系統工具‎ > ‎虛擬架構‎ > ‎虛擬架構‎ > ‎

VMware ESXi and ESX Info Center

張貼者:2010年8月18日 下午8:32未知的使用者   [ 已更新 2011年5月24日 下午9:36 ]
從 ESX到ESXi的升級,以提高安全性並簡化管理程序管理












開發商:VMware, Inc.
原廠網址:http://www.vmware.com/products/vsphere/esxi-and-esx/management.html
更新日期:2011/05/25
採購正式版、大量授權報價、技術支援、軟體諮詢、委託採購、詢問報價請來電 02-29299388 分機16 , 
來信service@orderble.com,或點我
-----------------------------------------------------------------------------



管理


管理概述

管理功能提供了代理商在ESX架構現已通過 API暴露在ESXi的體系結構。 這允許一個“無代理”的辦法,以硬件監控和系統管理。 VMware公司還建立遠程命令行,如vSphere命令行接口(vCLI)和PowerCLI,提供命令和腳本的能力,更受控制的方式。 這些遠程命令行設置,包括各種不同的命令進行配置,診斷和故障排除。 對於低層次的診斷和初始配置,菜單驅動的界面和命令行可在本地控制台服務器。

修補和更新的ESXi的允許靈活性和控制。 在修補過程中,只有特定的模塊被更新的改變,讓管理員保留任何以前的更新到其他組件。 無論安裝在磁盤上或嵌入快閃記憶體,ESXi的採用了“雙重形象”的做法,使之與當前及以前的版本中存在。 當補丁安裝,新形象,構建並覆蓋之前的形象。 因此,目前的版本變成了以前的版本和系統啟動了新編寫的形象。 如果有問題的圖像或管理員要恢復到以前的1,主機僅僅是重新啟動了近期的良好形象。

部署

腳本安裝。 新到ESXi的4.1是能夠做一個腳本的ESXi的安裝軟件到本地磁盤的服務器。 支持多種部署方法,包括開機ESXi的安裝程序從CD或以上的PXE和訪問配置文件在網絡上使用的各種協議,如安全的HTTP。 該配置文件還可以指定要執行以下腳本在安裝過程中:

  • 預安裝
  • 安裝後
  • 首先啟動

這些腳本在本地運行在ESXi的主機,並可以執行各種任務,如配置主機的虛擬網絡,並加入到vCenter服務器。

從SAN啟動ESXi的支持。 支持從SAN引導已被添加到ESXi的4.1。 這種支持包括光纖通道SAN,以及iSCSI和FCoE的某些存儲適配器已能勝任這個能力。

硬件監控(包括SNMP)

在 公共信息模型(CIM) 是一個開放的標準,它定義一個框架無代理,基於標準的監測ESXi的硬件資源。 這一框架包括一個CIM對象管理器,通常稱為CIM的經紀人,一組計算機集成製造商。

計算機集成製造商 使用的機制,以提供管理訪問設備驅動程序和底層硬件。 硬件供應商,包括服務器製造商和特定的硬件設備供應商,供應商可以編寫提供監測和管理他們的特殊裝置。 VMware也寫道提供商實施監測服務器硬件,ESXi的存儲基礎架構和虛擬化的特定資源。 這些提供ESXi的系統內運行,因此被設計成非常輕便,側重於具體的管理任務。 在 CIM的經紀人 把信息提供者和所有的CIM呈現給外部世界通過標準的API,如WS - MAN和CIM的XML的。任何一個軟件工具,了解這些API,如 惠普SIM卡 或 戴爾OpenManage,可以閱讀這些信息,從而監控的硬件ESXi的主機。

一位消費者對 CIM信息是VMware vCenter。 通過一個專門的標籤在vSphere客戶端,您可以查看硬件的狀態任何ESXi的主機在您的環境,從而提供一個單一視圖的物理和虛擬系統的健康。 您還可以設置 vCenter警報被觸發某些硬件事件,如溫度或電源故障和報警狀態。

ESXi的也暴露了硬件的狀態信息通過 SNMP的 其他管理工具,依靠這個標準。 SNMP陷阱,可同時從ESXi的主機和vCenter。

系統管理和備份

系統管理及備份產品集成與 ESXi的通過 vSphere宣傳短片,已大大提高了vSphere 4給我們的重點是無代理合作夥伴的整合。空氣污染指數為基礎的合作夥伴一體化模式大大減少了管理開銷,無需安裝和管理人員在控制台操作系統。

