Configuration tasks
After you provision your VMware Cloud Foundation for Classic - Automated instance, system administrators might need to run the following configuration tasks. These tasks set the initial environment to the enterprise needs and to respond to future service requests.
Instance and cluster guidance
| Title | Description |
|---|---|
| Naming convention | One of the first tasks is to adopt a naming convention for your VCF for Classic - Automated instance. You can extend your existing naming convention that is used by your organization or create one. Before you adopt a naming convention and change names in your VCF for Classic - Automated instance, see Considerations about changing VCF for Classic - Automated artifacts. |
| Connecting to your VCF for Classic - Automated instance | After provisioning, connect to VMware vCenter®. You can deploy a jump server so that you can connect to the jump server by using the internet. Then, connect from the jump server to vCenter by using the private network. Or, you can use the IBM Cloud® VPN, which is a VPN connection from your location to the IBM Cloud private network, which allows out-of-band management and vCenter access. For more information, see Getting started with IBM Cloud SSL Virtual Private Networking. |
| Configure name resolution | To use the features in vCenter, add name resolution for the VCF for Classic - Automated components to your workstation or jump server. The /etc/hosts or c:\Windows\System32\Drivers\etc\hosts file requires entries
for the Platform Services Controller (PSC), vCenter and the vSphere ESXi™ hosts. For more information, see Deploying an OVF file by using the VMware vSphere Web Client. |
| RBAC | For more information about required privileges for common tasks in the vSphere environment, see Required privileges for common tasks. |
| Using custom Certificate Authority Signed Certificate | For more information, see Replace machine SSL certificates with custom certificates. |
| Configure vSphere monitoring | vSphere includes a user-configurable events and alarms subsystem, which tracks events from vSphere components and stores the data in log files and the vCenter database. Events (Information, Warning, and Error) are records of user or system actions that occur on vSphere objects. Alarms are notifications that are activated in response to the state of an vSphere object. Alarms have the following severity levels: Normal – green, Warning – yellow, and Alert – red. Alarm actions are operations that occur in response to an alarm, for example, an email notification is sent. For more information about how you can configure and use the vSphere monitoring, see Monitoring events, alarms, and automated actions. |
| Adding clusters | Your VCF for Classic - Automated instance was deployed with a cluster of vSphere ESXi hosts. You can add more clusters to your instances to expand the compute and storage capacity. For more information, see Adding clusters to VCF for Classic - Automated instances. |
| VCF for Classic - Automated capacity | You can expand or contract the capacity of your VCF for Classic - Automated instance according to your business needs, by adding or removing vSphere ESXi servers or Network File System (NFS) storage. For more information, see Expanding and contracting capacity for VCF for Classic - Automated instances. |
| VCF for Classic - Automated instance services | After your VCF for Classic - Automated instance is deployed you can add more services, such as a disaster recovery, severity, or backup solution. When you no longer need these services, you can remove them from your instances. For more information, see Ordering services for VCF for Classic - Automated instances. |
| VCF for Classic - Automated instance updates | The process of applying fixes and updates to VCF for Classic - Automated instances is automated for the management components only. |
| Multisite configuration | The multisite configuration feature uses a hub and spoke topology with one primary site and a maximum of 14 secondary sites. For more information, see Multisite configuration for VCF for Classic - Automated instances and Deleting VCF for Classic - Automated instances in a multisite configuration. |
| Using VMware Update Manager | After deployment, the VMware products are updated by your system administrators. For more information about how your system administrators can use VUM in a VCF for Classic - Automated instance, see VMware Update Manager introduction. |
| Key VCF for Classic - Automated Instance components backup | Your system administrators are responsible for the configuration, management, and monitoring of all software components of your VCF for Classic - Automated instance, including the backup and availability of the management infrastructure and workloads. As part of the solution, you can optionally deploy the Veeam add-on service that can help with backing up your management components. For more information, see Backing up components. |
| Collecting diagnostic information for VMware products | VMware Technical Support routinely requests diagnostic information when a support request is handled. This diagnostic information contains product-specific logs, configuration files, and data appropriate to the situation. For more information, see Collecting diagnostic information for VMware products. For more information about the process of collecting the required diagnostic information for VMware NSX® Edge™ devices, see Collecting diagnostic information for VMware NSX Edge (2079380). |
VM procedures
| Title | Description |
|---|---|
| Creating a VM | For more information about creating a new VM, see Create a virtual machine with the New virtual machine wizard. |
| Configuring a VM | For more information about configuring the VM hardware, see Configuring virtual machine hardware. |
| Installing a guest OS on a VM | For more information about the process of installing a guest OS on to a VM, see Installing a guest operating system. |
