- Tune Virtual Machine disk controller configurations according to a deployment plan
- Configure .vmx file for advanced configuration scenarios
- Configure a virtual machine for Hot Add features
- Upgrade virtual machine hardware and VMware Tools
- Troubleshoot virtual machine deployment issues
Tune Virtual Machine disk controller configurations according to a deployment plan
To access virtual disks, CD/DVD-ROM, and SCSI devices, a virtual machine uses storage controllers, which are added by default when you create the virtual machine. They can also be added to the virtual machine after creation.
When you create a virtual machine, the default controller is optimized for best performance. The controller type depends on the guest operating system, the device type, and in some cases, the virtual machine’s compatibility.
Type of storage SCSI controllers:
- BusLogic Parallel
- LSI Logic Parallel
- LSI Logic SAS
- VMware Paravirtual SCSI
- AHCI SATA controllers
Each virtual machine can have a maximum of four SCSI controllers and four SATA controllers.
The default SCSI or SATA controller is 0.
Storage Controller Limitations:
- LSI Logic SAS and VMware Paravirtual SCSI are available for virtual machines with ESXi 4.x and later compatibility.
- AHCI SATA is only available for virtual machines with ESXi 5.5 and later compatibility.
- BusLogic Parallel controllers do not support virtual machines with disks larger than 2TB’s.
Adding/Changing SCSI storage controllers
For more information refer to page 126 in the vSphere 6.0 VM Admin Guide.
Configure .vmx File for Advanced Configuration Scenarios
Some VMware Tools settings might expose security risks. For example, VMware Tools enables you to connect virtual devices such as serial and parallel ports to virtual machines. A connected device could be a potential channel of attack. Because of this, we will want to limit what can connect to our VM’s.
We can reduce the attack surface by limiting our options within the virtual machines vmx file.
Virtual machines are encapsulated in a small number of files and one of the most important files is the .vmx file which holds all our VM’s configuration.
Some of the options we can set are the following:
Disk shrinking Feature: Shrinking a virtual disk reclaims unused disk space.
- isolation.tools.diskWiper.disable = “True”
- isolation.tools.diskShrink.disable = “True”
Copy/Paste Feature: Ability to copy/paste within the virtual machine window.
- isolation.tools.copy.disable = “True”
- isolation.tools.paste.disable = “True”
Connecting and modifying Devices: Ability to connect devices such as network adapters, CD-ROM
- isolation.device.connectable.disable = “True”
- isolation.device.edit.disable = “True”
Configuring VM Log Numbers: Depending on the log settings for size. New logs could be continously created and rolled over and essentially cause a denial of service if the datastore runs out of space. So we’ll want to limit how many sets of logs we want to keep. Additionally we can just disable logging all together.
vmx.log.keepOld = “10”
logging = “False”
VMX File Size: We would obviously want to limit the size of the VMX file so that we don’t run out of datastore space.
tools.setInfo.sizeLimit = “23521” (value in Kilobytes/KB)
Features not Exposed in vSphere that could cause vulnerabilities:
- isolation.tools.unity.push.update.disable = “TRUE”
- isolation.tools.ghi.launchmenu.change = “TRUE”
- isolation.tools.ghi.autologon.disable = “TRUE”
- isolation.tools.hgfsServerSet.disable = “TRUE”
- isolation.tools.memSchedFakeSampleStats.disable = “TRUE”
- isolation.tools.getCreds.disable = “TRUE”
One thing to note is that if any changes are made on the VMX file, that a virtual machine reboot is required for them to take effect.
For more information refer to page 211 in the vSphere 6.0 VM Admin Guide.
Configure a virtual machine for Hot Add Features
By default you can’t add CPU resources to a virtual machine when it’s powered on. The option to do able to do this must be manually set.
However some conditions apply:
- For best results, use VM’s that are compatible with ESXi 5.0 or later
- Hot-adding multicore virtual CPU’s is supported only with VM’s that are compatible with ESXi 5.0 or later
- Guest OS has to be supported
- With ESXi 4.x and later, set the Number of Cores per socket to 1
- Adding CPU resources to a running VM will disconnect and reconnect all USB passthrough devices.
Permissions Required to enable Hot-Add:
Check the following to make sure the configuration is best practice
- Latest version of VM Tools are installed
- Guest OS supports CPU hot plug
- VM compatibility is ESXi 4.x or later
- VM is turned off.
Procedure to enable Hot-Plug:
Upgrade Virtual Machine Hardware and VMware Tools
Virtual Machine Hardware
Upgrade VMware Tools
Mine are already up-to-date. But you will get the option to upgrade the tools via by an automatic mode, or an interactive mode. Additionally you can use Update Manager to update the VMtools as well.
Troubleshoot Virtual Machine Deployment Issues
Fault Tolerance – Potential Issues
- Hardware Virtualization Not Enabled
- No Compatible Hosts for Secondary VM
- Secondary VM on Over-committed Host Degrades Performance of Primary
- High Network Latency for FT VM’s
- Hosts are Overloaded with FT VM’s
- Losing Access to FT Metadata Datastore
- Turning on vSphere FT for Powered-On VM Fails
- FT Virtual Machines not Placed or Evacuated by vSphere DRS
Fault Tolerant Virtual Machines Failures
- Partial Hardware Failure Related to Storage
- Partial Hardware Failure Related to Network
- Insifficient Bandwidth on the Logging NIC Network
- vMotion Failures Due to Virtual Machine Activity Level
- Too Much Activity on VMFS Volume can Lead to Virtual Machine Failovers
- Lack of File System Space Prevents Secondary VM Startup
vSphere Troubleshooting Guide: Page 13-17
USB Passthrough Devices – Potential Issues
- USB Passthrough Device Is Non-Responsive
- Cannot Copy Data From an ESXi Host to a USB Device That is Connected to the Host
- Recover Orphaned Virtual Machines
- Virtual Machine Does Not Power On After Cloning or Deploying from Template
vSphere Troubleshooting Guide: Page 18-21