VMware已經開展了廣泛的生態系統與所有合作夥伴的產品過渡到基於 API的集成模型ESXi的。 因此,大多數的系統管理和備份供應商在VMware ESXi的生態系統支持今天。 合作夥伴如BMC,CA,惠普,IBM公司,EMC公司,NetIQ公司,Quest軟件,CommVault的,Vizioncore工具,Double - Take軟件,SteelEye,賽門鐵克是在眾多合作夥伴,有系統管理或備份產品,支持ESXi的。 如果您使用的是基於代理的合作夥伴解決方案集成了ESX,請與您的供應商,看看是否較新版本的產品支持ESXi的。

測井

日誌記錄是非常重要的兩個故障排除和遵守。 ESXi的公開日誌,主機代理(hostd),vCenter劑(vpxa)和vmkernel(消息)。 您可以配置日誌記錄到一個地方持續對任何數據存儲文件到ESXi的主機訪問,這是為你自動在ESXi的4.1。 您還可以配置日誌記錄系統記錄的中央企業。

ESXi的主機保持同步,準確的時間源是非常重要的保證記錄的準確性,並須符合規定。 同樣重要的是如果你正在使用的主機保持準確的時間在來賓虛擬機。 ESXi的具有內置的NTP功能與 NTP時間同步服務器。

用戶認證

雖然日常的日常運作,做vCenter,有實例,當您需要直接與 ESXi的,如配置備份和日誌文件訪問。 為了控制訪問到主機,你可以在一個本地用戶 ESXi的系統。 新的ESXi的4.1,你可以配置主機加入Active Directory域,和任何用戶試圖訪問該主機將自動進行身份驗證對用戶目錄集中。 您還可以定義和管理本地用戶在主機由主機基礎上,配置使用vSphere客戶端,vCLI,或PowerCLI。 這第二個方法都可以用於代替或補充的,則 Active Directory集成。

您還可以創建本地的角色,類似於 vCenter的作用,它定義哪些用戶是經過授權的主機上。 例如,用戶可以授予只讀訪問,只允許他們查看主機信息,也可以被授予管理員權限,這使得他們能夠瀏覽和修改主機配置。 如果主機與 Active Directory集成,當地的角色也可以授予AD用戶和組。 ESXi的4.1也自動授予管理員訪問 AD組名為“的ESX管理員。”

唯一的用戶定義的默認系統是根用戶。 初始root密碼通常設置直接通過控制台用戶界面(DCUI)。 它可以改變以後使用vSphere客戶端,vCLI,或PowerCLI。

診斷

直接控制台用戶界面(DCUI)

該 DCUI是菜單驅動的界面可在控制台的物理服務器上ESXi的安裝或嵌入。 其主要目的是進行初始配置的主機(IP地址,主機名,根密碼),和診斷。

該 DCUI有幾個診斷菜單項:

  • 重新啟動所有管理人員,包括,
    • hostd
    • Vpxa
  • 復位配置設置,如
    • 修正了一個錯誤配置的vNetwork分佈式交換機
    • 重置所有配置為出廠默認值
  • 啟用技術支持模式(shell訪問)用於診斷,包括
    • 本地技術支持模式
    • 遠程技術支持模式(SSH的基礎)

基於瀏覽器的文件訪問

您還可以指向一個普通的網絡瀏覽器到主機和查看文件,其中包括:

  • 日誌文件
  • 配置文件
  • 虛擬機文件

vSphere命令行界面

該 vCLI有眾多的命令進行故障排除,包括:

  • vmkfstools
  • VMWare的加利福尼亞
  • resxtop

在vSphere 4.1,一些重要的改進已使vCLI更強大,例如:

  • 的能力,強行終止虛擬機,即使是沒有響應正常關機命令。
  • 配置存儲的能力,在更大程度上,包括各種軟件的iSCSI存儲參數和插件。
  • 額外的診斷能力和NFS的網絡存儲。