| Creating a snapshot | Snapshots capture the entire state of the VM at the time that you take the snapshot. You can take a snapshot when a VM is powered on, powered off, or suspended. For more information, see Take a snapshot in the VMware host client. |
| Reverting a snapshot | For more information about restoring the VM state to its previous state at the start of the snapshot, see Restoring snapshots. |
| Removing and adding VMs and templates | For more information about removing VMs and VM templates from the vCenter inventory or deleting them from the disk, see Removing and reregistering VMs and VM templates. |
| Upgrading a VM and tools | For more information about upgrading a VM to a higher level of compatibility and a higher version of VMware tools, see Upgrading virtual machines. |
| Adding a disk | For more information about adding a disk to an existing VM, see Add a hard disk to a virtual machine. |
| Shrinking a disk | For more information about shrinking a disk to an existing VM, see Growing, thinning, and shrinking virtual disks for VMware ESX and ESXi. |
| Expanding a disk | For more information about expanding the size of an existing disk for a VM, see Change the virtual disk configuration. |
| Hot migrate | For more information about how to vMotion a VM between vSphere hosts in the same cluster, see Managing virtual machines. |
| Cold migrate | For more information about migrating a VM between VCF for Classic - Automated instances, see Migrate a powered off or suspended virtual machine. |
| Remove a VM | For more information about removing a VM, see Remove VMs or VM templates from vCenter Server or from the datastore. |
| Removing a disk | For more information about removing a disk from a VM, see Add an existing hard disk to a virtual machine. |
| VM Tools | For more information about the process for updating VM Tools, see Creating and Working with Baselines and Baseline Groups. |
| Determine the virtual disk format and convert a virtual disk from the thin provision format to a thick provision format | For more information about converting a VM disk from the thin provision format to the thick provision format, see Determine the virtual disk format and convert a virtual disk from thin provision format to a thick provision format. |
| AD/DNS server OS Updates | The Microsoft® Active Directory™ (AD) / Domain Name Server (DNS) is automatically set up to download updates only. For more information, see Windows automatic installation of updates. |
vCenter procedures
| Title | Description |
|---|---|
| Backing up vCenter | For more information, see Restore vCenter Server from a File-Based Backup. |
| VSCA/PSC patching | For more information, see Patching the vCenter Server appliance and Platform Services Controller Appliance. |
| Stopping, starting, or restarting vCenter services | For troubleshooting and maintenance purposes, it is sometimes necessary to change the status of vCenter services. For more information, see Stopping, starting, or restarting services in vCenter Server Appliance. |
| Overview of backup and restore options for the VCSA | For more information, see Overview of Backup and Restore Options in vCenter Server 6.x/7.0.x/8.0. |
| Configure vCenter email notifications | For more information about configuring email notifications, see Configure the Local Email Notifications for vCloud Usage Meter. |
vSphere ESXi host procedures
| Title | Description |
|---|---|
| vSphere host maintenance | A host is placed in to maintenance mode when maintenance tasks need to be run, such as upgrades or physical device replacement. A host enters or leaves maintenance mode only as the result of a system administrator request. VMs that are running on a host that is entering maintenance mode need to be migrated to another host (either manually or automatically by DRS) or shut down. For more information, see Place a host in maintenance mode. |
| Adding a vSphere ESXi host | For more information, see Adding ESXi servers to VCF for Classic - Automated instances. |
| Removing a vSphere ESXi host | For more information, see Removing ESXi servers from VCF for Classic - Automated instances. |
| Bare metal server firmware patching | For more information, see How do I update my out-of-date bare metal server firmware? |
| vSphere ESXi host patching | For more information about using VMware Update Manager (VUM) to update not only vSphere ESXi hosts but a number of other VCF for Classic - Automated instance components, see VMware Update Manager introduction. |
| Test host network connections | For more information about ways to verify that the network links between the physical network adapters of the vSphere ESXi host and the physical switch are up and available for use, see Verifying network links. |
| Determining the network and storage firmware and driver version in the ESXi | For more information, see Determining network and storage firmware and driver version in ESXi 4.x and later. |
| Troubleshooting network and TCP and UDP port connectivity issues on ESXi | For more information, see Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi. |
Storage procedures
| Title | Description |
|---|---|
| Add IBM Cloud Endurance NFS storage | For more information about adding an IBM Cloud Endurance NFS share to an existing cluster, see Adding NFS storage to VCF for Classic - Automated instances. |
| Remove IBM Cloud Endurance NFS storage | For more information about removing an IBM Cloud Endurance NFS share from an existing cluster, see Removing NFS storage from VCF for Classic - Automated instances. |
| Grow IBM Cloud Endurance NFS storage | For more information about adding more capacity to an IBM Cloud Endurance NFS share, see Expanding Block Storage for Classic capacity. |
| Shrink IBM Cloud Endurance NFS storage | For more information about shrinking capacity in an IBM Cloud Endurance NFS share, see Expanding Block Storage for Classic capacity. |
