VUM orchestrated vSphere upgrades

VUM Orchestrated upgrades allow you to upgrade the objects in your vSphere inventory in a two-step process: host upgrades followed by virtual machine upgrades. If you want the upgrade process to be fully automated, you can configure it on cluster level or you can configure this at the individual host or virtual machine level for granular control.

Before going ahead with orchestrated upgrade, we have to ensure that we have baseline groups created for hosts as well as VM’s. I will talk more on this later in the post. read more

Configuring vSphere Update Manager

In last post we learn how to configure UMDS and how to enable VUM to use shared repository for downloading patches. If you are new to VUM/UMDS and by mistake landed directly on this page, I would encourage reading about them first from below links:

1: Installing vSphere Update Manager and Update Manager Download Service

2: Configure Update Manager Download Service

Also in past I have written one blog post on Creating Esxi hosts baselines and how to remediate host. You can read that post from here. read more

Configure Update Manager Download Service for VUM

Last year I wrote a post on how to install and configure VUM and UMDS, but never got chance to connect UMDS to VUM and ended up downloading patches directly on VUM server via internet.

Once again I am playing with UMDS in lab and in this post we will cover why we need UMDS and how to configure it.

I am not covering steps for installing VUM/UMDS here because they are pretty straight forward and if you are new to these things, you can read the instructions about installation steps from here.

What is Update Manager Download Service?

Update Manager Download Service (UMDS) is an optional component which you can deploy with update manager. We can download upgrades for virtual appliances, patch metadata, patch binaries and notifications etc using UMDS.

Why we need UMDS when VUM is there?

Its a obvious question to ask that why we need UMDS when VUM is capable of downloading and installing patches on Esxi hosts/vApps. The answer of this lies in 2 use cases discussed below:

  • If the security policies in your your environment deny Internet access for the Update Manager VM(s), you can configure UMDS on a server that has Internet Access and automate the export process and transfer files from the UMDS to the Update Manager server by setting up a Web Server on the VM on which UMDS is installed.
  • There is a one to one mapping between VUM and vCenter and if you have multiple vCenter servers in your environment, you can save yourself from deploying ‘n’ number of VUM servers and just configure a single repository in UMDS and pointing all the VUM servers to that central repository and thus saving space/resources.

After you download patch data and notifications with UMDS, and export the downloads so that they become available to the Update Manager server, Update Manager deletes the recalled patches and displays the notifications on the Notifications tab.

Exploring UMDS

Post installation of UMDS, you can use the vmware-umds command to configure the UMDS server. This executable is located in the installation directory of UMDS, which defaults to C:\Program Files (x86)\VMware\Infrastructure\Update Manager.

To list the current configuration of UMDS, run ‘vmware-umds  -G’ command

PS C:\Program Files (x86)\VMware\Infrastructure\Update Manager> .\vmware-umds -G Configured URLs URL Type Removable URL HOST NO HOST NO HOST NO VA NO Patch store location : C:\Patch-Store Export store location : Proxy Server : Not configured Host patch content download: enabled Host Versions for which patch content will be downloaded: embeddedEsx-6.0.0-INTL embeddedEsx-5.0.0-INTL embeddedEsx-5.1.0-INTL embeddedEsx-5.5.0-INTL Virtual appliance content download: disabled read more

Split vCenter Servers configured in an Enhanced Linked Mode

Yesterday while reading about Enhanced linked mode I stumbled across this blogpost by William Lam where he have demonstrated how to split vCenters which are configured in linked mode.

I thought to give it a try in my lab also as these days I am playing around PSC’s and repointing, ELM things etc.

In my lab I have 2 PSC nodes and 2 vCenter server nodes each pointing to one of the PSC. Both PSC nodes are in same SSO domain/site

vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost


vcentersrv03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost



Both PSC are replicating to each other. Also I have verified that I do not have any stale entries for any PSC nodes from my existing lab activities.

psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc04.alex.local -u administrator -w SSO-Admin-Pwd cn=psc04.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab cn=psc06.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd ldap://psc06.alex.local psc06:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd ldap://psc04.alex.local read more

Configure Linked Mode in vSphere 6

Linked Mode was first intoducedd in vSphere 4.x and it has come a long way with vSphere 6.0.

Enhanced linked mode (ELM) allows administrators to manage multiple vCenter servers from one place using vSphere Web client. vCenter servers in ELM can replicate roles, permissions, licenses and policies between them.