技術支持模式

技術支持模式是一個本地控制台先進的技術支持。 在ESXi的4.1,技術支持模式是完全支持,並加強在幾個方面。 除了被用在本地控制台主機,也可以通過 SSH遠程訪問。 訪問控制的技術支持模式是在以下幾個方面:

  • 本地和遠程技術支持模式可以分別啟用和禁用均DCUI以及vCenter服務器。
  • 技術支持模式可能會被任何授權的用戶,而不僅僅是根。 成為授權用戶時,管理員角色授予一個主機(包括通過廣告會員特權組)。
  • 所有的命令發出的技術支持模式登錄,允許一個完整的審計線索。 如果一個系統日誌服務器的配置,那麼這將自動列入審計線索在遠程登錄。
  • 阿超時可配置的技術支持模式(本地和遠程),以便啟用後,它會自動被禁用後,配置的時間。






Management Overview

The management functionality that was provided by agents in the ESX architecture is now exposed via APIs in the ESXi architecture. This allows for an “agent-less” approach to hardware monitoring and system management. VMware also created remote command lines, such as the vSphere Command Line Interface (vCLI) and PowerCLI, to provide command and scripting capabilities in a more controlled manner. These remote command line sets include a variety of commands for configuration, diagnostics and troubleshooting. For low-level diagnostics and the initial configuration, menu-driven and command line interfaces are available on the local console of the server.

Patching and updating of the ESXi allows flexibility and control. During the patching process, only the specific modules being updated are changed, letting the administrator preserve any previous updates to other components. Whether installed on disk or embedded flash memory, ESXi employs a “dual-image” approach, with both the current and prior version present. When a patch is installed, the new image is constructed and overwrites the prior image. Thus the current version becomes the prior version and the system boots off the newly-written image. If there is a problem with the image or the administrator wishes to revert to the prior one, the host is simply rebooted off the recent good image.

Deployment

Scripted Installation. New to ESXi 4.1 is the ability to do a scripted installation of the ESXi software to the local disk of a server. Various deployment methods are supported, including booting the ESXi installer off a CD or over PXE, and accessing the configuration file over the network using a variety of protocols, such as secure HTTP. The configuration file can also specify the following scripts to be executed during the installation:

  • Pre-install
  • Post-install
  • First-boot

These scripts run locally on the ESXi host, and can perform various tasks such as configuring the host’s virtual networking and joining it to vCenter Server.

Boot from SAN support for ESXi. Support for Boot from SAN has been added to ESXi 4.1. This support includes Fibre Channel SAN, as well as iSCSI and FCoE for certain storage adapters that have been qualified for this capability.

Hardware Monitoring (including SNMP)

The Common Information Model (CIM) is an open standard that defines a framework for agent-less, standards-based monitoring of hardware resources for ESXi. This framework consists of a CIM object manager, often called a CIM broker, and a set of CIM providers.

CIM providers are used as the mechanism to provide management access to device drivers and underlying hardware. Hardware vendors, including server manufacturers and specific hardware device vendors, can write providers to provide monitoring and management of their particular devices. VMware also writes providers that implement monitoring of server hardware, ESXi storage infrastructure, and virtualization-specific resources. These providers run inside the ESXi system and hence are designed to be extremely lightweight and focused on specific management tasks. The CIM broker takes information from all CIM providers and presents it to the outside world via standard APIs, such as WS-MAN and CIM-XML. Any software tool that understands one of these APIs, such as HP SIMor Dell OpenManage, can read this information and hence monitor the hardware of the ESXi host.

One consumer of the CIM information is VMware vCenter. Through a dedicated tab in the vSphere Client, you can view the hardware status of any ESXi host in your environment, thus providing a single view the physical and virtual health of your systems. You can also set vCenter alarms to be triggered on certain hardware events, such as temperature or power failure and warning states.

ESXi also exposes hardware status information via SNMP for other management tools that rely upon that standard. SNMP Traps are available from both the ESXi host and vCenter.

Systems Management and Backup

Systems management and back up products integrate with ESXi via the vSphere APIs, which have been significantly enhanced in vSphere 4 given our focus on agent-less partner integration. The API-based partner integration model significantly reduces management overhead by eliminating the need to install and manage agents in the console OS.

