract
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 39171866
Check that patches are being applied to the hosts.

Make sure that snapshots are deleted within 72 hours.  (Snapshots are NOT backups.  They introduce performance problems, risk corruption of the VM, and are a security risk in that a patched system could be brought back in an unpatched state.)

Make sure that CDs are not set to be connected at power on.  (VMs can then boot to the CD, and inadvertently cause an outage.)

Monitor CPU_Ready, especially if you have machines with multiple vCPUs.  (CPU_Ready is a measure of how long the guest OS is waiting for CPU to be scheduled.  It should be below 1%; anything above that indicates scheduling issues.)

Watch for patches to your storage infrastructure if you're using shared storage.  I've seen SAN controllers become unresponsive because a firmware patch had not been applied.

Use RAID-6 (NetApp calls it RAID-DP) when possible.  Raid 5 allows for one drive failure, and RAID-6 gives you that additional redundancy for when a tech goes in to replace a failed drive and pulls the wrong drive.

Monitor capacity to make sure you have enough capacity if one of your hosts fails.

Monitor the capacity of your datastores.

Set up E-mail notification of alarms.

Learn powershell/powercli.  In any sufficiently large environment, you will need it.

Make sure VMTools are installed on all guests, and kept up to date.

Make sure to document who set up each VM, what its purpose is, who can tell you when it's time to remove it.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now