VCP6 Study Notes

Below are the quick study notes I made whilst studying for my VCP6 (2V0-621D). I’ve tried to focus on the key areas to keep them as short as possible.

ESXi 6.0

Installation Requirements

  • Requires a minimum of 4GB RAM
  • At least two CPU CORES
  • 64-bit x86 processor released after September 2006
  • Requires the NX/XD bit to be enabled for the CPU in the BIOS

Scripted Installation

Performing a Scripted Install requires:

  • Creating a script ( ks.cfg) using the supported commands.
  • Editing the installation script as needed to change settings that are unique for each host.
  • Running the scripted installation process by either specifying boot options, or automatically booting using PXE boot.
  • The installation script ( ks.cfg) can reside in any of these locations:
    • FTP
    • NFS Share
    • USB flash drive
    • CD/DVD device



Holds IP address of DNS servers



The default option for ESXi 6 = retry=3 min=disabled,disabled,disabled,7,7

To explain the fields retry=3 min=disabled,disabled,disabled,7,7,passphrase=2








A user is allowed 3 attempts to enter a sufficient password.

Passwords containing characters from one character class must be at least eight characters long. For example: vmwareee

Passwords containing characters from two character classes must be at least eight characters long. For example: vmware12

Passphrases must contain words that are each at least eight characters long. For example: vmwareee

Passwords containing characters from all three character classes must be at least seven characters long. For example: VMware12

Passwords containing characters from all four character classes must be at least six characters long. For example: VMware1!

Require minimum of 2 “words”


The word “disabled” can be used to not use specific password complexity.

Lockdown Mode

  • Normal mode –
  • Strict mode –


ESXi can be updated via a VIB file (vSphere Installation Bundle). This is a collection of files packaged together in an archive. An offline bundle contains a VIB and the metadata required to manage the installation of the VIB.

Use the command esxcli software vib install -d to manually install an offline bundle on ESXi


List of incoming connections

vSphere Management Appliance

Key commands


View DNS addresses of host


Virtual Machines

Max number of CPUs = 128

VM Disks

Independent – means cannot be snapshotted.

  • Independent Persistent Mode – changes are persistent
  • Independent Non-persistent mode – when the VM is powered off or reverted to snapshot the contents of the disk revert to their original settings.

DirectPath I/O

Allows VMs to directly access hardware – e.g. physical NIC

Unexposed Features

Along with vsphere VMs are designed to run on workstation and fusion systems. There are certain VMS features that do not need to be enabled on a vsphere system.

CPU Affinity

Specifies VM to process placement

Reservation & LImits

A reservation = a guarantee on either memory or CPU

Virtual Machine Upgrade

Recommended pre-requisites

  • Create a backup or snapshot of the virtual machine.
  • Upgrade VMware Tools. On Microsoft Windows virtual machines, if you upgrade the virtual hardware before you upgrade VMware Tools, the virtual machine might lose its network settings.
  • Verify that all .vmdk files are available to the ESXi/ESX hosts on a VMFS 3, VMFS 5, or NFS datastore.
  • Verify that the virtual machines are stored on VMFS 3, VMFS 5 or NFS datastores.
  • Determine the version of the virtual hardware by selecting the virtual machine from the vSphere Client or vSphere Web Client and clicking the Summary tab. The VM Version label in the Compatibility field displays the virtual hardware version.


Linked mode enables windows and appliance-based VCs to communicate. Integrated with platform controller and no longer requires ADAM.

Communicates with ESXi hosts using ports 902, 903 and 443

Minimum requirement (Tiny with embedded controller):-

  • 120GB Disk space
  • 10GB RAM
  • 2 CPUs
  • If installing on Windows needs 2008 SP2 or higher


  • You can upgrade Vcenter appliances version 5.1 Update 3 and higher to 6.0
  • To upgrade a distributed vcenter server from 5.5 to 6.0 you must manually stop and remove the vcenter inventory service.
  • To triage installation problems look in the firstboot directory, or at the log files
    • Vminst.log – custom actions
    • vim-vcs-msi.log – vcenter service
    • pkgmgr.log

Platform Services Controller

Contains shared services such as SSO, licensing, certificate management. Can be embedded or installed separately. Recommend installing separately for large deployments with multiple VCs.


Database used can be embedded (postgres) or Oracle


Cannot be installed on a DC

Content Library

A Content Library is a place to store templates, vApps, OVA / OVF, as well as other files. You can subscribe to other content libraries via a subscription URL

AD Integration

When configuring note you can use a machine account or an SPN

vSphere Distributed Switch (VDS)

Requires Enterprise plus license

  • Host Networking Rollbacks – Any change that disconnects a host’s management connection will be automatically rolled back.
  • Distributed Switch Roll Backs – rolls back changes made to vds that cause the management connection to be dropped


Network I/O Control v3 –

Bandwidth guarantee to virtual machines using contructs of shares, reservation and limit.