VMware has worked extensively with our ecosystem to transition all partner products to the API-based integration model of ESXi. As a result, the majority of systems management and back up vendors in the VMware ecosystem support ESXi today. Partners such as BMC, CA, HP, IBM, EMC, NetIQ, Quest Software, Commvault, Vizioncore, Double-Take Software, SteelEye, and Symantec are among the many partners that have systems management or back up products that support ESXi. If you are using an agent-based partner solution to integrate with ESX, please check with your vendor to see if a newer version of the product supports ESXi.

Logging

Logging is important for both troubleshooting and compliance. ESXi exposes logs from host agent (hostd), vCenter agent (vpxa), and vmkernel (messages). You can configure local persistent logging onto a file on any datastore accessible to the ESXi host; this is done for you automatically in ESXi 4.1. You can also configure syslog for enterprise central logging.

Keeping the ESXi host in synch with an accurate time source is very important for ensuring log accuracy and is required for compliance. It is also important if you are using the host to maintain accurate time on the guest VMs. ESXi has built-in NTP capabilities for synchronizing with NTP time servers.

User Authentication

Although day-to-day operation are done on vCenter, there are instances when you need to work with the ESXi directly, such as configuration backup and log file access. To control access to the host, you can have local users on an ESXi system. New to ESXi 4.1, you can configure the host to join an Active Directory domain, and any user trying to access the host will automatically be authenticated against the centralized user directory. You can also have local users defined and managed on a host-by-host basis and configured using the vSphere Client, vCLI, or PowerCLI. This second method can be used either in place of, or in addition to, the Active Directory integration.

You can also create local roles, similar to vCenter roles, which define what the user is authorized to do on the host. For instance, a user can be granted Read-only access, which only allows them to view host information, or they can be granted Administrator access, which allows them to both view and modify host configuration. If the host is integrated with Active Directory, local roles can also be granted to AD users and groups. ESXi 4.1 also automatically grants Administrator access to the AD group named “ESX Admins.”

The only user defined by default on the system is the root user. The initial root password is typically set via the Direct Console User Interface (DCUI). It can be changed afterwards using the vSphere Client, vCLI, or PowerCLI.

Diagnostics

Direct Console User Interface (DCUI)

The DCUI is the menu-driven interface available at the console of the physical server on which ESXi is installed or embedded. Its main purpose is to perform initial configuration of the host (IP address, hostname, root password), and diagnostics.

The DCUI has several diagnostic menu items:

  • Restart all management agents, including,
    • hostd
    • Vpxa
  • Reset configuration settings, such as,
    • Fix a misconfigured vNetwork Distributed Switch
    • Reset all configurations to factory defaults
  • Enable Tech Support Mode (shell access) for troubleshooting, including
    • Local Tech Support Mode
    • Remote Tech Support Mode (ssh-based)

Browser-based File Access

You can also point an ordinary web browser to the host and view files, including:

  • Log files
  • Configuration files
  • Virtual Machine files

vSphere Command Line Interface

The vCLI has numerous commands for troubleshooting, including:

  • vmkfstools
  • vmware-cmd
  • resxtop

In vSphere 4.1, some important enhancements have been made to make the vCLI more powerful, such as:

  • The ability to forcibly terminate a virtual machine, even when it is not responding to normal shutdown commands.
  • The ability to configure storage to a greater extent, including various software iSCSI parameters and storage plugin.
  • Additional diagnostic capabilities for networking and NFS storage.

Tech Support Mode

Tech Support Mode is a local console for advanced technical support. In ESXi 4.1, Tech Support Mode is fully supported, and is enhanced in several ways. In addition to being available on the local console of a host, it can also be accessed remotely through SSH. Access to Tech Support Mode is controlled in the following ways:

  • Both local and remote Tech Support Mode can be enabled and disabled separately in both the DCUI as well as vCenter Server.
  • Tech Support Mode may be used by any authorized user, not just root. Users become authorized when they are granted the Administrator role on a host (including through AD membership in a privileged group).
  • All commands issued in Tech Support Mode are logged, allowing for a full audit trail. If a syslog server is configured, then this audit trail is automatically included in the remote logging.
  • A timeout can be configured for Tech Support Mode (both local and remote), so that after being enabled, it will automatically be disabled after the configured time.