ELM also enables Cross vCenter vMotion i.e you can migrate virtual machines across clusters on separate vCenter instances; subject to network limitations.

Previously linked mode configuration was only possible with Windows based VC as ADAM was used as the replication engine between the VC’s. read more

Reconfigure Embedded vCenter to External PSC

Prior to vSphere 6.0 U1 it was only possible to repoint vCenter Server which was deployed with external PSC to another PSC in same SSO domain. With vSphere 6.0U1, you can now reconfigure embedded vCenter server deployment to an external deployment.

Components of PSC which resides in embedded node are demoted and the repoints vCenter server to an external PSC node which resides in the same Single Sign On (SSO) domain as the source embedded node.

VMware made it possible by introducing an utility named cmsso-util and there are two main uses for cmsso-util:


  • Reconfigure is used when you want to point your vCenter server from embedded PSC to an externally deployed PSC.
  • The source and target PSC should be in same SSO domain.


  • This is used when a vCenter is deployed with external PSC and you have one more external PSC and you want to move vCenter from source PSC to target PSC.
  • The target PSC node must be a replication member in the same SSO domain as the original PSC.

Note: You cannot repoint a VC node to a PSC node in a different SSO domain.

This post is focused on using the reconfigure option for the embedded deployment. If you are new to repoint thing, you can check out my previous blog posts:

How to repoint vCenter Server 6.x between External PSC within a site

Repointing vCenter Server 6.0 to External PSC’s across sites

Lab Setup:

I have one vCenter server (vcentersrv05) with embedded psc and I have one external PSC which is in same sso domain/site as the embedded PSC. Also both vCenter server and external PSC have been joined to AD domain alex.local.

SSO domain name is alexlab.local. I have verified that health status of both vCenter and PSC node is good.


Reconfigure using cmsso-util

VMware KB-2148924 outlines the steps for this process.

Note: The reconfiguration of a vCenter Server  is a one-way process so take snapshots of the external PSC node and the vCenter server you are doing the reconfigure operation. Better safe than sorry.

Step 1: Login to the vCenter Server Appliance as root user using SSH.

Step 2: Run this command to verify that all PSC services are running:

# service-control –status –all

Step 3: Run this command for reconfigure operation:

# /bin/cmsso-util reconfigure –repoint-psc psc_fqdn –username administrator –domain-name domain_name –passwd password

For example:

#/bin/cmsso-util reconfigure –repoint-psc psc05.alex.local –username administrator –domain-name alexlab.local –passwd SSO-Admin-Pwd

If all goes well then you should see a message similar to:

The vCenter Server has been successfully reconfigured and repointed to the external Platform Services Controller psc05.alex.local.


Step 4: Login to the vCenter Server instance by using the vSphere Web Client and verify that the vCenter Server is running and can be managed.

Also verify the PSC where your vCenter server is pointing to.


Regenerate Certificates

Once vCenter has been reconfigured to use the new PSC, We have to regenerate certificates as the certificates that was issues by old psc is now non-existent. In my lab I am not using any complex setup for certs and all certs are issued by VMCA.

In vCSA certificates can be managed using the Certificate-Manager utility:  /usr/lib/vmware-vmca/bin/certificate-manager 

I ran the certificate-manager utility and selected option 3 to replace the machine SSL certificate with a VMCA certificate. The process immediately failed after entering in the administrator credential:

You are going to regenerate Machine SSL cert using VMCA Continue operation : Option[Y/N] ? : Y Status : 0% Completed [Replacing Machine SSL Cert...] Using config file : /var/tmp/vmware/MACHINE_SSL_CERT.cfg Error: 382312514, VMCAGetSignedCertificatePrivate() failedStatus : Failed Error Code : 382312514 Error Message : Failed to connect to the remote host, reason = rpc_s_connect_rejected (0x16c9a042). Status : 0% Completed [Operation failed, performing automatic rollback] read more

Configure Identity Sources for Single Sign-On

VMware introduced SSO with vSphere 5.1 and over the release SSO has matured very much. SSO can now be connected to multiple authentication domains, like active directory and ldap, so that it can exchange authentication for tokens which are used to access multiple vSphere services.


An Identity Source is a collection of user and group data, which is stored in either Active Directory, OpenLDAP or locally in the OS.