  • IGMP/MLD Snooping –

Resource Pools

Resource Pools can be used for :-

  • Prioritising VMs
  • Selling resource inside or outside an organisation
  • Performance guarantee – i.e. create a “dev” and a “biz critical” resource pool

Key terms:-

  • Reservation – Amount of resource guaranteed to be available. If utilisation is lower than the guarantee the resource can be used elsewhere.
  • Expandable Reservation – can request addition CPU/RAM from parent over and above the memory reservation.





See below


Guaranteed CPU or memory for this resource pool

Expandable Reservation

Can use resources from parent – e.g. if powering on VM exceeds threshold


Upper limit of CPU or memory


Share allocation:-














  • Low = 2000
  • Medium = 4000
  • High = 8000


A slot is the maximum memory required by any VM and the maximum CPU resources required by any powered on VM in a cluster.


HA VM Monitoring

Will restart a VM if the heartbeat is not received in a certain interval and no storage or network IO is generated. The default interval for storage/network IO is 120 seconds although this can be changed via the cluster setting: das.iostatsinterval

Failure Interval – HA will restart the VM if the VMs Tools heartbeat is not received in this interval

Minimum uptime – after this time HA begins moniroing the VM

VM Overrides

To remove a VM from HA monitoring


vCenter 5.x & 6.0 use Fault Domain Manager (FDM) agents for HA. The log for these is found in /var/log/fdm.log

Storage DRS

  • Can balance VMs across datastores based on I/o metrics.
  • SDRS uses SIOC to evaluate datastore capabilitiesand latency info.
  • By default SDRS will not move VMs with independent disks
  • SDRS will not move VMs with fault tolerance enabled
  • When attempting to put a datastore into maintenance mode the task remains at 1%. This could be due to:-
    • SDRS being disabled on the disk
    • SDRS rules prevent the migration recommendations for the disk
  • Old Affinity rules take precedence over newer ones
  • Anti-affinity rules take precedence over affinity rules


Can set alarms at various levels including host.

Host Power Management


  • A private VLAN can be primary or secondary.
  • PVLANs can only be configured on vDS
  • Secondary VLANs only exist within primary vlans. Note a primary vlan can be promiscuous – meaning it can send and receive on all secondary vlans. Routers are typically attached to promiscuous ports.

Secondary PVLANs can be either:-

  • Isolated – Can only communicate with the promiscuous PVLAN
  • Community. – can communicate with other ports on the same secondary PVLAN


  • LACP works with IP Hash load balancing and link status failover detection.
  • It is not compatible with iSCSI multipathing and host profiles

Storage I/O Control


  • Enterprise plus licensing
  • ESXi 4.1 or later (block storage)
  • ESXi 5.0 or later (NAS)
  • If using tiering, check SAN compatibility guide to confirm certification of your array
  • Datastore must be managed by a single vCenter server

Not Supported

  • More than 1 extent
  • RDM

Will start at 90% of peak throughput by default


  • Permanent Device Loss (PDL) – when an array reports a LUN no longer exists
  • All Paths Down (APD) – cannot communicate with the storage device

Performance Management

You can edit the “shares” allocation of a VM here.


  • Pluggable Storage Architecture (PSA) – Used to manage storage multipathing. VMware provides a generic Multipathing Plugin (MPP) called Native Multipathing Plugin (NMP).
  • Storage Array Type Plug-Ins (SATPs) run in conjunction with the VMware NMP and are responsible for array-specific operations. ESXi offers a SATP for every type of array that VMware supports
  • If no SATP is assigned to the device by the claim rules, the default SATP for iSCSI or FC devices is VMW_SATP_DEFAULT_AA. The default PSP is VMW_PSP_FIXED
  • The default PSP for all devices claimed by VMW_SATP_ALUA is VMW_PSP_MRU
  • esxcli storage core plugin list –plugin-class=MP – Use to list multipathing modules

vSphere On-Disk Metadata Analyser (VOMA)

  • Introduced in vSphere 5.1
  • Allows you to check the metadata on a LUN – e.g. if you suspect corruption
  • Is a read-only tool
  • Requires exclusive access by 1 host (i.e. you need to unmount the LUN from the others)

partedUtil –

A cmd-line disk partitioning tool for ESXi

Storage IO Control

Requirements: –

  • Enterprise+ licensing
  • Hosts must be ESXi 4.1 or higher
  • Managed by single VC
  • NFS and RDM not supported
  • Only 1 extent allowed
  • Array must be SIOC certified

Auto Deploy

  • Can be used to deploy 100s of ESXi hosts
  • Rules can assign image profiles and host profiles to a set of hosts, or specify the location (folder or cluster) of a host on the target vCenter Server system. A rule can identify target hosts by boot MAC address, SMBIOS information, BIOS UUID, Vendor, Model, or fixed DHCP IP address.
  • Use Export-EsximageProfile to ensure imgage projfiles are saved after closing a powercli session


In vSphere 5.0 VMWare introduced a software FCoE adaptor. This means that with a NIC (that supports partial FCoE offload) you can access LUNs without the need to buy an expensive dedicated HBA or by using 3rd party drivers.