| vSAN policy best practice advice | For more information, see vSAN policy design. |
| Enabling vSAN health check | For more information, see Enable the vSAN online health workflow and vSAN health check information (2114803). |
| Enable encryption | For more information about using the KMIP for VMware service to enable encryption, see KMIP for VMware overview. For more information about enabling VM encryption, see Virtual machine encryption. For more information about using data at rest encryption to protect data in your vSAN cluster, see Using encryption in a vSAN cluster. |
| Add vSAN storage | For more information about adding more vSphere ESXi hosts to your existing vSAN cluster, see Adding ESXi servers to VCF for Classic - Automated instances. The addition of more hosts increases CPU, RAM, and storage to your cluster. For more information about vSAN technology, see Expanding a vSAN cluster. |
| Remove vSAN storage | For more information about removing storage from a vSAN cluster, see Removing ESXi servers from VCF for Classic - Automated instances. The removal of hosts decreases CPU, RAM, and storage in your cluster. |
| Using default vSAN alarms | The default vSAN alarms can be used to monitor the cluster, hosts, and existing vSAN licenses. These alarms are automatically triggered when the events corresponding to the alarms are activated or if one or all the conditions that are specified in the alarms are met. You cannot edit the conditions or delete the default alarms. To configure alarms that are specific to your requirements, create custom alarms for vSAN. For more information about monitoring alarms, events, editing existing alarm settings, and using the default vSAN alarms to monitor your cluster, hosts, analyze any new events, and assess the overall cluster health, see Using the vSAN default alarms. |
| Enable SIOC | By default, Storage IO Control (SIOC) is disabled. If you are experiencing poor performance for VMs in a datastore, you can enable SIOC to help with prioritization to storage resources. SIOC is only activated when there is storage contention to ensure that every VM gets its share of storage resources. Using a VM storage policy and assigning that policy to a VM or VMDK enables this. For more information, see Managing storage I/O resources. |
| Configure a datastore cluster | A datastore cluster is a collection of datastores with shared resources and a shared management interface. Datastore clusters are to datastores what clusters are to hosts. When you create a datastore cluster, you can use vSphere Storage DRS to manage storage resources. When you add a datastore to a datastore cluster, the datastore's resources become part of the datastore cluster's resources. Use datastore clusters to aggregate storage resources, providing support for resource allocation policies at the datastore cluster level. For more information, see Creating a datastore cluster. |
Network procedures
| Title | Description |
|---|---|
| Network considerations | For more information, see Networking considerations for VCF for Classic - Automated instances. |
| Planning for HCX | VMware Hybrid Cloud Services (HCX), allows disparate instances of vSphere software-defined data centers (SDDC) to interoperate across various network types. HCX is designed to address the security, compatibility, complexity, and performance concerns one would encounter in trying to achieve a multi-instance, multisite, deployment of vSphere extending across on-premises and cloud provider boundaries. For more information, see Preparing the installation environment. |
| Initial NSX configuration | As part of the deployment of your VCF for Classic - Automated instance, a sample customer network is available that consists of a private subnet, a public subnet, an NSX logical switch, a distributed logical router, and an NSX edge appliance that is deployed and configured to perform network address translation. For steps to configure this sample customer network for your VMs, see Configuring your network to use the customer-managed NSX ESG with your VMs. |
| Add a logical switch | Logical switches are similar to VLANs, in that they provide network connections to which you can attach your VMs. The VMs can then communicate with each other over VXLAN if the VMs are connected to the same logical switch. When you are adding logical switches, it is important to have in mind a particular topology that you are building. For more information, see Create a Logical Switch in Manager Mode. |
| Add a DLR | A Distributed Logical Router (DLR) is a virtual appliance that routes between connected logical switches (East-West traffic). For more information, see Logical Routers in Manager Mode. |
| Add an ESG | An External Services Gateway (ESG) is a virtual appliance that routes between the physical network and the logical network (North-South traffic). For more information, see Add a Tier-1 Gateway. |
| Configure NSX edge firewall rules | An edge firewall monitors North-South traffic to provide perimeter security functions, including firewall, Network Address Translation (NAT), and site-to-site IPsec and SSL VPN. Only the firewall rules on management and uplink interfaces are applicable. For more information, see Firewall Rule Enforcement. |
| Distributed firewall | The distributed firewall is a hypervisor kernel-embedded firewall that provides network access control for VMs. You create access control policies based on VMware vCenter objects like: data centers, cluster, VM names, IP, VLAN (DVS port-groups), VXLAN (logical switches), security groups, and user group identity from Active Directory. Firewall rules are enforced at the vNIC level of each VM to provide consistent access control even when the VM gets vMotioned. For more information, see Distributed firewall. |