At the time of PSC/vCenter deployment we create one identity source (SSO domain) and after vCenter installation is completed, only the users defined under this SSO domain or localos can login to vCenter. This identity source is internal to vCenter SSO. read more

Remove PSC from SSO Domain

In this post we will learn how to decommision/remove a PSC from SSO domain. I am covering steps needed for VCSA in this post. Steps for a Windows based vCenter server are very similar and is explained in VMware KB-2106736.

Why I need to do so?

In my lab I was doing a lot of new things with PSC deployments and repointing my vCenter server from one PSC to other. If you are new to how to repoint a vCenter server amongst PSC’s, please read below 2 articles:

1: How to repoint vCenter Server 6.x between External PSC within a site

2: Repointing vCenter Server 6.0 to External PSC’s across sites

At present I have 3 PSC’s namely psc02.alex.local,psc03.alex.local and psc03.alex.local. I have one vCenter server which was originally deployed with psc02 as external psc. First I moved my vCenter server from psc02 to psc03 (they were in same domain/site) and then I moved VC from psc03 to psc04 (they were in same domain but different site)

You can see in output of below command that which PSC is replicating to which other PSC

psc02:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc03.alex.local -u administrator -w SSO-Admin-Pwd



And currently VC pointing to PSC04

vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost https://psc04.alex.local:443/lookupservice/sdk read more

Repointing vCenter Server 6.0 to External PSC’s across sites

In my last post I have demonstrated how to move a vCenter server from one PSC to another. In this article we will learn to repoint vCenter Server 6.0 between Platform Service Controllers (PSC) which are in same domain but different sites.

Before vSphere 6.0 U1, it was not possible to repoint vCenter server amongst PSC’s which were not in same site (but being in same domain). With vSphere 6.0 U1, VMware made this possible by introducing a new utility called cmsso-util. 

VMware KB-2131191 article outline the steps for achieving this goal.The steps outlined in the KB are for vCenter server with external PSC deployment architecture.

Note: If you have an embedded vCenter 6.0, then you can use cmsso-util to change embedded deployment model to an external PSC model. The old PSC will be decommissioned during this process. Go ahead with this configuration only if  you have no plans for using your old PSC again.

This article have all the steps for doing so. 

What is difference between SSO domain and SSO site?

A vSphere SSO Domain is similar to an Active Directory domain, and a SSO site is similar to a site within Active Directory.

SSO domains are a boundary of where vCenter Server/PSC nodes are replicating between each other. If you are using external deployment model for PSC nodes and they are in same SSO domain, enhanced linked mode (ELM) is enabled by default and you can log into any one of the vCenter servers and manage the other vCenter server in the same SSO domain.

You can organize PSC’s domains into logical sites. A site in the VMware Directory Service is a logical container for grouping Platform Services Controller instances within a vCenter Single Sign-On domain. An SSO site represents a single “instance” that will not be geographically disperse. 

Building Topology Information

Before going ahead with doing the vCenter server repoint, it is important to collect the topology information about SSO site name, vCenter pointing to which PSC etc. We can use the following commands to discover the SSO topology

SSO Site

psc03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

psc04:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost


You can also use vdcrepadmin command to fetch this info as shown below:

psc03:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc03.alex.local -u administrator -w psc-admin-pwd



SSO Domain

psc03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost alex.lab psc04:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost alex.lab read more

How to repoint vCenter Server 6.x between External PSC within a site

In this post we will learn how to repoint a vcenter server with extenal psc to a new psc. Before doing that lets first understand about PSC high availability.

As we know with vSphere 6.0, VMware introduced the concept of PSC. PSC deals with identity management for administrators and applications that interact with the vSphere platform. PSC contains common infrastructure services such as vCenter Single Sign-On (SSO), VMware Certificate Authority (VMCA) and licensing etc.

To know more about PSC please read VMware KB-2113115

Since these important features lies within PSC, it is an very important to make sure PSC 100% availability of PSC server. PSC can be made highly available by deploying 2 nodes and then configuring a load balancer for the 2 nodes so that in case of failure, connections can be switched to other node.

Now what if you don’t have a load balancer with you to configure failover. Don’t be disheartened as VMware has solution for this also. The idea is to deploy one PSC node and configure the domain etc on your first PSC and then deploy the second PSC in the same domain and same site as of your first PSC.