Configuration guidelines

  • Disable STP
  • Turn on Prirotiy-based Flow Control (PFC) and set to AUTO
  • Add each NIC port to separate vSwitch (for redundancy)
  • If moving a NIC from one vSwitch to another (when using FCOE) you will need to reboot (!)

vSphere Replication

Replicates virtual machines:-

  • From a source site to a target site
  • Within a single site from one cluster to another
  • From multiple source sites to a shared remote target site

Key features

  • License included in Essentials plus and up.
  • Supports a max of 24 snapshots\replicas
  • No need for VC at remote office (can use intra-VC replication)


The amount of bandwidth required will depend on:-

  • Network-based storage
  • Size of dataset
  • Data change rate
  • Recovery point objective (RPO)
  • Link speed

There is a vSphere Replication Capacity Planning Appliance that can be used to estimate the amount of bandwidth required.

Uses FastLZ compression library to provide balance of speed, CPU overhead and compression efficiency.


vSphere Replication uses (PKCS#12) certificate based authentication for all connections to vCenter Servers.

The keystore and truststore passwords might be stored in an access restricted config file. vSphere Replication has the following keystores:

  • /opt/vmware/hms/security/hms-keystore.jks, which contains the vSphere Replication appliance private key and certificate.
  • /opt/vmware/hms/security/hms-truststore.jks, which contains additional CA certificates besides the ones that Java already trusts.

Virtual SAN (VSAN)


A virtual SAN fault domain enables Virtual SAN to tolerate failures of entire physical rack as well as failures of a single host, capacity device, network link or a network switch.

When you configure a fault domain VSAN ensures protection objects (e.g. replicas and witnesses) are placed in different fault domains.

VSAN Requirements

  • 3 ESXi hosts
  • Requires a minimum of 1 SSD AND 1 HDD per host. Make sure the SSD is not used by the flash read cache.
  • 6GB RAM

Managing Disk Groups

  • You can chose 1 SSD and up to 6 HDDs per disk group
  • Best practise is to have multiple disk groups with fewer disks – otherwise rebuild times are awful

vSphere Flash Read Cache (vFlash)

  • New from vSphere 5.5 vFlash allows you to leverage local host SSDs as a cache.
  • Uses Virtual Flash File System (VFFS)
  • Needs Enterprise Plus
  • You must enable it at host and then on vm (hardware version 10 required)

VMKernel Ports

Useful CLI Cmds

esxcli software vib list –rebooting-image

Displays information for the ESXi image which becomes active after a reboot, or nothing if the pending-reboot image has not been created yet. If not specified, information from the current ESXi image in memory will be returned.

esxcli software vib update -d /vmfs/volumes/<your_volume>/

Update version of ESXi using cmd line

Esxcli network nic list

Show info on physical adaptors


Change password

Esxcfg-vswitch -l


Esxcli network vswitch standard list

Shows vSwitch info

Df -h

Show LUN info

Esxcli network vm list


Esxcli software vib install -d


Excli storage vmfs unmap

Claim back unused space from think provisioned lun

Log Files


Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.


Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup


vCenter server agent logs

SSL Certificates

New to vSphere 6.0 are different SSL certificate options. They are:

  • VMware Certificate Authority mode – VMCA automatically provisions host certificates
  • Custom Certificate mode – Enabled you to use your own certificates
  • Thumbprint mode – Can be used to retain vSphere 5.5 certificates during upgrade


A NUMA (Non-Uniform Memory Access) is a design approach that places memory next to CPUs. For example on a dual-CPU server motherboard you will often see 2 banks of RAM around the 2 CPUs. In the example of a 2x CPU socket system with 6 cores per socket and 128GB RAM you have a 2x NUMA collections each with 1 socket, 6 cores and 64GB RAM.

When sizing “monster” VMs with many CPUs you should aim to avoid spanning physical CPUs as potentially introduces a performance hit.

Therefore in the above example for a VM that requires 8 CPUs it is better to create a VM with 2x virtual sockets and 4x virtual cores than to just create 8 virtual CPUs





Key Fields


M = memory





%RDY – How much time the VM CPU spent waiting for CPU

%MLMTD – If larger than 0 is being throttled by CPU limits

D = Disk Adapter


GAVG/rd should not be > 30

N = Network


V = Disk VM


Key Fields






How long the vm was ready but was waiting for a physical CPU. (CPU STOP)



Time VM unable to get access to physical CPU



Percentage of time the vCPU was ready to run but had hit the CPU limit setting



Amount of time the virtual machine is waiting for a VMkernel resource.



If near 100% check CPU affinity





In most cases CMDS = IOPs



Average response time



Amount of time the command spents in the VMKernel

Key Ports






Communication between vCenter and managed hosts



Remote Console



vCenter Appliance web user interface



vSphere Web Client default port (https)


Authorization types:-

  • Global – across multiple solutions (VCs)
  • vCenter – the hierarchy contained in a VC
  • vSphere.local – predefined platform services controller groups

The vsphere.local domain includes several predefined groups. For services that are not managed by vCenter priviledges are set by group membership below. Be careful adding users to these groups as it is often not recommended.

Default Roles

Lockdown Mode

Exception accounts can be used as ‘service accounts’ to connect to an ESXi server during lockdown mode.


A list of users granted access to the DCUI. By default this is only the “root” account

License Comparison

Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.