| Configure NAT rules | NSX Edge provides Network Address Translation (NAT) services to assign a different source or destination IP address to a VM or a group of VMs. The NAT service configuration is separated into Source NAT (SNAT) and Destination NAT (DNAT) rules. For more information, see Network Address Translation (NAT). |
| Configure NSX load balancer | The NSX Edge load balancer enables high-availability service and distributes the network traffic load among multiple VMs. It distributes incoming service requests evenly among multiple VMs in such a way that the load distribution is transparent to users. Load balancing helps in achieving optimal resource usage, maximizing throughput, minimizing response time, and avoiding overload. NSX Edge provides load balancing up to Layer 7. You map an external, or public, IP address to a set of internal VMs for load balancing. The load balancer accepts TCP, UDP, HTTP, or HTTPS requests on the external IP address and decides which internal server to use. Port 80 is the default port for HTTP and port 443 is the default port for HTTPs. Two types of load-balancing services are available in NSX: one-armed mode (proxy mode) or Inline mode (transparent mode). For more information, see Logical Load Balancer. |
| Changing NSX passwords | For more information, see Firewall considerations. |
| Deploy a Juniper vSRX appliance | The FortiGate Virtual Appliance service deploys a pair of FortiGate Virtual Appliances to your environment, which can help you reduce risk by implementing critical security controls within your virtual infrastructure. However, you can also implement your own third-party solution as needed, add a vSRX gateway to your VCF for Classic - Automated instance. For more information, see Install vSRX Virtual Firewall with VMware vSphere Web Client. |
| Deploy a Palo Alto VM-Series firewall | The FortiGate Virtual Appliance service deploys a pair of FortiGate Virtual Appliances to your environment, which can help you reduce risk by implementing critical security controls within your virtual infrastructure. However, you can implement your own third-party solution as needed. For more information about adding Palo Alto VM-Series firewall to your VCF for Classic - Automated instance, see Provision the VM-Series Firewall on an ESXi Server. |
| Deploy a Cisco Firepower appliance | The FortiGate Virtual Appliance service deploys a pair of FortiGate Virtual Appliances to your environment, which can help you reduce risk by implementing critical security controls within your virtual infrastructure. However, you can implement your own third-party solution as needed. For more information about adding a Cisco Firepower appliance to your VCF for Classic - Automated instance, see Deploy the Threat Defense Virtual on VMware. |
| Direct Link | After the deployment of your VCF for Classic - Automated instance, your system administrators can connect to your instance through the IBM Cloud management VPN. Your system administrator can then configure internet access for your workloads. However, you might want to use a direct connection and not the internet. IBM Cloud Direct Link is a suite of four offerings from IBM Cloud Network, with availability in locations around the globe. Each one enables customers to create direct, private connections between their remote network environments and their IBM Cloud deployments, without using the public internet. Most commonly, these offerings are implemented to support hybrid workloads, cross-provider workloads, large or frequent data transfers, private workloads, or to ease administration of the IBM Cloud environment. For more information, see Get started with IBM Cloud Direct Link. For more information about a VCF for Classic - Automated instance that is only accessible by using a private network, see Public or private network. |
| Deploy a web proxy | When the VMware Server instance is deployed, the VCSA does not have direct access to the VMware repositories to enable updates of vSAN health checks. For more information about deploying a squid web proxy VM to enable access to these repositories Initial configuration. This procedure is also relevant for other proxy applications from different vendors. |
| Firewall Logging | The NSX edge and distributed firewalls generate and stores log files, such as audit logs, rules message logs, and system event logs. You must configure a syslog server for each cluster that has enabled the firewall. For more information, see Gateway Firewall Packet Logs. The operations management in IBM Cloud includes VMware Aria Operations™ for Logs, which acts as a syslog server. |
| NSX logging and system events | For more information about configuring a syslog server for the NSX components and for information about system events, alarms, audit logs, and collecting technical support logs, see Collecting Logs for Troubleshooting NSX Malware Prevention Issues. |
| Deploying HCX on-premises | For more information, see Considerations for on-premises VMware HCX instances. |
| HCX Check | The HCX service seamlessly extends the networks of on-premises data centers into IBM Cloud so you can migrate VMs to and from the IBM Cloud without any conversion or change. For more information about accessing the HCX Cloud Management console and applying updates to HCX, see Managing VMware HCX. |
| vSphere Distributed Switch MTU supported status and vSphere Distributed Switch VLAN trunked status |
Depending on the options that you selected when you placed your order, your clusters might be deployed on different VLANs. In this case, warnings might be generated by the VMware Distributed Switch (vDS) Health Check because some port groups in the vDS are not applicable to all clusters that belong to that vDS. These warnings can be ignored because the VMs attached to those port groups are located in the appropriate cluster. However, if you want to disable the vDS Health Check, complete the following two procedures. To disable the vDS health check, complete the following tasks:
To disable the alarms, complete the following tasks:
|