Instructions for doing so have been laid out in this Article

The only disadvantage of not having a load balancer is that in case of Active PSC node failure, the failover do not happens automatically and you have to manually re-point your vcenter server to the other PSC node.

Even with a load balancer for PSC HA, you are not actually getting a true load balancing. William has explained this nicely in his blog post. I was really surprised to read about load balancer’s affinity to just a single PSC node.

Limitation with PSC repointing feature

Prior to 6.0U1, you had the ability to repoint a VC node to another PSC within the same vSphere SSO site.

With 6.0 U1, some more options were made available to users. These options are:

  • Reconfigure an embedded deployment to an external deployment
  • Repoint the VC node in an external deployment to another PSC within the same SSO domain, whether it is in the same site or not

With vSphere 6.0 U2, the limitation for repointing a VC node to another PSC is still within the same vSphere SSO domain.

In vSphere 6.5 the ability to repoint a VC server to a PSC in another vSphere SSO site is not supported. See this post for details

It means if you are running a vSphere 6.5 or a build prior to vSphere 6.0 U1, you can’t repoint vCenter amongst PSC’ which are in same domain but different site.

Things to know before going ahead with vCenter repointing

To which psc my vcenter server is pointing to?

There are 2 ways of doing so.

1: Using vmafd-cli command as shown below:

vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost


2: From vCenter Web-Client

In Web Client select your vCenter server from vCenter inventory list and navigate to Manage > Advanced Settings and search for string “config.vpxd.sso.admin.uri” 


What is the sso site name?

If you have too many PSC’s and vCenters deployed in your environment and each PSC/vCenter have its own domain/site name, then its very difficult to remeber these details. SSO site name can be retrieved via firing below comamnd:

vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost



Finding all deployed PSC’s

In case if you need to locate all available PSC’s in your environment, you have a couple of options i.e via command line and via Web Client.

In Web Client navigate to Home > Administration > System Configuration > Nodes

It will list all deployed PSC’s and vCenter Server


SSH to one of your PSC node and fire below command:

psc02:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc02.alex.local -u administrator -w psc-administrator-passwd cn=psc02.alex.local,cn=Servers,cn=BLR-DC2,cn=Sites,cn=Configuration,dc=alex,dc=lab cn=psc03.alex.local,cn=Servers,cn=BLR-DC2,cn=Sites,cn=Configuration,dc=alex,dc=lab read more

System Swap / Scratch Configuration in vSphere 6

When a host boots from Auto Deploy, it is very common to see following alarms triggered on Esxi host

These alarms are triggered because host booted in a disk less environment and there are no place where system can store logs etc. 

In this post we will focus on how to fix these issues. This article is majorly focused on configuring/changing Esxi host swap and scratch partition configuration. We will start with system swap.

About System Swap

System swap is a memory reclamation process that can take advantage of unused memory resources across an entire system. In case of memory contention situation, system swap allows Esxi to reclaim certain parts of memory that is not used for virtual machines. The reclaimed memory is written to a storage location.

When swap is enabled, you have a tradeoff between the impact of reclaiming the memory from another process and the ability to assign the memory to a virtual machine that can use it. Since accessing the data from storage is slower than accessing data from memory, so we should be very careful with it determining where to store the swapped data  so that performance impact is minimal.

The ESXi host determines automatically where the system swap should be stored and marks that as the Preferred swap file location. This decision can be aided by selecting certain options. If the ESXi host does not find a feasible option, the system swap is not activated. These options are:

Datastore – Allows the use of a specific datastore to store the system swap

Host Cache – Allows the use of part of the host cache

Preferred swap file location – Allows the use of the preferred location configured for the host

Note: We need minimum of  1 GB free space to configure swap.

How to configure system swap:

Swap can be configured via Web-Client,Host profile and Power-CLI. We will discuss Web-Client and host profile method here. 

Configuring Swap from Web-Client

To configure/change  system swap settings, login to vCenter Web Client and navigate to Host and Cluster. Select the Esxi host and Manage > Settings > System  > System Swap. Click on Edit button to specify swap location.

Select “Enabled” check box to activate system swap and check mark the “use host cache” and “Can use datastore specified by host” option.

If you want to specify a particular datastore where swapped data will be stored, you can check mark “can use datastore” option and then select a datastore from drop down menu.

Configuring Swap via Host Profile

Edit your host profile and expand ‘General System Settings’ and select sub-profile “System Swap Settings“. Enable swap and select appropriate options as per your environment need. To specify a particular datastore to be used for storing swapped data, we need enable “Datastore Option” and provide datastore name. 

If you are a Power-CLI fan and want to do some scripting to enable swap on all host then please check this article from Aaron Margeson. Also vBrown-Bag have mentioned some one liner Power-CLI script.

Scratch Partition Configuration

Scratch partition is nothing but a partition which is used to store vm-support bundle when at the time on troubleshooting a support bundle is generated. Although it is not mandatory to have a scratch partition, it is recommended to have it configured because it is useful for troubleshooting purposes. 

During Esxi installation, the installer creates a 4GB VFAT scratch partition is created if it’s not present on another disk. When the host boot, the system tries to find a suitable partition on a local disk to create the scratch partition. If no scratch partition exists, then the support bundle is stored on host’s ramdisk.

In normal situation this doesn’t seems to be a big deal, but in memory contention situation, having a scratch partition starts to seems very important. Also if the support bundle is stored in ramdisk, they will disappear after host reboot. 

A minimum of 5.2 GB of free space is required on the installation disk for the scratch partition to be created.

Before you start setting up the scratch location you need to make a decision which datastore you are going to use for this. You need to create a dedicated folder for each host so that hosts’ do not overwrite each others data.

You can create these folders either via doing a SSH to a host and then navigating to /vmfs/volumes/datastore and then use mkdir command to create folders for each host or you can do this from vSphere Web Client by browsing datastores.

Note: Datastore chosen for creating per/host folder should be visible to all ESXi hosts.

There are various methods by which we can create/configure scratch partition for Esxi hosts. Most commonly used are via Web Client, SSH command line and via Power-CLI. We will discuss all three method one by one.

Configuring scratch partition using vSphere Web Client

login to vCenter Web Client and navigate to Host and Cluster. Select the Esxi host and Manage > Settings > Advanced System Settings and type scratch in the search box. 

Select the first option ‘ScratchConfig.ConfiguredScratchLocation‘ and edit this by clicking on the pencil button as shown below:

Enter the full path of he folder which you have created for your host. Remember to enter the path name using datastore UUID and not datastore name. 

Reboot Esxi host for changes to take effect. Post host reboot verify that configuration is persistent. 

Configuring scratch partition using Tech-Support Mode

The information about scratch partition configuration is written to the host’s /etc/vmware/locker.conf configuration file for use during the next boot.

Out of curiosity I just checked how locker.conf file looks and what info is stored there. 

[root@esxi01:~] cat /etc/vmware/locker.conf
/vmfs/volumes/5916bead-baa2874b-367f-0050560346b9 1

Now lets proceed with creating/configuring scratch partition using command line

Create a dedicated folder for your Esxi host

[root@esxi02:~] cd /vmfs/volumes/iSCSI-1/
[root@esxi02:/vmfs/volumes/591ac3ec-cc6af9a9-47c5-0050560346b9] mkdir -p Esxi02/scratch
[root@esxi02:/vmfs/volumes/591ac3ec-cc6af9a9-47c5-0050560346b9] cd Esxi02/scratch

Make a note of the full path to the folder created


Review the current scratch configuration

[root@esxi01:~] vim-cmd hostsvc/advopt/view ScratchConfig.ConfiguredScratchLocation (vim.option.OptionValue) [ (vim.option.OptionValue) { key = "ScratchConfig.ConfiguredScratchLocation", value = "/vmfs/volumes/5916bead-baa2874b-367f-0050560346b9" } ] read more

Configure Core Dump Settings On vSphere 6 Hosts

In this post we will look into how to configure Core Dump settings on Esxi hosts. But before doing that lets talk a bit about what is core dump.

What is Core Dump?

A core dump is the state of working memory of an Esxi host in the event of host failure like Purple Screen Of Death aka PSOD. In the event of PSOD the state of the VMkernel Memory is sent to the server where where dump collector service is running. This server is typically your vCenter server.

Core dumps information are very important when it comes to identifying and troubleshooting the issue which made the ESXi host to show a purple screen.

By default, a core dump is saved to the local disk. You can use ESXi Dump Collector to keep core dumps on a network server for use during debugging. The core Dump resides in a Diagnostic partition and in-order to create a partition we require atleast 100 MB of free space either locally or remotely available disks.

Some facts about core dump:

1: The Core dump Server service works on UDP Port (1025-9999) and uses port 6500 as default.

2: Network dump collector will not work if the management VMKernel port has been configured to use Etherchanel/LACP

3: The name of the protocol which is used for sending core dumps from failed ESXi to the Dump collector service is netdump.

4: Core Dump collector is not supported over IPv6 and only supports IPV4.

The network traffic is not encrypted and no authentication mechanism to make sure the integrity and validity of the data being received by the Dump Collector Service.

How to configure Core Dump on Esxi hosts?

There are various ways of configuring core dump settings on Esxi host which includes esxcli command, host profiles, from Web-Client, PowerCli and/or any other scripting method. In this post I will only discuss about esxcli and host profile method. Let’s get started.

Before firing any commands on Esxi hosts to enable/configure coredump service, we first have to start coredump service on network server (vCenter server) where Esxi host will send the coredumps. 

To do so login to vCenter Web-Client and navigate to Home > Administration > System Configuration > Services and select the Esxi Dump Collector service and click on Actions tab to enable the service as shown below.

Once coredump service has been enabled, you will now see option to start the service under Actions menu. 

Configuring Core Dump using esxcli utility

Available option for coredump network namespace

[root@esxi01:~] esxcli system coredump network

Usage: esxcli system coredump network {cmd} [cmd options]
Available Commands:
 check Check the status of the configured network dump server
 get      Get the currently configured parameters for network coredump, if enabled.
 set      Set the parameters used for network core dump

Verify if coredump service is enabled on esxi host

[root@esxi01:~] esxcli system coredump network check
Network coredump not enabled

Retrieve current configuration for coredump service

[root@esxi01:~] esxcli system coredump network get Enabled: false Host VNic: Is Using IPv6: false Network Server IP: Network Server Port: 0 read more

Configure Centralized Logging on ESXi 6 Hosts

In this post we will learn how to configure Esxi-6 hosts to send the logs to a centralized syslog server.

Purpose of configuring syslog server?

As per VMware KB-2003322

ESXi 5.0 and higher hosts run a syslog service (vmsyslogd) that provides a standard mechanism for logging messages from the VMkernel and other system components. By default in ESXi, these logs are placed on a local scratch volume or a ramdisk.

To preserve the logs further, ESXi can be configured to place these logs to an alternate storage location on disk and to send the logs across the network to a syslog server.

Retention, rotation, and splitting of logs received and managed by a syslog server are fully controlled by that syslog server. ESXi cannot configure or control log management on a remote syslog server.

How to configure Esxi hosts for centralized logging?

There are various ways to configure syslog settings on Esxi hosts. These includes:

1: Using esxcli command on Esxi host.

2: Using vSphere Web-Client.

3: Using vSphere Thick client.

4: Using PowerCli.

5: Using Host Profiles.

We will look individually on all available method one by one. Let’s get started.

Before configuring esxi hosts to send logs to syslog server, we need to have a syslog server in our environment. I have configured my syslog server on a CentOS 6 box following instructions illustrated here

I added additional 2 lines at the bottom of rsyslog.conf file so that all hosts should have their logs in their individual folder

$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?TmplAuth

Configuring Syslog Using esxcli utility

The command to configure syslog settings on Esxi hosts is esxcli system syslog config

Lets first see what are the available options with this command.

[root@esxi01:~] esxcli system syslog config set –help

With this command we have following options available:

--check-ssl-certs Verify remote SSL certificates against the local CA Store --default-rotate=<long> Default number of rotated local logs to keep --default-size=<long> Default size of local logs before rotation, in KiB --default-timeout=<long> Default network retry timeout in seconds if a remote server fails to respond --drop-log-rotate=<long> Number of rotated dropped log files to keep --drop-log-size=<long> Size of dropped log file before rotation, in KiB --logdir=<str> The directory to output local logs to --logdir-unique Place logs in a unique subdirectory of logdir, based on hostname --loghost=<str> The remote host(s) to send logs to --queue-drop-mark=<long> Message queue capacity after which messages are dropped --reset=<str> Reset values to default read more

Auto Deploy Configuration in vSphere 6

Auto deploy is used for PXE booting/installation of Esxi over the network. When a host is deployed using Auto Deploy the state information is loaded to memory upon boot, the state is not permanently stored on the physical host by default. read more

Replacing vSphere 6 Solution user certificates with CA signed certificates

In our last post Replacing Esxi 6 SSL Certificates we learned how to replace Esxi host default certificates with CA signed certificates. In this post we will learn how to replace vSphere 6 solution user certificates with customer certificates signed by CA.

If you have missed earlier posts of this series, then you can read them from below links

1: Setup CA Server for vSphere Lab

2: Set Up Automatic Certificate Enrollment

3: Request Internal Certificate from CA Server

4: Everything You Should Know About Certificate Management in vSphere 6 read more

vSphere-6:Part 10-Configuring vSphere Update Manager

In last post of this series we learnt how to install VUM and discussed why we need VUM and how it can simplify the update and upgrades in a large infrastructure and thus make life of a VMware admin easy.

In this post we will see how to configure various settings in VUM and how to create baselines and attach the baselines to host/cluster and then how to remediate hosts.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6 read more

vSphere-6:Part 9-Installing vSphere Update Manager

In last post of this series we have seen how to add Esxi hosts to domain and how to configure Esxi host to reach iSCSI storage.

In this post we will learn how to install and configure vSphere Update Manager.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6

5: Enabling AD Authentication for vCenter Server

6: vCenter Server 6 Basic Configuration read more

vSphere-6:Part 8-Configuring Esxi Hosts Settings

In last post of this series we have seen how to create and configure  dvswitch and portgroups on dvswitch and how to migrate networking from Standard switch to dvSwitch.

In this post we will see how to configure basic esxi host settings.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6

5: Enabling AD Authentication for vCenter Server read more

vSphere-6:Part 7-Configuring dvSwitch & Port groups

In last post of this series we have seen how to configure and install licenses for vCenter Server and Esxi hosts. Also we have performed some basic tasks like creating Datacenter/Cluster and adding hosts to cluster.

In this post we will see how to configure networking in vCenter Server.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6 read more

vSphere-6:Part 6-vCenter Server Basic Configuration

In last 2 post of this series we learnt how to install vCenter Server 6 on Server 2012 and how to enable AD authentication for SSO so that your domain users can login to vCenter server and manage it.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6

5: Enabling AD Authentication for vCenter Server

In this post we will touch down on basic tasks that needs to configure vCenter before we can start using it in Lab/Production. Steps included in this post are typically for Lab environment and you might need to perform some additional tasks before your prod vCenter goes live. read more

vSphere-6:Part 5-Adding AD Authentication in vCenter Server

In last post of this series we learnt how to install vCenter Server 6 on Server 2012. I am new to vSphere 6 so at beginning I had kept things simple and installed vCenter and PSC on a single machine (embedded mode) and also used embedded vPostgres database.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6

Earlier vCenter Server was holding the SSO component, but in vSphere 6 it is included as part of PSC. The Platform Services Controller contains the shared services that support vCenter Server and vCenter Server components. read more

vSphere-6:Part 4-Install vCenter Server 6

In last post of this series we had learnt how to install Esxi server 6 and we found installation of Esxi 6 hypervisor has not changed much and it is pretty much same as like previous version.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

In this post I’m going to walk you through the installation of VMware vCenter Server 6.0. The way vCenter server was installed in past has now changed big times. Earlier we had a choice to install SSO, Inventory Service, vCenter Server and Web-Client all on same machine or have a distributed architecture where all components were spread across multiple servers. read more

vSphere-6:Part 3-Install and Configure Esxi 6

In last 2 post of this series we discussed overview of vSphere 6 and looked closely on components required for building a vSphere 6 lab at home. If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

In this post we will look into installation of Esxi 6. I am using  Esxi version 6.0 update01 (Build 3073146) in my lab for this purpose.

Installation of Esxi has not changed much and its very similar to version 5.5. I am installing Esxi 6 in VMware Workstation on my local SATA hard disk but you may consider other options such as running Esxi host from USB disk or running stateless Esxi host with use of auto deploy. read more

vSphere-6:Part 2-Lab Setup

In my previous post vSphere 6-Introduction  we discussed a little bit about vSphere 6 and looked on what new features have been added in vSphere 6 along with change in configuration maximums. We also had a look on change in vCenter Server architecture and improvements in VMware Web-Client.

In this post we will have a look on the pieces which are required to build a vSphere 6 lab. With this let’s get started.

Hardware Component

I have a Dell M4800 Mobile workstation laptop with 32 GB of RAM and i7 Quad Core processor. I am running all the lab components inside VMware Workstation. read more